i.top4top.io/f_tyiiczdh5xkoxmuigbwieg/1661414175/1146u606f1.rar
51.158.146.204302 Moved Temporarily 138 B URL HTTP/1.1 i.top4top.io/f_tyiiczdh5xkoxmuigbwieg/1661414175/1146u606f1.rar
IP 51.158.146.204:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
Analyzer Verdict Alert fortinet Malware
GET /f_tyiiczdh5xkoxmuigbwieg/1661414175/1146u606f1.rar HTTP/1.1
Host: i.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: Hotcores.com
Date: Tue, 10 Jan 2023 16:48:43 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://top4top.io/f-1146u606f1-rar.html
Reason: Invalid
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17293
Expires: Tue, 10 Jan 2023 21:36:56 GMT
Date: Tue, 10 Jan 2023 16:48:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1f67827b21be68d925837dd729590f2d
dc24511141f5352e496b300d7d7e81b0cffb7475
afb1850e7c16f02d267a1310f1681367ecf598816fc62bd02447ffcd26117a9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AFB1850E7C16F02D267A1310F1681367ECF598816FC62BD02447FFCD26117A9F"
Last-Modified: Mon, 09 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11509
Expires: Tue, 10 Jan 2023 20:00:32 GMT
Date: Tue, 10 Jan 2023 16:48:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 718fc486cd6a70fcacc1653759703fae
bf60ba7a37d2deef1b7000e91cc88da586bb75ca
398d02e16da466ffe87b64ac34b007615951cca14d43610b4acd58bc2a5fadff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "398D02E16DA466FFE87B64AC34B007615951CCA14D43610B4ACD58BC2A5FADFF"
Last-Modified: Tue, 10 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17905
Expires: Tue, 10 Jan 2023 21:47:08 GMT
Date: Tue, 10 Jan 2023 16:48:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 10 Jan 2023 16:41:44 GMT
content-type: application/json
age: 419
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p+gOmW8rCbK5NPO0pDlPA4JviNtC1f4x1QupY8dx5uhnOoubZmULKzs60g1s7T/Obh5d+etQ2LU=
x-amz-request-id: F1F7TPBN4F4H91ZX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 10 Jan 2023 16:16:41 GMT
age: 1922
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 10 Jan 2023 16:48:43 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash af54fecabb0428ed4263e9074d3e84d4
c540aec32a17c1d234d76f267bfa171f23084256
43aec456fd39c23d5a2818f37caa7109dfe0c9f7560334f0bcf1ed873028e044
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43AEC456FD39C23D5A2818F37CAA7109DFE0C9F7560334F0BCF1ED873028E044"
Last-Modified: Sun, 08 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14946
Expires: Tue, 10 Jan 2023 20:57:49 GMT
Date: Tue, 10 Jan 2023 16:48:43 GMT
Connection: keep-alive
top4top.io/f-1146u606f1-rar.html
188.165.137.138301 Moved Permanently 256 B URL HTTP/1.1 top4top.io/f-1146u606f1-rar.html
IP 188.165.137.138:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 37827f3794a938b962dd17f4ffc1ea4b
082d3f5dff84d000f361a202b5e59d74130eb2cc
e349469a867bdd941dc8c3a0d1867e43f6ddcda6d8c5e1ad1d6aa847a1a5d761
Analyzer Verdict Alert fortinet Malware
GET /f-1146u606f1-rar.html HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Tue, 10 Jan 2023 16:48:43 GMT
Server: HotCores
Location: https://top4top.io/downloadf-1146u606f1-rar.html
Content-Length: 256
Content-Type: text/html; charset=iso-8859-1
top4top.io/downloadf-1146u606f1-rar.html
188.165.137.138200 OK 18 kB URL HTTP/1.1 top4top.io/downloadf-1146u606f1-rar.html
IP 188.165.137.138:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (411)
Hash 4829696630cf9512eaa9351d18188f4d
4c61cee47955e13241b6135b41e39de36dbb11d5
12ba9e8615472d9bc6ca4380a514abc2e3ade64c88a72c30350c53aa9887bb05
Analyzer Verdict Alert fortinet Malware
GET /downloadf-1146u606f1-rar.html HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 16:48:43 GMT
Server: HotCores
Expires: 0
Cache-Control: private, no-cache="set-cookie"
Pragma: no-cache
P3P: CP="CUR ADM"
Set-Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; expires=Thu, 12-Jan-2023 16:48:43 GMT; path=/
klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e; expires=Thu, 12-Jan-2023 16:48:43 GMT; path=/; domain=.top4top.io; httponly
I-AM: US03
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 10 Jan 2023 16:33:45 GMT
age: 898
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111
188.165.137.138200 OK 3 B URL HTTP/1.1 top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111
IP 188.165.137.138:0
File type Unicode text, UTF-8 text, with no line terminators
Hash ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
GET /ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111 HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 16:48:44 GMT
Server: HotCores
I-AM: US03
Content-Length: 3
Content-Type: text/javascript;Charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b6814de21e79e28c4a59b9bef50020cb
5d6fcbdd6b70933b9367226523ce68364a1f0f1b
49821c9c4c570ff4e089276c96b05cef53c725e77e34f6c772d2b932e7c81c2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91faa4ece6c8b82c7a94f3ee4ab06ddf
3566499042eb2d098ac20dc23514c122dfe03025
2aa3d071352e5bcfcddac43aaea48831250a8e524cd2a2835dc9e5235541754a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Etag: "63bc6022-116"
Last-Modified: Tue, 10 Jan 2023 15:55:10 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91faa4ece6c8b82c7a94f3ee4ab06ddf
3566499042eb2d098ac20dc23514c122dfe03025
2aa3d071352e5bcfcddac43aaea48831250a8e524cd2a2835dc9e5235541754a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Etag: "63bc6022-116"
Last-Modified: Tue, 10 Jan 2023 15:55:10 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
142.250.74.74200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32086)
Hash 430e927c980ad4079de727fa59dd93f2
891aaada9a55a91292999f6d50fd300439905982
e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed
GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jan 2023 11:10:57 GMT
expires: Tue, 09 Jan 2024 11:10:57 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 106667
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
top4top.io/share.js
188.165.137.138200 OK 2.0 kB IP 188.165.137.138:0
File type HTML document, ASCII text, with CRLF line terminators
Hash d6b05c71ce92a4e0599cf8b731966510
8735a20d053e085fdfe0963cab19b9499e1be457
ff90fa92b304e071f41235a6e338e1e0588641156a765999852784a17523be9e
Analyzer Verdict Alert fortinet Malware
GET /share.js HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: HotCores
Date: Tue, 10 Jan 2023 16:48:44 GMT
Content-Type: application/javascript
Content-Length: 2045
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-7fd"
Expires: Tue, 17 Jan 2023 16:48:44 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050
188.165.137.138200 OK 3 B URL HTTP/1.1 top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050
IP 188.165.137.138:0
File type Unicode text, UTF-8 text, with no line terminators
Hash ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
GET /ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050 HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 16:48:44 GMT
Server: HotCores
I-AM: US03
Content-Length: 3
Content-Type: text/javascript;Charset=UTF-8
s.top4top.io/styles/default-new-reg/images/newlogo.png
172.67.133.128200 OK 19 kB URL HTTP/2 s.top4top.io/styles/default-new-reg/images/newlogo.png
IP 172.67.133.128:0
File type PNG image data, 71 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash d68c79880117110f89d39cce5c43d39c
6e30dcd905314f77912b224e35ce089560553300
1605b05d92b623c44661321917bca32d530ae52b3158319ce922dacd4c6f257d
GET /styles/default-new-reg/images/newlogo.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: image/png
content-length: 19068
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-4a7c"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 455496
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vHIuHxQ%2B9%2FICvTJroRH%2BxlD6aP8ORnoV0AKNX77FZx5bFx7%2BHlINTDpgKWPRk83zy6a08MxX%2F9BvKUcdoUplUUynDQHmiwrk0%2BJM8aNRrng8fVppho%2B9GXrMAWCdj2k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46ee6b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/images/soft.png
172.67.133.128200 OK 41 kB URL HTTP/2 s.top4top.io/styles/default-new-reg/images/soft.png
IP 172.67.133.128:0
File type PNG image data, 213 x 255, 8-bit/color RGBA, non-interlaced\012- data
Hash 8cf5d3f055149868fd89971433ed8ece
e877509e97d487b44bdd7203c7e3ca2795963afa
58b2b600aacfdda258a4b7ced90c85143e109480e78529c31358c412caab09d9
GET /styles/default-new-reg/images/soft.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: image/png
content-length: 41248
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-a120"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 332185
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYxyOOJun5wJMW7hFNclDMQsmS%2BCctahRQQzi7GjBJQPEUKl%2FzcdHJ0rnAmS89ChkesiuPNDgT3btaX5%2BbOA53lahoLbiB%2BfsqRQIcWgnBc1Q60szJv8BnN6lRONUSo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46ee9b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91faa4ece6c8b82c7a94f3ee4ab06ddf
3566499042eb2d098ac20dc23514c122dfe03025
2aa3d071352e5bcfcddac43aaea48831250a8e524cd2a2835dc9e5235541754a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Last-Modified: Tue, 10 Jan 2023 15:55:10 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91faa4ece6c8b82c7a94f3ee4ab06ddf
3566499042eb2d098ac20dc23514c122dfe03025
2aa3d071352e5bcfcddac43aaea48831250a8e524cd2a2835dc9e5235541754a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1701
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Etag: "63bc6022-116"
Last-Modified: Tue, 10 Jan 2023 16:20:23 GMT
Server: ECS (amb/6BA6)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91faa4ece6c8b82c7a94f3ee4ab06ddf
3566499042eb2d098ac20dc23514c122dfe03025
2aa3d071352e5bcfcddac43aaea48831250a8e524cd2a2835dc9e5235541754a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4271
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Last-Modified: Tue, 10 Jan 2023 15:37:33 GMT
Server: ECS (amb/6B77)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e40acff35f759d3fc82f4b93b5bb62f4
28450bc6075002fee4bcaa6c5c114dce60b8b700
827866992f7f84be2c8f719b8e949df30f40367320929aaf1b1f1ff9a99b666c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1723
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Last-Modified: Tue, 10 Jan 2023 16:20:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 91faa4ece6c8b82c7a94f3ee4ab06ddf
3566499042eb2d098ac20dc23514c122dfe03025
2aa3d071352e5bcfcddac43aaea48831250a8e524cd2a2835dc9e5235541754a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Etag: "63bc6022-116"
Last-Modified: Tue, 10 Jan 2023 15:55:10 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b6814de21e79e28c4a59b9bef50020cb
5d6fcbdd6b70933b9367226523ce68364a1f0f1b
49821c9c4c570ff4e089276c96b05cef53c725e77e34f6c772d2b932e7c81c2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/all.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/all.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash 636637a75f8d85a69281755a77c585b9
588f37b543858d962913208d33d2aa91eaf71812
dc1946b25962ec1140c874623be1bf523ac7f74a9a770ef5bcd9e3b995cf1d35
GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: ad374e035cdb4336ef34c62445f85c34
etag: "eff8032d5d26134983802cc66ea63ef2"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 10 Jan 2023 17:05:04 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: Y2Y3p1+NhaaSgXVad8WFuQ==
x-fb-debug: y1vLAQfS5KBh8SMjoz7yyn9igFt+ozZ0T1cCAeDHPHMdLqZ+B6nfyQWyqGFwbIGoH2IYfsGj0pTwGu0dBowyfw==
priority: u=3,i
content-length: 1686
x-fb-trip-id: 1679558926
date: Tue, 10 Jan 2023 16:48:44 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e40acff35f759d3fc82f4b93b5bb62f4
28450bc6075002fee4bcaa6c5c114dce60b8b700
827866992f7f84be2c8f719b8e949df30f40367320929aaf1b1f1ff9a99b666c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1723
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Last-Modified: Tue, 10 Jan 2023 16:20:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a831a999b5e598b4e9f4e31e8054ca7c
9971a4a806f48777ae6d9525085d16d0c6314c51
cdffa8dd48e75baa98670f82dfac2b3948667ca32dd93f469d2cd49d3a58581c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3274
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Last-Modified: Tue, 10 Jan 2023 15:54:10 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
top4top.io/styles/default-new-reg/images/zl.png
188.165.137.138200 OK 673 B URL HTTP/1.1 top4top.io/styles/default-new-reg/images/zl.png
IP 188.165.137.138:0
File type PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced\012- data
Hash 5caf58a4705aa53b41535b86b18819a1
d38040f84c6dcc16c40519bf0249ea8097b8e969
20fac0020c1ca2b53c6132997d0b5ec25252b30ceedaf59b05679c73c0494e7c
GET /styles/default-new-reg/images/zl.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: HotCores
Date: Tue, 10 Jan 2023 16:48:44 GMT
Content-Type: image/png
Content-Length: 673
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-2a1"
Expires: Tue, 17 Jan 2023 16:48:44 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
s.top4top.io/styles/default-new-reg/javascript.js?rev=47
172.67.133.128200 OK 2.1 kB URL HTTP/2 s.top4top.io/styles/default-new-reg/javascript.js?rev=47
IP 172.67.133.128:0
File type ASCII text, with very long lines (538)
Hash 1bf38311fe47a3fff4f6d53e6bf9cc4b
8eac4442ca26a3c6f0d25b0b8f2fcd6f9a94a185
1f083444649e805997bfb9d783964f7390c4456cfefd77bd8b8a019c6c311dd6
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/javascript.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=16039
etag: W/"57e8eb5d-3ea7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 423421
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rGLtJbBlOnCN5tPWJOWHy5jheliX521VFWiU2dDTS1Y4w6PC2AkqyoU%2BJrEtzVRIt0bW%2FA3LXXBS4Tk5bM8AT8NYqO7UHdALz4Xs7UTuW39qFE0C6B22A9n5HcKq45I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46ed6b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
172.67.133.128200 OK 2.8 kB URL HTTP/2 s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
IP 172.67.133.128:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (9567), with no line terminators
Hash b5610da89bb298d03dcf0998e71b82ef
76d22fb63519410000be556d4a388859cc048787
e850badf26778d549b53049a6919c56e2e5f2f98dd85072409d882beda00a3a3
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/the220px.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=11662
etag: W/"58cb25b5-2d8e"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Thu, 16 Mar 2017 23:54:29 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 256196
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XVRmNwEBZXYwZXMmENPAb6FwOZ3gSH3u1jMBKgBW0j5EUuafsYQKciB7njyvvR%2FCD2U2t%2B8QdahKmIFRyGT9YVv9ogp28qr9qDgzJrAOUDkGm3OOKvngtF99z5Gu02Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46ecfb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
top4top.io/images/live.png
188.165.137.138200 OK 761 B URL HTTP/1.1 top4top.io/images/live.png
IP 188.165.137.138:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0c0038438c6e145f1a4dea683ce7cc28
c1ad87024ddba2eb6544dc7ee3c16b45ba9a3c63
5e5b288b52e9bbb8b9c2449b04da155054023d50ac2ded7954f912be02f4c484
GET /images/live.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: HotCores
Date: Tue, 10 Jan 2023 16:48:44 GMT
Content-Type: image/png
Content-Length: 761
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-2f9"
Expires: Tue, 17 Jan 2023 16:48:44 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
top4top.io/images/reddit.png
188.165.137.138200 OK 645 B URL HTTP/1.1 top4top.io/images/reddit.png
IP 188.165.137.138:0
File type PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced\012- data
Hash 2a94deb80f88d3f76f263d134b0b1af6
7ef18707f538b89f59cfdb647d2f4f4efe29e23e
38b5f357b4afe9b318ff9bf0806bf69856b80bac27671321097f9840c27e47c7
GET /images/reddit.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: HotCores
Date: Tue, 10 Jan 2023 16:48:44 GMT
Content-Type: image/png
Content-Length: 645
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-285"
Expires: Tue, 17 Jan 2023 16:48:44 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47
172.67.133.128200 OK 956 B URL HTTP/2 s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47
IP 172.67.133.128:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (408), with no line terminators
Hash 244e2a639fbe9d40d0982fdf9a6005ce
99ec698e23efe97382c55487a4b603022d445edf
ea141afdaabda2d0e44bc3385aafb14f82fe3addabe58be96cd6304965bd60bc
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/fonts.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=487
etag: W/"5e0bab24-1e7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 354556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iyK%2BYXw6twVov6YS9fwQMVcjM9UbDZ0K%2BegeY0lTi1xiMdX4VEiDdApAmq3SMYOu7gvPnRXENK4d7%2F3LXVLSEftAiMwge5ADGiEh4Xovc23jTs4FfFyH7N8kj9oYVjY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46eccb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/css/font-awesome.min.css?rev=47
172.67.133.128200 OK 5.4 kB URL HTTP/2 s.top4top.io/styles/default-new-reg/css/font-awesome.min.css?rev=47
IP 172.67.133.128:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (21997)
Hash 5ae1c7fc2614914029755dd04cfd184e
ffdd79931cd2f9573ea9800ae84c1fc48d9d61e8
12545b7c9036283e252e59030a70ebd27be04459c72b2894a7a0ec732c14c8c4
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/font-awesome.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
etag: W/"5e0bab24-578f"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 516175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OG%2FU6y9mrVS920ThRCpKgWtalBGuaKZQdGt%2B9FWtiT0v9PmBgl4X1Cb23SgdjFQLuL%2Fo%2BYjz8KH2pbJzFkQ2hPYyOeJaka1DT69JMderIfp1LQvUfTjqTXp9klBO9ps%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e47ef3b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
top4top.io/images/technorati.png
188.165.137.138200 OK 283 B URL HTTP/1.1 top4top.io/images/technorati.png
IP 188.165.137.138:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash f120938135c52cd80b7f37bd5b17daf4
1cb99566ca564dd8a8273a616d072739c58b4290
6cd07b1a71bf03f25556bc801c306419a255ec5b47751fcdcda5efbdb08766c8
GET /images/technorati.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1146u606f1-rar.html
Cookie: sid=6Hu3%2CJDqN3KzQaZPM7A4HkgPsBa; klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: HotCores
Date: Tue, 10 Jan 2023 16:48:44 GMT
Content-Type: image/png
Content-Length: 283
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-11b"
Expires: Tue, 17 Jan 2023 16:48:44 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db1eeb7625fff76632690d6d8ed508c
2b403538ce9df791fea23a7b6a3f7422af6a8506
f6c27343011f566b4316f2256247d16cb004aa66d1360d8d38d381e1038f3247
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1886
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Last-Modified: Tue, 10 Jan 2023 16:17:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
s.top4top.io/styles/default-new-reg/css/reset.css?rev=47
172.67.133.128200 OK 841 B URL HTTP/2 s.top4top.io/styles/default-new-reg/css/reset.css?rev=47
IP 172.67.133.128:0
File type ASCII text, with very long lines (675), with no line terminators
Hash 1bac2a95e3a4f5336ba47c3fd578ad25
2049ffceb5e4a0af18b2457de81082b1cd5ee429
89f7ed3696f76449b8a8d9c0424f510ce9d53a6eb554d7405bd9245ed642771e
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/reset.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=1013
etag: W/"57e8eb5d-3f5"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 516175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAJXFXMtHGIGlzcWcU%2Fp8gkPrCjdAAjfWe53CsULHGJSZ0o%2FwYt5bJwpLlqVrX2GRrjG9cJad4CKY0A6kf2YEcIFzSA%2F22oU1e%2BmKfFN7FGwAzmzJK1BjuAC2ZQt8iw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e4bf49b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 10 Jan 2023 16:41:08 GMT
expires: Tue, 10 Jan 2023 18:41:08 GMT
cache-control: public, max-age=7200
age: 456
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6b11b6253aaf522320ab85bcb5a7ae3e
12caaeaf823a0ce97549d4bf2cc727c135313b22
6539b16feab0102e166ffb63e5a5f8dc2e917053d430f093f4e99687ce716324
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 16:48:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47
172.67.133.128200 OK 9.6 kB URL HTTP/2 s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47
IP 172.67.133.128:0
File type ASCII text, with very long lines (32108)
Hash 4c2f5a5e17685d82a775b47c22125e0e
edf188e5043ebc69ef86b0d2690699773a7a0f21
ba06f78cda72110367180a8267f361be295f53b4f24423735962ee917c4176bf
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/js/bootstrap.min.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-875d"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 516175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9ypgNXV79mMoP4ZlqzXIZ%2B%2FOzli0nx12u480bDHbHMWq%2BvYWiCfvNZhvP0cDEnvwxyREYHy1laHIPDwoDJTFtLzEhjxAEr6U7gTl%2F7G9TvaxCq2Vx5GXNsvUmFg1uU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46ed2b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.39.122.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.122.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HkCgAPKQvT6vbJWElEqU1w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rPVJqAOCSV4cHFNlMLtL6imiZLg=
www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2654ed17ed505c%26domain%3Dtop4top.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftop4top.io%252Ff10cd901c398c7%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Ftop4top.io%2Fdownloadf-1146u606f1-rar.html&layout=button_count&locale=en_US&sdk=joey&width=90
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2654ed17ed505c%26domain%3Dtop4top.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftop4top.io%252Ff10cd901c398c7%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Ftop4top.io%2Fdownloadf-1146u606f1-rar.html&layout=button_count&locale=en_US&sdk=joey&width=90
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2654ed17ed505c%26domain%3Dtop4top.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftop4top.io%252Ff10cd901c398c7%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Ftop4top.io%2Fdownloadf-1146u606f1-rar.html&layout=button_count&locale=en_US&sdk=joey&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: O7GQmnRsyVeFqEyxQ/seCg6pXHvKhyYkrpvi2GmTjc1zewUHJ/nXmQzmcZ4pSC6zpmPql5/yY6/dW5tlnMWP2A==
content-length: 0
date: Tue, 10 Jan 2023 16:48:44 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4950
Expires: Tue, 10 Jan 2023 18:11:15 GMT
Date: Tue, 10 Jan 2023 16:48:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4950
Expires: Tue, 10 Jan 2023 18:11:15 GMT
Date: Tue, 10 Jan 2023 16:48:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4950
Expires: Tue, 10 Jan 2023 18:11:15 GMT
Date: Tue, 10 Jan 2023 16:48:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99067107-51cd-49b3-acf1-6adcfb52426d.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99067107-51cd-49b3-acf1-6adcfb52426d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fd9808497597d6a5d05b998f31af317
09799d0045a418cc62825558e3dd5658350763fc
0507f6411777ad5773efa8fda81f3fd09a1543c58fd45a0b011342c947ce6f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99067107-51cd-49b3-acf1-6adcfb52426d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6201
x-amzn-requestid: ce7c5c1e-8e06-4163-88a1-0c5968263f6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0giEiMoAMFRwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3469-76291ed321ed2a713fed0811;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:11:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4mdJKskKGZuN0ICWOlcFuvYlHuoEHOkuZ-l6Akr2e0h7xtZQASp2Rw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 03:56:45 GMT
age: 46320
etag: "09799d0045a418cc62825558e3dd5658350763fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 4769eaeb-0c78-4054-ad47-eefdd6ab2d03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWHMZErbIAMF6sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8b8b5-4c7bacfe060899044e361f70;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 00:11:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 02vFLorTeOMyO8_Z-KNstD-o26WHWAqbIpg7eQsZSwxG3Q_FXXmapg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 10:45:25 GMT
age: 21800
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff038f7ab-fdd3-455e-a50e-bd980a481620.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff038f7ab-fdd3-455e-a50e-bd980a481620.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bf7d09fffbdeb29c81e49c453009cf3c
5ebf09afd40909e132ea7e5f2532a558ee954f0b
e3e76a07a199dfcb42fda159438fff7f4496030f4e2bcadc7d069a0682363468
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff038f7ab-fdd3-455e-a50e-bd980a481620.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9694
x-amzn-requestid: 9d46f93f-99be-4101-a6cd-442d76487afa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0XzEYlIAMFiqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3431-35988d5f0e3eb97443d02dbe;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:10:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: V6ZBiHXKZzkxZ57wN516xlsf11HsjOuu1dLewWIPIYoKIKCBwdPmZA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 03:59:30 GMT
age: 46155
etag: "5ebf09afd40909e132ea7e5f2532a558ee954f0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaa8f015-6153-411e-ba89-a5e40b12f27e.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaa8f015-6153-411e-ba89-a5e40b12f27e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1427567eaf5a33fbade40a49afb785eb
d36efd23bf0846e93cf459bc745ac65801ae7536
b865810ab68ec856e11596e68437368e8bbacf84623d2f7668a7154993a6caf1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaa8f015-6153-411e-ba89-a5e40b12f27e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14830
x-amzn-requestid: 70cae51a-4d22-40d5-a96e-5b4fd2e73aa7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efoXvFXBoAMFyYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc8764-31043df63b816c8d7055bd67;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:30:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: huF1RWdeym0JBPVZzlAFGxBzQWVQGJrjwcZQ7GKMN1TbmiqLslnE8g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 22:04:51 GMT
age: 67434
etag: "d36efd23bf0846e93cf459bc745ac65801ae7536"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22aaa4ec-a3a2-40cd-b0a6-2727e078bd89.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22aaa4ec-a3a2-40cd-b0a6-2727e078bd89.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e93c4504f211614e76206db4ef758cb2
933bd495fcfd2d39ad13f1f5d0aba5a0a3a677bf
f3bde37de7ecbfbcd7c52e39178625760af7c86ffeaa6a68eb2ad1462e9a8be6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22aaa4ec-a3a2-40cd-b0a6-2727e078bd89.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: d4290427-ed0d-4805-9e4e-57bf21ea8813
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efpx3FBroAMFZYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc89a5-6d54f5317723f2602860c410;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:39:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: vJmVzAh1Ski2XBZKCE80TrHilq12hEHlACMbKbM_rzPQDN9AO-I9Sw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 21:58:35 GMT
age: 67810
etag: "933bd495fcfd2d39ad13f1f5d0aba5a0a3a677bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4753795f36012ff993f492314aa210ec
d5c8f6896fda40fc34dbc7554ce1ece173dd2d09
cbf28b1d51aae0e01fbe9228bfb1afead400ca7cc69875ffaef573f9e068a51f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9052
x-amzn-requestid: 51cb3d41-07e4-499a-b7a7-b4ee4963c587
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efp7aGB-oAMF-0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc89e2-7bb9960c3f0116240e5ba086;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:40:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Uj03bFs1JcsW67nDiC001HBFPRKWTas3EFwGDpU5LnGIKDINZ3mqQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 22:01:08 GMT
age: 67657
etag: "d5c8f6896fda40fc34dbc7554ce1ece173dd2d09"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
172.67.133.128200 OK 0 B URL HTTP/2 s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
IP 172.67.133.128:0
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/stylesheet-3.3.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=23881
etag: W/"5e0bab24-5d49"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 516174
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YxSgNSE9NW9qZrYZUIbVQAyKj%2FYwWrrDV2%2BxGjLVwrJOey0caZEYgna3Wb0q3hcN57BPmxU%2Bwhk1pdOAoRkiF2s1bZJmD5zZlNV6LVTgVjcwxBJF%2F%2F6viQ0ZmOjyc00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e4af43b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47
172.67.133.128200 OK 0 B URL HTTP/2 s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47
IP 172.67.133.128:0
GET /styles/default-new-reg/js/the220px.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=562
etag: W/"57e8eb5d-232"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 354029
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GjPn8KxqLMPNqCbEb6s%2BRHiqCO%2B%2BQQTiM%2BTW9iVaCESwvgPbC8%2BOdI1zyt9R2z8scx74tn2aSTuGBxvrLI%2BJEgC45G6zYDr48Ttxv6sm0rto7WRmPX5oXUV%2BWSzs5Cs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e46ed3b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47
172.67.133.128200 OK 0 B URL HTTP/2 s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47
IP 172.67.133.128:0
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-1bae7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 332190
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HLUb8DTsAt%2BCVju1L3zrQJUnbGxWONihTcHFARQThJUKXH%2B1oCi%2FHvcuZpjDd2KK3zo8EVrv2KMqJUQe5HmCoktX1mZ4ooILAQBbXI%2FHij5OlbIFryonXj6X3S3UUwY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e47ef5b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/css/fonts.css
172.67.133.128200 OK 0 B URL HTTP/2 s.top4top.io/styles/default-new-reg/css/fonts.css
IP 172.67.133.128:0
GET /styles/default-new-reg/css/fonts.css HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=487
etag: W/"5e0bab24-1e7"
expires: Wed, 23 Nov 2022 14:37:08 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 516174
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WerS%2F57Ps0EaReuby0lz0x7t30ovRb6TTlkcqTZlK3m5N7qBrSsZsYJ4lk0w3KDqhtdAjop4ICLZI8J5ZUz9B7PswIz8S4tt8Hlc7v1jYQkom12C9SN05ZPzDQ28zxc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e4af31b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47
172.67.133.128200 OK 0 B URL HTTP/2 s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47
IP 172.67.133.128:0
Analyzer Verdict Alert fortinet Malware
GET /styles/default-new-reg/css/animate.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=4f5fb01294d5a914de8e2b9872b69db75622895e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 10 Jan 2023 16:48:44 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-d0b7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 516175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMZpMyNWcFEsIlnc5M2SLdo%2BFoyBSeK0banlU%2FRIQMEVgjoSuD%2FAK0dVA3z6derVZTt%2FHmi0PiEBe00SMl2up1ppBe52h1JunEuK%2FPYe%2FCvnfTpE7iCRhArt4fLl4vM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7876e6e4bf4bb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2