Report - f-3ru.xyz/f/VNXv/?id=61014raxa

Report Overview

Submitted URL
f-3ru.xyz/f/VNXv/?id=61014raxa
IP
185.178.208.130
ASN
#57724 Ddos-guard Ltd
Submitted
2023-01-30 07:45:17
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
f-3ru.xyz	unknown	2021-12-14T15:24:11Z	2023-02-06T13:34:37Z	8.5 kB	555 kB	185.178.208.130
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	337 B	1.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.162.143.37
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	55 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	f-3ru.xyz/f/VNXv/default.png?11	Phishing
2023-01-30	medium	f-3ru.xyz/images/svg_icons/login_all_products_arrow.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed
2023-01-30	medium	f-3ru.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	f-3ru.xyz/f/VNXv/?	2.1 kB	2023-03-13	2023-03-13
Pretty URL f-3ru.xyz/f/VNXv/? IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:12:03 Last Seen2023-03-13 12:12:03 Times Seen1 Hash 2899b0ef6b69d4cf30218a766229cb38 325629f8ecd4c54d9c9a2ab9dc2d60a882842657 2e064d0fb25c104f816ba6b340e6a8360d9b5acc51bb7e8099682b5ddbb5fd57 Loading...

	f-3ru.xyz/f/VNXv/?	55 B	2023-03-07	2023-03-14
Pretty URL f-3ru.xyz/f/VNXv/? IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:52:01 Last Seen2023-03-14 11:06:48 Times Seen1 Hash f66781043004313994a2f4c793a2ddb8 401b6581a196070b7d26af66a110fcd27e3149e8 1d3697f780043edfbdded276fa17422470f120c5493ceab4661f240fa84da00b Loading...

HTTP Transactions (35)

URL IP Response Size

f-3ru.xyz/f/VNXv/?id=61014raxa

185.178.208.130

301 Moved Permanently

568 B

URL HTTP/1.1
f-3ru.xyz/f/VNXv/?id=61014raxa
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Size
568 B (568 bytes)
Hash
2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/?id=61014raxa HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Mon, 30 Jan 2023 07:45:06 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://f-3ru.xyz/f/VNXv/?id=61014raxa
Content-Type: text/html; charset=utf8
Content-Length: 568

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12957
Expires: Mon, 30 Jan 2023 11:21:04 GMT
Date: Mon, 30 Jan 2023 07:45:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3155
Expires: Mon, 30 Jan 2023 08:37:42 GMT
Date: Mon, 30 Jan 2023 07:45:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 07:43:11 GMT
content-type: application/json
age: 116
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9733
Expires: Mon, 30 Jan 2023 10:27:20 GMT
Date: Mon, 30 Jan 2023 07:45:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 7DeugRA3MuVzg1yaCaHSCWBBfHUksUMlfdKJ02/RKQy3jvNuLUeeok83ig8TTMbckL3inIHMB84=
x-amz-request-id: 3M1KP4Z17HZP2S7F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 06:50:38 GMT
age: 3269
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 07:45:07 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a2d60484a598927b48c8eb335e14c3e
19f42f699f3cf08207d83bdf1ef303894c52281c
5ce5b197c2c8d781efe1aeaa3f895901d9716bfa32ae89c16c38779ee7931a44

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CE5B197C2C8D781EFE1AEAA3F895901D9716BFA32AE89C16C38779EE7931A44"
Last-Modified: Sun, 29 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 30 Jan 2023 13:45:07 GMT
Date: Mon, 30 Jan 2023 07:45:07 GMT
Connection: keep-alive

f-3ru.xyz/f/VNXv/?id=61014raxa

185.178.208.130

302 Found

519 B

URL HTTP/2
f-3ru.xyz/f/VNXv/?id=61014raxa
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document, Unicode text, UTF-8 text, with very long lines (329)
Size
519 B (519 bytes)
Hash
df93b46dc2190463ae4f5ad2ca4f717e
65b976967e5508bf0c821f6f430caa082ddd0c6f
c582dbb152414a45c1f93164dbe4a3c5d215319c153b8a2fdc7e07613ca17dd9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/?id=61014raxa HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 07:45:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: __ddg1_=V28725bR51wchE6X4ur5; Domain=.f-3ru.xyz; HttpOnly; Path=/; Expires=Tue, 30-Jan-2024 07:45:07 GMT
PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d; path=/
location: ?
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11274
Expires: Mon, 30 Jan 2023 10:53:01 GMT
Date: Mon, 30 Jan 2023 07:45:07 GMT
Connection: keep-alive

push.services.mozilla.com/

35.162.143.37

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.143.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7plasWGbcWLJXjspi/Y+Lg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8/hFEPXUMiOTrQ8Je9CtF1h41rI=

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8375
Expires: Mon, 30 Jan 2023 10:04:44 GMT
Date: Mon, 30 Jan 2023 07:45:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8375
Expires: Mon, 30 Jan 2023 10:04:44 GMT
Date: Mon, 30 Jan 2023 07:45:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8375
Expires: Mon, 30 Jan 2023 10:04:44 GMT
Date: Mon, 30 Jan 2023 07:45:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7679 bytes)
Hash
3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VHh2SQ21xoDoBnGvM2kRiposhXuCE-DdWW1bM35kEykjbHYmhsldVA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 35627
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 17:35:56 GMT
age: 50953
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11095 bytes)
Hash
bb1a5e0a2bb1cacf87189373c118adf4
079974268f755aa38fb2cb32b8bcb748353c793f
1b0519e6bfca30a31b83d427302f7e22140f5b2da6f13cac37ea9c07abc42676

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11095
x-amzn-requestid: dc7c00e2-cd2d-4265-8763-3dd7dbe223ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkFyEhJIAMFjpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6f1-541a17c362e95dfa5e90f58f;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UuPN6Nq84hFgUDMbvpLTysWfU1JcRiecGH3tkdqDOOXBo9hVhmpMBA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:59:52 GMT
age: 35117
etag: "079974268f755aa38fb2cb32b8bcb748353c793f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa29141be-cb17-4a1d-a64f-9b3d296461f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5764 bytes)
Hash
546f1cb9f94ea553ae884a6f50c6bd3d
fd08d9841bcd8864aaf2e5d93ca61b31246b6db5
5aba48ac6c65e371c6c1aeee43f97670f196d3a3933b9f5812a67be90b7dbdfa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa29141be-cb17-4a1d-a64f-9b3d296461f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5764
x-amzn-requestid: 33ebf979-ba40-451e-bbdb-3ee4a9dc07ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhksyGRVoAMF5UQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7eb-55fcbb4d6d88dbf758409801;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X3lzViVGoynSgoeenp6EIU2E3FMSRlKNGOy73pIOAASV11hOk2B4UA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:11:45 GMT
age: 34404
etag: "fd08d9841bcd8864aaf2e5d93ca61b31246b6db5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F281d3bcc-ce90-407c-89ce-33d8423b4048.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5462 bytes)
Hash
a60c45fc1156fadfbe47afe4e9e282da
e8db47e0aa028a846fd631cf2f2d5a979ee51e08
9a91bd22d5174fc3adbc6b24de6197be4f694bc46e8cc32124212a17a5af3f5a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F281d3bcc-ce90-407c-89ce-33d8423b4048.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5462
x-amzn-requestid: 4ec670d9-7dfd-45a9-93bc-935dfd991c20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkF8HWWIAMFpnA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6f2-3bda5c87690a91851b2de9e6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pwq94zwZMPxv6h8fp0j1X0F74l61RfmnNmHauPjKZ-5ahF3fOveELA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:01:09 GMT
age: 35040
etag: "e8db47e0aa028a846fd631cf2f2d5a979ee51e08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9457 bytes)
Hash
51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3EXFa0gb46AbdZ9ZznGiPTemGZ7zWh9WLs5Yr1zmfyh_jyKA6o7xoA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:19:57 GMT
age: 33912
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/css/index.c5be8c0e3c9122ee3fae.css

185.178.208.130

200 OK

3.3 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/css/index.c5be8c0e3c9122ee3fae.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (13339), with no line terminators
Size
3.3 kB (3312 bytes)
Hash
0d979f2ab7b63b1e9016901d464586be
4ea97acb9f1d348ae9f5e088b986145a98508bab
edfefb9c5468999476490c81a218e02abb598f39fabb31f73b4e9531f982867f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/css/index.c5be8c0e3c9122ee3fae.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 16:28:20 GMT
vary: Accept-Encoding
etag: W/"63b84c24-341b"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 483105
content-length: 3312
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/css/base.946e16181022949f5f64.css

185.178.208.130

200 OK

19 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/css/base.946e16181022949f5f64.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
19 kB (19157 bytes)
Hash
5f249e9c19ce48b49429ba5cd2db6433
0d852e013a49abcd97edcad85863e7236cdc1d25
d039a8b0d5bfcf94aae6761c4df215294597e5db5a09e2438f62e03ba4830a3f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/css/base.946e16181022949f5f64.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 16:28:19 GMT
vary: Accept-Encoding
etag: W/"63b84c23-1adbd"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 483105
content-length: 19157
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/css/fonts_utf.15d6f42d79fd5c9fb64e.css

185.178.208.130

200 OK

1.2 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/css/fonts_utf.15d6f42d79fd5c9fb64e.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (4344), with no line terminators
Size
1.2 kB (1169 bytes)
Hash
44937ff92773855c73aeb04416ac8d2f
f0372909922c41a4030d3647e9ac700fb21be65d
ee26bc4856442be7d8185d4a7b3c3cb9b1a961cb1b260031d0333fb77a19e1b6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/css/fonts_utf.15d6f42d79fd5c9fb64e.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 16:28:20 GMT
vary: Accept-Encoding
etag: W/"63b84c24-10f8"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 483105
content-length: 1169
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/css/join.7670bee16440efebebcc.css

185.178.208.130

200 OK

6.9 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/css/join.7670bee16440efebebcc.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (26811), with no line terminators
Size
6.9 kB (6909 bytes)
Hash
2bd47618a31e77aa63044a6dca19e033
074b9c14d21d9af25590d731a2579d8544143ff1
99b1d0314bde4a3f311e0af20c1cc5c016777741ea10a773b32d61874e58c4b8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/css/join.7670bee16440efebebcc.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 16:28:20 GMT
vary: Accept-Encoding
etag: W/"63b84c24-68bb"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 483105
content-length: 6909
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/date-g.png

185.178.208.130

200 OK

2.0 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/date-g.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 273 x 38, 8-bit/color RGB, non-interlaced\012- data
Size
2.0 kB (1955 bytes)
Hash
45fd0da7186c78bf34bb7776fb953647
3d8054ff8264ac1bd9f41b2c5e5db88a238cae02
9c3e1f90f0cdc53a5ae0833446be42facad0b7468486b27637f1c5d85a835cb1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/date-g.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: image/png
content-length: 1955
last-modified: Fri, 06 Jan 2023 16:27:29 GMT
etag: "63b84bf1-7a3"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 483105
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/css/login.3f85d2eaa2916e3f45b0.css

185.178.208.130

200 OK

8.3 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/css/login.3f85d2eaa2916e3f45b0.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (47134), with no line terminators
Size
8.3 kB (8297 bytes)
Hash
a3e95ae106dbe82f0afa1560f55db661
d1f19f68cbca5e30399cac6b408626c2b9317450
3585f3b0caae45be257a0713d5c72eeeb50eabbd934cbda29dd5579af5f6890a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/css/login.3f85d2eaa2916e3f45b0.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 03:04:40 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 16:28:20 GMT
vary: Accept-Encoding
etag: W/"63b84c24-b81e"
expires: Sun, 12 Mar 2023 03:04:40 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 362431
content-length: 8297
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/css/fonts_cnt.3be257f36d69fd8507c4.css

185.178.208.130

200 OK

363 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/css/fonts_cnt.3be257f36d69fd8507c4.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65536), with no line terminators
Size
363 kB (362796 bytes)
Hash
da6a3ab26e7e067b3b2470b7bf19bf41
8fec6d861a6dd8fe3976a5e891ec603a1d558345
9e6d8523feb86e8c3f686153e09c344acddcb46b382cf189e73ae6bfc9c629f1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/css/fonts_cnt.3be257f36d69fd8507c4.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 16:28:20 GMT
vary: Accept-Encoding
etag: W/"63b84c24-75812"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 483105
content-length: 362796
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/reg_android_ru.png

185.178.208.130

200 OK

27 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/reg_android_ru.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 183 x 384, 8-bit colormap, non-interlaced\012- data
Size
27 kB (26678 bytes)
Hash
1be684d98fea1c3cc7f8d41c9fe25d76
5f0e52d008fa484a782e2daf1dd09b5b221d55f1
21f740ac4fb0b9c1dfb78210b16d949744c1ac781106316169826d1bb836e136

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/reg_android_ru.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: image/png
content-length: 26678
last-modified: Fri, 06 Jan 2023 16:27:29 GMT
etag: "63b84bf1-6836"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 483105
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/reg_iphone_ru.png

185.178.208.130

200 OK

27 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/reg_iphone_ru.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 198 x 396, 8-bit colormap, non-interlaced\012- data
Size
27 kB (27275 bytes)
Hash
3bb7a2b8918d1c4f2627212696d9dbd3
c5707405d87851c5d74bcfc0a9df96d1463c4cfb
fc71564b7d25aba5ccbb19c54af8d378a9ac77dccbc9dbfc79ec50087f309ff9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/reg_iphone_ru.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 24 Jan 2023 17:33:26 GMT
content-type: image/png
content-length: 27275
last-modified: Fri, 06 Jan 2023 16:27:29 GMT
etag: "63b84bf1-6a8b"
expires: Fri, 10 Mar 2023 17:33:26 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 483105
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/?

185.178.208.130

200 OK

86 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/?
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (40814)
Size
86 kB (85682 bytes)
Hash
f4bc437250979aae074b0f4f48ff8391
06d4e1c0589e34428329df12d5e3367b405c199b
6b7c3837dcf0f8ac2ced3753b54f01b818a467ce19944a5131a7a6fd94c03095

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/? HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://f-3ru.xyz/f/VNXv/?
Connection: keep-alive
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 07:45:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/default.png?11

185.178.208.130

200 OK

3.9 kB

URL HTTP/2
f-3ru.xyz/f/VNXv/default.png?11
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Size
3.9 kB (3916 bytes)
Hash
1b5346ad0f1cb807b71d2f8bc58f5715
9cb9a88102fdab6cf110b0038b3834b52b25aefa
342d5c3c56565b798ec93869282108574afdf41dadcdedf08ab9b2a1a64feac1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/default.png?11 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 17:48:47 GMT
content-type: image/png
content-length: 3916
last-modified: Fri, 06 Jan 2023 16:27:29 GMT
etag: "63b84bf1-f4c"
expires: Wed, 15 Mar 2023 17:48:47 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 50184
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/fav_logo.ico?6

185.178.208.130

200 OK

313 B

URL HTTP/2
f-3ru.xyz/f/VNXv/fav_logo.ico?6
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
313 B (313 bytes)
Hash
4466f62702a81e310debec3404630df4
85bf242412c5588f544e669d6850a95b8e4b2fc7
6942cd46e5b62591f413fc4ff863b60b79a51ad03739d23d0487c0e0f29116fc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/fav_logo.ico?6 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 17:51:59 GMT
content-type: image/vnd.microsoft.icon
content-length: 313
last-modified: Fri, 06 Jan 2023 16:27:29 GMT
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "139-5f19ae4ca4a61"
age: 49992
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/?w=1280&h=1024

185.178.208.130

302 Found

0 B

URL HTTP/2
f-3ru.xyz/f/VNXv/?w=1280&h=1024
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/?w=1280&h=1024 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/?
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 07:45:09 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: ?
X-Firefox-Spdy: h2

f-3ru.xyz/f/VNXv/?

185.178.208.130

200 OK

0 B

URL HTTP/2
f-3ru.xyz/f/VNXv/?
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/VNXv/? HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 07:45:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

f-3ru.xyz/images/svg_icons/login_all_products_arrow.svg

185.178.208.130

404 Not Found

0 B

URL HTTP/2
f-3ru.xyz/images/svg_icons/login_all_products_arrow.svg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /images/svg_icons/login_all_products_arrow.svg HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/VNXv/css/login.3f85d2eaa2916e3f45b0.css
Cookie: __ddg1_=V28725bR51wchE6X4ur5; PHPSESSID=a3dcf3a9c1b059671355ca35d3fe903d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 07:45:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.36
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN