Report - f.top4top.io/f_hwv1BksJTd9tbtOpc3GWRA/1675259094/1379tdd4j1.rar

Report Overview

Submitted URL
f.top4top.io/f_hwv1BksJTd9tbtOpc3GWRA/1675259094/1379tdd4j1.rar
IP
51.159.59.190
ASN
#12876 Online S.a.s.
Submitted
2023-01-30 19:55:33
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	387 B	34 kB	142.250.74.74
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	856 B	3.8 kB	157.240.205.35
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.4 kB	17 kB	216.58.211.3
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	1.6 kB	35 kB	34.120.237.76
f.top4top.io	unknown	2019-12-11T11:34:58Z	2023-03-13T11:07:04Z	394 B	363 B	51.159.59.190
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	363 B	2.7 kB	157.240.205.11
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	1.2 kB	21 kB	142.250.74.110
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
top4top.io	118839	2019-12-01T08:20:12Z	2023-03-13T05:10:18Z	6.6 kB	28 kB	188.165.137.138
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	2.7 kB	5.0 kB	93.184.220.29
s.top4top.io	unknown	2020-01-05T04:15:20Z	2023-03-13T01:36:18Z	5.7 kB	103 kB	104.21.5.137
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.40.31.202
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	f.top4top.io/f_hwv1BksJTd9tbtOpc3GWRA/1675259094/1379tdd4j1.rar	Malware
2023-01-30	medium	top4top.io/f-1379tdd4j1-rar.html	Malware
2023-01-30	medium	top4top.io/downloadf-1379tdd4j1-rar.html	Malware
2023-01-30	medium	top4top.io/share.js	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/javascript.js?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/css/reset.css?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47	Malware
2023-01-30	medium	s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	top4top.io/share.js	2.0 kB	2023-03-07	2024-02-21
Pretty URL top4top.io/share.js IP 188.165.137.138 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-02-21 22:49:51 Times Seen426 Hash d6b05c71ce92a4e0599cf8b731966510 8735a20d053e085fdfe0963cab19b9499e1be457 ff90fa92b304e071f41235a6e338e1e0588641156a765999852784a17523be9e Loading...

	connect.facebook.net/en_US/all.js#xfbml=1	3.1 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/en_US/all.js#xfbml=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:40:43 Last Seen2023-03-13 12:40:43 Times Seen1 Hash 0db3ed7600bba4763feee461ca9450ef 006b1bea2fdf62ca9677536d367f495f5d78d989 15295022202897a35e633e715cb7897c4509546735adb9b5c4f6602ef0e2097a Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	connect.facebook.net/en_US/all.js?hash=cba592050b9a4598000afebfbad1129b	310 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/en_US/all.js?hash=cba592050b9a4598000afebfbad1129b IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:31:52 Last Seen2023-03-13 12:40:43 Times Seen1 Hash ea3ff91b8c971dbbd32b46dc83ff84a9 f72058ce7a4c945cc57a477025f605698137817d ff75a05b3168d2ed398b380ccb7a6e9516959eb49f2841b78fbb0999d96b1e6b Loading...

	s.top4top.io/styles/default-new-reg/javascript.js?rev=47	5.9 kB	2023-03-07	2024-02-21
Pretty URL s.top4top.io/styles/default-new-reg/javascript.js?rev=47 IP 104.21.5.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-02-21 22:49:51 Times Seen340 Hash cdf3da224e93253c294bf58e1ea961a1 81cb0add8af2ae12e21dd9d1a1198015907c30ca 937f0bf91c33631f746a0465609e009b41d9d8dcdea2e370360666a1729a3fa3 Loading...

	s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47	35 kB	2023-03-07	2024-04-16
Pretty URL s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47 IP 104.21.5.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-16 20:02:06 Times Seen1323 Hash 281cd50dd9f58c5550620fc148a7bc39 dfb8410ffc10a57d69b81620087c5a0b6027765a 484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306 Loading...

	top4top.io/downloadf-1379tdd4j1-rar.html	178 B	2023-03-07	2023-04-05
Pretty URL top4top.io/downloadf-1379tdd4j1-rar.html IP 188.165.137.138 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2023-04-05 02:08:59 Times Seen139 Hash 7cca79abd4b66396ff51573f645d7890 436276681924287a556284472e771d457c6dd572 8f94fa903292113aea39cdde18465542c1fdc1aef6c6310bb82ca498b2309d17 Loading...

	s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47	474 B	2023-03-07	2024-02-21
Pretty URL s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47 IP 104.21.5.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-02-21 22:49:51 Times Seen351 Hash 46df8f972024362c123c381a26c27c3e e5fd05956877fa67d9d9237d9069fe3c4c30933f cfa7cfcb56c0960950a50a392063f2463d216ee2b83de0aa011893816e76962c Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	96 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-19 18:27:15 Times Seen46171 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111	0 B	2023-03-07	2024-04-19
Pretty URL top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111 IP 188.165.137.138 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 19:35:32 Times Seen36966185 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	top4top.io/downloadf-1379tdd4j1-rar.html	385 B	2023-03-07	2024-02-21
Pretty URL top4top.io/downloadf-1379tdd4j1-rar.html IP 188.165.137.138 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-02-21 22:49:51 Times Seen328 Hash 5c66b23713c34b41fcfd9c8d3859e3d7 effc676e205d0dc369d23b887bc65fdc63d707d4 61cd0091d8fe448723f9005c8571bd57c6311bd81642d8f66aa9f56d43d4cbd7 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9a44568b967268c53c5ff35443a2004f	203 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash 9a44568b967268c53c5ff35443a2004f 78596399819cb1917dae2712f42e46401fe4f133 7f1fd61a2bcb3a9cecfe1b96256bcc4434bbf4b2c4f7fa6d2c666697e0655b50 Loading...

	#2 Write - 16a3a9faa14ae7d2577c331ccdf57c95	200 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash 16a3a9faa14ae7d2577c331ccdf57c95 6cbfc996cf2fc796736ef467f500e2b9375d5792 9cd5a5f208d5dee71e4c8e325c0500343d20e6bb7d8fe072c6880df30ab42b02 Loading...

	#3 Write - d3196e86200d8f87a5972fd073ac869c	225 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash d3196e86200d8f87a5972fd073ac869c b5b1a1800962adeb9e2f319a3cc8ed03db523bb3 0723e3f1dfdb4054034cdfbea13ba83aed9d3fb0bffec2d867b63e27c5c6f6e8 Loading...

	#4 Write - 4e659434a0914772ff10f4d7f9719589	203 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash 4e659434a0914772ff10f4d7f9719589 6cd062d2fcf5978dd21dc72b6cc5b02b60eb810d 62c10edb7bdd1db6a87e6f2a110df38ffa856092cf4a33d3f199ad132167cf0b Loading...

	#5 Write - 2909865d25014a8160ba5816dc44081e	206 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash 2909865d25014a8160ba5816dc44081e 7f3a97975b098b6419412ff314fc01da97d7749f 6ed7eafbe41eafbe8e27f315a4415fe610804eacb5499b2fff852e4db2a15f2a Loading...

	#6 Write - c8d079c52b6f2fd40c484f4e50a3c9a6	194 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash c8d079c52b6f2fd40c484f4e50a3c9a6 b6f7074ede96a1cd8c70f45c10524827da70e156 3bd9a1830d88245c1ddc2fa537c769fc89feafa5c515ec1dce5d3f23ec705a68 Loading...

	#7 Write - e844f0f6aff9f8f665530228db9be42c	200 B	2023-03-07	2023-03-13
Pretty Observations First Seen2023-03-07 12:04:12 Last Seen2023-03-13 12:40:43 Times Seen1 Hash e844f0f6aff9f8f665530228db9be42c 8fc20bbf5b021af744a8df0abf8895a8303f0049 7630d7fa3524be18ce1d86fe0d99c46ba51a695926a84ffb82cf20204687e05a Loading...

HTTP Transactions (61)

URL IP Response Size

f.top4top.io/f_hwv1BksJTd9tbtOpc3GWRA/1675259094/1379tdd4j1.rar

51.159.59.190

302 Moved Temporarily

138 B

URL HTTP/1.1
f.top4top.io/f_hwv1BksJTd9tbtOpc3GWRA/1675259094/1379tdd4j1.rar
IP
51.159.59.190:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /f_hwv1BksJTd9tbtOpc3GWRA/1675259094/1379tdd4j1.rar HTTP/1.1
Host: f.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Server: Hotcores.com
Date: Mon, 30 Jan 2023 19:55:22 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://top4top.io/f-1379tdd4j1-rar.html
Reason: Invalid

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13303
Expires: Mon, 30 Jan 2023 23:37:05 GMT
Date: Mon, 30 Jan 2023 19:55:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12966
Expires: Mon, 30 Jan 2023 23:31:28 GMT
Date: Mon, 30 Jan 2023 19:55:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 19:43:13 GMT
content-type: application/json
age: 729
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8352
Expires: Mon, 30 Jan 2023 22:14:34 GMT
Date: Mon, 30 Jan 2023 19:55:22 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 8wA7S6kl2ZZVrfXe+gpWVcBjAiM7vMlPacACWLclCzypcwFXvK28N8u01Bi+0sJtXn3SdOhCQu8=
x-amz-request-id: 96M7TN0Y6JWANV9J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 19:21:55 GMT
age: 2007
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
15ecfe5b2cd2d3b74715fd1b778beb20
bb211d5082a45c54ca2d887c47eb1bfeb6f6106d
4a37c1cf5fe5fece2b3f90c379e4359d6df947e2419295d2081052548fa9a730

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A37C1CF5FE5FECE2B3F90C379E4359D6DF947E2419295D2081052548FA9A730"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4859
Expires: Mon, 30 Jan 2023 21:16:21 GMT
Date: Mon, 30 Jan 2023 19:55:22 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 19:55:22 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

top4top.io/f-1379tdd4j1-rar.html

188.165.137.138

301 Moved Permanently

256 B

URL HTTP/1.1
top4top.io/f-1379tdd4j1-rar.html
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
256 B (256 bytes)
Hash
2ebc3363bc7f61690d59767af360b132
ce46bb87ddc44fa2ff75a3ccb47e2a6cd5eab20f
50e1241796be6e7aa92aac04be9e6366ca39232a04333512170a61cb5fc72896

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /f-1379tdd4j1-rar.html HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 301 Moved Permanently
Date: Mon, 30 Jan 2023 19:55:22 GMT
Server: HotCores
Location: https://top4top.io/downloadf-1379tdd4j1-rar.html
Content-Length: 256
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 19:41:41 GMT
age: 821
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

top4top.io/downloadf-1379tdd4j1-rar.html

188.165.137.138

200 OK

18 kB

URL HTTP/1.1
top4top.io/downloadf-1379tdd4j1-rar.html
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (411)
Size
18 kB (18083 bytes)
Hash
0be1de8ff21196f70cfe925567cf236d
4b984e8ccd29abc7b531ba02d56b5586dfe54a26
3cd8a0c61a34492ae3bcb78f724dac1c232b597f98af2ccd9247fb2686d9514e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /downloadf-1379tdd4j1-rar.html HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 19:55:22 GMT
Server: HotCores
Expires: 0
Cache-Control: private, no-cache="set-cookie"
Pragma: no-cache
P3P: CP="CUR ADM"
Set-Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; expires=Wed, 01-Feb-2023 19:55:22 GMT; path=/
klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44; expires=Wed, 01-Feb-2023 19:55:22 GMT; path=/; domain=.top4top.io; httponly
I-AM: US03
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111

188.165.137.138

200 OK

3 B

URL HTTP/1.1
top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with no line terminators
Size
3 B (3 bytes)
Hash
ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

HTTP Headers

GET /ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111 HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 19:55:22 GMT
Server: HotCores
I-AM: US01
Content-Length: 3
Content-Type: text/javascript;Charset=UTF-8

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

142.250.74.74

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
430e927c980ad4079de727fa59dd93f2
891aaada9a55a91292999f6d50fd300439905982
e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 12:48:54 GMT
expires: Mon, 29 Jan 2024 12:48:54 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 111989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a6107d135a8061a7eabde0819da1b485
7ec3b477f18c039323de73512c870d7645b297c3
038c8b59e864b103f5a329ba2d1f012a30a3617eb19fd40cf4c1ebd424c75ff4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 88
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Last-Modified: Mon, 30 Jan 2023 19:53:56 GMT
Server: ECS (amb/6B9F)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
07dbfc9c476db46991daf89e4bf61590
122f06a9d6fd8d59fc07dfbfadb2948363f60883
962872779281f214154529248d85e538078e028e9069c195b0ee38eb6e9913e8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6271
Cache-Control: max-age=88301
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Etag: "63d6be19-118"
Expires: Tue, 31 Jan 2023 20:27:04 GMT
Last-Modified: Sun, 29 Jan 2023 18:42:33 GMT
Server: ECS (amb/6BAE)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
07dbfc9c476db46991daf89e4bf61590
122f06a9d6fd8d59fc07dfbfadb2948363f60883
962872779281f214154529248d85e538078e028e9069c195b0ee38eb6e9913e8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4358
Cache-Control: max-age=86388
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Etag: "63d6be19-118"
Expires: Tue, 31 Jan 2023 19:55:11 GMT
Last-Modified: Sun, 29 Jan 2023 18:42:33 GMT
Server: ECS (amb/6B95)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a6107d135a8061a7eabde0819da1b485
7ec3b477f18c039323de73512c870d7645b297c3
038c8b59e864b103f5a329ba2d1f012a30a3617eb19fd40cf4c1ebd424c75ff4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1333
Cache-Control: max-age=169764
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Etag: "63d80f9a-117"
Expires: Wed, 01 Feb 2023 19:04:47 GMT
Last-Modified: Mon, 30 Jan 2023 18:42:34 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 279

s.top4top.io/styles/default-new-reg/images/newlogo.png

104.21.5.137

200 OK

19 kB

URL HTTP/2
s.top4top.io/styles/default-new-reg/images/newlogo.png
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 71 x 43, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (19068 bytes)
Hash
d68c79880117110f89d39cce5c43d39c
6e30dcd905314f77912b224e35ce089560553300
1605b05d92b623c44661321917bca32d530ae52b3158319ce922dacd4c6f257d

HTTP Headers

GET /styles/default-new-reg/images/newlogo.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: image/png
content-length: 19068
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-4a7c"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 374030
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e1D40O0TgZApw1X3znjfKlzOsnpYSFU4KwZ8UtY%2BGc%2BPcuRULO00UkokkfcATMfYJzfVrQDRcvrW%2Fn%2FFyrYM21uUjal5h2fxeqjBIOUm88uYKewcech5hqeQx58hpts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd28abb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/images/soft.png

104.21.5.137

200 OK

41 kB

URL HTTP/2
s.top4top.io/styles/default-new-reg/images/soft.png
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 213 x 255, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (41248 bytes)
Hash
8cf5d3f055149868fd89971433ed8ece
e877509e97d487b44bdd7203c7e3ca2795963afa
58b2b600aacfdda258a4b7ced90c85143e109480e78529c31358c412caab09d9

HTTP Headers

GET /styles/default-new-reg/images/soft.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: image/png
content-length: 41248
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-a120"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 255796
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lshy0X3BqiE7HaF4jwbMC0Q7hrtZsWnRQGIaMwhLe3bksQ4WS5iMzt%2BmFvalx%2Bilg0TlbA2L8eEpVaqd%2F2WQeyBlePaIN3U65YYjkowt25szC%2FKiVFyJnIFq3VAtDNU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd38acb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8045
Expires: Mon, 30 Jan 2023 22:09:28 GMT
Date: Mon, 30 Jan 2023 19:55:23 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4992
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Last-Modified: Mon, 30 Jan 2023 18:32:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
07dbfc9c476db46991daf89e4bf61590
122f06a9d6fd8d59fc07dfbfadb2948363f60883
962872779281f214154529248d85e538078e028e9069c195b0ee38eb6e9913e8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6271
Cache-Control: max-age=88301
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Etag: "63d6be19-118"
Expires: Tue, 31 Jan 2023 20:27:04 GMT
Last-Modified: Sun, 29 Jan 2023 18:42:33 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280

connect.facebook.net/en_US/all.js

157.240.205.11

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_US/all.js
IP
157.240.205.11:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1685 bytes)
Hash
87bd91ba95e5d6ce5816a3c86ab26623
16c86b963f1305671d30499650cc9ebdf59dac79
3b697ca4abbddef5cd706c1d87294936cd423361cf30cfa3c0176e21c40bef76

HTTP Headers

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 0db3ed7600bba4763feee461ca9450ef
etag: "82adc9542cecde074c6a013bd7079bee"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 30 Jan 2023 19:59:36 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: h72RupXl1s5YFqPIarJmIw==
x-fb-debug: EMseT0mCQJ+yHUci9DmEr8+EB7XQL4xvwa31r4RRv2UmMyykasnLIfmlPi3E66E4U37ksXgrdRxGQg339riETg==
priority: u=3,i
content-length: 1685
x-fb-trip-id: 1679558926
date: Mon, 30 Jan 2023 19:55:23 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

top4top.io/share.js

188.165.137.138

200 OK

2.0 kB

URL HTTP/1.1
top4top.io/share.js
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with CRLF line terminators
Size
2.0 kB (2045 bytes)
Hash
d6b05c71ce92a4e0599cf8b731966510
8735a20d053e085fdfe0963cab19b9499e1be457
ff90fa92b304e071f41235a6e338e1e0588641156a765999852784a17523be9e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /share.js HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: application/javascript
Content-Length: 2045
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-7fd"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050

188.165.137.138

200 OK

3 B

URL HTTP/1.1
top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with no line terminators
Size
3 B (3 bytes)
Hash
ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

HTTP Headers

GET /ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050 HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 19:55:23 GMT
Server: HotCores
I-AM: US03
Content-Length: 3
Content-Type: text/javascript;Charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4992
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Last-Modified: Mon, 30 Jan 2023 18:32:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a6107d135a8061a7eabde0819da1b485
7ec3b477f18c039323de73512c870d7645b297c3
038c8b59e864b103f5a329ba2d1f012a30a3617eb19fd40cf4c1ebd424c75ff4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=168431
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Etag: "63d80f9a-117"
Expires: Wed, 01 Feb 2023 18:42:34 GMT
Last-Modified: Mon, 30 Jan 2023 18:42:34 GMT
Server: nginx
Content-Length: 279

push.services.mozilla.com/

52.40.31.202

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.40.31.202:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n0/G9mTbb/HBPQEG/Wo71g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vGUUou2ZQsAVaP5rWt3BjDQ9ZFk=

s.top4top.io/styles/default-new-reg/css/fonts.css

104.21.5.137

200 OK

351 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/fonts.css
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (408), with no line terminators
Size
351 B (351 bytes)
Hash
f7e8c8706015bf3527080dcc08c953c3
83ff16c45f37795f8167a093c7b08e57b5bf7f38
30296ba75fb24857c00d07598ad09f5a357404dac1615c5f7e61f7b5ea97b0ad

HTTP Headers

GET /styles/default-new-reg/css/fonts.css HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=487
etag: W/"5e0bab24-1e7"
expires: Wed, 23 Nov 2022 14:37:08 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 436464
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94t2P%2BfBJa98pZD5w4bYvuFpxGyt123S%2B6M97UN8jfbJGa%2Fys1KigMhU4BCL7nSHCWow7LwamQzid%2BUWwp3Xe1jthT8%2FkELQd6xyXU2o4C%2Bh7OW5AigUpkcPrbhqvXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd5909b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

top4top.io/styles/default-new-reg/images/zl.png

188.165.137.138

200 OK

673 B

URL HTTP/1.1
top4top.io/styles/default-new-reg/images/zl.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced\012- data
Size
673 B (673 bytes)
Hash
5caf58a4705aa53b41535b86b18819a1
d38040f84c6dcc16c40519bf0249ea8097b8e969
20fac0020c1ca2b53c6132997d0b5ec25252b30ceedaf59b05679c73c0494e7c

HTTP Headers

GET /styles/default-new-reg/images/zl.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 673
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-2a1"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/twitter.png

188.165.137.138

200 OK

385 B

URL HTTP/1.1
top4top.io/images/twitter.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
385 B (385 bytes)
Hash
cea04ecdecaebee1062f70f6c0377e9b
d8fc45f070c93f100423bb5e724c2394e0664d29
09661cea5a7ed3c20f10820b3b9c151a7415770d805172e0b76a09944d882680

HTTP Headers

GET /images/twitter.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 385
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-181"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/facebook.png

188.165.137.138

200 OK

149 B

URL HTTP/1.1
top4top.io/images/facebook.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
149 B (149 bytes)
Hash
db3bdb7f62b49e285e9832638c69f900
de920205859fc86ee6f4f1f9094e5d18cb79a21c
2f14fca8d4650c0b03925d0fffbe73b1fe1ca4f2ad19768cd8ec9eed935c3734

HTTP Headers

GET /images/facebook.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 149
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-95"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/live.png

188.165.137.138

200 OK

761 B

URL HTTP/1.1
top4top.io/images/live.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
761 B (761 bytes)
Hash
0c0038438c6e145f1a4dea683ce7cc28
c1ad87024ddba2eb6544dc7ee3c16b45ba9a3c63
5e5b288b52e9bbb8b9c2449b04da155054023d50ac2ded7954f912be02f4c484

HTTP Headers

GET /images/live.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 761
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-2f9"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/reddit.png

188.165.137.138

200 OK

645 B

URL HTTP/1.1
top4top.io/images/reddit.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced\012- data
Size
645 B (645 bytes)
Hash
2a94deb80f88d3f76f263d134b0b1af6
7ef18707f538b89f59cfdb647d2f4f4efe29e23e
38b5f357b4afe9b318ff9bf0806bf69856b80bac27671321097f9840c27e47c7

HTTP Headers

GET /images/reddit.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 645
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-285"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/sphinn.png

188.165.137.138

200 OK

308 B

URL HTTP/1.1
top4top.io/images/sphinn.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
308 B (308 bytes)
Hash
95aa9375cbb4bedb87f719c412297b73
0819cdf8762d0d0a8e7187e6838bc8fbc9de51be
5db0d66ddbaf1f37bf7df750e5a86621f5963d836200b6bc9befc140d67f346d

HTTP Headers

GET /images/sphinn.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 308
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-134"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/myspace.png

188.165.137.138

200 OK

776 B

URL HTTP/1.1
top4top.io/images/myspace.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
776 B (776 bytes)
Hash
35578456cc898dfd8aa2112c223cdced
1d342dae525f04e2dfc7e097bba4a6881b414b35
956189a17826806990967d4836472550d6ed3a8192c2bc1e679dc3cabe440edf

HTTP Headers

GET /images/myspace.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 776
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-308"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

top4top.io/images/technorati.png

188.165.137.138

200 OK

283 B

URL HTTP/1.1
top4top.io/images/technorati.png
IP
188.165.137.138:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
283 B (283 bytes)
Hash
f120938135c52cd80b7f37bd5b17daf4
1cb99566ca564dd8a8273a616d072739c58b4290
6cd07b1a71bf03f25556bc801c306419a255ec5b47751fcdcda5efbdb08766c8

HTTP Headers

GET /images/technorati.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/downloadf-1379tdd4j1-rar.html
Cookie: sid=00KoYN2Jmd%2CQirIWYmrEutJCBU6; klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 30 Jan 2023 19:55:23 GMT
Content-Type: image/png
Content-Length: 283
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-11b"
Expires: Mon, 06 Feb 2023 19:55:23 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

15 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
15 kB (14636 bytes)
Hash
2cc2fb3e232fc82cd9fe42733063bfd4
3b30a2e5711577410f09fdc459b95a81b12b7a85
21b6bbe2532554092e44c24c46382d1f1893b66fa26f9e4fb1ff3fedfa654d0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Mon, 30 Jan 2023 19:46:59 GMT
expires: Mon, 30 Jan 2023 21:46:59 GMT
cache-control: public, max-age=7200
age: 504
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j99&a=1187169818&t=pageview&_s=1&dl=https%3A%2F%2Ftop4top.io%2Fdownloadf-1379tdd4j1-rar.html&ul=en-us&de=UTF-8&dt=Dork%20Searcher%20EZ%20%7C%20%D8%AA%D8%AD%D9%85%D9%8A%D9%84&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=508442713&gjid=201107134&cid=1553174853.1675108537&tid=UA-9340508-1&_gid=428435268.1675108537&_r=1&_slc=1&z=384886953

142.250.74.110

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1187169818&t=pageview&_s=1&dl=https%3A%2F%2Ftop4top.io%2Fdownloadf-1379tdd4j1-rar.html&ul=en-us&de=UTF-8&dt=Dork%20Searcher%20EZ%20%7C%20%D8%AA%D8%AD%D9%85%D9%8A%D9%84&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=508442713&gjid=201107134&cid=1553174853.1675108537&tid=UA-9340508-1&_gid=428435268.1675108537&_r=1&_slc=1&z=384886953
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

HTTP Headers

POST /j/collect?v=1&_v=j99&a=1187169818&t=pageview&_s=1&dl=https%3A%2F%2Ftop4top.io%2Fdownloadf-1379tdd4j1-rar.html&ul=en-us&de=UTF-8&dt=Dork%20Searcher%20EZ%20%7C%20%D8%AA%D8%AD%D9%85%D9%8A%D9%84&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=508442713&gjid=201107134&cid=1553174853.1675108537&tid=UA-9340508-1&_gid=428435268.1675108537&_r=1&_slc=1&z=384886953 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://top4top.io
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://top4top.io
date: Mon, 30 Jan 2023 19:55:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df277ab51fa925f%26domain%3Dtop4top.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftop4top.io%252Ff55b20a28653ea%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Ftop4top.io%2Fdownloadf-1379tdd4j1-rar.html&layout=button_count&locale=en_US&sdk=joey&width=90

157.240.205.35

200 OK

0 B

URL HTTP/2
www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df277ab51fa925f%26domain%3Dtop4top.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftop4top.io%252Ff55b20a28653ea%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Ftop4top.io%2Fdownloadf-1379tdd4j1-rar.html&layout=button_count&locale=en_US&sdk=joey&width=90
IP
157.240.205.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df277ab51fa925f%26domain%3Dtop4top.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftop4top.io%252Ff55b20a28653ea%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Ftop4top.io%2Fdownloadf-1379tdd4j1-rar.html&layout=button_count&locale=en_US&sdk=joey&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: oDx00oZ8KkkuH2m6qaPSbiZN7l4650LlPvLQIjwDlalH31BibgQKHj+Qb5+u3N+H+chY52hTvGzK0DF3bj4+kw==
content-length: 0
date: Mon, 30 Jan 2023 19:55:23 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7933
Expires: Mon, 30 Jan 2023 22:07:37 GMT
Date: Mon, 30 Jan 2023 19:55:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7933
Expires: Mon, 30 Jan 2023 22:07:37 GMT
Date: Mon, 30 Jan 2023 19:55:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7933
Expires: Mon, 30 Jan 2023 22:07:37 GMT
Date: Mon, 30 Jan 2023 19:55:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7933
Expires: Mon, 30 Jan 2023 22:07:37 GMT
Date: Mon, 30 Jan 2023 19:55:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7933
Expires: Mon, 30 Jan 2023 22:07:37 GMT
Date: Mon, 30 Jan 2023 19:55:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HvqpQI-tR9W2NwvIgoi8loQaD--rOgVYFdLdkdlaXMhe4ts9mYqahg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:50:16 GMT
age: 79508
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9457 bytes)
Hash
51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3EXFa0gb46AbdZ9ZznGiPTemGZ7zWh9WLs5Yr1zmfyh_jyKA6o7xoA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:19:57 GMT
age: 77727
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10997 bytes)
Hash
65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:08:57 GMT
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
age: 78387
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47

104.21.5.137

200 OK

7.9 kB

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (408), with no line terminators
Size
7.9 kB (7859 bytes)
Hash
5a979ed610304a2e5b0802b1149b2ca1
70405d71e9a5c300f693e9383b5e221c844e83dd
9b18f54f77eeb4cbe1e4c7aa5b82f5923d773e70d830e976ebcc20b43a86d009

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/css/fonts.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=487
etag: W/"5e0bab24-1e7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 255797
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2B9iikwOEaeeab1Gxk2JnAK8W3WkZUyB%2BZtsw8aBRIzZPvZhSk41WdwMLBNmYUBQy2P1LJpE6sbX5M5vxOx1X9h6lkyEGDJGNUxIW9NMkba153tsNTWGEtC9jSuxM3M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd38b5b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/javascript.js?rev=47

104.21.5.137

200 OK

6.4 kB

URL HTTP/2
s.top4top.io/styles/default-new-reg/javascript.js?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (538)
Size
6.4 kB (6441 bytes)
Hash
1d956d5e3b836b267cb0a63e42d30c3f
058a88ed494a0ac363352c85416840ab26d18a28
cda09f0306c28015b8e39e673a3708826c24dbfed2c96582618032c127421c1f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/javascript.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=16039
etag: W/"57e8eb5d-3ea7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 413692
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTMIc%2B%2B4L1fOz6V3eVm3%2B6u%2BGhaDRTgLxxUV%2F1dMn9nM6FEb8DdmDcZO89z%2FYfHWyNG4rSTSaR8oov7vcc%2B1McD39y7Y%2FiPmt15e9CrCMnPFh27ZLczsEv42UjbPHJw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd28aab500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47

104.21.5.137

200 OK

18 kB

URL HTTP/2
s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32108)
Size
18 kB (18051 bytes)
Hash
6e6aa3d492f195270d6603cf617b8174
76d4c45552c723006eb4d792b426c2dcca925311
800d7bd78b2a5bd50e2fc8e1fc5ae7024ed3a643197352774c5105be87adc113

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/js/bootstrap.min.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-875d"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 436464
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8tU%2FXw%2F8MCZ9IyGnu4jRH0qp0UqhCDdsb5Rei5KVv3391HowrN3KBluA4bryiXS8j%2F9OsweskJ%2BDVtARU14xQQRYMDyuu%2BayLdgQq9usG0lGexW9Mtiq%2BYliQZHi3Zc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd28a8b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47

104.21.5.137

200 OK

0 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/css/the220px.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=11662
etag: W/"58cb25b5-2d8e"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Thu, 16 Mar 2017 23:54:29 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 175798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wRxgH3YuPppFJwetcnWOhNECIfqbcIIjfdfZKxyUExuSJh9sQyVBuo6sFvfD1i%2FiIFnH6qqJxRSUKsPwYyKgQvHjhb1ovrJmplcNKpoBpNd3oKuRrDca%2Fax96fuOi20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd28a5b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/css/reset.css?rev=47

104.21.5.137

200 OK

0 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/reset.css?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/css/reset.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=1013
etag: W/"57e8eb5d-3f5"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 436464
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=epWB8%2FqhEBv0F5rFXG6LCowqk7xCq6i0pBvE%2F9NtXAXAmABeIZJph8n10t6gsqnapiVxxywRiT6oCqjPsEgBv683lF6g8iv1HipnSI2dDGp7Xm%2BLhPR%2BsTkg8u4id00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd38b2b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47

104.21.5.137

200 OK

0 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/css/stylesheet-3.3.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=23881
etag: W/"5e0bab24-5d49"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 374031
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NbYrgeBdi%2F01%2FscUE1g3D40YYx%2F42JBSO0GvmYDpzNohd8LrFUJ8Y0NaLOjPyUYuGncVZgLxy4Xal1tC4IyBN8g7EtdWv5pfPGD25w%2FxNRnlhZPObx9YRTgVwfBOKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd38b1b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47

104.21.5.137

200 OK

0 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /styles/default-new-reg/js/the220px.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=562
etag: W/"57e8eb5d-232"
expires: Wed, 23 Nov 2022 14:37:07 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
x-cache-status-a: HIT
cf-cache-status: HIT
age: 255797
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UlmPYyLOOzmb%2FQ%2F6gQAu0QZXrENANqhNtGKObOSpE8voroKH8rElss1y4TBYaePaGw7h6ne1KaJHYjflQT2YxQAArxlqCAmIMTkb0EpzdcY7u%2FFXfVjdxDBbidVHvlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd28a9b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47

104.21.5.137

200 OK

0 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-1bae7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 255797
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDMi8ped80%2FCg9Ytn4rVN4OykjFMAnM69yzvbeTuB%2FsOzOBeHxps%2FlntH16UHJ1yx9nQFK5VxgpwKYil9kLiOjQPvmKEuteZt88fxOL7%2FFY656szDXxDNfxDbT2NNWU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd28a3b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47

104.21.5.137

200 OK

0 B

URL HTTP/2
s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /styles/default-new-reg/css/animate.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=ade5b14fc00a7b96d73acb817de011fcfd648c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:55:23 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-d0b7"
expires: Wed, 23 Nov 2022 14:37:07 GMT
cache-control: max-age=5356800
x-cache-status-a: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 436464
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFOMWo0jD%2BVC7TM3w%2FgnpmwAR3P6dtCbr6%2FZA0OY7u2HJqzIN19xapl6Xe0jIn7pfJGYiqHWo5AkU8k%2FrFpcqRvCOFsYD2M4bbed0oQ4uzT58jzztjP1JX78RsSyfjY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791cc3cd38b4b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML