Report - preferrerslumpalarmedly.com/CcrD856564961b92f58ce4af0cde5eed23e883e65c3f4?s1=b2&q=advanced+microprocessors+and+peripherals+ak+ray+pdf

Report Overview

Visited public
2023-12-03 18:26:26
Tags
URL
preferrerslumpalarmedly.com/CcrD856564961b92f58ce4af0cde5eed23e883e65c3f4?s1=b2&q=advanced+microprocessors+and+peripherals+ak+ray+pdf
Finishing URL
www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE
IP / ASN
188.72.236.34
#35415 Webzilla B.V.
Title
Viderekoblingsmerknad

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	1.6 kB	4.0 kB	142.250.74.132
preferrerslumpalarmedly.com	unknown	2023-10-20	2023-10-23 12:07:18	2023-12-02 19:23:56	599 B	602 B	188.72.236.34
3jashd11.monster	unknown	2023-08-18	2023-08-18 17:52:01	2023-12-03 05:14:47	561 B	680 B	188.72.236.39
mdakky.com	unknown	2023-10-12	2023-10-13 10:25:55	2023-12-02 13:59:05	533 B	184 B	185.162.85.19
ecrwqu.com	577459	2021-11-09	2021-11-09 21:59:02	2023-12-02 13:40:49	560 B	810 B	185.162.85.4
video-clickr.com	unknown	2023-09-07	2023-09-07 17:42:01	2023-12-03 11:24:35	1.4 kB	965 B	144.76.181.26
whampamp.com	30947	2022-01-19	2022-03-12 14:52:24	2023-12-02 17:24:54	2.0 kB	2.8 kB	139.45.197.236
resionsfrester.com	unknown	2023-06-07	2023-06-08 10:22:33	2023-12-03 19:10:57	829 B	927 B	18.196.89.56
crockpics.com	unknown	2022-10-12	2017-10-15 16:34:01	2023-12-03 12:36:46	7.2 kB	1.4 MB	172.67.160.130
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.1 kB	104 kB	142.250.74.3
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-02 20:02:45	535 B	678 B	139.45.195.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 18:26:16	low	Client IP	Internal IP	ETPRO INFO Referer Obfuscation/Hiding Service in DNS Lookup (href .li)
2023-12-03 18:26:16	low	Client IP	Internal IP	ETPRO INFO Referer Obfuscation/Hiding Service in DNS Lookup (href .li)
2023-12-03 18:26:16	low	Client IP	192.0.78.27	ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	ecrwqu.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE	ScriptElement	490 B	2023-04-07	2024-10-18
Pretty URL www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 05:11 Last Seen2024-10-18 10:07 Times Seen953 Hash 24a5a451dbbce4bbb98a7d6f4e7d5a05 3e2b1bc144cf6708bdcd9e92ac27bcd6018c28b9 0b9ae8dc4cdf88f688b4b3f351fbfc420c3d16bef7eda6536d94f31aa9e6a892 Loading...

HTTP Transactions (28)

URL IP Response Size

preferrerslumpalarmedly.com/CcrD856564961b92f58ce4af0cde5eed23e883e65c3f4?s1=b2&q=advanced+microprocessors+and+peripherals+ak+ray+pdf

188.72.236.34

135 B

URL
preferrerslumpalarmedly.com/CcrD856564961b92f58ce4af0cde5eed23e883e65c3f4?s1=b2&q=advanced+microprocessors+and+peripherals+ak+ray+pdf
IP
188.72.236.34:0
ASN
#35415 Webzilla B.V.

File type
HTML document, ASCII text
Size
135 B (135 bytes)
Hash
8dc5ae7e4d5875c3f986b47509d42ae4
95724ef5dfa82f82196abb0ead07786b62bdf7b3
5b01266dd361eceb683a18dc98629c1e120b7211e97a0b9809596ed46a80916b

HTTP Headers

GET /CcrD856564961b92f58ce4af0cde5eed23e883e65c3f4?s1=b2&q=advanced+microprocessors+and+peripherals+ak+ray+pdf HTTP/1.1
Host: preferrerslumpalarmedly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 03 Dec 2023 18:26:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 135
Connection: keep-alive
Accept-Ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Location: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1

crockpics.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg

172.67.160.130

24 kB

URL
crockpics.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
24 kB (24232 bytes)
Hash
2b00b22d0fc9400405e0a93d2c32581d
9ccb0bcdab3c25027740217df2a64ee2dc18ec93
1b5d07b73321be8f54ea2281e6f6520f4d730df706676895c99d7e988cb96ffc

HTTP Headers

GET /images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 24232
last-modified: Tue, 15 Mar 2022 07:33:50 GMT
etag: "5ea8-5da3cd16c9380"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXKmeZbY1%2BVKT5HDJwHgl8K1JY6Q6pC5hXJmolUd%2FV20vIZbQABciIMdVNdr%2B%2B27II6dvCO3qFjkC6kX2Svn%2F5tcEj4rZyAsjguEH4e%2BWaW2kQdF3oFs3BTmtZQzpw6u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a488556cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/avatar/portrait-young-redhead-bearded-male.jpg

172.67.160.130

26 kB

URL
crockpics.com/images/avatar/portrait-young-redhead-bearded-male.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
26 kB (25921 bytes)
Hash
71e947fcdeaa5cf2a2a5dfb28e4921ec
cfa6b029f4437f5687bcd64227597584c47b7ab7
c3df7f5fc1f27d7f400fb7ec2fce0b202d0101c56f8251a3de2c9d3b580d0122

HTTP Headers

GET /images/avatar/portrait-young-redhead-bearded-male.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 25921
last-modified: Tue, 15 Mar 2022 10:21:33 GMT
etag: "6541-5da3f2939c540"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=whKGLscvXNgVfVZ36emmaJTs4%2BnBrpTc84HD01fYOtULV%2Fo7wbgAAOMPESaBCKQcMF3gUGhKNLytpKHQZJkD6GpSr0QzBN3d6t47aim7246JPQad22kOc4zvtp10W%2Bwi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a488856cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/education-online-books.png

172.67.160.130

310 kB

URL
crockpics.com/images/education-online-books.png
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced\012- data
Size
310 kB (310455 bytes)
Hash
effbcadb714b24e2cabb8d64097c8dcc
239e471a633629d027c050e19b441a6ce9fa77b4
3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203

HTTP Headers

GET /images/education-online-books.png HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 07:38:01 GMT
etag: "4bcb7-5f0f29085e840"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPb5CTjDX7MGzmWt1EtuIwq2QGpuxPZbT5AuUmyHfd7S%2FnkUk01gkhL7z0R%2BKT1CNML%2BwGMNojfsKovoHb3EPBib5iphnjtsnNnIfowd0wnHDL97wrfYdssJ%2B9qzpXs6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a487f56cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/avatar/pretty-blonde-woman.jpg

172.67.160.130

30 kB

URL
crockpics.com/images/avatar/pretty-blonde-woman.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
30 kB (30052 bytes)
Hash
83251e8a0f137b34118d0eba449b5471
c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62
b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411

HTTP Headers

GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 04:47:17 GMT
etag: "7564-5da265ff41f40"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKZZmviviCWazlWieTWk8UqlYvyv%2Fwnj1LwwIfJ1ubQR4uaqOMdi9frdKiwvEvwQ8OQ7Zu27T6pDDtOwJ7Xqm%2FcXpfbjHvHx3VXoBNhfxfnqwLNZV3wWMSDSnnuzIeEY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a488b56cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg

172.67.160.130

26 kB

URL
crockpics.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
26 kB (26473 bytes)
Hash
2c1eba2ef33f5d5dff9e8dd2b04073ce
cb767536742c4844448bb69aa3da8858c77dcf63
f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04

HTTP Headers

GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 04:47:35 GMT
etag: "6769-5da266106c7c0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acFwjhRNS%2BuiaY9gp9m1fMCvkssvDdI%2F6TCheI%2BL3HG7rSN7ameSr4YMtI7eHbskQvrKEL2i%2FR5xQrikLGXW0rnoqcg5PpR1isWdA%2BeIpxQNy2zGGiGGXwncahz%2Fy45i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a589356cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/tablet-screen-contents.jpg

172.67.160.130

220 kB

URL
crockpics.com/images/tablet-screen-contents.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1836x1280, components 3\012- data
Size
220 kB (219556 bytes)
Hash
7cf6f9cbec501581b78c4c8e82f8b20d
c9bbda23f7cd24eca42a77a6961745abdbdc6c73
d70adc38af1c7c886564b0c2de6eeccb8e3ada43b4e4c9ae365a9491ac8a54a1

HTTP Headers

GET /images/tablet-screen-contents.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 219556
last-modified: Mon, 02 Jan 2023 03:08:26 GMT
etag: "359a4-5f13f43c87e80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v57fXkCOwlPt4%2BJiZ%2BSkOwILfceuB68LuDwX9O0I5GPS41vUYz%2BedgsoUw30tUa1XGb7z7vuWGAtdoh%2FZnCRTdkfZ9lgACm7azC4PfkUJvM%2BiluyqjHdd4MOIQF7BiKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a589556cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg

172.67.160.130

246 kB

URL
crockpics.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1200x800, components 3\012- data
Size
246 kB (245913 bytes)
Hash
c2145d3454a8746683132d9e811983f1
8370e814fdff455fa198d7acb0842ef4f99e5911
0cb646bdf34b06c9bd365078812099e41aae0de5d75d71e6f822be0e76e64fa4

HTTP Headers

GET /images/portrait-mature-smiling-authoress-sitting-desk.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 245913
last-modified: Mon, 02 Jan 2023 03:10:16 GMT
etag: "3c099-5f13f4a56f600"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsAp5d8s%2BVq98JkVtvBUqchc%2FESBvcQ7Upj0%2FRLt3KzIoi3cpIShNrn1OntQ7Jay38d%2BsfXVjHhDPvWd9Tv1qeKIf3DWdMh3OGPg5OzSYZbfxSXTBymuEx1zU3oKXC2K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a589656cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/images/businessman-sitting-by-table-cafe.jpg

172.67.160.130

271 kB

URL
crockpics.com/images/businessman-sitting-by-table-cafe.jpg
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x1280, components 3\012- data
Size
271 kB (271312 bytes)
Hash
51dc9f63ce344cc166d6f2ae3f9c998e
079bcd439c8959ab809d38a8d739fb04b6e83fcf
061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14

HTTP Headers

GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 03:09:46 GMT
etag: "423d0-5f13f488d3280"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fcbzaub3pEKuOPF3FNHLirJCmi%2B%2FpvgDBTrvzUhgwIofU5bg9VhQ3TVB7i8PZI1%2B1B6TAOjXfXIJezx%2FTo99iGuoj%2BG8z8hVLTmbG2CGF3kHJQmOcZ0BTPcotwzHe%2FEQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a589a56cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/js/bootstrap.bundle.min.js

172.67.160.130

25 kB

URL
crockpics.com/js/bootstrap.bundle.min.js
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65299)
Size
25 kB (24557 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /js/bootstrap.bundle.min.js HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: application/javascript
last-modified: Sun, 02 Oct 2022 10:07:38 GMT
etag: W/"13a70-5ea0a658f0e80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Llog2ChOHKMhTvGHcc4wcfkZyexnOD7wwFChNeY%2F04YYDvHqZei%2F%2FjjEk8RjX8j%2BlfejRrUY4jvA1tC5jyjeKiITmk%2Fp5brvAedd2OYBIQTYwCmqzWF%2Fo6t7%2BhiDXPOx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a58a156cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

crockpics.com/js/jquery.sticky.js

172.67.160.130

53 kB

URL
crockpics.com/js/jquery.sticky.js
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
53 kB (53309 bytes)
Hash
b8746b98470305fb641e8a0b30d38c4d
495ab774710f8f9a1476f72c77aaf713c19da491
40223bede5475b91b43535458932df276f2750c236732faa669ba9faefd1d1f5

HTTP Headers

GET /js/jquery.sticky.js HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 07:36:54 GMT
etag: W/"1c85-5e5f23abf1180"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GU5NArrrDs8MmoE4mcsptseVRhFgHvb%2BdIMiVjO1DroZIsrVQUtPhuHcK%2FwFiWuMfnHMNxiJXjDFVDEJy9R3kZOamEmf1%2BRWXBtSfRrkoPm4BHl74xugJP1oQfhu4guB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a58a256cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

crockpics.com/images/circle-scatter-haikei.png

172.67.160.130

28 kB

URL
crockpics.com/images/circle-scatter-haikei.png
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 562 x 1000, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (27975 bytes)
Hash
00fa544a8f7b68ecd2fa2269a8b29baf
f95d1fba2ca79d9eb64003c72b6d4124284b8006
6b1341f874cd118bc840c9e3d0095605718088a53c324caeed4c30381b88de61

HTTP Headers

GET /images/circle-scatter-haikei.png HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/css/templatemo-ebook-landing.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: image/png
content-length: 27975
last-modified: Mon, 02 Jan 2023 02:34:34 GMT
etag: "6d47-5f13ecaaaa280"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETyrPsig8bqYAr9JHilG%2FURGoY5obA6KrBVHvVY2wUy5%2Bs4ikU5vKA1nJtMEvn3T8AIFNGQe%2FEkr%2Be2luO%2Fyt1w2VM1RNpK72siVNUXEPU51XAn%2BX9QwwjnRmDPAeXFX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2bfb7956cb-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

142.250.74.3

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0\012- data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crockpics.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:28:50 GMT
expires: Fri, 29 Nov 2024 01:28:50 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 320237
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

142.250.74.3

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0\012- data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crockpics.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:28:50 GMT
expires: Fri, 29 Nov 2024 01:28:50 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 320237
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

crockpics.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf

172.67.160.130

112 kB

URL
crockpics.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 112440, version 1.0\012- data
Size
112 kB (112440 bytes)
Hash
31e1300d419245fd27614630601dc74d
3a284b0618771f29da8eb6be900e99439253dce0
c69bf1ccae5f13b5aa4345dcfeb209a8148ad0bfa1e0678b93792aae0429c764

HTTP Headers

GET /fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/css/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: font/woff2
content-length: 112440
last-modified: Sat, 16 Jul 2022 23:30:40 GMT
etag: "1b738-5e3f485cec800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXaWxTNzel79k6ioqsPqQBbUvrJrubmUgVGPY1YcwKxBYjEPaARsagAgx2FAyf0JCpqUkaaw9li3nD5oj%2FdNn9xTBna6sWv8jqO7tDxozZKrrszKjuMBtk19L0gloNs%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2c0ba256cb-OSL
alt-svc: h3=":443"; ma=86400

crockpics.com/js/jquery.min.js

172.67.160.130

32 kB

URL
crockpics.com/js/jquery.min.js
IP
172.67.160.130:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32065)
Size
32 kB (31531 bytes)
Hash
48abd2372de119dfd7ffb96c8f307bfe
da49460a365d995ef121403cece389dafe496505
04685bdefed2099cae5f544505b8319ee7ae4d0a7f90a93b2e764bde5cad1de6

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: crockpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/advanced_microprocessors_and_peripherals_ak_ray_pdf.zip?c=AD7IbGVzTAUAfWMCAE5PFwAMAAAAAAC1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 18:26:07 GMT
content-type: application/javascript
last-modified: Wed, 06 Oct 2021 07:11:36 GMT
etag: W/"14e9a-5cda9db4d5a00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIn48iZOEQ6Zq6JXMkLHtL72iXtT7gB6qYeJQy3jZW3mv3YX2NPorVFlqtyn03MKEhOJH6pgaftSeawmnzdYgx6x1dHdQ16kA3DU4hnRBYrtM6c9LShd6zeUDbmeeTkY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fddb2a589e56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

3jashd11.monster/z2rFQ0ef07ae76d225cb15dc8ec2fe1ac9504dfb3bf06

188.72.236.39

178 B

URL
3jashd11.monster/z2rFQ0ef07ae76d225cb15dc8ec2fe1ac9504dfb3bf06
IP
188.72.236.39:0
ASN
#35415 Webzilla B.V.

File type
HTML document, ASCII text
Size
178 B (178 bytes)
Hash
73931495e28a4a5a8c38202bfcb51309
ea35404427e607796d49bdcc413f97be4e3be674
fdca94ab8ee43f2dcb35c4df0701d06c4a6d17b0bc7c855afb194cb0bd6d66c4

HTTP Headers

GET /z2rFQ0ef07ae76d225cb15dc8ec2fe1ac9504dfb3bf06 HTTP/1.1
Host: 3jashd11.monster
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crockpics.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 03 Dec 2023 18:26:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 178
Connection: keep-alive
Accept-Ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Location: https://ptbqre.com/great?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0Nzk0NjYsInNyYyI6Mn0=eyJ&clickid=AEDIbGW3TAUAZF4CAE5PFwAMAAAAAABw&si1=347319

mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.7301597044034015&sbid=347319&sbid2=

185.162.85.19

0 B

URL
mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.7301597044034015&sbid=347319&sbid2=
IP
185.162.85.19:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.7301597044034015&sbid=347319&sbid2= HTTP/1.1
Host: mdakky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ptbqre.com
DNT: 1
Connection: keep-alive
Referer: https://ptbqre.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 03 Dec 2023 18:26:09 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecrwqu.com/cuclc?aid=13199232368068739744&t=1701627969&s=1108857

185.162.85.4

381 B

URL
ecrwqu.com/cuclc?aid=13199232368068739744&t=1701627969&s=1108857
IP
185.162.85.4:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381), with no line terminators
Size
381 B (381 bytes)
Hash
38a6d949fdbb1dcbb9f7357f94d96d5f
76125c9f8a0e0c1a608662c6f5506b9742539c0e
89d2fb43ad45cfceaa162b8066987d71cb148442d584bf1497846ee9988fadd3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cuclc?aid=13199232368068739744&t=1701627969&s=1108857 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptbqre.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 03 Dec 2023 18:26:09 GMT
content-type: text/html; charset=utf-8
content-length: 381
location: https://video-clickr.com/crkpl6k.php?key=sruunalyuvh3tl0ba6vb&click_id=a2_13199232368068739744_479466_2_0&cpa_cost=0.0000&SOURCE_ID=a479466&CAMPAIGN_ID=1108857&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a479466
X-Firefox-Spdy: h2

video-clickr.com/crkpl6k.php?key=sruunalyuvh3tl0ba6vb&click_id=a2_13199232368068739744_479466_2_0&cpa_cost=0.0000&SOURCE_ID=a479466&CAMPAIGN_ID=1108857&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a479466

144.76.181.26

0 B

URL
video-clickr.com/crkpl6k.php?key=sruunalyuvh3tl0ba6vb&click_id=a2_13199232368068739744_479466_2_0&cpa_cost=0.0000&SOURCE_ID=a479466&CAMPAIGN_ID=1108857&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a479466
IP
144.76.181.26:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /crkpl6k.php?key=sruunalyuvh3tl0ba6vb&click_id=a2_13199232368068739744_479466_2_0&cpa_cost=0.0000&SOURCE_ID=a479466&CAMPAIGN_ID=1108857&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a479466 HTTP/1.1
Host: video-clickr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptbqre.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 03 Dec 2023 18:26:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=gx1616bz15; expires=Mon, 04-Dec-2023 18:26:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=gx1616bz15-gx1616bz15-d5-7v0-gmbl-uo6o-uodz-1d27a9; expires=Mon, 04-Dec-2023 18:26:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://video-clickr.com/nlp/index.php?&var=1&ymid=d85e1gx1616bz15012&url_bnm_redirect=https://whampamp.com/4/5886009
Strict-Transport-Security: max-age=31536000

video-clickr.com/nlp/index.php?&var=1&ymid=d85e1gx1616bz15012&url_bnm_redirect=https://whampamp.com/4/5886009

144.76.181.26

120 B

URL
video-clickr.com/nlp/index.php?&var=1&ymid=d85e1gx1616bz15012&url_bnm_redirect=https://whampamp.com/4/5886009
IP
144.76.181.26:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with no line terminators
Size
120 B (120 bytes)
Hash
323edd9bd69ec87a6389e14e69a48abe
d6d0d5c565d7f2e8e74a1f230d2de09dc1693b24
afe7142a8304faa885a3a0576199f87be0582c65827ff4d05c74b47a88adf75a

HTTP Headers

GET /nlp/index.php?&var=1&ymid=d85e1gx1616bz15012&url_bnm_redirect=https://whampamp.com/4/5886009 HTTP/1.1
Host: video-clickr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptbqre.com/
DNT: 1
Connection: keep-alive
Cookie: uclick=gx1616bz15; uclickhash=gx1616bz15-gx1616bz15-d5-7v0-gmbl-uo6o-uodz-1d27a9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 03 Dec 2023 18:26:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

whampamp.com/sftouch?userId=e889ae530e1242b4b60be5db9699b25e&z=5886009&p_rid=70bfcdc9-61d1-4c87-88c8-99c11263bdc4&p_src=sf

139.45.197.236

2 B

URL
whampamp.com/sftouch?userId=e889ae530e1242b4b60be5db9699b25e&z=5886009&p_rid=70bfcdc9-61d1-4c87-88c8-99c11263bdc4&p_src=sf
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /sftouch?userId=e889ae530e1242b4b60be5db9699b25e&z=5886009&p_rid=70bfcdc9-61d1-4c87-88c8-99c11263bdc4&p_src=sf HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://whampamp.com
DNT: 1
Connection: keep-alive
Referer: https://whampamp.com/4/5886009?var=1&ymid=d85e1gx1616bz15012
Cookie: OAID=e889ae530e1242b4b60be5db9699b25e; oaidts=1701627970
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 18:26:10 GMT
content-type: text/plain
content-length: 2
x-trace-id: 7b6bb99456fa850096d5f97e6496db43
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://whampamp.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

whampamp.com/favicon.ico

139.45.197.236

0 B

URL
whampamp.com/favicon.ico
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://whampamp.com/4/5886009?var=1&ymid=d85e1gx1616bz15012
Cookie: OAID=e889ae530e1242b4b60be5db9699b25e; oaidts=1701627970
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 03 Dec 2023 18:26:11 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=e889ae530e1242b4b60be5db9699b25e&z=5886009&p_rid=70bfcdc9-61d1-4c87-88c8-99c11263bdc4&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=e889ae530e1242b4b60be5db9699b25e&z=5886009&p_rid=70bfcdc9-61d1-4c87-88c8-99c11263bdc4&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=e889ae530e1242b4b60be5db9699b25e&z=5886009&p_rid=70bfcdc9-61d1-4c87-88c8-99c11263bdc4&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://whampamp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 18:26:11 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e889ae530e1242b4b60be5db9699b25e; expires=Mon, 02 Dec 2024 18:26:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

whampamp.com/?z=5886009&syncedCookie=true&rhd=false

139.45.197.236

0 B

URL
whampamp.com/?z=5886009&syncedCookie=true&rhd=false
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?z=5886009&syncedCookie=true&rhd=false HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 510
Origin: https://whampamp.com
DNT: 1
Connection: keep-alive
Referer: https://whampamp.com/afu.php?zoneid=5886009&var=5886009&rid=BPTR34PbLD67mf1dYD5JaA%3D%3D&rhd=false
Cookie: OAID=e889ae530e1242b4b60be5db9699b25e; oaidts=1701627970
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sun, 03 Dec 2023 18:26:11 GMT
content-length: 0
location: https://resionsfrester.com/f8ec7a76-ae90-4714-822c-41733f0d0945?zoneid=5886009&bannerid=19766462&zonetype={zone_type}&campaignid=7715741&device=desktop&region=03&isp=blix group as&useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0&language=en&connectiontype=broadband&cost=0.000060&visitor_id=755245054351909818
x-trace-id: 4eac5aa0eccfc28951672756a5ff50f0
link: <https://resionsfrester.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://whampamp.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=e889ae530e1242b4b60be5db9699b25e; expires=Mon, 02 Dec 2024 18:26:11 GMT; path=/; secure; SameSite=None
oaidts=1701627970; expires=Mon, 02 Dec 2024 18:26:11 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 10 Dec 2023 18:26:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

resionsfrester.com/f8ec7a76-ae90-4714-822c-41733f0d0945?zoneid=5886009&bannerid=19766462&zonetype={zone_type}&campaignid=7715741&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.000060&visitor_id=755245054351909818

18.196.89.56

0 B

URL
resionsfrester.com/f8ec7a76-ae90-4714-822c-41733f0d0945?zoneid=5886009&bannerid=19766462&zonetype={zone_type}&campaignid=7715741&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.000060&visitor_id=755245054351909818
IP
18.196.89.56:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f8ec7a76-ae90-4714-822c-41733f0d0945?zoneid=5886009&bannerid=19766462&zonetype={zone_type}&campaignid=7715741&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.000060&visitor_id=755245054351909818 HTTP/1.1
Host: resionsfrester.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 03 Dec 2023 18:26:11 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://href.li/?https://www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE
pragma: no-cache
set-cookie: f8ec7a76-ae90-4714-822c-41733f0d0945-v4=cBFnoL94cmRhSCLucrM_L2qxmrX_RylF0EqlbgT6DBs; Max-Age=86400; Expires=Mon, 04-Dec-2023 18:26:11 GMT; Domain=resionsfrester.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=43WzkTZo0NO8cjfb6vK5%2FZSxg7rONC5w2e9lpQ987fwKMb6vmpcu2D6EUX7b1ydDEXgtZ84HpnROY7Ydgyz3A3NkuNCOzrfAg0vEVr0JhtTDLjYu5fDbrWNH%2Fc0LFgFtos4YBKJoYd16DouSMz%2FtDg%3D%3D; Max-Age=31536000; Expires=Mon, 02-Dec-2024 18:26:11 GMT; Domain=resionsfrester.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE

142.250.74.132

200 OK

675 B

URL User Request GET HTTP/2
www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1517), with no line terminators
Size
675 B (675 bytes)
Hash
c71e4138a717bc761948f57476f0553c
a57967bd948300cf579449f31b6f2aad1b4d3f69
4e136bdb0f518305640d4ce87926207f8b28a12c901fbe29b0dba1dc5647119d

HTTP Headers

GET /url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 18:26:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-40Zlrv8AjUn8SCWUIUZq2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 675
x-xss-protection: 0
set-cookie: __Secure-ENID=16.SE=KtxWUdYuZpxYmtCv5ckfGTIlP-2Gg7E5pQFE4c_0QrFaCGZ7LBk7Y1ueBevi61tcSfk3Wgd4temQ3ZwaNz4GJOhnCwLTAehi39uxXlkGo84u_JJp2m1DhMpGiMSi9T9XpkkX8NhjBBnsmkC8OsHYIUc26tfwHGQbZFIQMaF74VI; expires=Thu, 02-Jan-2025 10:44:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+005; expires=Tue, 02-Dec-2025 18:26:11 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/favicon.ico

142.250.74.132

200 OK

1.5 kB

URL GET HTTP/3
www.google.com/favicon.ico
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
1.5 kB (1494 bytes)
Hash
f3418a443e7d841097c714d69ec4bcb8
49263695f6b0cdd72f45cf1b775e660fdc36c606
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1701702977732000&;usg=AOvVaw2ISRkZPyc3at_qVdsrpnwE
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=16.SE=KtxWUdYuZpxYmtCv5ckfGTIlP-2Gg7E5pQFE4c_0QrFaCGZ7LBk7Y1ueBevi61tcSfk3Wgd4temQ3ZwaNz4GJOhnCwLTAehi39uxXlkGo84u_JJp2m1DhMpGiMSi9T9XpkkX8NhjBBnsmkC8OsHYIUc26tfwHGQbZFIQMaF74VI; CONSENT=PENDING+005
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1494
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 02 Dec 2023 03:13:34 GMT
expires: Sun, 10 Dec 2023 03:13:34 GMT
cache-control: public, max-age=691200
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
age: 141158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (28)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN