Report - www.a2adjk.com/cmp/TB1FBZQ/4PN2D/?sub5=Mqd6c2FVaqUHg1Vxxy84FC&sub1=file.pdf&sub2=&sub5=Mqd6c2FVaqUHg1Vxxy84FC/

Report Overview

Visited public
2023-11-25 23:09:19
Tags
URL
www.a2adjk.com/cmp/TB1FBZQ/4PN2D/?sub5=Mqd6c2FVaqUHg1Vxxy84FC&sub1=file.pdf&sub2=&sub5=Mqd6c2FVaqUHg1Vxxy84FC/
Finishing URL
goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
IP / ASN
34.96.122.41
#15169 GOOGLE
Title
Sign Up Now

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.a2adjk.com	unknown	2021-06-09	2021-06-09 22:15:55	2023-11-03 11:00:13	576 B	856 B	34.96.122.41
goepisodes.com	unknown	2022-10-25	2022-10-25 17:02:25	2023-08-18 14:42:22	32 kB	1.0 MB	104.18.36.213
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-25 05:09:33	473 B	6.6 kB	104.17.24.14
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22 20:08:50	2023-11-25 08:29:17	692 B	5.3 kB	192.124.249.36
turnhub.net	447861	2021-11-08	2021-11-08 20:57:08	2023-11-07 03:11:54	576 B	736 B	172.64.152.65
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-25 06:01:20	5.9 kB	116 kB	142.250.74.106
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-11-25 05:12:15	1.6 kB	106 kB	172.64.140.13
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-25 07:40:19	2.1 kB	61 kB	216.58.207.227
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-11-25 05:11:26	491 B	146 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed
2023-11-25	medium	goepisodes.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03	ScriptElement	2.3 kB	2023-03-07	2025-03-26
Pretty URL goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03 IP 104.18.36.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31 Last Seen2025-03-26 21:58 Times Seen67 Hash 39659808a79e6d178ba125786572f920 9fde2436f2d06d92dd489e550a7d62a87de33252 0d3c6521f1debc17446c2bb273300de5826083366abc0823c0a7060b941a5212 Loading...

	goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/min/scripts.min.f92a9bc6.js	ScriptElement	446 kB	2023-10-24	2024-08-21
Pretty URL goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/min/scripts.min.f92a9bc6.js IP 104.18.36.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 19:03 Last Seen2024-08-21 03:35 Times Seen11 Hash 9fdd2c83a362a22d9773ed3d0be56efc b210f1e0f351d8fa5c928447e000af1998455671 eb92d3bb21e5f0958dcf596ae4fa5b80fabd069c30ca7513f5fce1ab611253fd Loading...

	goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03	ScriptElement	3.1 kB	2024-08-20	2024-08-20
Pretty URL goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03 IP 104.18.36.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:55 Last Seen2024-08-20 17:55 Times Seen1 Hash 7960984fc4f6af00469817c60ebbf225 cc3a20c24ec15b0944c77ae77631ca1327819a18 30b61e4a10d422a082126aaba38cc3b3b147263edd72c7bc5d93dfe95579ebfe Loading...

	goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/validation/min/regValidation.min.928257bc.js	ScriptElement	7.2 kB	2023-09-17	2024-08-21
Pretty URL goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/validation/min/regValidation.min.928257bc.js IP 104.18.36.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-17 00:52 Last Seen2024-08-21 06:39 Times Seen17 Hash 28b6594ba090a242c06471073a37e9d7 37557e9c9e86bea5a1200e5372ed45743170107e df18245fa12f3d30de06a42c95bc1c03d1572e711964152934203040a62093b8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - fa93e8894edb6245ab03883633b12b6e	3.9 kB	2023-03-07 12:01	2025-05-10 14:33
Pretty Observations First Seen2023-03-07 12:01 Last Seen2025-05-10 14:33 Times Seen913 Hash fa93e8894edb6245ab03883633b12b6e e3ba4c7d1a8876090756fd31715b4f6af6fd649e 3fc8d8f8c09ee97d9c8cd4a6178ad0bd921a9cbe55c14513e0c06738c9dc8d15 Loading...

	#2 Eval - b49273b51dae7361e02dca0763144e54	4.9 kB	2023-03-07 01:10	2025-05-08 11:29
Pretty Observations First Seen2023-03-07 01:10 Last Seen2025-05-08 11:29 Times Seen437 Hash b49273b51dae7361e02dca0763144e54 4a1f2abaf3bc1b4aec31d199b6b236112106ad32 f0718dd44766296547e2153766bdc56d31e8aac51c7ed78b6499d59aa0ffac2f Loading...

	#3 Eval - b90224b3995754521f76fe6a4e0fc66f	22 kB	2023-10-24 19:03	2024-08-21 03:35
Pretty Observations First Seen2023-10-24 19:03 Last Seen2024-08-21 03:35 Times Seen39 Hash b90224b3995754521f76fe6a4e0fc66f 3f270614f20e687b9311d639799e673c7c537ac4 4c8a1baaab3a4eb377259fa298363caf5a6ac231b50085fa1146ed4fe14ef338 Loading...

	#4 Eval - 551c4c77366c2de6cc6fb9539768827f	28 kB	2023-10-24 19:03	2024-08-21 03:35
Pretty Observations First Seen2023-10-24 19:03 Last Seen2024-08-21 03:35 Times Seen11 Hash 551c4c77366c2de6cc6fb9539768827f 792ddc7739c71d0541a3d8f672036c76219d98fc afd97a04e269f094302734e70e34969997d3a633ab171ac3faf51bfe2d017ac2 Loading...

	#5 Eval - a1fb4aaee1dcbfd24e6ec0fd67ab9645	23 kB	2023-03-07 12:55	2025-05-10 18:14
Pretty Observations First Seen2023-03-07 12:55 Last Seen2025-05-10 18:14 Times Seen348 Hash a1fb4aaee1dcbfd24e6ec0fd67ab9645 77558a30ff578aeb671e2bdb574df166751aa487 c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70 Loading...

	#6 Eval - 4f5885262e8544079071bf4876566be7	10 kB	2023-03-07 14:01	2025-05-10 03:39
Pretty Observations First Seen2023-03-07 14:01 Last Seen2025-05-10 03:39 Times Seen71 Hash 4f5885262e8544079071bf4876566be7 fb478d496b42b2e1294ce6a6600c6478b998a6e8 23669666145b59237c11e83d15e64cf78cbc32dee8f82fb46f0f3f4e3adb8e10 Loading...

	#7 Eval - f6eccd44d13002452f69c0d9d198d3ab	10 kB	2023-03-07 12:12	2025-05-10 12:36
Pretty Observations First Seen2023-03-07 12:12 Last Seen2025-05-10 12:36 Times Seen161 Hash f6eccd44d13002452f69c0d9d198d3ab 4aa54a0d27c5eda66d9c78f6085f8015d09a1a2f d8702cde5c6e252ac0fdb01b1766e0695e79812b97f2f56c8f6a4271662a998e Loading...

HTTP Transactions (55)

URL IP Response Size

ocsp.starfieldtech.com/

192.124.249.36

2.1 kB

URL
ocsp.starfieldtech.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
2.1 kB (2149 bytes)
Hash
1eb674a4d9ba9b0a5340514a4c393cc9
b88868a45a680c7e6ab96ac41195bf983b11b6a7
38820ee8617f50ac5d0054b84d3189857c6922b854d5d3f12a585f925429a30d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Nov 2023 23:09:00 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 25 Nov 2023 07:28:53 GMT
Expires: Sun, 26 Nov 2023 07:28:53 GMT
ETag: "b88868a45a680c7e6ab96ac41195bf983b11b6a7"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.a2adjk.com/cmp/TB1FBZQ/4PN2D/?sub5=Mqd6c2FVaqUHg1Vxxy84FC&sub1=file.pdf&sub2=&sub5=Mqd6c2FVaqUHg1Vxxy84FC/

34.96.122.41

302 Found

153 B

URL User Request GET HTTP/2
www.a2adjk.com/cmp/TB1FBZQ/4PN2D/?sub5=Mqd6c2FVaqUHg1Vxxy84FC&sub1=file.pdf&sub2=&sub5=Mqd6c2FVaqUHg1Vxxy84FC/
IP
34.96.122.41:443
ASN
#15169 GOOGLE

Certificate
IssuerStarfield Technologies, Inc.
Subjectpp98trk.com
Fingerprint85:F7:1E:C2:A8:73:D7:DE:02:D1:D1:85:E2:2D:D4:55:AC:1C:3C:EF
ValidityWed, 15 Nov 2023 22:23:20 GMT - Mon, 16 Dec 2024 22:23:20 GMT

File type
HTML document, ASCII text
Size
153 B (153 bytes)
Hash
f3d7de5036b1963e3974582b5cf74d45
f7ffbebc6cbe846b7e358330ba41b495f6099728
0e6d82aa225dbdbd1959cf911ab9bf10989d9bf608bdc766d5ef0f0168761fad

HTTP Headers

GET /cmp/TB1FBZQ/4PN2D/?sub5=Mqd6c2FVaqUHg1Vxxy84FC&sub1=file.pdf&sub2=&sub5=Mqd6c2FVaqUHg1Vxxy84FC/ HTTP/1.1
Host: www.a2adjk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 25 Nov 2023 23:09:00 GMT
content-type: text/html; charset=utf-8
content-length: 153
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://turnhub.net/?affid=864kjuyuio54&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617
set-cookie: uniqueClick_4PN2D=6232b796-74c4-436d-b76f-96b1b0418cb0:1700953740; Path=/; Expires=Tue, 26 Dec 2023 23:09:00 GMT
transaction_id=3bdea4981ae2437e9d4bfc9db98f6cf0; Path=/; Expires=Fri, 23 Feb 2024 23:09:00 GMT
vary: Origin
x-eflow-request-id: ae22bfd8-00cd-4f16-84bb-cdb151dd8ef4
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

turnhub.net/?affid=864kjuyuio54&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617

172.64.152.65

302 Found

0 B

URL User Request GET HTTP/2
turnhub.net/?affid=864kjuyuio54&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617
IP
172.64.152.65:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectturnhub.net
Fingerprint5E:E3:D6:E1:EB:41:ED:C1:8F:0D:77:D6:F9:97:F6:31:E7:CA:4A:7B
ValidityFri, 08 Sep 2023 00:00:00 GMT - Sat, 07 Sep 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?affid=864kjuyuio54&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617 HTTP/1.1
Host: turnhub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 25 Nov 2023 23:09:00 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
set-cookie: data=eyJzaXRlIjoiZ29lcGlzb2Rlcy5jb20iLCJyZXF1ZXN0ZWRUaGVtZSI6Im0tMi1ncml6emx5WCIsInJvdXRlZFRoZW1lIjoibS0yLWdyaXp6bHlYIiwidmlzaXRvcklkIjoiNGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4In0=; Max-Age=3600; Expires=Sat, 25 Nov 2023 23:09:04 GMT;
vary: Accept-Encoding
server: cloudflare
cf-ray: 82bd8e90ef3d5684-OSL
X-Firefox-Spdy: h2

ocsp.starfieldtech.com/

192.124.249.24

2.1 kB

URL
ocsp.starfieldtech.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
2.1 kB (2149 bytes)
Hash
1eb674a4d9ba9b0a5340514a4c393cc9
b88868a45a680c7e6ab96ac41195bf983b11b6a7
38820ee8617f50ac5d0054b84d3189857c6922b854d5d3f12a585f925429a30d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Nov 2023 23:09:00 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 25 Nov 2023 07:28:53 GMT
Expires: Sun, 26 Nov 2023 07:28:53 GMT
ETag: "b88868a45a680c7e6ab96ac41195bf983b11b6a7"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

goepisodes.com/img/flags/min/ar.png

104.18.36.213

200 OK

318 B

URL GET HTTP/2
goepisodes.com/img/flags/min/ar.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
318 B (318 bytes)
Hash
b11bcada2c51b6e5e299245db87bec18
56dc40f41854e76cbdf12683721763b674fbef14
59fae4a2c45ab3f79b6e012c3bc435bad3d83de43cd8b5cb9ec792bbdc71e034

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/ar.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 318
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-13e"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1568
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94cffe5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/fr.png

104.18.36.213

200 OK

369 B

URL GET HTTP/2
goepisodes.com/img/flags/min/fr.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
369 B (369 bytes)
Hash
83d2595ea3031de73b98f2c57ad88949
32bd0c5b029e8b75bef13eeb532917d9a56f61c9
0ec28fba482645dc252afe2be19282beebab6162300c9291c16a31138694cca0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/fr.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 369
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-171"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8065689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/de.png

104.18.36.213

200 OK

464 B

URL GET HTTP/2
goepisodes.com/img/flags/min/de.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
464 B (464 bytes)
Hash
3babff7961e39e8cd594b9678f7ce728
ea40638d6af4722c8b0e4314e95d64ae059a3ae0
7319b0ebaea7239bf208e9bbf05c5756659be88767ad0424eca017aacf7940eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/de.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 464
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-1d0"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1568
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8025689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/ja.png

104.18.36.213

200 OK

266 B

URL GET HTTP/2
goepisodes.com/img/flags/min/ja.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
266 B (266 bytes)
Hash
f8d5d965c5ac8014d2e0293d67f893a4
476ddbaaa32dc435e1c1aa04104c88c9771c5fbe
f8876ab39504d02b6fb905eef77c4ad8d181a563105609bed0b57fc279352ef0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/ja.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 266
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-10a"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c80a5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/it.png

104.18.36.213

200 OK

316 B

URL GET HTTP/2
goepisodes.com/img/flags/min/it.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
316 B (316 bytes)
Hash
acab890d6d5eb20e38f22aba425c3d34
ec0be0f24e663759356e817bd73a7e7569663bb6
f6f0eb8b370c334ab172fa69fb55ec7b72c6bd3d137c0bbd750d0fc788f433b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/it.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 316
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-13c"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8095689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/pt.png

104.18.36.213

200 OK

427 B

URL GET HTTP/2
goepisodes.com/img/flags/min/pt.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
427 B (427 bytes)
Hash
86b64a6009b9fda3f62281760c1dd4f0
c536dff21701618654328b21773e69a7508c4c85
28d682eed12d0786c32613e2c4c54c144975c7160f2584380d1839d9dc04f824

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/pt.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 427
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-1ab"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8115689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/da.png

104.18.36.213

200 OK

298 B

URL GET HTTP/2
goepisodes.com/img/flags/min/da.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
298 B (298 bytes)
Hash
c34a7583b5e01b331ee79386d8cebf95
fd0d1f826a6619d278fe962292b63ae91bf61170
5c80542e1988370b38fae869c8adc6edbb449b91e87d0544b4c5074e191d6916

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/da.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 298
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-12a"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1568
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94cfff5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/es.png

104.18.36.213

200 OK

365 B

URL GET HTTP/2
goepisodes.com/img/flags/min/es.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
365 B (365 bytes)
Hash
9790f666586897cf09b4e2ff5e11f674
bbeedd0fd9332b6534a259e71a6b871b7dea16e0
52f9f4b06302262227ccfcbd5bc1f1a8be31b554167a48e8b90bb8b569743bfc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/es.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 365
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-16d"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8035689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/pl.png

104.18.36.213

200 OK

256 B

URL GET HTTP/2
goepisodes.com/img/flags/min/pl.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
256 B (256 bytes)
Hash
0bf391411c6f06bef68cc4c369b9eba0
7773847a6c110241864cdb7760fc80c76011978b
51f29fd11cad81a8cbe246c0ee8d4f97fd8a04859fbf6a4517b7cce931e8ba34

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/pl.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 256
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-100"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8105689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/zh.png

104.18.36.213

200 OK

290 B

URL GET HTTP/2
goepisodes.com/img/flags/min/zh.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
290 B (290 bytes)
Hash
329cca45f3a4c46ec249638ca4f8d6e0
98b23617ef88d3a4cd632839fe4180b0ee05a697
9c70b1a563b14ee447b6fc9c00532a73a1e09c500660ce8063d6b3fbce48ae47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/zh.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 290
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-122"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8175689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/sv.png

104.18.36.213

200 OK

342 B

URL GET HTTP/2
goepisodes.com/img/flags/min/sv.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
342 B (342 bytes)
Hash
0f13dc11fccbdd9a587353905c836b16
dbf9faf4f7d227c11a5ba77fd3ae09af52763b8c
ebd9138caa9f44e33b54636bdf819ae6ece1f72a1405e58f37724273f187adc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/sv.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 342
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-156"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8145689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/nl.png

104.18.36.213

200 OK

328 B

URL GET HTTP/2
goepisodes.com/img/flags/min/nl.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
328 B (328 bytes)
Hash
c055c14b8f44b006b32261e71be3324f
34ccf4e9f9d0f18b86fabafe477d5cc76d6ca725
ad2583d30cae6dfdba4e48dedbdb623305fb0e5a310cf84deedb75cb8e7214a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/nl.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 328
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-148"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c80c5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/en.png

104.18.36.213

200 OK

481 B

URL GET HTTP/2
goepisodes.com/img/flags/min/en.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
481 B (481 bytes)
Hash
2b936acc8c146a32951e38be063165d3
c379684310743ece93501b7fcdf396359f577cdb
1b959a0f3a63cc646af532327035df4c4ebc6b91ac86fc5384fe60283e26132a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/en.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 481
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-1e1"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94cffd5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/flags/min/no.png

104.18.36.213

200 OK

334 B

URL GET HTTP/2
goepisodes.com/img/flags/min/no.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Size
334 B (334 bytes)
Hash
c48ab8c65139f9647fee8710c4b3b66c
df412e417270d78833a1efacdc61529abb7ad03c
79ca4cda3faf0379f6fb2df3f82b896393291eede7c9c7e09b5199572de06d5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/min/no.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 334
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-14e"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1568
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c80e5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/img/logos/entertainment/min/goepisodes.png

104.18.36.213

200 OK

1.3 kB

URL GET HTTP/2
goepisodes.com/img/logos/entertainment/min/goepisodes.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 250 x 60, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1262 bytes)
Hash
7e5d73939af545a75ea25a010ea47a80
63f905f4241aa656a2e37cc8918c96cf9d6dcc98
499b0355c10aebb44c51f522af1cae27275027c6375a9aba599f8881ea709a70

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logos/entertainment/min/goepisodes.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: image/png
content-length: 1262
last-modified: Thu, 23 Nov 2023 21:45:09 GMT
etag: "655fc7e5-4ee"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1780
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94d8205689-OSL
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2496296
expires: Thu, 14 Nov 2024 23:09:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0557mAc%2BgpWCZevTpfTXxM5bTORnjd3sOlzbC8F43GrNNMLVU%2FpmXE7MdD03ENyMfI9aW3cBP3N%2FGgw20sMnIec2sFejJDHuZ%2FsEtB1Jxp0QIzXO5LtfWcXgpoUogYUXeu98lim5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82bd8e95a8b6b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Anton

142.250.74.106

200 OK

51 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Anton
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
51 kB (50783 bytes)
Hash
676f07502c91b7e3b6b31106e284af4b
d94f7ae7be90cb14cb64ce0bafca536e5ba82a76
d6bd43359e9a4b802e5306f23c286ffd2ab0258aaf45e2066d714b672c0f0af7

HTTP Headers

GET /css?family=Anton HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.13/webfonts/fa-regular-400.woff2

172.64.140.13

200 OK

12 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.13/webfonts/fa-regular-400.woff2
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 12188, version 1.0\012- data
Size
12 kB (12188 bytes)
Hash
33f727ccde4b05c0ed143c5cd78cda0c
0654fee7e908814ecc3baf36bfc556520f491c17
1b4c97a2809cdb53153139544e1f5db34e4917c8f01d2dd94cb9519e24e1ab3c

HTTP Headers

GET /releases/v5.0.13/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: font/woff2
content-length: 12188
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "33f727ccde4b05c0ed143c5cd78cda0c"
last-modified: Fri, 22 Sep 2023 01:44:10 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1195958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=055L7dilH28N%2FCq%2FDbJ85n6u5lJUgSt2bVU%2B4DKz%2BYE6EEvDKr14lepprpkaTK1APgYgGOssCaQfksmXiMb4DCgqq8pDglIFO3D8q6TuVuGtKxG6j8umkNgIkCa25jewdpsip5%2BU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bd8e9a8c8b7719-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-video-camera.png

104.18.36.213

200 OK

12 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-video-camera.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12437 bytes)
Hash
7f56e51d73d3143c35a33715c0ef8cb7
c126962f5e76920b63b5ca48554085e6092bf5ee
f5d93398a861dd75fdfefbc842262d18b502700ae1cf4f98feee8fa69e255d86

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-video-camera.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 12437
last-modified: Thu, 23 Nov 2023 21:45:07 GMT
etag: "655fc7e3-3095"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a0d3b5689-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Yanone+Kaffeesatz

142.250.74.106

200 OK

8.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Yanone+Kaffeesatz
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
8.4 kB (8385 bytes)
Hash
4763a20cdba768e1c6eb664a344ff18c
6ab360c3922d17115831b34f12d6aa0c5526d8f2
070bb46707f5072b0e2100c0a7ceb0649f075c0b8a5b31dca06cd4170e5db119

HTTP Headers

GET /css?family=Yanone+Kaffeesatz HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-gamepad.png

104.18.36.213

200 OK

16 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-gamepad.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15583 bytes)
Hash
0835a9d8f33c5738d14f691d686178d5
890020b3c276df4af14ff7413c3fc7933ebe45e1
98e619a1eba6b96ae469dccb0126f6fb1e08cfbc4ce233d9d51974680d2c5be1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-gamepad.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 15583
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
etag: "655fc7e2-3cdf"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a1d415689-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/righteous/v17/1cXxaUPXBpj2rGoU7C9mjw.ttf

216.58.207.227

200 OK

23 kB

URL GET HTTP/2
fonts.gstatic.com/s/righteous/v17/1cXxaUPXBpj2rGoU7C9mjw.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 13 tables, 1st "OS/2", 8 names, Microsoft, language 0x409, Copyright (c) 2011 by Brian J. Bonislawsky DBA Astigmatic (AOETI) (astigma@astigmatic.com), with\012- data
Size
23 kB (22932 bytes)
Hash
87c3edb47bd543f133aba14af88e9752
fccc33a3bed2658a31e3d83cdfdb9482dcec20a8
a08c10483aacd576a1fd168945a61352ac1146818a2875a41be999f46866e541

HTTP Headers

GET /s/righteous/v17/1cXxaUPXBpj2rGoU7C9mjw.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 05:11:47 GMT
expires: Fri, 22 Nov 2024 05:11:47 GMT
cache-control: public, max-age=31536000
age: 237435
last-modified: Thu, 24 Aug 2023 20:51:32 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-music.png

104.18.36.213

200 OK

11 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-music.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11269 bytes)
Hash
58b9b2be8030e7f2c4b780c6cc3fd455
6800dd81ef59e75dff8400e9fe2e7659fd947ef0
a83a7503187881bc7a76d93e6370db81bb55f4a61cc002282d98956ef5a3616c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-music.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 11269
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
etag: "655fc7e2-2c05"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a1d3e5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/bg/grizzly-background.jpg

104.18.36.213

200 OK

404 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/bg/grizzly-background.jpg
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=3, software=Adobe Photoshop 22.0 (Macintosh), datetime=2021:02:11 10:06:17], progressive, precision 8, 1024x768, components 3\012- data
Size
404 kB (403660 bytes)
Hash
e514ede0dbdfad48b03bb707928e06d1
ab2230c8dd429f523e33ce068b284cb2a47b72fa
60ee051d77d13712a09ed1a13417a67e6260ca51119132048dc7a5601d6a9292

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/bg/grizzly-background.jpg HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/jpeg
content-length: 403660
cf-bgj: h2pri
etag: "655fc7e2-628cc"
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a0d395689-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Noto+Sans

142.250.74.106

200 OK

8.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Noto+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
8.4 kB (8422 bytes)
Hash
ce2d9943a9399ad4695072816cf42025
1f1466b1ac2e6e9fb8080b03652e0018fe318eb4
66e9bfca2aa240559a0b28e7332cc8359a7ebb794037455ad6aec8b686c83e3f

HTTP Headers

GET /css?family=Noto+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-gym.png

104.18.36.213

200 OK

9.1 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-gym.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
9.1 kB (9134 bytes)
Hash
13f9e87b02cc3e90a44ccaf11a9bc2e1
e499e9086d3c75440790f05cb90c45b249d8f20f
4aa8bdc7ad60f3e02283b73db27283f6391c52a80c490ef6feafd3eb9fae70fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-gym.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 9134
last-modified: Thu, 23 Nov 2023 21:45:07 GMT
etag: "655fc7e3-23ae"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a1d455689-OSL
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-book.png

104.18.36.213

200 OK

6.4 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-book.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
6.4 kB (6417 bytes)
Hash
beaba51a19f609cef46f0312802c3080
c9afbaa0ecc114892eba313bd4e72fe6f0cf58d9
3eaadcdc6636317c487fd1556cecb723847bfd43b581adafe43caf67241eae93

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-book.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 6417
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
etag: "655fc7e2-1911"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a2d4d5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-sports.png

104.18.36.213

200 OK

25 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-sports.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (25253 bytes)
Hash
a20f1c48d512bb8c3e92ad170efcb257
d0c15db25be78479b43aa6d509f1754cd2652f98
448801bd16c78d0474023d36204e6b1179b5373c37741c4930235f29761ec245

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-sports.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 25253
last-modified: Thu, 23 Nov 2023 21:45:07 GMT
etag: "655fc7e3-62a5"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a1d475689-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/anton/v25/1Ptgg87LROyAm3Kz-C8.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/anton/v25/1Ptgg87LROyAm3Kz-C8.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18796, version 1.0\012- data
Size
19 kB (18796 bytes)
Hash
a2675f0a46717d18588f16531f72674d
adfe4d6f18d4522b73ef6853ea2084570855f87c
f9ad420bf51c2930fc2a49d44209d202cb18acb2d8b82853a01023e69eab6885

HTTP Headers

GET /s/anton/v25/1Ptgg87LROyAm3Kz-C8.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:22:50 GMT
expires: Fri, 22 Nov 2024 23:22:50 GMT
cache-control: public, max-age=31536000
age: 171972
last-modified: Thu, 24 Aug 2023 20:21:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/basic-main.bbf81ea8.css

104.18.36.213

200 OK

13 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/basic-main.bbf81ea8.css
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
13 kB (13422 bytes)
Hash
3c4cdb2fcab4e7ee3ee6c71d57ac5f09
744bfb773ac481c91f13372cee489fcba5d9de73
70aa0cbcd508b7ab338dfbd783bba6eaef2974c4d256ccf718bd0d645d547bd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/css/subscriptions/theme/basic-main.bbf81ea8.css HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
vary: Accept-Encoding
etag: W/"655fc7e2-6707"
x-frame-options: SAMEORIGIN
content-encoding: gzip
cf-cache-status: HIT
age: 1568
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e948fbf5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-close.png

104.18.36.213

200 OK

7.8 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-close.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7825 bytes)
Hash
7d011bbe41685f7060d6c3227fcf0fe4
7d7717ef1aae9591e1364c4a70e8e07877f2488c
b1449f84f6e84dbb4bfe84b57d0a61bad18bdeabf0803dd8a475bca255d63a0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-close.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 7825
last-modified: Thu, 23 Nov 2023 21:45:07 GMT
etag: "655fc7e3-1e91"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a2d4f5689-OSL
X-Firefox-Spdy: h2

goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03

104.18.36.213

200 OK

37 kB

URL User Request GET HTTP/2
goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type

Size
37 kB (36703 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03 HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: text/html
cf-ray: 82bd8e91bcf55689-OSL
cf-cache-status: HIT
age: 54678
cache-control: public, max-age=604800
expires: Sat, 02 Dec 2023 23:09:01 GMT
last-modified: Sat, 25 Nov 2023 07:57:43 GMT
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
cache-tag: 1905,goepisodes.com,/registration,NO,m-2-grizzlyX,eng,,turnhub.net
set-cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; Path=/; Secure; Max-Age=9999999
CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; Path=/; Secure; Max-Age=9999999
CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; Path=/; Secure; Max-Age=9999999
CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; Path=/; Secure; Max-Age=9999999
CakeCookie[entityId]=Mg%3D%3D; Path=/; Secure; Max-Age=9999999
CakeCookie[lang]=eng; Path=/; Secure; Max-Age=9999999
CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; Path=/; Secure; Max-Age=9999999
CakeCookie[st_region]=MDM%3D; Path=/; Secure; Max-Age=9999999
CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; Path=/; Secure; Max-Age=9999999
CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true; Path=/; Secure; Max-Age=3600
x-cache-url: https://goepisodes.com/registration?lang=eng&theme=m-2-grizzlyX&cacheHash=MTkwNSxnb2VwaXNvZGVzLmNvbSwvcmVnaXN0cmF0aW9uLE5PLG0tMi1ncml6emx5WCxlbmcsLHR1cm5odWIubmV0
x-frame-options: SAMEORIGIN
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:21:58 GMT
expires: Fri, 22 Nov 2024 23:21:58 GMT
cache-control: public, max-age=31536000
age: 172024
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Abel

142.250.74.106

200 OK

380 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Abel
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (388), with no line terminators
Size
380 B (380 bytes)
Hash
f41ae1e191bbcf142c9dcda8392fc5b8
740ab624fa5ccaf2950469b0ccdf0ef395212bdb
9f562f4c727d55920faab9289a829289506e4a77dc80014d1a50c87f8fb00beb

HTTP Headers

GET /css?family=Abel HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

142.250.74.106

200 OK

13 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
13 kB (12745 bytes)
Hash
cab222f7a352cb95160ade2bbba39be2
e0e5635227481ab966c10c7bc8a015c6132dda53
d175185dc8199dc8531d2c25a84073ad93a7c605a921b0168ed6106a193d21ee

HTTP Headers

GET /css?family=Roboto:100,200,300,400,500,600,700,800,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.13/webfonts/fa-solid-900.woff2

172.64.140.13

200 OK

50 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.13/webfonts/fa-solid-900.woff2
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 50372, version 1.0\012- data
Size
50 kB (50372 bytes)
Hash
8a8c0474283e0d9ef41743e5e486bf05
1ba4dd60af529d1a72d0e57467c3bc0bbb728a4d
cbbca7d9888b4a9eab7d479756d2924f9b067fd38dab376797029df741f96ee4

HTTP Headers

GET /releases/v5.0.13/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: font/woff2
content-length: 50372
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "8a8c0474283e0d9ef41743e5e486bf05"
last-modified: Fri, 22 Sep 2023 01:44:10 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1358014
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2hThOOUOEMiZH1crItiPjEpbKWsqYwM2D9XSvlPDnmm91o99xomBf6wLoRF98RFRJWTO1s72Ugr9dxJsJ1nnmLDesAvpN9mgDhIar7fIrcKxOfcwkE%2FW2SEkLOIKh9KAQvoxI%2BQq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bd8e9a8c7f7719-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Montserrat

142.250.74.106

200 OK

1.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Montserrat
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (1849), with no line terminators
Size
1.8 kB (1809 bytes)
Hash
471367a5d894df4be300326e8e1f53cd
ff889bd9695cf2f739f69001519ea374580c9561
97be6bb8e1c1e6809b029ddef8cc7f031b137f53a2b8c516e5669b981fd5432e

HTTP Headers

GET /css?family=Montserrat HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/min/scripts.min.f92a9bc6.js

104.18.36.213

200 OK

446 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/min/scripts.min.f92a9bc6.js
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type

Size
446 kB (445865 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/js/subscriptions/min/scripts.min.f92a9bc6.js HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 23 Nov 2023 21:45:07 GMT
etag: W/"655fc7e3-6cda9"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 1567
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94c8195689-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900&display=swap

142.250.74.106

200 OK

10 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
10 kB (10073 bytes)
Hash
1750f5cf20d33ee7c9681561118f472f
d9ff873206fe50705817c7b7d2977dc01ac189ef
ad26ec8a3728c7ab759a937b415be68bb65886fb81ac6a3d1c050d2989c512a8

HTTP Headers

GET /css?family=Poppins:100,200,300,400,500,600,700,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans

142.250.74.106

200 OK

2.9 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2967), with no line terminators
Size
2.9 kB (2895 bytes)
Hash
4e76b01dc618cbe0334ff1cf6998cc31
5fb4ff667edbbe6929e8f8fe657452703a08e0db
161cdfb1817d7d022db1c06020336329d00502dd11e4cee099f5d9075111c070

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Raleway:400,400i&display=swap

142.250.74.106

200 OK

3.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway:400,400i&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (3839), with no line terminators
Size
3.7 kB (3749 bytes)
Hash
17456a951acb8f89380aeab3613783f9
5866df0639daaad5a54496b358eaf563895f67b2
c9b5ef1417be5bf7442973617e7a46e6676ecf71b76510da057d87490bd4e655

HTTP Headers

GET /css?family=Raleway:400,400i&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Candal

142.250.74.106

200 OK

386 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Candal
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (394), with no line terminators
Size
386 B (386 bytes)
Hash
c38a44eb976231c785e8c4fbddcd8d7c
081b12a59220a19e818ba8cd6e5553fe49efcc77
cd187243a42e186ff34a24e296b2170d0936a0bb6a163e6d0a2ac4cb4cc89a40

HTTP Headers

GET /css?family=Candal HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Libre+Baskerville:400,400i&display=swap

142.250.74.106

200 OK

1.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Libre+Baskerville:400,400i&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (1733), with no line terminators
Size
1.7 kB (1697 bytes)
Hash
97479dd97c274518aef6312b321681b4
6dc007a9bf47303580bb5ad776393dc43f49e7bf
f2129cd786d6d838ce5d0452f8b36f713141791e783771952be2190a3a770aae

HTTP Headers

GET /css?family=Libre+Baskerville:400,400i&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato

142.250.74.106

200 OK

717 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Lato
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (733), with no line terminators
Size
717 B (717 bytes)
Hash
16ba8948c8e7043c4500e44355b8571c
8fd190ff02fca3c0f3b1ce3fe652d1fd5a0759cb
ed7af898d89a9c54d7df66b914e6e7dd8b7a88757c358675aa17b9fba0731f72

HTTP Headers

GET /css?family=Lato HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Oswald:200,300,400

142.250.74.106

200 OK

5.5 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Oswald:200,300,400
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (5607), with no line terminators
Size
5.5 kB (5487 bytes)
Hash
2ae3450a82feeab96195dd466753ca33
95bbe616e09b48dea5d0890f5a38a3ba6ddb2004
a6b5abe0ef3bdeaddff6a974da11c9e80bc2a8a4c6af562b0c6c1e97985de529

HTTP Headers

GET /css?family=Oswald:200,300,400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Nov 2023 23:09:01 GMT
date: Sat, 25 Nov 2023 23:09:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css

104.18.36.213

200 OK

23 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23235), with no line terminators
Size
23 kB (23235 bytes)
Hash
832cfe7e36ddc974f75f61c3bf7813f9
34294f2c21379b68a869357f2d23f018ac4becf8
7e1c958fe983360f967ed029585b5f40ab13bb1e7220835f286ae9234cbbe08d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
vary: Accept-Encoding
etag: W/"655fc7e2-5ac3"
x-frame-options: SAMEORIGIN
content-encoding: gzip
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e948fc15689-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

216.58.207.227

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:48:22 GMT
expires: Fri, 22 Nov 2024 04:48:22 GMT
cache-control: public, max-age=31536000
age: 238840
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-multiscreen.png

104.18.36.213

200 OK

7.5 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/img/assets/grizzly-icon-multiscreen.png
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7543 bytes)
Hash
a30a8c4add86ea42d0eec9660a2d1c04
166f532da76342da0ad7a8db6aef38fad78a0b50
1ade0baa348e6919ef436e1085232055e53d9812684f501f6537ef4630b1cd12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/img/assets/grizzly-icon-multiscreen.png HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/theme/Master/SubscriptionPages/css/subscriptions/theme/grizzly-basic.6d00fde2.css
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: image/png
content-length: 7543
last-modified: Thu, 23 Nov 2023 21:45:06 GMT
etag: "655fc7e2-1d77"
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
expires: Sun, 26 Nov 2023 03:09:02 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e9a2d505689-OSL
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.10.207

200 OK

145 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65325)
Size
145 kB (144877 bytes)
Hash
450fc463b8b1a349df717056fbb3e078
895125a4522a3b10ee7ada06ee6503587cbf95c5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 18:48:44
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 8683ed8ab7a8770e208f5773bfc0b03e
cdn-cache: HIT
cf-cache-status: HIT
age: 62813
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82bd8e95aeaf56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.13/css/all.css

172.64.140.13

200 OK

41 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.13/css/all.css
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (40884)
Size
41 kB (41065 bytes)
Hash
d61bfe9b56c13ecff5313ee3abb45e8b
ecb7caed8f169c4ae226d85b82cfec19fc50d4ac
43730866612149a27f49159d7c4f19185c8694bb91bf41abc884a6fe1346e96e

HTTP Headers

GET /releases/v5.0.13/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goepisodes.com
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:02 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"d61bfe9b56c13ecff5313ee3abb45e8b"
last-modified: Fri, 22 Sep 2023 01:44:09 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1191156
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMPiazN0yIR9GWUqpK%2BSLI7LTiNMUYKUImUB8cx2ZRT3kjiEUd1Wb9SwJ1v9QyKmECYpTbDopT9d1f8n1auzzrQZ%2F11IKxyY0284G%2B4ggzcOwDjcHqnshO2Q7qefOSWda6%2BDweVL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bd8e98599b7719-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/validation/min/regValidation.min.928257bc.js

104.18.36.213

200 OK

7.2 kB

URL GET HTTP/2
goepisodes.com/theme/Master/SubscriptionPages/js/subscriptions/validation/min/regValidation.min.928257bc.js
IP
104.18.36.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC8:FB:2F:13:43:99:23:29:03:D7:4B:D9:05:21:D5:59:15:EA:35:75
ValidityMon, 20 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7664), with no line terminators
Size
7.2 kB (7206 bytes)
Hash
8b061a79d70f10fc75bb3d2722fd2598
d0cd800e107300e125be154241033eebef26056c
be1e78c7c19afc73eee58a9c6e18f22f4e2b96b98189ad2c9a5729a7ee3a56f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme/Master/SubscriptionPages/js/subscriptions/validation/min/regValidation.min.928257bc.js HTTP/1.1
Host: goepisodes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goepisodes.com/registration?theme=m-2-grizzlyX&v_id=4c02c7d7-bb25-8495-2252-2f3e59315818&capo=dHVybmh1Yi5uZXQ=&entityId=2&capoUrl=turnhub.net&page=m-2-grizzlyX&clickid=3bdea4981ae2437e9d4bfc9db98f6cf0&pubid=3018273456617&a_aid=864kjuyuio54&st_region=03
Cookie: CakeCookie[a_aid]=ODY0a2p1eXVpbzU0; CakeCookie[capo]=ZEhWeWJtaDFZaTV1WlhRPQ%3D%3D; CakeCookie[capoUrl]=dHVybmh1Yi5uZXQ%3D; CakeCookie[clickid]=M2JkZWE0OTgxYWUyNDM3ZTlkNGJmYzlkYjk4ZjZjZjA%3D; CakeCookie[entityId]=Mg%3D%3D; CakeCookie[lang]=eng; CakeCookie[pubid]=MzAxODI3MzQ1NjYxNw%3D%3D; CakeCookie[st_region]=MDM%3D; CakeCookie[v_id]=NGMwMmM3ZDctYmIyNS04NDk1LTIyNTItMmYzZTU5MzE1ODE4; CakeCookie[registrationaff_864kjuyuio54_3018273456617_fire_stats]=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Nov 2023 23:09:01 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 23 Nov 2023 21:45:07 GMT
etag: W/"655fc7e3-1c26"
x-frame-options: SAMEORIGIN
cf-cache-status: HIT
age: 4613
expires: Sun, 26 Nov 2023 03:09:01 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 82bd8e94d8225689-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (55)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL