Report - daddysonwithbenefits.com/t2

Report Overview

Visited public
2023-09-16 03:02:45
Tags
URL
daddysonwithbenefits.com/t2
Finishing URL
daddysonwithbenefits.com/t2/
IP / ASN
208.74.149.150
#27589 MOJOHOST
Title
Daddy Son With Benefits

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
daddysonwithbenefits.com	unknown	2017-07-16	2019-07-08 06:35:00	2023-06-10 01:40:18	12 kB	3.3 MB	208.74.149.150
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-09-15 21:38:35	899 B	149 kB	142.250.74.168
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24 15:35:31	2023-09-15 18:15:01	898 B	30 kB	152.199.19.160
ka-p.fontawesome.com	4489	2012-10-18	2019-12-16 21:35:53	2023-09-15 18:20:17	4.0 kB	183 kB	104.18.22.52
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-15 20:31:32	434 B	1.2 kB	142.250.74.106
bestlnd.com	unknown	2021-07-01	2021-07-02 02:55:54	2023-09-10 04:58:14	545 B	30 kB	44.225.208.92
accessjoin.com	unknown	2023-02-23	2015-11-07 01:01:05	2023-02-24 10:16:56	670 B	30 kB	163.171.129.207
plausible.io	48197	2018-12-30	2019-02-01 09:53:03	2023-09-14 21:42:37	902 B	108 kB	194.242.11.186
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-09-15 22:13:52	452 B	32 kB	142.250.74.10
rfdcxz.com	unknown	2023-05-08	2023-07-06 21:26:59	2023-09-09 21:52:41	7.9 kB	94 kB	207.120.33.40
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-09-15 18:20:17	893 B	5.6 kB	104.18.22.52
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-15 21:18:55	1.0 kB	140 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed
2023-09-16	medium	rfdcxz.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	plausible.io/js/script.js	ScriptElement	1.3 kB	2023-05-22	2025-05-08
Pretty URL plausible.io/js/script.js IP 194.242.11.186 ASN #34989 ServeTheWorld AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 17:22 Last Seen2025-05-08 23:04 Times Seen4808 Hash abd4e2373b2e8c4dac2e80159641c5f1 e273656e58ca934d873204e68dd35670fde657ed 021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94 Loading...

	ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-05-09
Pretty URL ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 10:31 Times Seen27457 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js	ScriptElement	13 kB	2023-03-07	2025-04-17
Pretty URL rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 05:46 Times Seen84 Hash 2cf9df789476bc39b9906030f639660d de708b4a0fe32f3d77505675eb119b671327a6b4 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	127 B	2023-03-07	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2024-08-21 08:25 Times Seen17 Hash 987cb4cd06cbdbc694458792197453a0 03a7bedae186b4579555956a004744f78497b3e7 b1ec8ca388b07625941809d2bea46f0ba3ed49485c25cf1fe5735c080d81771d Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	388 B	2023-08-19	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-19 00:11 Last Seen2024-08-21 08:25 Times Seen12 Hash e0dfddef92dfde8d95dc42e03363cc81 ba518d5c70e54c50f3af40a280be1a3f681b7ea5 93850ebe5df1fed9e36047465ada548c828d41ca5810ddc98139fbf0b2c9f4b3 Loading...

	kit.fontawesome.com/b314bdf1b3.js	ScriptElement	12 kB	2023-06-20	2023-11-22
Pretty URL kit.fontawesome.com/b314bdf1b3.js IP 104.18.22.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-20 05:08 Last Seen2023-11-22 21:59 Times Seen16 Hash 4fc6cefe553c0690d16534ebf9d89181 aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f 8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	264 B	2023-03-07	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen22 Hash 50b8d257c149e4c89eb8fcd42cbb90bd ec36a40fb37b6fcca17ac892e3b274ecff9c5164 04b5d8be7fc682489a5060b6832c7a14ebe5480a284f3f9d55f0a0407aeff7b0 Loading...

	www.googletagmanager.com/gtag/js?id=UA-73753491-30	ScriptElement	189 kB	2023-09-16	2023-09-16
Pretty URL www.googletagmanager.com/gtag/js?id=UA-73753491-30 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:02 Last Seen2023-09-16 05:02 Times Seen1 Hash 7b694e0126985595386be9194bbe077b b8f76d4d26b63fa5dcec3895828ad9b4be92c355 55128e724f5f8c92585e3e84224dcd3af75b6ed5174de424cfd1ff7e5bc875fc Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 10:31 Times Seen340618 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-3Q93FCY9B1&l=dataLayer&cx=c	ScriptElement	221 kB	2023-09-16	2023-09-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-3Q93FCY9B1&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:02 Last Seen2023-09-16 05:02 Times Seen1 Hash 52966a556ee244661f507bf58e1fb4eb 7daf5fb9dfc3cff94ad24349b5378d78ad81f112 6acc4cca22f7fed17abcf2482a5b210a0035b20c7ca3f9dfbd85ccfa3073bfa5 Loading...

	rfdcxz.com/common_tpls/js/form_support.js?v=1101202201	ScriptElement	3.8 kB	2023-03-08	2024-08-21
Pretty URL rfdcxz.com/common_tpls/js/form_support.js?v=1101202201 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25 Last Seen2024-08-21 08:25 Times Seen40 Hash 4ffa5d12f2aa2394aa284438d9ab1658 66a6678dc24eae37e35b8ee571e78f6e8af796da a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0 Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	166 B	2023-03-07	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 08:25 Times Seen35 Hash 30fbeedd3ef42ed4b3c0cedc516b2f71 dff25b928dad51d1d769285bf2a302d2be531927 1a9018c8172241d8aade74fd982307b0171e6b21ce2b4a470342852d92a99ed0 Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	59 B	2023-03-07	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:58 Last Seen2024-08-21 08:11 Times Seen16 Hash cffd5e347526410b8d4ea84ff7d98463 9ea138c5d82132b2903dfca2bc6de42e3bb4b2c7 4ac6a08906e572c5a01455e972b35ec841a7e0f63619562b1458dac804e7a246 Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	206 B	2023-03-07	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:58 Last Seen2024-08-21 08:25 Times Seen18 Hash 5f165dbb3feea7b4424a23a8756968d4 b2c2d5ac323753364da55be6246ca5d176a2d74d 3f19399992595664c23c41ba7cb1dd94a995b37dc681622aedc956975fb9ddc3 Loading...

	daddysonwithbenefits.com/t2/	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL daddysonwithbenefits.com/t2/ IP 208.74.149.150 ASN #27589 MOJOHOST Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 10:39 Times Seen4635382 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	daddysonwithbenefits.com/t2/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL daddysonwithbenefits.com/t2/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 10:31 Times Seen341419 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33	ScriptElement	26 kB	2023-03-14	2024-08-21
Pretty URL rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 00:51 Last Seen2024-08-21 08:25 Times Seen14 Hash b26223d9940db2288de40d67f6f90731 83fd7db93e9f1c5eb54305c662140d350e81f0f4 82541640f7edc753be5fb44d233216f5906f8f6ebc7200a02f229e263997b0ef Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	528 B	2023-03-07	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2024-08-21 08:11 Times Seen24 Hash 10dd1b2ab36045f6dd30390708c046c8 5ea106d1b689de5bda25b576ae36d26160ed6795 6d5167f39f1f849ab2050bb2429f122ed1e62a41d7bdcf18a9ec09438f087e88 Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	500 B	2023-06-20	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-20 05:08 Last Seen2024-08-21 08:25 Times Seen30 Hash b3a1b315d6288a561818ce4d5253d7f6 2ce9c680b598f3cc1e3962a44ef82ae5fa4494fd 91fd13dbb2b63dbb6392347bd6b26447b1e7aa12711de8bd71979cd981ff1cb4 Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	2.5 kB	2023-03-12	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:48 Last Seen2024-08-21 08:25 Times Seen11 Hash d8f703292262addbd1d29b3e00f14a58 441b15d7a7a85897e4b0bad12229ab2b44f3af5d cfe3ab5d0b2840811465dfdb0be54dab8889a1c51b27fc4edadc54e30874519e Loading...

	daddysonwithbenefits.com/t2/js/fn.obfuscated.js	ScriptElement	201 kB	2023-03-08	2023-09-16
Pretty URL daddysonwithbenefits.com/t2/js/fn.obfuscated.js IP 208.74.149.150 ASN #27589 MOJOHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:50 Last Seen2023-09-16 05:02 Times Seen2 Hash 3c45f72ef48f173cd2a1a28d55bc9020 fea1d2d981009429b5ddd02410ea7218e958c32e d947a52939afa3f9cd42a060f0debb4a0d41562c7c668c063a0f39af4f9fd7e3 Loading...

	daddysonwithbenefits.com/t2/	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL daddysonwithbenefits.com/t2/ IP 208.74.149.150 ASN #27589 MOJOHOST Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 10:39 Times Seen4635382 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 10:36 Times Seen68113 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593	ScriptElement	62 B	2024-08-21	2024-08-21
Pretty URL rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 IP 207.120.33.40 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 06:45 Last Seen2024-08-21 06:45 Times Seen1 Hash 7ecf6343d0f4ff02c04e151a47e3f977 10cb35c51f98d0f1cbf330bc7c87135cd3fd1b42 a3102619bff8a8b89bc13bca872823df3803bd8f35bb981828108bb7c3be7e3b Loading...

HTTP Transactions (57)

URL IP Response Size

daddysonwithbenefits.com/t2

208.74.149.150

301 Moved Permanently

244 B

URL User Request GET HTTP/2
daddysonwithbenefits.com/t2
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
244 B (244 bytes)
Hash
6690b6b56a8104828e663e4441ad92f0
af4bb421fc637a595be494a77b0a095b3dfd2056
a703f9e3fa6a75799f269a70621d0c60ceb70e186f7c3fb4364a998b0283499b

HTTP Headers

GET /t2 HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://daddysonwithbenefits.com/t2/
content-length: 244
content-type: text/html; charset=iso-8859-1
date: Sat, 16 Sep 2023 03:02:24 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/

208.74.149.150

200 OK

1.7 kB

URL User Request GET HTTP/2
daddysonwithbenefits.com/t2/
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3487)
Size
1.7 kB (1703 bytes)
Hash
1341e2a98bd666369888fd5bdfe88aee
ea6a3c7d89d633b2a17910d7f52f78ea438fd072
cda6f87420770f0bd0ab460dbbefdb8012c02af86d4808ce51491b1fc40ceb21

HTTP Headers

GET /t2/ HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1703
content-type: text/html; charset=UTF-8
date: Sat, 16 Sep 2023 03:02:24 GMT
server: Apache/2
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-73753491-30

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-73753491-30
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68806 bytes)
Hash
7b694e0126985595386be9194bbe077b
b8f76d4d26b63fa5dcec3895828ad9b4be92c355
55128e724f5f8c92585e3e84224dcd3af75b6ed5174de424cfd1ff7e5bc875fc

HTTP Headers

GET /gtag/js?id=UA-73753491-30 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 16 Sep 2023 03:02:25 GMT
expires: Sat, 16 Sep 2023 03:02:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68806
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/css/styles.min.css

208.74.149.150

200 OK

2.6 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/css/styles.min.css
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
ASCII text, with very long lines (9427), with no line terminators
Size
2.6 kB (2642 bytes)
Hash
6069ae63115b715a14fb120059f39506
b8d7993225a7b6f0bd8132e9ca58cf5d2dca458b
9997b4dfacc3861eedaf1627a34550293bb3d81601bf28bbb1fed191155ba225

HTTP Headers

GET /t2/css/styles.min.css HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:17:01 GMT
etag: "24d3-57d5194832940-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2642
content-type: text/css
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/js/fn.obfuscated.js

208.74.149.150

200 OK

45 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/js/fn.obfuscated.js
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
45 kB (45387 bytes)
Hash
3c45f72ef48f173cd2a1a28d55bc9020
fea1d2d981009429b5ddd02410ea7218e958c32e
d947a52939afa3f9cd42a060f0debb4a0d41562c7c668c063a0f39af4f9fd7e3

HTTP Headers

GET /t2/js/fn.obfuscated.js HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 10 Aug 2019 03:46:18 GMT
etag: "31026-58fbb22241680-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 45387
content-type: application/javascript
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-3Q93FCY9B1&l=dataLayer&cx=c

142.250.74.168

200 OK

79 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-3Q93FCY9B1&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
ASCII text, with very long lines (4179)
Size
79 kB (79232 bytes)
Hash
52966a556ee244661f507bf58e1fb4eb
7daf5fb9dfc3cff94ad24349b5378d78ad81f112
6acc4cca22f7fed17abcf2482a5b210a0035b20c7ca3f9dfbd85ccfa3073bfa5

HTTP Headers

GET /gtag/js?id=G-3Q93FCY9B1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 16 Sep 2023 03:02:25 GMT
expires: Sat, 16 Sep 2023 03:02:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79232
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

plausible.io/api/event

194.242.11.186

202 Accepted

2 B

URL POST HTTP/2
plausible.io/api/event
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectplausible.io
Fingerprint30:46:D6:90:87:90:FA:B1:40:13:DD:94:06:D2:B9:70:C9:1A:A7:27
ValiditySat, 16 Sep 2023 01:08:24 GMT - Fri, 15 Dec 2023 01:08:23 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /api/event HTTP/1.1
Host: plausible.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 99
Origin: https://daddysonwithbenefits.com
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 202 Accepted
date: Sat, 16 Sep 2023 03:02:25 GMT
content-type: text/plain; charset=utf-8
content-length: 2
server: BunnyCDN-NO1-830
cdn-pullzone: 682664
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestcountrycode: NO
access-control-allow-credentials: true
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000
cache-control: must-revalidate, max-age=0, private
application: 10.0.0.3
permissions-policy: interest-cohort=()
x-request-id: F4VB8rGztAw7uGXxy5cD
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 202
cdn-cachedat: 09/16/2023 03:02:25
cdn-edgestorageid: 830
cdn-requestid: 4a00b408411d30595639e4135770d24f
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-1.jpg

208.74.149.150

200 OK

274 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-1.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
274 kB (274076 bytes)
Hash
4a3fa015924ce929e5c26941e80104d3
890a76bff5c4e5a7372618e888a874b9b1273e0d
61be4feb4b8028e0f4f706cd99bf6937145daadd30cf8987a04e4deb294c9a55

HTTP Headers

GET /t2/images/bg-1.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/css/styles.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:49 GMT
etag: "42e9c-57d5190388740"
accept-ranges: bytes
content-length: 274076
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/fonts/MyriadProBoldCond.woff2

208.74.149.150

200 OK

35 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/fonts/MyriadProBoldCond.woff2
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35148, version 1.0\012- data
Size
35 kB (35148 bytes)
Hash
47d19f07dc8bb8f8f73f3087c460eb06
a795df7773b937aa2534003bf057757ae6ae00d3
2a9ff3a247a7612a609ebbac53f1d963ac0adad64073758a62720efd62e3fa04

HTTP Headers

GET /t2/fonts/MyriadProBoldCond.woff2 HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/css/styles.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:17:03 GMT
etag: "894c-57d5194a1adc0"
accept-ranges: bytes
content-length: 35148
vary: Accept-Encoding,User-Agent
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/fonts/Impact.woff2

208.74.149.150

200 OK

59 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/fonts/Impact.woff2
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
Web Open Font Format (Version 2), TrueType, length 58868, version 5.0\012- data
Size
59 kB (58868 bytes)
Hash
c120c3baa9610364790fd2f3292148d4
01ad0b875780fe5478d394fd35c5cec042a1a434
2043db4bc663d75d0e1aac077e06acadf79a960e36fd038f54c32338e1242a1e

HTTP Headers

GET /t2/fonts/Impact.woff2 HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/css/styles.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:17:02 GMT
etag: "e5f4-57d5194926b80"
accept-ranges: bytes
content-length: 58868
vary: Accept-Encoding,User-Agent
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-1-mobile.jpg

208.74.149.150

200 OK

99 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-1-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
99 kB (98579 bytes)
Hash
d3a03abd4ab93517badb49b6f03fb49e
ec771f779bf71e231d8ba67996a4dcdcfd402b60
a81b2824297bf79eec4ac6d20c7e986dac3c8daff99e1d0d94b29d6e27d99dbe

HTTP Headers

GET /t2/images/bg-1-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:49 GMT
etag: "18113-57d5190388740"
accept-ranges: bytes
content-length: 98579
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-2-mobile.jpg

208.74.149.150

200 OK

97 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-2-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
97 kB (97283 bytes)
Hash
3cc6b65d5edc9c5fee7f4e235796cb0a
b008328081940af9a6283b40b2be4e2087114c84
a01c1c14f68d007098c6bbf386eba7bc189c391413e3ac7f285fffc3fe832424

HTTP Headers

GET /t2/images/bg-2-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:50 GMT
etag: "17c03-57d519047c980"
accept-ranges: bytes
content-length: 97283
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-3-mobile.jpg

208.74.149.150

200 OK

108 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-3-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
108 kB (108056 bytes)
Hash
7858c463a54a99bdb83799acc736f161
83b2d797ce76cb9ec602eb3a4c68e3bdff6f0cb7
b0e6a4d41a904e2ec6ac77f6e4bb6ff97b611428b99984a690bd5a3c60688070

HTTP Headers

GET /t2/images/bg-3-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:50 GMT
etag: "1a618-57d519047c980"
accept-ranges: bytes
content-length: 108056
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-4-mobile.jpg

208.74.149.150

200 OK

107 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-4-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
107 kB (107337 bytes)
Hash
4ed0919c0fe9dd34ade47d988056b115
f7ed2c2fc9d14c2fbccddcd1d56d6603204ff178
53cd46d7efe68a7608cdf6ed2b616469df426e24781cf1036baf9e3aefce8611

HTTP Headers

GET /t2/images/bg-4-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:51 GMT
etag: "1a349-57d5190570bc0"
accept-ranges: bytes
content-length: 107337
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-5-mobile.jpg

208.74.149.150

200 OK

118 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-5-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
118 kB (118471 bytes)
Hash
e6efc8a234bfc73d2888c0d9a929d2b8
3b74c1496cd1b367335b131024427c58f18ad890
95fa159f7edf491d1c56266246c1af520b864bd49e8246d91c577be4571c3e68

HTTP Headers

GET /t2/images/bg-5-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:48 GMT
etag: "1cec7-57d5190294500"
accept-ranges: bytes
content-length: 118471
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-6-mobile.jpg

208.74.149.150

200 OK

88 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-6-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
88 kB (88148 bytes)
Hash
d66073280ddf60f7bec7f54d2415876c
7226d035043723496b94f96f13a44f4c820a3abb
2e14def67a9020b3b315e3ca1b811a9e497001138e85aade28b985682cba59a3

HTTP Headers

GET /t2/images/bg-6-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:47 GMT
etag: "15854-57d51901a02c0"
accept-ranges: bytes
content-length: 88148
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-7-mobile.jpg

208.74.149.150

200 OK

118 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-7-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
118 kB (118119 bytes)
Hash
f9081ea3e0e5be2e9875f71ca9664965
1c57c2f37a6fa80b302160b0bc63bee176606955
4856aec3b129bf6e444aa445cf62c4676de1f87eb90e255b5f8693bf61ba7e8e

HTTP Headers

GET /t2/images/bg-7-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:48 GMT
etag: "1cd67-57d5190294500"
accept-ranges: bytes
content-length: 118119
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

plausible.io/js/script.js

194.242.11.186

200 OK

107 kB

URL GET HTTP/2
plausible.io/js/script.js
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectplausible.io
Fingerprint30:46:D6:90:87:90:FA:B1:40:13:DD:94:06:D2:B9:70:C9:1A:A7:27
ValiditySat, 16 Sep 2023 01:08:24 GMT - Fri, 15 Dec 2023 01:08:23 GMT

File type
ASCII text, with very long lines (1346), with no line terminators
Size
107 kB (106819 bytes)
Hash
abd4e2373b2e8c4dac2e80159641c5f1
e273656e58ca934d873204e68dd35670fde657ed
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

HTTP Headers

GET /js/script.js HTTP/1.1
Host: plausible.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:25 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 682664
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000
cache-control: public, must-revalidate, max-age=86400
application: 10.0.1.5
cross-origin-resource-policy: cross-origin
permissions-policy: interest-cohort=()
x-content-type-options: nosniff
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 09/15/2023 13:04:33
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 1f5b0fa6aaa3eac81e7189e654b29055
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/audio/1.mp3

208.74.149.150

404 Not Found

315 B

URL GET HTTP/2
daddysonwithbenefits.com/t2/audio/1.mp3
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /t2/audio/1.mp3 HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-3.jpg

208.74.149.150

200 OK

300 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-3.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
300 kB (299486 bytes)
Hash
6552b7bd37b5b1347074293617ab7b7d
f12df94aec7eb3b6a632b1aab5b53935a5eb8ed9
94986830f0ee2cef5748b3aa26ea141d3c41ae72ee745cbac021b07b780be09c

HTTP Headers

GET /t2/images/bg-3.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:50 GMT
etag: "491de-57d519047c980"
accept-ranges: bytes
content-length: 299486
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-2.jpg

208.74.149.150

200 OK

308 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-2.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
308 kB (307973 bytes)
Hash
07d5bb9cd34714c757269d18ea7ee5d0
7886f0e1acb8f9ebedcc45689fb76c43e9a090c2
16fcfd4bb4128745a73e524bbdda1a6ba82263ad5cbe52e0f8e754925610dd7f

HTTP Headers

GET /t2/images/bg-2.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:50 GMT
etag: "4b305-57d519047c980"
accept-ranges: bytes
content-length: 307973
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-4.jpg

208.74.149.150

200 OK

282 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-4.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
282 kB (281450 bytes)
Hash
29c695f2486d8ace5fa272cc5cee5c6a
19f3d7fc45ca2afddb9ab10a1aed21df84aea18c
e2a8ce33faba6c40b9d6cb985d4c413ab4e94c99508de42de99fd9cbdbd1e482

HTTP Headers

GET /t2/images/bg-4.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:51 GMT
etag: "44b6a-57d5190570bc0"
accept-ranges: bytes
content-length: 281450
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-5.jpg

208.74.149.150

200 OK

304 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-5.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
304 kB (304287 bytes)
Hash
a821ac7c4410a70dab3abb6eaabc03cd
1757906e1ec61a6789168a925154cfddd1f22a51
f91b4ac24548e4e57f93ae44021871b7f6dd7073d885c87793f18d6266f89272

HTTP Headers

GET /t2/images/bg-5.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:51 GMT
etag: "4a49f-57d5190570bc0"
accept-ranges: bytes
content-length: 304287
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-6.jpg

208.74.149.150

200 OK

274 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-6.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
274 kB (274076 bytes)
Hash
4a3fa015924ce929e5c26941e80104d3
890a76bff5c4e5a7372618e888a874b9b1273e0d
61be4feb4b8028e0f4f706cd99bf6937145daadd30cf8987a04e4deb294c9a55

HTTP Headers

GET /t2/images/bg-6.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:48 GMT
etag: "42e9c-57d5190294500"
accept-ranges: bytes
content-length: 274076
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-8.jpg

208.74.149.150

200 OK

300 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-8.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
300 kB (299486 bytes)
Hash
6552b7bd37b5b1347074293617ab7b7d
f12df94aec7eb3b6a632b1aab5b53935a5eb8ed9
94986830f0ee2cef5748b3aa26ea141d3c41ae72ee745cbac021b07b780be09c

HTTP Headers

GET /t2/images/bg-8.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:49 GMT
etag: "491de-57d5190388740"
accept-ranges: bytes
content-length: 299486
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-7.jpg

208.74.149.150

200 OK

308 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-7.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
308 kB (307973 bytes)
Hash
07d5bb9cd34714c757269d18ea7ee5d0
7886f0e1acb8f9ebedcc45689fb76c43e9a090c2
16fcfd4bb4128745a73e524bbdda1a6ba82263ad5cbe52e0f8e754925610dd7f

HTTP Headers

GET /t2/images/bg-7.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:48 GMT
etag: "4b305-57d5190294500"
accept-ranges: bytes
content-length: 307973
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

daddysonwithbenefits.com/favicon.ico

208.74.149.150

404 Not Found

315 B

URL GET HTTP/2
daddysonwithbenefits.com/favicon.ico
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Cookie: _ga_3Q93FCY9B1=GS1.1.1694833345.1.0.1694833345.0.0.0; _ga=GA1.1.559064126.1694833346
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Sat, 16 Sep 2023 03:02:26 GMT
server: Apache/2
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js

152.199.19.160

200 OK

9.8 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9839 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 4929880
cache-control: public,max-age=31536000
content-type: application/javascript
date: Sat, 16 Sep 2023 03:02:27 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.10

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 13 Sep 2023 12:20:02 GMT
expires: Thu, 12 Sep 2024 12:20:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 225745
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css

152.199.19.160

200 OK

20 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
20 kB (19629 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 14020028
cache-control: public,max-age=31536000
content-type: text/css
date: Sat, 16 Sep 2023 03:02:27 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/compactML/css/clickpagay1.css

207.120.33.40

200 OK

7.9 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/compactML/css/clickpagay1.css
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
ASCII text, with very long lines (43186), with no line terminators
Size
7.9 kB (7929 bytes)
Hash
38c71a870156252da1d0beacea6bb845
26aa17e37e42f75f70ae8d4ef7b759b699da3a93
855595666f93ba0ea82842887ca150e0ff41e7cef694fc45ee0b5045f3496d60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/compactML/css/clickpagay1.css HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 7929
last-modified: Tue, 08 Mar 2022 19:21:33 GMT
etag: W/"6227acbd-a8b2"
content-encoding: gzip
section-io-cache-id: a1cff5d5c10db9e31bad9ee5d9f955d2
vary: Accept-Encoding
x-varnish: 12203667 4232324
age: 19979
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: f4b494e0973938c2853cc04d8c98141e
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/images/ajax-loader.gif

207.120.33.40

200 OK

3.2 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/images/ajax-loader.gif
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/ajax-loader.gif HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: image/gif
content-length: 3208
last-modified: Mon, 07 Oct 2013 22:49:23 GMT
etag: "52533a73-c88"
section-io-cache-id: 66694b801399c09f4733a31f60f9c54e
x-varnish: 2378091 1322170
age: 13713
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 7b43a05681f6dc532f62cd98d3de7eb8
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/images/icons/email.png

207.120.33.40

200 OK

1.3 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/images/icons/email.png
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1254 bytes)
Hash
a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/email.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
section-io-cache-id: 735b51abebd6ee315d0ccd1c0a3bfdfe
x-varnish: 12203669 4468062
age: 20197
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 7ac5d229c02fe93a59d62ce40acb7a07
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/images/icons/password.png

207.120.33.40

200 OK

1.5 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/images/icons/password.png
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1452 bytes)
Hash
6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/password.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
section-io-cache-id: 2a46f61e50e179b7fd6fe55b9cfb1f21
x-varnish: 2378092 1291617
age: 13699
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: ebadd5ab7ff1aa70de54d6293ee288e6
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/images/icons/fname.png

207.120.33.40

200 OK

1.6 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/images/icons/fname.png
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1649 bytes)
Hash
5c846870756544f39604e671d4111b9d
304938c74246e228fa82d8ca40201c3db6098074
d43abf8c5665519a3fe3f7e90298fc17b62e06d8ada1b90a44ea9985a62abb4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/fname.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: image/png
content-length: 1649
last-modified: Tue, 28 Nov 2017 20:52:02 GMT
etag: "5a1dcc72-671"
section-io-cache-id: 20cd9023b53e8928e3cd73d2b8b859db
x-varnish: 12203670 6011049
age: 20156
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 2c4b1659ba1e1194cee1918d699d9c58
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/images/icons/address.png

207.120.33.40

200 OK

1.2 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/images/icons/address.png
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.2 kB (1167 bytes)
Hash
b579e9868402d708e54e1a980166c444
1c58e2890b934c0b1ab057f3ac28bedd2a082d19
67756f8b542c7823bcdba421219c3b8e1ee472748d8c3463534f667271356dfb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/address.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: image/png
content-length: 1167
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-48f"
section-io-cache-id: 7a8d3d6cf4b02533c833d081162099bd
x-varnish: 2378093 3380998
age: 13801
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 3bf0e4689f62e40e9c2d7d03dd6efae4
X-Firefox-Spdy: h2

kit.fontawesome.com/b314bdf1b3.js

104.18.22.52

200 OK

4.3 kB

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3.js
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11213)
Size
4.3 kB (4259 bytes)
Hash
4fc6cefe553c0690d16534ebf9d89181
aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f
8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb

HTTP Headers

GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3a06yrBdhpxMJgACU0C
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 8075dee5bf145690-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3

104.18.22.52

200 OK

54 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65397)
Size
54 kB (54194 bytes)
Hash
486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

HTTP Headers

GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee83ff55690-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3

104.18.22.52

200 OK

2.6 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (27832)
Size
2.6 kB (2603 bytes)
Hash
1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee83ff75690-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

104.18.22.52

200 OK

4.2 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee83ff65690-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

104.18.22.52

200 OK

4.2 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee8580e5690-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3

104.18.22.52

200 OK

2.6 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (27832)
Size
2.6 kB (2603 bytes)
Hash
1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee8580f5690-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3

104.18.22.52

200 OK

54 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65397)
Size
54 kB (54194 bytes)
Hash
486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

HTTP Headers

GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee8580b5690-OSL
X-Firefox-Spdy: h2

kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css

104.18.22.52

200 OK

0 B

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3HEz91sxmKZH5yginzj
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee8681c5690-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrFJA.ttf

216.58.207.227

200 OK

70 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrFJA.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
TrueType Font data, 13 tables, 1st "GDEF", 8 names, Microsoft, language 0x409\012- data
Size
70 kB (69472 bytes)
Hash
cd6b896a19b4babd1a2fa07498e9fc47
52f9413b264e8ecefbbf12830e3dfadebbf72986
cdedb1729acac414ed01744a11da7badb86adf13108e7bd3fa161b9323f7fe54

HTTP Headers

GET /s/poppins/v19/pxiEyp8kv8JHgFVrFJA.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 69472
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 12 Sep 2023 06:39:53 GMT
expires: Wed, 11 Sep 2024 06:39:53 GMT
cache-control: public, max-age=31536000
age: 332554
last-modified: Wed, 26 Jan 2022 19:11:10 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLGT9V1s.ttf

216.58.207.227

200 OK

69 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLGT9V1s.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
TrueType Font data, 13 tables, 1st "GDEF", 8 names, Microsoft, language 0x409\012- data
Size
69 kB (68742 bytes)
Hash
614a91afc751f09d049231f828801c20
cf83e7582e60ed83f67c7d68b4f7482ac9fc6958
fcff04f4bec2b3636f05ed894dc1f9a752c4cb587ee49857ec7a82abaf6ca016

HTTP Headers

GET /s/poppins/v19/pxiByp8kv8JHgFVrLGT9V1s.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 68742
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Sep 2023 21:00:48 GMT
expires: Fri, 13 Sep 2024 21:00:48 GMT
cache-control: public, max-age=31536000
age: 108099
last-modified: Wed, 26 Jan 2022 19:15:44 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2

104.18.22.52

200 OK

38 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 37796, version 331.-31196\012- data
Size
38 kB (37796 bytes)
Hash
6cdf281bc8af0068561fe6aa361a6a0b
4b11f830ee1b852b8aa46ea7e4cfe709a327bf58
49fd3e0c64f247cf56cb828bc37b88cf139df6e5c7bb4c3a4507f740e9a52c17

HTTP Headers

GET /releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:28 GMT
content-type: font/woff2
content-length: 37796
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae351-93a4"
last-modified: Wed, 04 Aug 2021 18:58:25 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 102285
accept-ranges: bytes
server: cloudflare
cf-ray: 8075dee988a85690-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2

104.18.22.52

200 OK

20 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196\012- data
Size
20 kB (19784 bytes)
Hash
c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c

HTTP Headers

GET /releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:28 GMT
content-type: font/woff2
content-length: 19784
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae35f-4d48"
last-modified: Wed, 04 Aug 2021 18:58:39 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1345965
accept-ranges: bytes
server: cloudflare
cf-ray: 8075deea28e05690-OSL
X-Firefox-Spdy: h2

rfdcxz.com/acct/trk/?rtid=22343157593

207.120.33.40

200 OK

21 B

URL GET HTTP/2
rfdcxz.com/acct/trk/?rtid=22343157593
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
a2956eeedaeaca7cb2aa1d170ccbd6e8
7d2e3e9c03c2f1da2ad7df2b865665aedc94c5bd
4614e906eeed55dc4887b1ec3fa996b4ba45781d6af03e00d450b9ce89ca032f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /acct/trk/?rtid=22343157593 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:28 GMT
content-type: text/json;charset=UTF-8
content-length: 21
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 9515438
age: 0
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Miss
section-io-id: 84b1f53e0c78522fa743ab6141b3fd90
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/js/form_support.js?v=1101202201

207.120.33.40

200 OK

3.8 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/js/form_support.js?v=1101202201
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
ASCII text, with very long lines (4261), with no line terminators
Size
3.8 kB (3799 bytes)
Hash
bd72340aa5a6ac08cf9a0fdbd650579c
c0550503cbb35b4abcc5618fc78a0cb18c26c89c
783abe18fe8132421d19b383088f95e95a9ee6ac64b85bd2e2b178b481ab2ca4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 21:23:38 GMT
etag: W/"6377f7da-ed7"
section-io-cache-id: fed7bc7fce798cc7a25852e9a8129086
x-varnish: 2378090 147373
age: 13762
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: d028a30e09512a068b8719930b4dd98b
X-Firefox-Spdy: h2

bestlnd.com/ep.php/stgngy:75037/69904:DEFAULT

44.225.208.92

302 Found

30 kB

URL GET HTTP/2
bestlnd.com/ep.php/stgngy:75037/69904:DEFAULT
IP
44.225.208.92:443
ASN
#16509 AMAZON-02

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerAmazon
Subjectfirstlnd.com
FingerprintC2:31:F7:32:02:DF:6A:34:F9:25:A1:C0:95:73:C5:49:82:1A:56:BF
ValidityWed, 03 May 2023 00:00:00 GMT - Fri, 31 May 2024 23:59:59 GMT

File type

Size
30 kB (29672 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ep.php/stgngy:75037/69904:DEFAULT HTTP/1.1
Host: bestlnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 16 Sep 2023 03:02:25 GMT
content-type: text/html; charset=UTF-8
location: https://accessjoin.com/signup/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff
set-cookie: AWSALB=dJHgooPyez5Kf5uZ3JP/9a+IihfEhYa4t67rpyTopoU7QR+b107yU5P7ccCF5CsUtHkY2XeZ6LymYzWXKS6zLCPwa+lPMgmqWB+fVlPE6A7cx5HLJk4a5CtiPaoL; Expires=Sat, 23 Sep 2023 03:02:25 GMT; Path=/
AWSALBCORS=dJHgooPyez5Kf5uZ3JP/9a+IihfEhYa4t67rpyTopoU7QR+b107yU5P7ccCF5CsUtHkY2XeZ6LymYzWXKS6zLCPwa+lPMgmqWB+fVlPE6A7cx5HLJk4a5CtiPaoL; Expires=Sat, 23 Sep 2023 03:02:25 GMT; Path=/; SameSite=None; Secure
vip_id=69904.47658-588850; expires=Tue, 19-Sep-2023 03:02:25 GMT; Max-Age=259200; path=/
server: Apache
X-Firefox-Spdy: h2

daddysonwithbenefits.com/t2/images/bg-8-mobile.jpg

208.74.149.150

200 OK

106 kB

URL GET HTTP/2
daddysonwithbenefits.com/t2/images/bg-8-mobile.jpg
IP
208.74.149.150:443
ASN
#27589 MOJOHOST

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectdaddysonwithbenefits.com
Fingerprint91:3A:E5:F4:FC:1E:DC:8F:C0:78:27:EF:D8:37:AE:0C:8B:7B:6C:25
ValidityMon, 04 Sep 2023 03:14:33 GMT - Sun, 03 Dec 2023 03:14:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 700x1100, components 3\012- data
Size
106 kB (106024 bytes)
Hash
606dff6d96db2d92f145d253af93324f
ee1fac70f46d73e1945012ba90604f96262802ac
59cb35accc7ad609dc6e08190dbe5e63ff6b659a7ca9cd721f522b7d8f4e79f7

HTTP Headers

GET /t2/images/bg-8-mobile.jpg HTTP/1.1
Host: daddysonwithbenefits.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddysonwithbenefits.com/t2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 18 Dec 2018 20:15:49 GMT
etag: "19e28-57d5190388740"
accept-ranges: bytes
content-length: 106024
content-type: image/jpeg
date: Sat, 16 Sep 2023 03:02:25 GMT
server: Apache/2
X-Firefox-Spdy: h2

rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593

207.120.33.40

200 OK

30 kB

URL GET HTTP/2
rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type

Size
30 kB (29672 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://daddysonwithbenefits.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 3748398
age: 0
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 82d6e335c1d28b18c72df1f50a534c21
X-Firefox-Spdy: h2

accessjoin.com/signup/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff

163.171.129.207

302 Found

30 kB

URL GET HTTP/2
accessjoin.com/signup/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff
IP
163.171.129.207:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://daddysonwithbenefits.com/t2/
Certificate
IssuerGlobalSign nv-sa
Subject*.accessjoin.com
FingerprintE7:48:AE:01:D9:B9:7C:69:58:6B:98:52:D4:BD:D0:C1:44:28:EF:1C
ValidityThu, 23 Feb 2023 21:20:46 GMT - Tue, 26 Mar 2024 21:20:45 GMT

File type

Size
30 kB (29672 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /signup/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff HTTP/1.1
Host: accessjoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://daddysonwithbenefits.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 16 Sep 2023 03:02:26 GMT
content-type: text/html; charset=UTF-8
server: PWS/8.3.1.0.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=c5e31a729f8493ce21df853468399ab6; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
via: 1.1 PS-FRA-018SR149:9 (W), 1.1 PSygldLON2ew56:12 (W)
x-px: ms PSygldLON2ew56LHR,ms PS-FRA-018SR149FRA(origin)
x-ws-request-id: 65051ac2_PSygldLON2hl59_36582-24344
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33

207.120.33.40

200 OK

26 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type

Size
26 kB (25581 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/validate_form_v2.js?jsv=33 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 13 Feb 2023 23:40:03 GMT
etag: W/"63eaca53-63ed"
section-io-cache-id: 8a565601f9f470f13c2fbcb54c2a9da8
x-varnish: 12203668 3356379
age: 20198
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 5323cffcc1747ffd84bf40d1dd711b2f
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 16 Sep 2023 03:02:27 GMT
date: Sat, 16 Sep 2023 03:02:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js

207.120.33.40

200 OK

13 kB

URL GET HTTP/2
rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
207.120.33.40:443
ASN
#3356 LEVEL3

Requested by
https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Certificate
IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint54:7F:B6:DE:A6:F5:D1:27:F6:38:FF:E8:6B:5B:13:4F:3F:73:57:CB
ValidityWed, 06 Sep 2023 04:43:56 GMT - Tue, 05 Dec 2023 04:43:55 GMT

File type
ASCII text, with very long lines (12990)
Size
13 kB (13381 bytes)
Hash
2cf9df789476bc39b9906030f639660d
de708b4a0fe32f3d77505675eb119b671327a6b4
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/8c1718a3c4739f/?epcVIP=48.1234.g121&b1_color=0076ce&email=&password=&firstname=&lastname=&zip=&siteg=g&act=epc69904.47658-588850.DEFAULT&theme=goldt&f_color=ffffff&epcCID=F263sb8dKf57jfFdeca0043eWf02V395r&rtid=22343157593
Cookie: PHPSESSID=239378c3c1370e3e0a64ce2e48593fc4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 16 Sep 2023 03:02:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
section-io-cache-id: 3771edea4afe6b4bf2cf9f6922503aca
x-varnish: 12203671 13215589
age: 20185
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 107e965aaa5927eba9f0c3a074997644
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by