Report - www.freeroms.com/roms/gba/need_for_speed_underground

Report Overview

Submitted URL
www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
IP
64.235.54.28
ASN
#26277 PREMIANET
Submitted
2023-01-26 22:43:56
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.238.232
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	216.58.211.3
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	426 B	745 B	139.45.195.8
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
cmp.quantcast.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	45 kB	54.230.111.39
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	423 B	192.243.61.227
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	4.3 kB	139.45.197.236
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
dacmaiss.com	68570	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	25 kB	139.45.197.237
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	141 kB	139.45.197.242
audit-tcfv2.cmp.quantcast.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	864 B	166 B	3.72.156.146
www.freeroms.com	750065	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.0 kB	134 kB	64.235.54.28
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	14 kB	23.33.119.27
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
rules.quantcount.com	877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	827 B	54.230.111.33
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	163 kB	139.45.197.152
test.cmp.quantcast.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439 B	684 B	54.230.111.116
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	409 B	3.120.47.42
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	514 B	139.45.197.237
combatbaskstationery.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	1.1 kB	173.233.137.36
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	762 B	563 B	216.239.32.36
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
upgulpinon.com	83187	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	11 kB	139.45.197.242
ocsp.netsolssl.com	8381	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	964 B	104.18.32.68
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	78 kB	142.250.74.40
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	54.230.245.110
banquetunarmedgrater.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	327 B	192.243.61.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-26	medium	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	Malware
2023-01-26	medium	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	Malware
2023-01-26	medium	combatbaskstationery.com/ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-26	medium	dacmaiss.com	Sinkholed
2023-01-26	medium	betotodilea.com	Sinkholed
2023-01-26	medium	banquetunarmedgrater.com	Sinkholed
2023-01-26	medium	combatbaskstationery.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed
2023-01-26	medium	unseenreport.com	Sinkholed
2023-01-26	medium	unphionetor.com	Sinkholed
2023-01-26	medium	unphionetor.com	Sinkholed
2023-01-26	medium	unphionetor.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed
2023-01-26	medium	dacmaiss.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	4.0 kB	2023-03-07	2023-03-17
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:13 Last Seen2023-03-17 12:55:03 Times Seen1 Hash 8aae23f3780cad06d4e2367b017a44b4 620a262c92846369dc39f35313b24534b08c50da 5284fb43193e13ddd49dd2c1d4aa67b6df9164f05be4fd89458cfa6a140051dc Loading...

	dacmaiss.com/tag.min.js	75 kB	2023-03-13	2023-03-13
Pretty URL dacmaiss.com/tag.min.js IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:20:25 Last Seen2023-03-13 09:11:06 Times Seen1 Hash 4adf897614f2d8871bd73e17b0ec5e05 f2e2d408d3024b1d83381bb1f5d2f936e5d180ff 10b73840b06233d1e6b6e195d8cb55913dd2a00e4cd540598782d9d9e4aa443d Loading...

	upgulpinon.com/1?z=5030886	18 kB	2023-03-13	2023-03-13
Pretty URL upgulpinon.com/1?z=5030886 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:18 Last Seen2023-03-13 07:51:18 Times Seen1 Hash 71006a42b713c2ddf1457c8e1bae82db e80fc4ec6204df39f0470aa3ee4c3d28722b4fac ab166c5a7436b9c53f72bcea1b9e56d5514031624647bc1dc11f42622ffb96ef Loading...

	secure.quantserve.com/quant.js	26 kB	2023-03-13	2023-03-13
Pretty URL secure.quantserve.com/quant.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:32 Last Seen2023-03-13 12:35:24 Times Seen1 Hash 3958b8cfa5b8a8cf8aa10119951821e7 09ac8452c9000a2959af2a6c7c00a6affc7e3bee f7da44c9657d7a2dbd9d127c5d9834ab4d9599445f264f90e2b922e61bdc9ff9 Loading...

	rules.quantcount.com/rules-p-6JvC9xkUEfXYY.js	160 B	2023-03-09	2023-03-13
Pretty URL rules.quantcount.com/rules-p-6JvC9xkUEfXYY.js IP 54.230.111.33 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:52:13 Last Seen2023-03-13 19:18:21 Times Seen1 Hash f1d42e658b42f72b88abdb871d0c2a71 f3c256dc0a9ff39789b9f2ea4c75c032704149b8 35126b4d43af6b059d7ef0f56d9374e8aa794d73f8d2c1dabaf1477129142724 Loading...

	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	1.0 kB	2023-03-13	2023-03-13
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:18 Last Seen2023-03-13 07:51:18 Times Seen1 Hash df3fa237db3505e9524817acfa90e624 e0e0d8e3cd34a2fb0a27112130098dc1a29ed000 4d2d949a013ffd02025ba7ff7a74ec6d8a1569a31c3752c65294e4aa0c99d50a Loading...

	nanouwho.com/1?z=3056520	18 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/1?z=3056520 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:18 Last Seen2023-03-13 07:51:18 Times Seen1 Hash 54aa79f0ae6942836d628ec06f4b932d 89358d8eea7e73c3d9ff886757bb78c298a9c2e0 21ca3b0f4d948a0ae2c5327c2d1306098b0b304f190b0216aa88f298e6c1720f Loading...

	cmp.quantcast.com/choice/6JvC9xkUEfXYY/www.freeroms.com/choice.js?tag_version=V2	4.5 kB	2023-03-07	2023-03-17
Pretty URL cmp.quantcast.com/choice/6JvC9xkUEfXYY/www.freeroms.com/choice.js?tag_version=V2 IP 54.230.111.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:40 Last Seen2023-03-17 12:55:03 Times Seen1 Hash 8903112fe1b05cb89d49d106b04c0b73 f61a42114b39cc6743c53d32f3392bcc2c29bb41 fd6491f6461717a31eee670a6a8cd35227b57d47f3f03433542619379b242477 Loading...

	quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.freeroms.com	181 kB	2023-03-08	2023-07-05
Pretty URL quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.freeroms.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:23 Last Seen2023-07-05 16:30:54 Times Seen12 Hash 37fdfbac0c6ef64496f7d86258c934a8 7dd69c15982b8d76d6fb41b4a23d04a6974acc24 2bd23d1a6781e5c15a107f6d5e2fd7b55ae061d92180e3c9b099ccfe6e2b7f01 Loading...

	interstitial-07.com/?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-13	2023-03-13
Pretty URL interstitial-07.com/?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.152 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:18 Last Seen2023-03-13 07:51:18 Times Seen1 Hash 837c25bb947dcea12f49c145c254ecf3 41772551dfe6f2705c135990dbe0ac1b9f2c4094 08a11e54f099b8a36b41a8728ca5b52ab1f386175b8edbf193458fee65500793 Loading...

	unphionetor.com/fv.js?t=72747&cb=1330997739	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=1330997739 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	www.freeroms.com/js/jquery.min.js	96 kB	2023-03-07	2024-04-26
Pretty URL www.freeroms.com/js/jquery.min.js IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-26 12:59:44 Times Seen10419 Hash 895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8 Loading...

	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	977 B	2023-03-07	2024-02-26
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:40 Last Seen2024-02-26 00:54:19 Times Seen26 Hash 6607c53a0615544f6a4a6ca38ed91e75 eaa877673bd1c926c245bf7437437a28c3fb7994 9cb3ca6489dbae46597a19ebdd17bcd55e53f56ff36ca21937162c5c1bbbb026 Loading...

	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	153 B	2023-03-07	2024-02-26
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:13 Last Seen2024-02-26 00:54:19 Times Seen26 Hash bc3d181469069f1cc3278ad576e93a57 cc8073e7cbd501cd975f160756348e5264f7641c 3695e6680a9823232ebac149311312bff2ba57ef71a72c178650029bf73ff59a Loading...

	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	63 kB	2023-03-07	2024-03-05
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:13 Last Seen2024-03-05 03:25:44 Times Seen28 Hash cb7b43d08d40187b481440aa0ffca1d2 b0271600c8fe4783a882891ce11112c693207642 d6bb18846ca4d3a3de5c1d1fd29ae99671cdf77a3c625bcb7e147e1ee0ba9718 Loading...

	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	445 B	2023-03-07	2024-03-05
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:13 Last Seen2024-03-05 03:25:44 Times Seen28 Hash 75664f70c2f91e11d52bb5728fdf0eb7 cecfcf1ea522516d743b298b8b062ee4f6c66f16 41f764893b561ae57966d9d1d1de3010acdc82c144e61f840460fab648ad7838 Loading...

	www.freeroms.com/roms/gba/need_for_speed_underground_2.htm	88 kB	2023-03-09	2024-03-05
Pretty URL www.freeroms.com/roms/gba/need_for_speed_underground_2.htm IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:52:13 Last Seen2024-03-05 03:25:44 Times Seen48 Hash 32de7999072918ce608cd3bf9cb62e94 b68754107992736b42fc71ffa9dd51838c093830 c1492ae78710e2bdffb32814006c3ca23df1aa3b4ef75ee86650147b49e38489 Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-26
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 14:29:14 Times Seen37093136 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.freeroms.com/js/front-script.js	547 B	2023-03-07	2024-03-05
Pretty URL www.freeroms.com/js/front-script.js IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:13 Last Seen2024-03-05 03:25:44 Times Seen93 Hash 623069997deee6979f41b571e8b728cb 035788635c81bb176917731fcdc655cbd2bd2270 50db1f925c9abd1ddc94afe8d5d98125b741a8ae04712ac9df007b0c5871f0b1 Loading...

	www.googletagmanager.com/gtag/js?id=G-FH0L8EV0R0	223 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-FH0L8EV0R0 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:18 Last Seen2023-03-13 07:51:18 Times Seen1 Hash 942baab6024bf58f8634a663fd7b4138 9710ade61138041d49acc6395b428507595cdd48 8a3b36eb30572bb664cd8efd31c52abb69a8485cb7270cc796245dc2a77f5945 Loading...

	upgulpinon.com/27/f0e85569ebf902c5568035fe1b0a0004	409 kB	2023-03-13	2023-03-13
Pretty URL upgulpinon.com/27/f0e85569ebf902c5568035fe1b0a0004 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:27:03 Last Seen2023-03-13 08:23:59 Times Seen1 Hash ffb21bf6491462eca0471a2790287817 94c72746c53f14da6b724912ac1db08437a85f18 e61a0011cde4ea2e86bf7bbcd078d34c7ccb9cd11124c5f5d3257ec6857b8686 Loading...

	cmp.quantcast.com/tcfv2/45/cmp2ui-en.js	254 kB	2023-03-08	2023-04-07
Pretty URL cmp.quantcast.com/tcfv2/45/cmp2ui-en.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:59 Last Seen2023-04-07 13:34:26 Times Seen6 Hash 39d0cac7e548f81f1e1e1c36db3c775e dcb7054ba89e3df9d4066a1443c8dde7217b925e 1411268d26be0a8e9200cb1b62fc2252dd389902e94a88cc951a307053487628 Loading...

	interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3736239736%26z%3D3056520%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DwwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D60a12d1c-90d2-4c91-b8dc-c96d2c28be29%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-13	2023-03-13
Pretty URL interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3736239736%26z%3D3056520%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DwwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D60a12d1c-90d2-4c91-b8dc-c96d2c28be29%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.152 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:18 Last Seen2023-03-13 07:51:18 Times Seen1 Hash dbd01dcdc2ac298db5df3573caee0d9d e3c7d4aaf4e10f809b1fe35c8a9d4b5da2e73d27 c9452166db04c15cd49fb71b7c4862e22264fdccabab3f4884c5ef3d52bada0a Loading...

HTTP Transactions (84)

URL IP Response Size

www.freeroms.com/roms/gba/need_for_speed_underground_2.htm

64.235.54.28

301 Moved Permanently

162 B

URL HTTP/1.1
www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /roms/gba/need_for_speed_underground_2.htm HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 26 Jan 2023 22:43:44 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.freeroms.com/roms/gba/need_for_speed_underground_2.htm

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7972
Expires: Fri, 27 Jan 2023 00:56:36 GMT
Date: Thu, 26 Jan 2023 22:43:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17491
Expires: Fri, 27 Jan 2023 03:35:15 GMT
Date: Thu, 26 Jan 2023 22:43:44 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 22:42:56 GMT
content-type: application/json
age: 48
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10078
Expires: Fri, 27 Jan 2023 01:31:42 GMT
Date: Thu, 26 Jan 2023 22:43:44 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: X16nAmNSsFZvIQctvBnetoGRixjuDUO00JKLk6lz1nJVaqm+uqd0HSjBd/0ewtcpED/TZdI//6c=
x-amz-request-id: NSJZVN9YY0B8CJ9S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 21:49:09 GMT
age: 3275
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:44 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.netsolssl.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.netsolssl.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
195699b7f18de327649161380c8bd636
c61b5f753bf593c333e8a3b3e8a92bef2130cbd6
e7f8c8d68e954b25d1535f4588bcece89142549c53dd2a807f7922bd0b1a2b34

HTTP Headers

POST / HTTP/1.1
Host: ocsp.netsolssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 22:43:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 18:55:42 GMT
Expires: Wed, 01 Feb 2023 18:55:41 GMT
Etag: "c61b5f753bf593c333e8a3b3e8a92bef2130cbd6"
Cache-Control: max-age=504115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fcc4efaab4b4e8-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 22:41:40 GMT
age: 125
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16495
Expires: Fri, 27 Jan 2023 03:18:40 GMT
Date: Thu, 26 Jan 2023 22:43:45 GMT
Connection: keep-alive

push.services.mozilla.com/

54.148.238.232

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.238.232:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: laOMUp0WYZvQV4AkbC/8IQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hazx5OEI6v93sReQIddJPQyDxeA=

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 22:43:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-FH0L8EV0R0

142.250.74.40

200 OK

78 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-FH0L8EV0R0
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21849)
Size
78 kB (77788 bytes)
Hash
858d66dcd6a60ca529e7cde046813f11
db20f2b31cfd17bab4a757b1bb51a38e4de46be0
4cace6123d30610d792d13e50a82dde4e288356f43edbec4265eb22f06490ae5

HTTP Headers

GET /gtag/js?id=G-FH0L8EV0R0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Jan 2023 22:43:46 GMT
expires: Thu, 26 Jan 2023 22:43:46 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77788
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 22:43:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.freeroms.com/js/front-script.js

64.235.54.28

200 OK

295 B

URL HTTP/2
www.freeroms.com/js/front-script.js
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
ASCII text
Size
295 B (295 bytes)
Hash
a174c795cabe8885e66e5dd9b4cfc1d8
eb1b7d6a2f298c3245b3b2d4f399a85b09e4797b
35484d5bbcbe3298d6c046bf77a34aa128a4311d7c82c5566a8f0dbfc53c409b

HTTP Headers

GET /js/front-script.js HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: application/javascript
content-length: 295
x-accel-version: 0.01
last-modified: Mon, 09 Jan 2017 06:39:35 GMT
etag: "223-545a3a17f17c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/logo.png

64.235.54.28

200 OK

9.8 kB

URL HTTP/2
www.freeroms.com/images/logo.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 215 x 40, 8-bit/color RGB, non-interlaced\012- data
Size
9.8 kB (9831 bytes)
Hash
14cd0a179797ca4b75eafccd97c8bb29
3b28b50481b500440e2d20df8acfba80d752a090
e94da94c103e98f78880e5458d6cd022cc20d1d6412b985ef8c0b3eeafd40f5c

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 9831
last-modified: Tue, 14 Jul 2015 01:10:45 GMT
etag: "55a46195-2667"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/roms/gba/need_for_speed_underground_2.htm

64.235.54.28

200 OK

90 kB

URL HTTP/2
www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
data
Size
90 kB (89510 bytes)
Hash
dade3a45408365bc42723b02a8f76ea8
c533dc9abd1078646892a5e97cea08bcc2df55e0
326bb13c66688fc1373459c4032dbd81aa0de2195722bd56e24ae5cc63c1192b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /roms/gba/need_for_speed_underground_2.htm HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:45 GMT
content-type: text/html
last-modified: Thu, 26 Jan 2023 09:00:21 GMT
etag: W/"63d24125-28b01"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_main_top.gif

64.235.54.28

200 OK

1.4 kB

URL HTTP/2
www.freeroms.com/images/circuit_main_top.gif
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
GIF image data, version 89a, 334 x 40\012- data
Size
1.4 kB (1366 bytes)
Hash
8ce66b9116fdb0a263fbbf0ec7299e1c
3f2868999529378d7e40c4acce440c0fdd0963bb
7ee186a06b35fc6499ca0fe10faa3f137fdee61cbfd4163aaba28414b8e65063

HTTP Headers

GET /images/circuit_main_top.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/gif
content-length: 1366
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "55a4619f-556"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_left.gif

64.235.54.28

200 OK

3.0 kB

URL HTTP/2
www.freeroms.com/images/circuit_left.gif
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
GIF image data, version 89a, 12 x 320\012- data
Size
3.0 kB (3029 bytes)
Hash
f84caa56ec89113941ed4823aecea88a
dd608663197ad5cf505e06c8a16fbd42f3001153
7925efc9e31cb712e156e1b0663846dea73debe1200b125ed73dfea95efc06f6

HTTP Headers

GET /images/circuit_left.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/gif
content-length: 3029
last-modified: Tue, 14 Jul 2015 01:10:52 GMT
etag: "55a4619c-bd5"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/black.png

64.235.54.28

200 OK

927 B

URL HTTP/2
www.freeroms.com/images/black.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
927 B (927 bytes)
Hash
6f78a7c9048c4843d819c2ab39b33b6c
99e314e4b9325f41d0d42512cbf8a4a636871ac4
486e08b2d63e05464d757f1fbf3952a74bff6ff29f9ccace92c478fe8b4e4119

HTTP Headers

GET /images/black.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 927
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:48 GMT
etag: "39f-51acb82299600"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/nav-strip.png

64.235.54.28

200 OK

1.1 kB

URL HTTP/2
www.freeroms.com/images/nav-strip.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 7 x 56, 8-bit/color RGB, non-interlaced\012- data
Size
1.1 kB (1094 bytes)
Hash
92f72da7215127fddf06584d40f1f67c
506dec643852f00b64b0a247d5ff68b1c3fe5c7e
d61ce2fb10db1c5814deedb8c6ca63ee220abba2ba29359cd053e28e84f22172

HTTP Headers

GET /images/nav-strip.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 1094
last-modified: Tue, 14 Jul 2015 01:10:45 GMT
etag: "55a46195-446"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/nav-hover.jpg

64.235.54.28

200 OK

1.4 kB

URL HTTP/2
www.freeroms.com/images/nav-hover.jpg
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2x27, components 3\012- data
Size
1.4 kB (1368 bytes)
Hash
eb717b2848bfd323a7a56acb2000c30b
761b2d51d0ebd16d0fbec8c8bb9d3f9ec07cef1c
42b043aacc0907bd04c43941f5f809f38b932a2267465dd71560b52aadeba39c

HTTP Headers

GET /images/nav-hover.jpg HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/jpeg
content-length: 1368
last-modified: Tue, 14 Jul 2015 01:10:45 GMT
etag: "55a46195-558"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/border.png

64.235.54.28

200 OK

938 B

URL HTTP/2
www.freeroms.com/images/border.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 2 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
938 B (938 bytes)
Hash
a4de791940d86ff21226a978b905950e
bba1cc2559c7b67cb577f48118604b169a212239
c1ff6bcf530cc998882a66b1a1dafcff6869533caf5a6fea4e137497f0555269

HTTP Headers

GET /images/border.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 938
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:48 GMT
etag: "3aa-51acb82299600"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/rom.png

64.235.54.28

200 OK

1.4 kB

URL HTTP/2
www.freeroms.com/images/rom.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 28 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1365 bytes)
Hash
213bc22990ce0324b563a2714b22749d
514c1c91577fd3fa56b081a73b419015fcb2baf9
0465cb562ac7a714e9e90eb55764b1bc210b3378c5c01a465f8cdaa386f65349

HTTP Headers

GET /images/rom.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 1365
last-modified: Tue, 14 Jul 2015 01:10:46 GMT
etag: "55a46196-555"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/default-arr.png

64.235.54.28

200 OK

978 B

URL HTTP/2
www.freeroms.com/images/default-arr.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 3 x 7, 8-bit/color RGBA, non-interlaced\012- data
Size
978 B (978 bytes)
Hash
0edc018ca2c25a655a9eeed4b31eab51
dba5918c2b540f28d9365ad1db47d658c2dd8f66
d82b013cdd3a3efcde2e7403046e96555f5f7446efef3f2a6879af699f868218

HTTP Headers

GET /images/default-arr.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 978
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "3d2-51acb829465c0"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/white-arr.png

64.235.54.28

200 OK

959 B

URL HTTP/2
www.freeroms.com/images/white-arr.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 3 x 7, 8-bit/color RGBA, non-interlaced\012- data
Size
959 B (959 bytes)
Hash
903756d319facbf280d6218c8c0abd28
8e48f8a6e59a563309420d029a63d0bc94f52f71
f77ebade1d0c3b0e4b69b9a6156294ea756094286fe2ba171e78bd96b7b3bccb

HTTP Headers

GET /images/white-arr.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 959
x-accel-version: 0.01
last-modified: Wed, 25 Jan 2017 04:37:29 GMT
etag: "3bf-546e3ca4b3440"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
46dc30387c4c80980565842526bb5efe
cbfbdd770260e40b3bde38f51af261e045be0c1a
50e46738faffc76b52c2634d5fb8a9d67f4e58d7f21541d37a9325e81dacd3e1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50E46738FAFFC76B52C2634D5FB8A9D67F4E58D7F21541D37A9325E81DACD3E1"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16591
Expires: Fri, 27 Jan 2023 03:20:17 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
46dc30387c4c80980565842526bb5efe
cbfbdd770260e40b3bde38f51af261e045be0c1a
50e46738faffc76b52c2634d5fb8a9d67f4e58d7f21541d37a9325e81dacd3e1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50E46738FAFFC76B52C2634D5FB8A9D67F4E58D7F21541D37A9325E81DACD3E1"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16701
Expires: Fri, 27 Jan 2023 03:22:07 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0e0794742d318d830bb70192940d1ea6
23cf49def92a0b062bcdccbbf61383fb22d58ba0
5078277491858b6974d34d56c4c966210a37ad970bc165a08d9bb6e2510874de

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143789
Date: Thu, 26 Jan 2023 22:43:46 GMT
Etag: "63d28099-1d7"
Expires: Sat, 28 Jan 2023 14:40:15 GMT
Last-Modified: Thu, 26 Jan 2023 13:31:05 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kQOocI75Wy79AYXTLXpKUFCJLtNKVZb0Zb4Fl192iwWncrwM-KvuIw==
Age: 4150

simplewebanalysis.com/stats

3.120.47.42

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.120.47.42:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5aa890c46c5760af6fa359afac608c26
db8a2eb4ce799dd39b4fa70e71ce8c4bb8d1e346
165c85a21f1bebaa354ab116e0d8f3e433fdd36119c397165f9254819b9185f3

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.freeroms.com
access-control-allow-credentials: true
set-cookie: uid_id2=98832bb1-3221-4f73-ba71-6c3f0755d8ac:3:1; expires=Sun, 23 Jan 2033 22:43:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

dacmaiss.com/tag.min.js

139.45.197.237

200 OK

24 kB

URL HTTP/2
dacmaiss.com/tag.min.js
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23678 bytes)
Hash
c4908e29d4b2ee5bb96790e426d7f232
57d500deb5757bcde65cf9d61df9514367d33837
769dd1240d0a52a9547bc6618ca0e7d274591768ce9aa919e3c3868c0045dc48

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: dacmaiss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 23678
content-encoding: br
x-trace-id: c5338899bbcb29c8b80949405eeffa40
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 23 Jan 2023 15:51:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_main_bottom.gif

64.235.54.28

200 OK

1.4 kB

URL HTTP/2
www.freeroms.com/images/circuit_main_bottom.gif
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
GIF image data, version 89a, 334 x 40\012- data
Size
1.4 kB (1352 bytes)
Hash
660833b77d6e64a7347b2536658f65d4
7ef5949aa50558090c53c9084bf4e01c8984f5c7
280a43318bfd40a4cf90a00f47e944e7c6ae6221aaed1e7fe23a1b39b79c3635

HTTP Headers

GET /images/circuit_main_bottom.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/gif
content-length: 1352
last-modified: Tue, 14 Jul 2015 01:10:54 GMT
etag: "55a4619e-548"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_main_right.gif

64.235.54.28

200 OK

1.8 kB

URL HTTP/2
www.freeroms.com/images/circuit_main_right.gif
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
GIF image data, version 89a, 12 x 415\012- data
Size
1.8 kB (1849 bytes)
Hash
ca8a951bdcdf29ca49cf66f5e2a963d1
514cdcb098f3e0716f94c53a33cf2fc9f41d40bf
089c688ad07d47949987f81f182752199bb7329fd5d443fa084342f6f9dc2953

HTTP Headers

GET /images/circuit_main_right.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/gif
content-length: 1849
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "55a4619f-739"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/download-ar.png

64.235.54.28

200 OK

1.1 kB

URL HTTP/2
www.freeroms.com/images/download-ar.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 11 x 17, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1110 bytes)
Hash
1f11769dabff5c8bab9b24e4aaf89b78
bbfa2c4db3bdc8efd7fd5f388e349d9de296f2df
4e4d8ee70a3d33d4d0d9e32dc90244f1b0f54b30f414e7a588adf9a7381e4c66

HTTP Headers

GET /images/download-ar.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 1110
last-modified: Tue, 14 Jul 2015 01:10:56 GMT
etag: "55a461a0-456"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/cart.png

64.235.54.28

200 OK

2.3 kB

URL HTTP/2
www.freeroms.com/images/cart.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 30 x 113, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2278 bytes)
Hash
ac6530f6d006d66152cd747ff83bd3c6
8c061d59551994caa61bb65e4bc640b6c6a2cf1c
53493e7170c444e398dea7abdcbfb0a842e9129bcbce4254c17ad3e3f6caa363

HTTP Headers

GET /images/cart.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: image/png
content-length: 2278
last-modified: Tue, 14 Jul 2015 01:10:48 GMT
etag: "55a46198-8e6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2fd3b5487710791cafa87110d681647a
6f3de59c79cf8f93c3312d917e9bb225a8bb25f9
35c24aa8f70e97185a0a18761f04b283cefecdce3abcd2261ccc6377077730c5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35C24AA8F70E97185A0A18761F04B283CEFECDCE3ABCD2261CCC6377077730C5"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2149
Expires: Thu, 26 Jan 2023 23:19:35 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d84f383ade441229a3b8c3bdb440dec1
1a3fe5fbdb453238fd1bba1698ab7e42cc964455
00f8082421d59df44b61e96c4cdf71aec562e572fd3fbebfb2f1c5aa5fa22c6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00F8082421D59DF44B61E96C4CDF71AEC562E572FD3FBEBFB2F1C5AA5FA22C6F"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2280
Expires: Thu, 26 Jan 2023 23:21:46 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

my.rtmark.net/gid.js?userId=b0e353cd95e04579a882e88466795384

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=b0e353cd95e04579a882e88466795384
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
08c335ca5745a6b39f0d7834884bd87f
99998aff805e15f56f74d6df09a82c8561062917
66751a976f496769e829180ad616d6807cb64d13d956ce4011fc5635e36c87dc

HTTP Headers

GET /gid.js?userId=b0e353cd95e04579a882e88466795384 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b0e353cd95e04579a882e88466795384; expires=Fri, 26 Jan 2024 22:43:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/400/3601099

139.45.197.237

403 Forbidden

22 B

URL HTTP/2
betotodilea.com/400/3601099
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
b5e50d07b6b24e1e105e6e4fceb97bf6
95d7e8119b8befc7153b44b4c7be59f26bd6ad33
61c3148fba3befcce5b4636c4209a440913a136138bf62005df97386827f2ae2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/3601099 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: text/plain; charset=utf-8
content-length: 22
x-trace-id: 56c9aedf5f283a415f7a5c2a4689748a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
timing-allow-origin: *
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
03201e381b6ad1cd03f4805d1512987b
4383185a3b03d13e37fb0378fc1e74edfa688b29
6287bdb027538b227d0857f8f9122946aa6f05c64b61f452a0ef192d9c6316b6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6287BDB027538B227D0857F8F9122946AA6F05C64B61F452A0EF192D9C6316B6"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12203
Expires: Fri, 27 Jan 2023 02:07:09 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f0a4098f041b32de6aeac7e8919dfb93
d3dd3d384e3bc4454b58f48c878261b5d165c2bd
1a2e07af32d611f5b897d8f26ba1ba7008bdbb7814bc749dc3f6992167ed6d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A2E07AF32D611F5B897D8F26BA1BA7008BDBB7814BC749DC3F6992167ED6D64"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13588
Expires: Fri, 27 Jan 2023 02:30:14 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eabe4b311c1a4e5f9a3bffc76f0d6571
87409b39f1a04ea9502662b2c8f8aebf803087d9
4253b2a9c4892e6ed3c41adcdb7c9724f7634e54f94c1ceb60630fe5fda7493b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4253B2A9C4892E6ED3C41ADCDB7C9724F7634E54F94C1CEB60630FE5FDA7493B"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6695
Expires: Fri, 27 Jan 2023 00:35:21 GMT
Date: Thu, 26 Jan 2023 22:43:46 GMT
Connection: keep-alive

banquetunarmedgrater.com/advertisers.js

192.243.61.225

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 22:43:46 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b56479bdf7772a294d7904033f305813
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9209d3c1d4b62a4510ff6e0d1a878e9f
bfb0e868a6485c61e3fff131bcbe0e6f96661e80
cec4cefcb1d68a7c78549ecaa3185e3d3d198726f7f0720d15430c2d64d62a6e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEC4CEFCB1D68A7C78549ECAA3185E3D3D198726F7F0720D15430C2D64D62A6E"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5935
Expires: Fri, 27 Jan 2023 00:22:42 GMT
Date: Thu, 26 Jan 2023 22:43:47 GMT
Connection: keep-alive

combatbaskstationery.com/ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json

173.233.137.36

200 OK

405 B

URL HTTP/1.1
combatbaskstationery.com/ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (405), with no line terminators
Size
405 B (405 bytes)
Hash
dcfbc7880d3b33fd1f5fc445eb57eaa9
c577177487a79869971acf3d08b881a6d583e2ef
03d04277739ee49668fdb55d6d19a9521fd0eeb45873530229fd2920831834ef

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json HTTP/1.1
Host: combatbaskstationery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 22:43:46 GMT
Content-Type: application/json
Content-Length: 405
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7ce8e7665b3abcb189180b93c7f3def4
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6568
Expires: Fri, 27 Jan 2023 00:33:15 GMT
Date: Thu, 26 Jan 2023 22:43:47 GMT
Connection: keep-alive

nanouwho.com/1?z=3056520

139.45.197.242

200 OK

137 kB

URL HTTP/2
nanouwho.com/1?z=3056520
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
137 kB (137356 bytes)
Hash
c0adfc3abc6e3ee9caab7d35eafc13fc
c39622861cd0ff91426d571c2b2eb52b9400b406
08834e3d34a19068d14c31a8d83e666fbd3a548490981670cadbaa40a5d98854

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=3056520 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: c7c3ef492bfee357975c4190434d8b29
access-control-expose-headers: X-Sc
x-sc: E-fff96BEk1EDLCW2tkw-lhbgApDMjLik-PwFylplU0k4Z9Any-QIN3OBFLXvL_dFYUUNAkhwVuIjrJj8aD1_aTMV8k=
set-cookie: scm=1; expires=Fri, 26 Jan 2024 22:43:46 GMT; secure; SameSite=None
OAID=536b5a0d6c724ffeb6025891818d3033; expires=Fri, 26 Jan 2024 22:43:46 GMT; secure; SameSite=None
oaidts=1674773026; expires=Fri, 26 Jan 2024 22:43:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7538 bytes)
Hash
131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:15:25 GMT
age: 55702
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7804 bytes)
Hash
a5de6b54196befa95e9291a051c645d0
e3100707a4e9b1d5c30223d31f58cd6ee8ad010b
5bcc3dd7011df4e17d7ef86d892fedeca14b0d0eabbe782fecf35c9a82b25e40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7804
x-amzn-requestid: f2bfdd54-e6bf-449f-9731-087e4e848e2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUmhfF4MoAMFquw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1b7a2-3a06fc0b3cd076b23c947d99;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 23:13:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CVD5IG2xp8meHr_xgY1KgY8PPejuUnKuXPqDpbd6NQv6U1kKVvK0Vg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 08:45:17 GMT
age: 50310
etag: "e3100707a4e9b1d5c30223d31f58cd6ee8ad010b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5567 bytes)
Hash
540b084166fb1ad476a2b816848004ac
d10694af4ff8fbdf58896085611b4614a7353eda
b5ce9c01e4ac5a634ab858787c69fe4bf1f297df92b1258f0de6e1461329154b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5567
x-amzn-requestid: 07346e30-a195-4e30-80ed-09bc2844c64d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fORCGGMGIAMFmWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2eda-266bd30056d9d09c009ac086;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:05:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hzKkOH7fa9SswL-wobMieXmxjHSOamr-rogXw8H8SLW5_G_BhBOkjA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 16:31:35 GMT
age: 22332
etag: "d10694af4ff8fbdf58896085611b4614a7353eda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6055 bytes)
Hash
a3d856f57bcfd0bb18253cd77dd6541b
9d9680fb1a9232bb2b42b824dc11633666bfa31a
f2a03384e72a4d3350ee6addc49d6a507837eb195647016ea001e846eaccb0e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6055
x-amzn-requestid: dd44b3ab-6248-419a-995a-f3aaf59dae77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLRhMFPYIAMF91g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfc6d-4df410b022dbbb55297e6ac7;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:18:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c02qyu1rphr_LpUAQQRaTxlNGeEl-yKmVpshfKoWlsfKWiiciJURAw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 08:45:22 GMT
age: 50305
etag: "9d9680fb1a9232bb2b42b824dc11633666bfa31a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 18:35:59 GMT
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
age: 14868
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7573 bytes)
Hash
7364957de1b4c82a923bd947f0cce750
d8aa55b64a65757e043b4b1b63efd93c8261d275
f1f7059968d08adfa1c775c906ecb6e5b752210af0bcdcebfa77c2ba6f15bbf4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: 2946b91b-1d7e-4eba-966d-600ae368cd3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzVxGw1oAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce328b-04037751257e13ca156eee8d;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4TidB2H164ziAxKhEORFw4BBF0FB2pkkwNq3iMQfS4t7yObXCA59Pw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 14:49:11 GMT
age: 28476
etag: "d8aa55b64a65757e043b4b1b63efd93c8261d275"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-FH0L8EV0R0&gtm=2oe1p0&_p=1009928411&cid=1178319333.1674773026&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674773026&sct=1&seg=0&dl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&dt=Need%20For%20Speed%20Underground%202%20ROM%20Download%20for%20Gameboy%20Advance&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-FH0L8EV0R0&gtm=2oe1p0&_p=1009928411&cid=1178319333.1674773026&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674773026&sct=1&seg=0&dl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&dt=Need%20For%20Speed%20Underground%202%20ROM%20Download%20for%20Gameboy%20Advance&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FH0L8EV0R0&gtm=2oe1p0&_p=1009928411&cid=1178319333.1674773026&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674773026&sct=1&seg=0&dl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&dt=Need%20For%20Speed%20Underground%202%20ROM%20Download%20for%20Gameboy%20Advance&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.freeroms.com
date: Thu, 26 Jan 2023 22:43:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

upgulpinon.com/1?z=5030886

139.45.197.242

200 OK

8.2 kB

URL HTTP/2
upgulpinon.com/1?z=5030886
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
8.2 kB (8217 bytes)
Hash
1c9bf752ce4c7a529a923d64354b94d6
6443df52d2f8d7a2ce7e63e1c8fb7081cf63a621
b73ff436c76c0d0dda7f9123fd80cec321fc1584820affc2b846b3f3de2c4747

HTTP Headers

GET /1?z=5030886 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: b928b4eefecf36775bc5e116cfaaf30e
access-control-expose-headers: X-Sc
x-sc: 4EuZDqYyAWmI0IplZSYNkL_1ANrDRZ9-X0g8pmOR0RILKrcClM_pn2-ANHsZixa3GgR2vhGGVlFqMSIoZC2bK6vvyHQ=
set-cookie: scm=1; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
OAID=fd30ad20cbbc4014bb859e2a9f663bfa; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
oaidts=1674773027; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8842ce0e8a7ade68a541b843fd4cdde3
af08cd580c467949030f86fc17132a11843bce26
c1ee92c539f729fff35e9c9814569b46ed36d9f3de13c348daefc46816d6fbda

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4053
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 22:43:47 GMT
Last-Modified: Thu, 26 Jan 2023 21:36:14 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

nanouwho.com/9?z=3056520&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=3056520&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=3056520&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.freeroms.com/
Origin: https://www.freeroms.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

upgulpinon.com/9?z=5030886&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384

139.45.197.242

204 No Content

0 B

URL HTTP/2
upgulpinon.com/9?z=5030886&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /9?z=5030886&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.freeroms.com/
Origin: https://www.freeroms.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json

54.230.111.39

200 OK

43 kB

URL HTTP/2
cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (65512), with no line terminators
Size
43 kB (43220 bytes)
Hash
f8294bdc61889aea06825c46595db209
7e02536c11b957caa2b45c465ac1d3910e6b6030
b2c6c6d54ecc9323c270c6deb85c12e3e271e96857bd42c89cf2adb7e3067789

HTTP Headers

GET /GVL-v2/vendor-list-trimmed-v1.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Thu, 26 Jan 2023 03:00:45 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Thu, 26 Jan 2023 03:00:33 GMT
etag: W/"d8958d8a32b832568208a5001942bb68"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Uy43pUmF5Mu92frxFgFq5AtSmfbPvtk4nY7eCbHR2R1p8y1iKrc-2w==
age: 70983
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b2aafdafa11867a6d8cdb983186b122e
a5271d7ffd840a1a85c92f57a4afb2679546d420
f2b57d3bfecd984e2b90744a287788533ea75ef9e5b87b1c80526f6ef50a968f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2B57D3BFECD984E2B90744A287788533EA75EF9E5B87B1C80526F6EF50A968F"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10169
Expires: Fri, 27 Jan 2023 01:33:16 GMT
Date: Thu, 26 Jan 2023 22:43:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
19e4588d58d51de33385e9732a761856
3b4531235582139915d57c1259361a6ccc1bc923
dfcf8c58a963c5749d1cd921f9089d8bcd4a11717f3403f04c9865200decb466

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFCF8C58A963C5749D1CD921F9089D8BCD4A11717F3403F04C9865200DECB466"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1049
Expires: Thu, 26 Jan 2023 23:01:16 GMT
Date: Thu, 26 Jan 2023 22:43:47 GMT
Connection: keep-alive

rules.quantcount.com/rules-p-6JvC9xkUEfXYY.js

54.230.111.33

200 OK

160 B

URL HTTP/2
rules.quantcount.com/rules-p-6JvC9xkUEfXYY.js
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
160 B (160 bytes)
Hash
f1d42e658b42f72b88abdb871d0c2a71
f3c256dc0a9ff39789b9f2ea4c75c032704149b8
35126b4d43af6b059d7ef0f56d9374e8aa794d73f8d2c1dabaf1477129142724

HTTP Headers

GET /rules-p-6JvC9xkUEfXYY.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 160
last-modified: Thu, 13 Oct 2022 15:10:32 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
date: Thu, 26 Jan 2023 22:43:47 GMT
cache-control: max-age=3600
etag: "f1d42e658b42f72b88abdb871d0c2a71"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UqXUDfxcN1YAqNDvLhMSOr1RJwJj3wiTGwvG49sA9XjcnpMjNFooAA==
age: 1422
X-Firefox-Spdy: h2

upgulpinon.com/11?rnd=1409448708&z=5030886&b=16536118&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Oy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng==&ruid=2235666a-5a78-4b2e-aa76-7acd85f8fe77&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=220

139.45.197.242

200 OK

0 B

URL HTTP/2
upgulpinon.com/11?rnd=1409448708&z=5030886&b=16536118&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Oy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng==&ruid=2235666a-5a78-4b2e-aa76-7acd85f8fe77&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=220
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /11?rnd=1409448708&z=5030886&b=16536118&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=Oy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng==&ruid=2235666a-5a78-4b2e-aa76-7acd85f8fe77&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=220 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: scm=1; OAID=b0e353cd95e04579a882e88466795384; oaidts=1674773027
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: e8edbd5c43d5c5074aa1f3335f78d878
access-control-expose-headers: X-Sc
set-cookie: OAID=b0e353cd95e04579a882e88466795384; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
oaidts=1674773027; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=98832bb1-3221-4f73-ba71-6c3f0755d8ac&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=ea2d5d802b867cf417198fc84113161f&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=98832bb1-3221-4f73-ba71-6c3f0755d8ac&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=ea2d5d802b867cf417198fc84113161f&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=98832bb1-3221-4f73-ba71-6c3f0755d8ac&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=ea2d5d802b867cf417198fc84113161f&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 22:43:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 726ca87daf150a51ea6d808b63ba394e
Strict-Transport-Security: max-age=0; includeSubdomains

interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3736239736%26z%3D3056520%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DwwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D60a12d1c-90d2-4c91-b8dc-c96d2c28be29%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.152

200 OK

23 kB

URL HTTP/2
interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3736239736%26z%3D3056520%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DwwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D60a12d1c-90d2-4c91-b8dc-c96d2c28be29%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1532)
Size
23 kB (23391 bytes)
Hash
097e274432b44f9f960b65c03cd040a6
a692eaaf555239636c71f54ec619843771889ed3
de823e9361a8c47790b59715e17efa7417371f930658a1015e907821f75cd7ab

HTTP Headers

GET /?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3736239736%26z%3D3056520%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DwwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D60a12d1c-90d2-4c91-b8dc-c96d2c28be29%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=wNC53E2fev2vrgNhN47mjedp1Li32qh8yGP9jsoTn_w; expires=Thu, 26-Jan-2023 23:43:47 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
86a25231794bbfd3f276118a68cf20f4
ee94ff69230178aa9294348bfe638acce39bda73
8aa3357c026c54209085411a849df78cd14f155d4991330fbd6ad039f8262985

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AA3357C026C54209085411A849DF78CD14F155D4991330FBD6AD039F8262985"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8004
Expires: Fri, 27 Jan 2023 00:57:11 GMT
Date: Thu, 26 Jan 2023 22:43:47 GMT
Connection: keep-alive

interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg

139.45.197.152

200 OK

48 kB

URL HTTP/2
interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
48 kB (48518 bytes)
Hash
4d4d448b8d067fbb8dd5bd371f76aa3f
ac126e854681a30faeeec1b07871640015003743
2d544292185300921204a178010fef7d3a94d27e6f8358ef09be4cada4187a5e

HTTP Headers

GET /contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3736239736%26z%3D3056520%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DwwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D60a12d1c-90d2-4c91-b8dc-c96d2c28be29%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: image/jpeg
content-length: 48518
last-modified: Wed, 14 Dec 2022 16:39:29 GMT
vary: Accept-Encoding
etag: "6399fc41-bd86"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/logo.png?qc-size=215,40

64.235.54.28

200 OK

9.8 kB

URL HTTP/2
www.freeroms.com/images/logo.png?qc-size=215,40
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 215 x 40, 8-bit/color RGB, non-interlaced\012- data
Size
9.8 kB (9831 bytes)
Hash
14cd0a179797ca4b75eafccd97c8bb29
3b28b50481b500440e2d20df8acfba80d752a090
e94da94c103e98f78880e5458d6cd022cc20d1d6412b985ef8c0b3eeafd40f5c

HTTP Headers

GET /images/logo.png?qc-size=215,40 HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
Cookie: _ga_FH0L8EV0R0=GS1.1.1674773026.1.0.1674773026.0.0.0; _ga=GA1.1.1178319333.1674773026; dom3ic8zudi28v8lr6fgphwffqoz0j6c=98832bb1-3221-4f73-ba71-6c3f0755d8ac%3A3%3A1; prefetchAd_2881944=true; ppu_main_ea2d5d802b867cf417198fc84113161f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: image/png
content-length: 9831
last-modified: Tue, 14 Jul 2015 01:10:45 GMT
etag: "55a46195-2667"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg

139.45.197.152

200 OK

20 kB

URL HTTP/2
interstitial-07.com/contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
20 kB (19879 bytes)
Hash
d657d0b45c722c9203953e7fbb92fc33
e1ff29e4b8f1ea03d163e6a3c8f4d381cae5a3e2
40785963d6afef460b6d58db44d00d3bbed11a81f88e64e6a1b91d317b220d40

HTTP Headers

GET /contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: image/jpeg
content-length: 19879
last-modified: Wed, 05 Oct 2022 17:04:55 GMT
vary: Accept-Encoding
etag: "633db937-4da7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg

139.45.197.152

200 OK

63 kB

URL HTTP/2
interstitial-07.com/contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
63 kB (63121 bytes)
Hash
9b2c293f4695bb8f89f5bdc53f2634e2
fda95c173965012fa72bd0386a0f1e4f0e5220fa
f7090a9b5e00f32721b1d83183b54e836e4237f6d407186327f7835caf3c265a

HTTP Headers

GET /contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: image/jpeg
content-length: 63121
last-modified: Wed, 05 Oct 2022 17:04:52 GMT
vary: Accept-Encoding
etag: "633db934-f691"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.152

200 OK

4.8 kB

URL HTTP/2
interstitial-07.com/?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1530)
Size
4.8 kB (4785 bytes)
Hash
e7e200850e4826d7103336ace0db19e2
69f6ec6797eeae6f5135a26519e8bf9d542da2dc
50aa0962fb9d5e5a78ae26b21f0ad0537139f11ba5766a1e4556e03fb95d0215

HTTP Headers

GET /?l=yig0C7r9tE92Gj6&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1602705480%26z%3D5030886%26b%3D16536118%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DOy8d5fTVDILPB8BdpCJSqaAn4uhmFRv1vGGxKTHTRsJlLkbjSSjUhh88D4q3aQe3wSGpBn5qBRZLty2c85q0AeuEIzg0e2DAvwerIlDSm25JRSptkRP_3-7z8s5U7dONJOYp_rEPtY7tpwKT7o99M1CmUB5PfCZY40wdSHB47iUk97GU1qZb57JVdtJKlogyemRcXQIafp4O0vXCb4I3hkMn81XWJWL2fgZOmTQ60IBp8BSveZC68EKNOqVR1IqnfX8TcdOb0khuelwenCUpOWTXf-kCjR8oaZ1b-svQhWCdydBHpIr-ddGZhK4RcUCi8_Uz5YUYs5fVeCuPC6w0lbHRvHlrssIkEFiq4yfyMUevlQhoFT6efsO3QWaszEtlUQmdQ3oGVMLVRCWXmhzY9pTf1mqxwaEQ4Vl4vDvD0UPf9sjLJUtyKZRR5jY1iNgqm3fOpbRLDv1uhO4Mr-YJr_HAmllceqwZdFiYSi8avxZv0n_doU8XIIC2E2tHvXHO6NMZ7y46p6G8jWVpEWduPeycaKjR62mCH6w3PtNdEGZQIAGllD7Xsiw72Hyal6eTrwmu7ZFVUgTuDn7vlAEDRoD7HkTkmdG9Ncmx62u9byleP_aA3_-h8yI-jbkKeOm0RUmREExFBVaMwrPjkGg4ng%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D2235666a-5a78-4b2e-aa76-7acd85f8fe77%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.freeroms.com%252Froms%252Fgba%252Fneed_for_speed_underground_2.htm%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=iLofdHSkx6eyEe4j7I_ABA3DQx4EaGvtr0qiLPwOzbI; expires=Thu, 26-Jan-2023 23:43:47 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=1330997739

139.45.197.236

200 OK

2.2 kB

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=1330997739
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (5213), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=1330997739 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 670d65cb0f2dadd9fdb708c76de45a14
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 22:43:48 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0f0afe4939ce970d29a86df56b4e2953
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 22:43:48 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: efe614de1a9165668700dbf4d4680261
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%226JvC9xkUEfXYY%22%2C%22domain%22%3A%22www.freeroms.com%22%2C%22publisher%22%3A%22FreeROMS%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.45%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22SflKcnZjT32PEJo7sVOMXg%22%2C%22tagVersion%22%3A%22V2%22%2C%22clientTimestamp%22%3A1674773027636%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ldhjum2p22ydwyj08tlh%22%7D

3.72.156.146

200 OK

2 B

URL HTTP/2
audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%226JvC9xkUEfXYY%22%2C%22domain%22%3A%22www.freeroms.com%22%2C%22publisher%22%3A%22FreeROMS%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.45%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22SflKcnZjT32PEJo7sVOMXg%22%2C%22tagVersion%22%3A%22V2%22%2C%22clientTimestamp%22%3A1674773027636%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ldhjum2p22ydwyj08tlh%22%7D
IP
3.72.156.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

GET /?log=%7B%22accountId%22%3A%226JvC9xkUEfXYY%22%2C%22domain%22%3A%22www.freeroms.com%22%2C%22publisher%22%3A%22FreeROMS%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.45%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22SflKcnZjT32PEJo7sVOMXg%22%2C%22tagVersion%22%3A%22V2%22%2C%22clientTimestamp%22%3A1674773027636%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ldhjum2p22ydwyj08tlh%22%7D HTTP/1.1
Host: audit-tcfv2.cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:43:48 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=1361915427&z=3056520&b=16536117&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=wwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM=&ruid=60a12d1c-90d2-4c91-b8dc-c96d2c28be29&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=1361915427&z=3056520&b=16536117&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=wwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM=&ruid=60a12d1c-90d2-4c91-b8dc-c96d2c28be29&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=1361915427&z=3056520&b=16536117&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=wwmAyVKHdyXCWs5DGa3pNGPn0Q5wHhPw2kuhat2v-TL0PwrrReFZzkqoW5KW0EDkPeptztAyNQUB5JDCxHY5tmBJqB6xGT8Y7TmqdbXDFRGQXzIeQRJripVyrzKEZzpswXfkufjdUsm6i_0icIt7WeJkgsdhqeLvHzNXdPKIXAeDBIEYoULkuetTLWLsbedAyhE8LHLTHWntjfOcb5XfXqZLtw0C_vbHp21uqQ8zYGkUuAn8O9WKFQ_9ArLmfmKQD2UmRrtfVlj3uuVTSOmw4yqWV_acgjptp_8SStHSHCqPUSqpOmJm2GGSbCVR7iRaBH2JeAQdpF5pNKVVB_dulzG_Qx2PVUB2_aGJgY69FvGNujPGk04RTZKGSo-4LJUll-fxygwjpspVA_RbhIfM9AjXIK_CBSM-PTQBrnleIVXzfA-bRlrMw9Mapjle04SmLYj2lpqK9P97Pnrs6ZEmk4qJhnrAmjn1zlKPHE1ZI309T-chheP_UXM5IR1U43uIjfuYLGnaB3OLJ1S6qb0DSCQYJ8iN4sXyhn70G7444ac_HCPq97JE1_7SC10ZdFn6VqqUpvq6RoGe_uxvvLV6siLy2qKxkFaOPpPgTmTomthx_NYWck1yqYylo56KXYwvvPLo_efbBgkwVWFUaNqY78QTOsM=&ruid=60a12d1c-90d2-4c91-b8dc-c96d2c28be29&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: scm=1; OAID=b0e353cd95e04579a882e88466795384; oaidts=1674773026
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:52 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 20b318dcca5285817ee9a3640fcc9264
access-control-expose-headers: X-Sc
set-cookie: OAID=b0e353cd95e04579a882e88466795384; expires=Fri, 26 Jan 2024 22:43:52 GMT; secure; SameSite=None
oaidts=1674773026; expires=Fri, 26 Jan 2024 22:43:52 GMT; secure; SameSite=None
oaidvc=1; expires=Fri, 26 Jan 2024 22:43:52 GMT; secure; SameSite=None
CNT=1_v1_NVL8AAEAAAC3SwAA; expires=Thu, 26 Jan 2023 23:43:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

www.freeroms.com/images/bg-gredient.png

64.235.54.28

200 OK

977 B

URL HTTP/2
www.freeroms.com/images/bg-gredient.png
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type
PNG image data, 1 x 30, 8-bit/color RGB, non-interlaced\012- data
Size
977 B (977 bytes)
Hash
0f7b68eb840d4bf25b729a043992ffb0
59bdf7375e1912edc2349af5004a48409f28f3e8
8396a05bded4668001d0aebbdafc6e5575a2a627ed3a0abee2dbd8510ccf2459

HTTP Headers

GET /images/bg-gredient.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Cookie: _ga_FH0L8EV0R0=GS1.1.1674773026.1.0.1674773026.0.0.0; _ga=GA1.1.1178319333.1674773026; dom3ic8zudi28v8lr6fgphwffqoz0j6c=98832bb1-3221-4f73-ba71-6c3f0755d8ac%3A3%3A1; prefetchAd_2881944=true; ppu_main_ea2d5d802b867cf417198fc84113161f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:53 GMT
content-type: image/png
content-length: 977
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:47 GMT
etag: "3d1-51acb821a53c0"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

dacmaiss.com/?rb=suhE3dkHE2H25mYQKkZ2BVC3idHSrGq4IS1vTydOo-hgbLyUS5c08iup71RmwWGc4tXrjiUIKiWC8s-5rPtxM04eCYPMik6-rb0kIF8knu3nFmmd8eMi_SH22ywRxhI7cljwQUZmANoBdnEq1D_IDFD10XXg3v0K_ZqwxiZQxpSABxNCu5A_3ljVyTjP2eDvlJcKDdIvUuVVMWyMKJ5629IW7Zp33iDJoSxvqfRV76o%3D&request_ab2=0&zoneid=2881944&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=2&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=70c632ec-bc66-41bb-a12f-2bfea46ac887&userId=b0e353cd95e04579a882e88466795384&m=link

139.45.197.237

200 OK

0 B

URL HTTP/2
dacmaiss.com/?rb=suhE3dkHE2H25mYQKkZ2BVC3idHSrGq4IS1vTydOo-hgbLyUS5c08iup71RmwWGc4tXrjiUIKiWC8s-5rPtxM04eCYPMik6-rb0kIF8knu3nFmmd8eMi_SH22ywRxhI7cljwQUZmANoBdnEq1D_IDFD10XXg3v0K_ZqwxiZQxpSABxNCu5A_3ljVyTjP2eDvlJcKDdIvUuVVMWyMKJ5629IW7Zp33iDJoSxvqfRV76o%3D&request_ab2=0&zoneid=2881944&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=2&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=70c632ec-bc66-41bb-a12f-2bfea46ac887&userId=b0e353cd95e04579a882e88466795384&m=link
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?rb=suhE3dkHE2H25mYQKkZ2BVC3idHSrGq4IS1vTydOo-hgbLyUS5c08iup71RmwWGc4tXrjiUIKiWC8s-5rPtxM04eCYPMik6-rb0kIF8knu3nFmmd8eMi_SH22ywRxhI7cljwQUZmANoBdnEq1D_IDFD10XXg3v0K_ZqwxiZQxpSABxNCu5A_3ljVyTjP2eDvlJcKDdIvUuVVMWyMKJ5629IW7Zp33iDJoSxvqfRV76o%3D&request_ab2=0&zoneid=2881944&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=2&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=70c632ec-bc66-41bb-a12f-2bfea46ac887&userId=b0e353cd95e04579a882e88466795384&m=link HTTP/1.1
Host: dacmaiss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.freeroms.com/
Origin: https://www.freeroms.com
Connection: keep-alive
Cookie: OAID=b0e353cd95e04579a882e88466795384; oaidts=1674773026
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: application/json
x-trace-id: a184d639ad0c253f51df0a9fcb127ae6
access-control-allow-origin: https://www.freeroms.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=b0e353cd95e04579a882e88466795384; expires=Fri, 26 Jan 2024 22:43:46 GMT; path=/; secure; SameSite=None
oaidts=1674773026; expires=Fri, 26 Jan 2024 22:43:46 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 Feb 2023 22:43:46 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

test.cmp.quantcast.com/GVL-v2/cmp-list.json

54.230.111.116

200 OK

0 B

URL HTTP/2
test.cmp.quantcast.com/GVL-v2/cmp-list.json
IP
54.230.111.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /GVL-v2/cmp-list.json HTTP/1.1
Host: test.cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Thu, 26 Jan 2023 03:00:36 GMT
last-modified: Sat, 14 Jan 2023 19:52:29 GMT
etag: W/"16f9ea1cc7a71cfed1d4482a599ccd27"
x-amz-server-side-encryption: AES256
x-amz-version-id: POuYi4.QbUYhHN4p2tbIMulQrwaf1j8L
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TV-XVMP2i2ijOSesVoRWkG2ZlvVOwo-oNs5dZ20I94oxUl42aUm52w==
age: 70991
X-Firefox-Spdy: h2

cmp.quantcast.com/choice/6JvC9xkUEfXYY/www.freeroms.com/choice.js?tag_version=V2

54.230.111.39

200 OK

0 B

URL HTTP/2
cmp.quantcast.com/choice/6JvC9xkUEfXYY/www.freeroms.com/choice.js?tag_version=V2
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /choice/6JvC9xkUEfXYY/www.freeroms.com/choice.js?tag_version=V2 HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 07 Mar 2022 13:38:13 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: gzip
cache-control: max-age=3600
date: Thu, 26 Jan 2023 22:43:01 GMT
etag: W/"8903112fe1b05cb89d49d106b04c0b73"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 52zcu8H0QjGxdGaojSZ783KhwPBds4KWYfmJilIWncncjNrcLMLwbg==
age: 46
X-Firefox-Spdy: h2

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/9?z=3056520&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=3056520&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.freeroms.com%2Froms%2Fgba%2Fneed_for_speed_underground_2.htm&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b0e353cd95e04579a882e88466795384 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 374
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: scm=1; OAID=536b5a0d6c724ffeb6025891818d3033; oaidts=1674773026
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 95b8c812dfe1263035edcc285ccb5028
access-control-expose-headers: X-Sc
set-cookie: OAID=b0e353cd95e04579a882e88466795384; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
oaidts=1674773026; expires=Fri, 26 Jan 2024 22:43:47 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cmp.quantcast.com/tcfv2/google-atp-list.json

54.230.111.39

200 OK

0 B

URL HTTP/2
cmp.quantcast.com/tcfv2/google-atp-list.json
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tcfv2/google-atp-list.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Thu, 26 Jan 2023 03:01:32 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Thu, 26 Jan 2023 03:01:30 GMT
etag: W/"1dbfd79d4ea7f69c0c42a2f6065532e7"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tDJbgi2WSNdf_d7iydPdRBkV7gZbCx2vBSSgFp4eP0om-bHnxQBV2Q==
age: 70936
X-Firefox-Spdy: h2

www.freeroms.com/js/jquery.min.js

64.235.54.28

200 OK

0 B

URL HTTP/2
www.freeroms.com/js/jquery.min.js
IP
64.235.54.28:0
ASN
#26277 PREMIANET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/roms/gba/need_for_speed_underground_2.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:46 GMT
content-type: application/javascript
last-modified: Tue, 28 Jul 2015 06:50:01 GMT
etag: W/"55b72619-176d5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

upgulpinon.com/27/f0e85569ebf902c5568035fe1b0a0004

139.45.197.242

200 OK

0 B

URL HTTP/2
upgulpinon.com/27/f0e85569ebf902c5568035fe1b0a0004
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /27/f0e85569ebf902c5568035fe1b0a0004 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: scm=1; OAID=fd30ad20cbbc4014bb859e2a9f663bfa; oaidts=1674773027
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:43:47 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Thu, 26 Jan 2023 04:44:45 GMT
expires: Thu, 25 Feb 2083 04:44:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML