Report - g0td0main.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA

Report Overview

Submitted URL
g0td0main.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA
IP
188.72.236.136
ASN
#35415 Webzilla B.V.
Submitted
2022-11-12 22:02:21
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ti-files.org	unknown	2017-04-24T09:18:36Z	2023-01-21T20:57:05Z	1.3 kB	6.9 kB	188.72.236.34
back-data.com	unknown	2022-09-27T14:11:14Z	2023-01-26T07:10:10Z	565 B	940 B	172.67.185.30
unpkg.com	11693	2016-01-08T00:26:01Z	2023-03-10T10:45:44Z	393 B	577 B	104.16.125.175
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-10T05:11:21Z	368 B	1.9 kB	104.18.20.226
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.4 kB	6.2 kB	23.36.77.32
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-10T11:13:22Z	368 B	19 kB	151.101.85.229
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	50 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.7 kB	107 kB	93.184.220.29
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-10T11:39:59Z	676 B	1.5 kB	23.36.76.226
soft-kind.com	unknown	2017-02-09T05:54:28Z	2023-02-21T12:42:14Z	1.2 kB	20 kB	104.21.49.135
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.38.227.80
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-10T08:04:05Z	511 B	152 kB	104.17.25.14
aditmedia.g2afse.com	61605	2019-08-01T05:38:15Z	2023-03-10T07:57:08Z	546 B	423 B	34.141.179.97
g0td0main.com	unknown	2022-10-27T14:56:59Z	2022-12-27T09:00:12Z	1.2 kB	6.2 kB	188.72.236.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-12	medium	g0td0main.com	Sinkholed
2022-11-12	medium	g0td0main.com	Sinkholed

JavaScript (8)

	URL	Size	First Seen	Last Seen
	soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D	165 B	2023-03-08	2023-04-05
Pretty URL soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D IP 104.21.49.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:26:19 Last Seen2023-04-05 01:52:00 Times Seen31 Hash 5c09165446b3e4ba6e8137f81d41b414 7cc3238e426106bb346f60f5446599471434ab8d 7431c166481fcff1b8b5f737ab334d41d290cc5de407119a492e2f6115c0b03f Loading...

	soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D	1.2 kB	2023-03-10	2023-03-11
Pretty URL soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D IP 104.21.49.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 21:42:40 Last Seen2023-03-11 11:39:29 Times Seen1 Hash 94804690cda824fac4e004b1f885e067 e4d7cfb5610a76a20c00a1409f3b5d5fe539d63d 18cb3981303fe2bd9733723f2e7e10b4a0cf8559adc93cb874d8c76b92ea2bce Loading...

	cdn.jsdelivr.net/npm/sweetalert2@11	64 kB	2023-03-11	2023-06-18
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 10:54:02 Last Seen2023-06-18 13:12:36 Times Seen3 Hash 44557350a61b0205334641dda77835f7 117bbba07b0a0a353bd8884a9ea90f9b22903b33 a8bb79cc7e67c2377e6b80db3544015a4d474c0316c2f19ad1e55a37841b8e6c Loading...

	g0td0main.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA	451 B	2023-03-11	2023-03-11
Pretty URL g0td0main.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA IP 188.72.236.136 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:35:12 Last Seen2023-03-11 11:35:12 Times Seen1 Hash 57694325888162e15bafd6d62a8773e9 a6fe5a950d1128ddee89af8d7da239627ee88283 6afd0140087e89f5465ef54ccafccc2c02917a7d758e94f08f374568d43d3b47 Loading...

	ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3580_35040&s3=637017e3241ce20001d46989	470 B	2023-03-11	2023-03-11
Pretty URL ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3580_35040&s3=637017e3241ce20001d46989 IP 188.72.236.34 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:35:12 Last Seen2023-03-11 11:35:12 Times Seen1 Hash daf887220ea86ae7b596f09482026773 b056207f87955e6733affccf424ddd02edc4fb0c ecca6d674c1349240e1a7db737abb1fbf3da23775f95a45f19a50360d16cc13f Loading...

	soft-kind.com/tailwind.js	342 kB	2023-03-08	2023-03-26
Pretty URL soft-kind.com/tailwind.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:26:19 Last Seen2023-03-26 00:23:03 Times Seen3 Hash f1590982658c97a7a654bc1fd15add08 94b28a48811b86160b04dfc4c851c4b04b19b656 f5e965674f7f731913d56740ca1f0bdb460f9f04f7a953d9371c0c07fc0a4e9d Loading...

	unpkg.com/flowbite@1.5.3/dist/flowbite.js	148 kB	2023-03-08	2024-04-26
Pretty URL unpkg.com/flowbite@1.5.3/dist/flowbite.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:26:19 Last Seen2024-04-26 08:13:10 Times Seen32 Hash fed9dd72d9e36b05309aab3d2e5bb942 0b6040355897e23dbe27428a69c64bc53cf864eb caed6eb8f99e3e4405bbbc6218b55b9590380ccbddeebe0d547865d12083e5dc Loading...

	soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D	882 B	2023-03-10	2023-03-11
Pretty URL soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D IP 104.21.49.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 21:42:40 Last Seen2023-03-11 11:39:29 Times Seen1 Hash 1e3323a4697702cb5307e324b6fe5b0b b80c0371cc627bf1dd7154ed0186e020e465f0de b337391de2d75ab57f77e84648a1867c62afc1eca2f1503e1bb7bde9609d5233 Loading...

HTTP Transactions (37)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14254
Expires: Sun, 13 Nov 2022 01:59:44 GMT
Date: Sat, 12 Nov 2022 22:02:10 GMT
Connection: keep-alive

g0td0main.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA

188.72.236.136

200 OK

5.4 kB

URL HTTP/1.1
g0td0main.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA
IP
188.72.236.136:0
ASN
#35415 Webzilla B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5360), with no line terminators
Size
5.4 kB (5360 bytes)
Hash
62de9a8779e1df9002dd2b16f06ad6ae
f6c31f946f9cf8e43e51d487ac10ca0c7d0535ea
b87d04314a79e8cafd62f4b32ec26124d310812ad2d85c182e35f1898e8bd616

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=bootcamp+6+windows+10+drivers+download&s3=bootcamp+6+windows+10+drivers+download&s2=mmaa&s1=dfHsiY20iOiJNYWMiLCJzcyI6IjE2NTcxODY5NTUiLCJycyI6IjI1OTAiLCJkcyI6IjMwOTQ5OSJ9fA HTTP/1.1
Host: g0td0main.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 22:02:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=RxmvaYVheJUlS8xe6pUs4QiRwpvz8lrn2BLsTIXB5Bmg4FVZGFrcN10wVPW2d2Pf26MGmIwa6ghP5JHyxxKshADRFibRkC55UOtG+Ef6xSAt9uUIulXLtbuHBFpJbqF1gt/NI+G6qN4kHjS5+5BQAawuJfe4nMcuiQEK8Hgim6CRvO0h1qYAesY/x/Z2MaaFwgQxj1Miq+gNLMWpDkefaVzuYgRATepjuoWx8M7bTl1ctNWiZKtqAUAzKUvsGAykmzXEOZ0dhGBHq1WSiszcTc2N0yN6pAjgRX/lXlmCI5Ct+A8+RRlJTv10/x28uLiB1iHZHpZ/fHXHAg4Pty+IOXUr; Expires=Sun, 12 Nov 2023 22:02:10 GMT

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
de470c6bab46e7c4b7cc69f392900fe7
189e4dcc4c2b8bf1f050e06bd68bce8a99618918
86f57134ddebd23a25615dc4d59c4b1ca8919e3e0495e1f006cbe7c0f39aa27e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 191
Cache-Control: max-age=131536
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 22:02:10 GMT
Etag: "636f75f3-1d7"
Expires: Mon, 14 Nov 2022 10:34:26 GMT
Last-Modified: Sat, 12 Nov 2022 10:31:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8391107bfc5e4673e8a706f90f63768
5295ed0b1cb8bad4d3e851049acc7f0270937d12
ed5c27510100ffc4481be474ebcb020d147c645beb110604d5284eeeb8b97c02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED5C27510100FFC4481BE474EBCB020D147C645BEB110604D5284EEEB8B97C02"
Last-Modified: Fri, 11 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10124
Expires: Sun, 13 Nov 2022 00:50:54 GMT
Date: Sat, 12 Nov 2022 22:02:10 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 21:44:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1075
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zOVYjFWv6Fbqwx8JjDvlpKsv3BKha3swmzi7/FYxG4EhqMpAwAO1X+KEP7WfcObITpZpFOadNKM=
x-amz-request-id: EFQSKW2SMZ7D0ASX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 21:50:26 GMT
age: 704
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 22:02:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
f840682534d6a69f2651aec2426ce372
a5aebf831888e307b81fc24f6c7ef036483a8bd6
54924afd2e1c1eaa834a83bb07d9c6ba554b1ed7d615838799338144c122b1a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 995
Cache-Control: max-age=93833
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 22:02:11 GMT
Etag: "636edf89-139"
Expires: Mon, 14 Nov 2022 00:06:04 GMT
Last-Modified: Fri, 11 Nov 2022 23:49:29 GMT
Server: ECS (amb/6BC4)
X-Cache: HIT
Content-Length: 313

g0td0main.com/favicon.ico

188.72.236.136

200 OK

43 B

URL HTTP/1.1
g0td0main.com/favicon.ico
IP
188.72.236.136:0
ASN
#35415 Webzilla B.V.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: g0td0main.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://g0td0main.com/
Connection: keep-alive
Cookie: bd_context=RxmvaYVheJUlS8xe6pUs4QiRwpvz8lrn2BLsTIXB5Bmg4FVZGFrcN10wVPW2d2Pf26MGmIwa6ghP5JHyxxKshADRFibRkC55UOtG+Ef6xSAt9uUIulXLtbuHBFpJbqF1gt/NI+G6qN4kHjS5+5BQAawuJfe4nMcuiQEK8Hgim6CRvO0h1qYAesY/x/Z2MaaFwgQxj1Miq+gNLMWpDkefaVzuYgRATepjuoWx8M7bTl1ctNWiZKtqAUAzKUvsGAykmzXEOZ0dhGBHq1WSiszcTc2N0yN6pAjgRX/lXlmCI5Ct+A8+RRlJTv10/x28uLiB1iHZHpZ/fHXHAg4Pty+IOXUr

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 22:02:10 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3ba82b97790def3576953f6782a3acb5
7848f77820ce711bfbd2ae8f9cd0c69831f753f3
b3010b0be4f0e49a6703690e370d9f6b16771d9d7125455b9d0f6bf8d0a3045d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3010B0BE4F0E49A6703690E370D9F6B16771D9D7125455B9D0F6BF8D0A3045D"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4747
Expires: Sat, 12 Nov 2022 23:21:18 GMT
Date: Sat, 12 Nov 2022 22:02:11 GMT
Connection: keep-alive

ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3580_35040&s3=637017e3241ce20001d46989

188.72.236.34

200 OK

6.1 kB

URL HTTP/1.1
ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3580_35040&s3=637017e3241ce20001d46989
IP
188.72.236.34:0
ASN
#35415 Webzilla B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6068), with no line terminators
Size
6.1 kB (6068 bytes)
Hash
3a3bb69f3ac669b86ec11c78540f0e09
24b6219d73200cdd7a92bb07bb979d26eae89ee8
28fb279a6f38b29d7748848a25c5f9a73c7f3da0982bc6061f9016506a0c3625

HTTP Headers

GET /GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3580_35040&s3=637017e3241ce20001d46989 HTTP/1.1
Host: ti-files.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 22:02:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=HjmeinPckWXSR4VMiyEbeBL9ffJm1U4MnADk3tCTWDG/ZA0A+jwjSSHB7TflmQlB3UJGeozYnk5wNkQFGB213HgTlqAfpPEDdBA2I4VVLOCr315h4RmOVUKYL/pOyC5ICCHqgab03g3fBVY/L1tMztrPUJPtAPB2fYQgDaRwE7C9SsiiH4IIkb/ZVfpAJ0eubrvl6xNwzt8M1e543qLpmZ0aPCcc4gVrxzibIP6ZUw+BTUj0sHdwxikvf6rLmFJzaubL8EZqdKZ3uQtTd+Ok0SaQglqBZDJL6pZEVR0NMA3Y9/R6W9t4rt++zJ6+4rIzLpKiFfgDIDCh6Q==; Expires=Sun, 12 Nov 2023 22:02:11 GMT

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 21:44:48 GMT
cache-control: public,max-age=3600
age: 1043
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ti-files.org/favicon.ico

188.72.236.34

200 OK

43 B

URL HTTP/1.1
ti-files.org/favicon.ico
IP
188.72.236.34:0
ASN
#35415 Webzilla B.V.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ti-files.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ti-files.org/
Connection: keep-alive
Cookie: bd_context=HjmeinPckWXSR4VMiyEbeBL9ffJm1U4MnADk3tCTWDG/ZA0A+jwjSSHB7TflmQlB3UJGeozYnk5wNkQFGB213HgTlqAfpPEDdBA2I4VVLOCr315h4RmOVUKYL/pOyC5ICCHqgab03g3fBVY/L1tMztrPUJPtAPB2fYQgDaRwE7C9SsiiH4IIkb/ZVfpAJ0eubrvl6xNwzt8M1e543qLpmZ0aPCcc4gVrxzibIP6ZUw+BTUj0sHdwxikvf6rLmFJzaubL8EZqdKZ3uQtTd+Ok0SaQglqBZDJL6pZEVR0NMA3Y9/R6W9t4rt++zJ6+4rIzLpKiFfgDIDCh6Q==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 22:02:11 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
602d54062113de48db8d64a8788caaf5
e23fd70e080f3e563c8e33d22c520e9450610702
c29231faf48603cc6d42b5ca98d862a170240a589045798d5b618261d1c2363d

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C29231FAF48603CC6D42B5CA98D862A170240A589045798D5B618261D1C2363D"
Last-Modified: Thu, 10 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6286
Expires: Sat, 12 Nov 2022 23:46:57 GMT
Date: Sat, 12 Nov 2022 22:02:11 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ae51f1958554de4457c22a7d5a9ba8b6
173e90a8c6ee36b7ec569dbea47436a90d7e7c76
dc43a04e1e26243f63a8e628f2ebcb23a9527fd4bc40dc6d1d61879b0f95bb21

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6116
Cache-Control: max-age=132397
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 22:02:11 GMT
Etag: "636f622c-1d7"
Expires: Mon, 14 Nov 2022 10:48:48 GMT
Last-Modified: Sat, 12 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
602d54062113de48db8d64a8788caaf5
e23fd70e080f3e563c8e33d22c520e9450610702
c29231faf48603cc6d42b5ca98d862a170240a589045798d5b618261d1c2363d

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C29231FAF48603CC6D42B5CA98D862A170240A589045798D5B618261D1C2363D"
Last-Modified: Thu, 10 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6286
Expires: Sat, 12 Nov 2022 23:46:57 GMT
Date: Sat, 12 Nov 2022 22:02:11 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
001389a8f42eb704af8d74c1a454ebb7
828d517c6059e6dd5ee03b62d8874d949265f0e5
30a45fe46fdfe784ce5cd5a4249b30b7db43574bbe15fb187abb9f7e8df708dc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2901
Cache-Control: max-age=150070
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 22:02:11 GMT
Etag: "636fb3c4-117"
Expires: Mon, 14 Nov 2022 15:43:21 GMT
Last-Modified: Sat, 12 Nov 2022 14:55:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

104 kB

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
104 kB (104288 bytes)
Hash
93e78abad5cba55b580880ab98bd508a
a70749986660b41b68623529f410facd3788260a
b1fef64554874a18894d7fce1bab3a1aabcff751af157e540c192c07fe0602c6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2901
Cache-Control: max-age=150070
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 22:02:11 GMT
Etag: "636fb3c4-117"
Expires: Mon, 14 Nov 2022 15:43:21 GMT
Last-Modified: Sat, 12 Nov 2022 14:55:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

soft-kind.com/index.php?filename=Unknown&click_id=88c382t8phogx3y7ad&sourcename=337836&flow_id=96

104.21.49.135

302 Found

19 kB

URL HTTP/2
soft-kind.com/index.php?filename=Unknown&click_id=88c382t8phogx3y7ad&sourcename=337836&flow_id=96
IP
104.21.49.135:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
19 kB (18688 bytes)
Hash
95d49e491b46f526854d624e40d8af76
5b145ab428cc484ecead4666e01cca7ce6b4dff4
f897fc168379623a0e92c3bb80ff02bc4742ccb555fb094e87dc9b60697a481c

HTTP Headers

GET /index.php?filename=Unknown&click_id=88c382t8phogx3y7ad&sourcename=337836&flow_id=96 HTTP/1.1
Host: soft-kind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ti-files.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 12 Nov 2022 22:02:11 GMT
content-type: text/html; charset=UTF-8
location: /download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FbSisW4zKyxfcP6QQoShT3U61x%2Bk4KSm5%2Bkcpg6U3OaJFX%2FupZWZo8K4W9W2hrskQL0Mx9s3JYx%2Bo1oerbvhpGYl7V6OrBtMarn%2FOVUEpAv08zgRpqwyv3AOG9mJL2Cl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76928cef191dfac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.38.227.80

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.227.80:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UER7I3a6EMJ01V7JOIKS7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: M6WnvOdpwjJ9sYPPaKmxIMBXtZM=

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

150 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 150472, version 770.256\012- data
Size
150 kB (150472 bytes)
Hash
3e50e269ee627bb2279f91d18c085167
a7fca574d24e9ffa5ee0e0589ffe17277ae4ec27
d27bc752105c079f8a516e9142406a9fc12cbb409f9bf8681f2ddfe0360b52a6

HTTP Headers

GET /ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://soft-kind.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 22:02:12 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150472
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "630e6e62-24bc8"
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2680984
expires: Thu, 02 Nov 2023 22:02:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v8t9%2FL4D9DIceaMho2JWjqRoV4FiLgPbzG%2BZDPk%2FcCDmcOfnotP2rM7EM9YUn93fu43PNNbufkJOCniVCcesYJMwnh3INMAYcPvNB1TzCvfvzTNJWIZa0QtFhcpwVaqR3nCSdsVc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76928cf32884b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/sweetalert2@11

151.101.85.229

200 OK

18 kB

URL HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (43181)
Size
18 kB (17974 bytes)
Hash
6360e416d418dc20aaa5798edb3cec6d
6e346c4ec35413fca46b85f7a224f58d77e46e68
f98b1433b7a15589ba99a3756c44472a743234674846e79c42eeab793b90d740

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://soft-kind.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.6.8
x-jsd-version-type: version
etag: W/"fad6-EXu7oHsKCjU72IhKnqkPmyKQOzM"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 12 Nov 2022 22:02:12 GMT
age: 29083
x-served-by: cache-fra-eddf8230057-FRA, cache-bma1667-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17974
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
69b6fbfcc7d7f85302467aa1ec9286fb
f10ecf55c78d371ed379cd254b869ac25fcc96f0
c56f055ae74eabbd93da9a259bd1a20b2132be192e673c82e9b5c26fc7b03eea

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 22:02:12 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "61550B89F284FE032EF24939753DFAA8B7746214"
Expires: Sun, 13 Nov 2022 08:00:00 GMT
Last-Modified: Sat, 12 Nov 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2485
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76928cf3ab420b06-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3288
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 22:02:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3288
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 22:02:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3288
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 22:02:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3288
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 22:02:13 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6577 bytes)
Hash
faa8e3cf2ab3c1d53a1735def5bb7476
ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f
e81a8fa312ec478871427f1d04ba7fe563573c683809153f75dec8df979d6efe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6577
x-amzn-requestid: b4587cfb-6041-453c-9e74-fa35ecd31448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMjIGHRoAMF26g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec147-29e7ec741b0e6f6f674aef75;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hsMmHIBEt_4cL455goPqDKQVQA75u4oGFbSxsGP_e_0uG7SZmSLBhQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:00:57 GMT
age: 76
etag: "ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9012 bytes)
Hash
516f1bfefb1c1a737ea2441f85343b32
0cc22d7bf9092fb30f31e2ca8f242c197b891669
733824d4f6f7c5b54ce4e02ecaf152cfc1e10f3f6a801d7e2c55a02460e40087

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 83eac9e7-5387-4e11-9769-182fa3f7fffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNC6FxzoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec212-5ca277b90a5a9a4c437edc1e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PrJoEROPymrtc0egNlWRoOMjohiCo3zReD01qAHwByaSiXarfRS0XQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:00:44 GMT
age: 89
etag: "0cc22d7bf9092fb30f31e2ca8f242c197b891669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8953 bytes)
Hash
f09e254cd6f2e29b3bf198cc5d58a46f
fa34520e849bf746ff43aec3d28beb9e4be44f4d
2e29eace95fd8cb5b6d77df880d2044ecab4206cba47931c3a95e77c1b4e9d9a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 2a2d20f4-3aa5-475e-8ec2-fc569766335e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhQGAhIAMFrjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-26dc0259793ec94814f3d41a;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OKFzEoCVITStAPxYzhksarrlTkVeATx6AzBnEK32WLFaOeEIwLMu_Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:45:17 GMT
age: 1016
etag: "fa34520e849bf746ff43aec3d28beb9e4be44f4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5583 bytes)
Hash
85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 04:50:44 GMT
age: 61889
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8633 bytes)
Hash
eac2ed4bece6282c8273a58a88371e2e
2d90ff66079e8ffbaaa367a6bfc08927e7cc424d
aea97fd7d90302edcb3e0c08507d682e02166e8ddd4d082fc4f5435af438594c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8633
x-amzn-requestid: 8bdfbfbb-5193-4c62-ba1b-c906f7548676
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhSEC1oAMF8tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-39b4c2954dbc8e4c40a2c9d8;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uOmwGlJCumDmuVyp1T0YkwwQn8tJ7xMml78eEKaOcaaaIkqgQAdCIA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:45:26 GMT
age: 1007
etag: "2d90ff66079e8ffbaaa367a6bfc08927e7cc424d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5478 bytes)
Hash
38e32fc94c445ff47da5d2907e61e3a4
c76588ccaf97fdfd6e73833083200cb49a01a4af
e4e3947b2248206c9dacfd35ff5619ca3b3ae56a7bcd565d40ed048839ffa075

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5478
x-amzn-requestid: c06e47c6-da2a-4a70-af2a-c1268557b913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM67FEEIAMF-pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1df-0628d00244323ddf727e0b80;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:42:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jQIBERZ9Wm17Fd6Tjtw0cV2fQFvzF3rCrTqKf_oC14H_xwB6oPQS8g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:45:17 GMT
age: 1016
etag: "c76588ccaf97fdfd6e73833083200cb49a01a4af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

aditmedia.g2afse.com/click?pid=3580&offer_id=17211&sub2=35040&sub1=AOIXcGPgiAAApE8CAE5PFwAMAEZoQHoA

34.141.179.97

200 OK

0 B

URL HTTP/2
aditmedia.g2afse.com/click?pid=3580&offer_id=17211&sub2=35040&sub1=AOIXcGPgiAAApE8CAE5PFwAMAEZoQHoA
IP
34.141.179.97:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /click?pid=3580&offer_id=17211&sub2=35040&sub1=AOIXcGPgiAAApE8CAE5PFwAMAEZoQHoA HTTP/1.1
Host: aditmedia.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://g0td0main.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 22:02:11 GMT
content-type: text/html; charset=utf-8
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=637017e3241ce20001d46989; expires=Sun, 12 Nov 2023 22:02:11 GMT; secure; SameSite=None
afoffers={"17211":1668290531}; expires=Sun, 12 Nov 2023 22:02:11 GMT; secure; SameSite=None
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

back-data.com/c4fel7k.php?key=n5b278vdjppji3iiw7z4&external_id=AOMXcGOsJwUA2FQCAE5PFwAMAAFfNecA&source=337836&keyword=

172.67.185.30

302 Found

0 B

URL HTTP/2
back-data.com/c4fel7k.php?key=n5b278vdjppji3iiw7z4&external_id=AOMXcGOsJwUA2FQCAE5PFwAMAAFfNecA&source=337836&keyword=
IP
172.67.185.30:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c4fel7k.php?key=n5b278vdjppji3iiw7z4&external_id=AOMXcGOsJwUA2FQCAE5PFwAMAAFfNecA&source=337836&keyword= HTTP/1.1
Host: back-data.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ti-files.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 12 Nov 2022 22:02:11 GMT
content-type: text/html; charset=UTF-8
location: https://soft-kind.com/index.php?filename=Unknown&click_id=88c382t8phogx3y7ad&sourcename=337836&flow_id=96
set-cookie: uclick=2t8phogx3y; expires=Sun, 13-Nov-2022 22:02:11 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=2t8phogx3y-2t8phogx3y-16-0-16-my-9l-001a38; expires=Sun, 13-Nov-2022 22:02:11 GMT; Max-Age=86400; path=/; secure; SameSite=none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XLAEvNnJs7OX29fGFPJukQ9dU21%2F0vxXTm%2FS5ncn%2FUbAXeIXVj2xxE4xTu5wdvwCp3YW878rk2CveGs7pl%2FjBYgR7F6Xba5cVcU%2BjZ8TxWS2yldXP3F0T4krThkVF5G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76928cee09f5b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

unpkg.com/flowbite@1.5.3/dist/flowbite.min.css

104.16.125.175

200 OK

0 B

URL HTTP/2
unpkg.com/flowbite@1.5.3/dist/flowbite.min.css
IP
104.16.125.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /flowbite@1.5.3/dist/flowbite.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://soft-kind.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 22:02:11 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1e167-05seFaTX5Dxlizw780dH6alxLT4"
via: 1.1 fly.io
fly-request-id: 01GE87QQ68JRRAE22AJX4KV995-fra
cf-cache-status: HIT
age: 3714151
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76928cf07d05b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2

soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D

104.21.49.135

200 OK

0 B

URL HTTP/2
soft-kind.com/download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D
IP
104.21.49.135:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /download.php?filename=LxRkOSE8cnAzJgUnKC05eQ0rI3UyAxZs&flow_id=BBcIdg%3D%3D&click_id=BAc5IQ4rLDo1DysmKgRoJSYVBXYfeQU6&sourcename=BjkceAwVBnE%3D HTTP/1.1
Host: soft-kind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ti-files.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 22:02:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Is0DOczdzFxxvxX%2Bw2Zuo3unGxZS15I4jIB%2ByZas%2FeDuusiHjahWOEviR6QwL3OGdwrqqOzNNLO8QGX4WL05yfM4ivEfsnhgxCufEhnLPzIOIDOtbMPRgGIzN4Zf%2BfJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76928cef9967fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations