iegybest.film/%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/
104.26.4.52200 OK 46 kB URL HTTP/1.1 iegybest.film/%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/
IP 104.26.4.52:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32314), with CRLF, LF line terminators
Hash b3fb64e681bda9469c0975e8d5ccb178
88034916ba4db93afbdd052b590ac08421f10ac2
a353a2dbaa7380c48dfaf90e4ffefe7c1093dd1ea071a97570c422d08a08d091
GET /%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/ HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 21:45:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Pingback: https://iegybest.film/xmlrpc.php
Link: <https://iegybest.film/wp-json/>; rel="https://api.w.org/", <https://iegybest.film/wp-json/wp/v2/posts/17058>; rel="alternate"; type="application/json", <https://iegybest.film/?p=17058>; rel=shortlink
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfO860Rcu%2FFoeIb%2F6AZ07b1wUoRbOEo5zxYBEvGmnHoMk1XNT5by87gth%2FIkepfcGt2DjMtNYOjCscW0IOlGCEPtXvKvkBdPU2sr%2B9medCuhuNtshA8boxkChkhhe8k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 794ed5660d790b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14549
Expires: Mon, 06 Feb 2023 01:48:01 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11342
Expires: Mon, 06 Feb 2023 00:54:34 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 21:33:58 GMT
content-type: application/json
age: 694
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2767
Expires: Sun, 05 Feb 2023 22:31:39 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: uFNmAo6NYiRYX/EpTGYDyOkvYkBAkFY3VTIGQyGcUTcYV52XCfwa1gNy+dM8aPuSLkRF/UwtM6w=
x-amz-request-id: A3FY39GPNTSJGN2V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 20:53:26 GMT
age: 3126
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
zadauque.net/5/4796941
139.45.197.238200 OK 24 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (64281), with no line terminators
Hash 613a7f7a7f7badfe7e85f1c9e027aa92
90a13521df68716f1fe03a4ddd33abad9c51099e
b79d879d9b4ee355be099a28f81c583c8b1645412d3b29f6635b25ef140cc6ea
Analyzer Verdict Alert quad9 Sinkholed
GET /5/4796941 HTTP/1.1
Host: zadauque.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: a2a180f8c12d319d027ca2072db8d208
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=e4f1c924d718441e8fbfd95caf091d6d; expires=Mon, 05 Feb 2024 21:45:32 GMT; path=/
oaidts=1675633532; expires=Mon, 05 Feb 2024 21:45:32 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5b265d8848b61053e800d85b1013d630
df65aa81ac79b1b07072d6a33513682007a33d68
7301e64da45b49991004a7785c832f200aa96a8b675bee1b9ec99b17e744e395
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7301E64DA45B49991004A7785C832F200AA96A8B675BEE1B9EC99B17E744E395"
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2607
Expires: Sun, 05 Feb 2023 22:28:59 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7ed347acb3145b77c7c8509eeb6928bf
fd228fb89f26982da5aa3562fbd281227217a5e0
4ef43b4dec70191448cec89ff278a31e2c143a580474fc1f68b10bb7c00a525e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4EF43B4DEC70191448CEC89FF278A31E2C143A580474FC1F68B10BB7C00A525E"
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6210
Expires: Sun, 05 Feb 2023 23:29:02 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5b265d8848b61053e800d85b1013d630
df65aa81ac79b1b07072d6a33513682007a33d68
7301e64da45b49991004a7785c832f200aa96a8b675bee1b9ec99b17e744e395
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7301E64DA45B49991004A7785C832F200AA96A8B675BEE1B9EC99B17E744E395"
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3611
Expires: Sun, 05 Feb 2023 22:45:43 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
iegybest.film/wp-content/uploads/2016/07/How-to-Train-Your-Dragon-2.jpg
104.26.4.52200 OK 110 kB URL HTTP/2 iegybest.film/wp-content/uploads/2016/07/How-to-Train-Your-Dragon-2.jpg
IP 104.26.4.52:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 677x1000, components 3\012- data
Size 110 kB (109894 bytes)
Hash 1da13f5063fa2bb17e8a5082cdcfd4ae
de8c470d150b7d9db1d23efac0999631f86ac9cc
ba4d79df9016ab37c4be1888b146046d885fc4cb542773dfd5dd8025b9b58c53
GET /wp-content/uploads/2016/07/How-to-Train-Your-Dragon-2.jpg HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: image/jpeg
content-length: 109894
cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: "6153b15a-1ad46"
expires: Mon, 05 Feb 2024 15:30:30 GMT
last-modified: Wed, 29 Sep 2021 00:20:42 GMT
pragma: public
cf-cache-status: HIT
age: 22502
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=970iHkTVQeKSDVtFA7ma9C2Ylt6QP3Gx4EztBOnbGzg1fnHgYMqfkUV7CSb3CQh3bjC2J0tZmXV1iqHczYTK5fJX6LA4AOEW%2FlMcAuL7uqYk1lkIGsiTedLHv0klor4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569cf750b49-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7ed347acb3145b77c7c8509eeb6928bf
fd228fb89f26982da5aa3562fbd281227217a5e0
4ef43b4dec70191448cec89ff278a31e2c143a580474fc1f68b10bb7c00a525e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4EF43B4DEC70191448CEC89FF278A31E2C143A580474FC1F68B10BB7C00A525E"
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6825
Expires: Sun, 05 Feb 2023 23:39:17 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7ed347acb3145b77c7c8509eeb6928bf
fd228fb89f26982da5aa3562fbd281227217a5e0
4ef43b4dec70191448cec89ff278a31e2c143a580474fc1f68b10bb7c00a525e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4EF43B4DEC70191448CEC89FF278A31E2C143A580474FC1F68B10BB7C00A525E"
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6682
Expires: Sun, 05 Feb 2023 23:36:54 GMT
Date: Sun, 05 Feb 2023 21:45:32 GMT
Connection: keep-alive
iegybest.film/wp-content/plugins/image-sizes/assets/js/front.js?ver=3.6.1
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-content/plugins/image-sizes/assets/js/front.js?ver=3.6.1
IP 104.26.4.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/image-sizes/assets/js/front.js?ver=3.6.1 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/javascript
content-length: 0
last-modified: Sat, 26 Nov 2022 23:31:09 GMT
etag: "6382a1bd-0"
expires: Sun, 26 Nov 2023 23:54:06 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 6126686
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xys12FVzfxDUsyUDb3bjngR4oK9Aj7x5rLmBomXWAWWeI9obc40jszn7gtsTsEmHKNFJaWhUqHVqTyJpeggKjXuIkCq1%2BgW%2BA2mAnUN%2B8Han37YBKtfioQ%2F6EjF%2FdWI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569ff9d0b49-OSL
X-Firefox-Spdy: h2
iegybest.film/wp-content/uploads/2022/05/src-default-new.jpg
104.26.4.52200 OK 4.7 kB URL HTTP/1.1 iegybest.film/wp-content/uploads/2022/05/src-default-new.jpg
IP 104.26.4.52:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 175x263, components 3\012- data
Hash a73a1de4af8cfb202312b296abaa61a2
48b06803630e5d00f0d953db31240912b21b8a75
1f027dbbe363187f01f1b007afc3607aaf7bf85db270b3b32ac4e2954e4f8282
GET /wp-content/uploads/2022/05/src-default-new.jpg HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: image/jpeg
Content-Length: 4720
Connection: keep-alive
Cache-Control: public, max-age=31536000
Cf-Bgj: h2pri
ETag: "627d40a5-1270"
Expires: Fri, 24 Nov 2023 17:20:49 GMT
Last-Modified: Thu, 12 May 2022 17:15:17 GMT
Pragma: public
CF-Cache-Status: HIT
Age: 6323083
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3peUmHeTRVOTTLarZlvaztj5Y2Na7x5bJBnnDWbXdoZn%2BKPh0Dve6mWX9BvIRWqxZO6fYeqJRQWOtPwIumaB2dkPn%2Be9F2Aa3e0FhLPktva1A4jyS%2FhQApkNxbmnok%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794ed569f9270b55-OSL
alt-svc: h2=":443"; ma=60
iegybest.film/wp-content/uploads/2019/10/egybest_logo2.png
104.26.4.52200 OK 1.4 kB URL HTTP/1.1 iegybest.film/wp-content/uploads/2019/10/egybest_logo2.png
IP 104.26.4.52:0
File type PNG image data, 130 x 35, 8-bit colormap, non-interlaced\012- data
Hash 590e926bf8a6aefeb46cce6507fd4cbc
b3e0c755de138a82ff3132b1f97f61ba44b0c17d
b41f3d52b4756760fe9e73c5e17ac25b5ae7714bd7d0975f42fa2155c7042c56
GET /wp-content/uploads/2019/10/egybest_logo2.png HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: image/png
Content-Length: 1359
Connection: keep-alive
Last-Modified: Fri, 11 Oct 2019 23:41:10 GMT
ETag: "5da11316-54f"
Expires: Fri, 24 Nov 2023 17:20:49 GMT
Cache-Control: public, max-age=31536000
Pragma: public
CF-Cache-Status: HIT
Age: 6323083
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PC7OVWX3zVs25f7COhxBV5LrEf%2FNo9dGGtpOXltPI%2FENPnwExsXv4wye3t4KVo2LVnlPZ8xLSkOdDpmbbary%2Fq5ZmVR6HfEJBSrRvNToUi1NCqJNXSgP1LPz1DLvcsE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794ed569fc86b50b-OSL
alt-svc: h2=":443"; ma=60
iegybest.film/wp-content/uploads/2022/06/anime.png
104.26.4.52200 OK 2.5 kB URL HTTP/1.1 iegybest.film/wp-content/uploads/2022/06/anime.png
IP 104.26.4.52:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 429eb65aa6ef62531677627f19895b6b
653170df93eb73c0a6ffc716eaa8806289689d87
b71cc884e91754b3dc964f122cbfd5358c2ca77070ddd5c87d1a7efa3accc38e
GET /wp-content/uploads/2022/06/anime.png HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: image/png
Content-Length: 2508
Connection: keep-alive
Last-Modified: Sun, 19 Jun 2022 23:58:45 GMT
ETag: "62afb835-9cc"
Expires: Fri, 24 Nov 2023 17:20:49 GMT
Cache-Control: public, max-age=31536000
Pragma: public
CF-Cache-Status: HIT
Age: 6323083
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzrjzEg%2BrUU4OKYrhTxY17wJ1FvuboTsMhlRvzGuZ5Pl%2BUtIWFaEHCtyIbmd3rLzKstTHylNtpnB%2B4ZvIMgABJvpVv4q%2F%2BjY6UmRcr9ebkgh%2FXhyN2WwJR%2BtILVD4%2BM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794ed569fcffb509-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9206c3ba6d5a17d62244c438fd03496e
069e8257aebe618953434b1299d065540125a512
937d395fed398e9410f75945e80f607f3146458b48cd47ba7249536ca2195817
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 21:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qo.dunganof.com/1clkn/28311
172.255.6.48200 OK 26 B URL HTTP/1.1 qo.dunganof.com/1clkn/28311
IP 172.255.6.48:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/28311 HTTP/1.1
Host: qo.dunganof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 06-Feb-2023 21:45:32 GMT; Max-Age=86400; path=/
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Mon, 06-Feb-2023 21:45:32 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=G-XVZ77D8G75
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-XVZ77D8G75
IP 142.250.74.168:0
File type ASCII text, with very long lines (19467)
Hash 8921cd1ba5a5dbd4eac2e740f7b7946f
88e40ccf421ca0a92d1728d24cdef7cb49652112
828a9003d8165f474d7629d9f04a80ee4ee5100772f48d6d06b2b5c91d752dd9
GET /gtag/js?id=G-XVZ77D8G75 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 21:45:32 GMT
expires: Sun, 05 Feb 2023 21:45:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9206c3ba6d5a17d62244c438fd03496e
069e8257aebe618953434b1299d065540125a512
937d395fed398e9410f75945e80f607f3146458b48cd47ba7249536ca2195817
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 21:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iegybest.film/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
104.26.4.52200 OK 146 kB URL HTTP/2 iegybest.film/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 104.26.4.52:0
File type ASCII text, with very long lines (15660)
Size 146 kB (145579 bytes)
Hash 63d1331998e81df40b0a04f3b5681f0c
232e5d58ac87642ec56b04afa12646cd86047f0c
89bc6350247cdf54400a946a1fcf3b61f3e8b683f1fc5670fdb4c5712800e358
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/javascript
last-modified: Sat, 23 Jul 2022 21:33:15 GMT
etag: W/"62dc691b-48b9"
expires: Fri, 19 Jan 2024 06:50:07 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 1522525
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBYkcm1tP%2BzKFM2znkNt48EhxfPoiRJ3SH58iVDJRr%2F%2BZ3jZPnDfi%2FqUsaLaQ3uvRtEJZG8TidKn55sRgPMcoT6hvE%2Fy8l6vjegnpyuSpW8KgeA7ZYnNxFvZfBZ42gc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569cf730b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-brands-400.woff2
104.26.4.52200 OK 77 kB URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-brands-400.woff2
IP 104.26.4.52:0
File type Web Open Font Format (Version 2), TrueType, length 77376, version 331.17301\012- data
Hash 7c0be8b6640f024b6f4505161bf1bfd4
dabac3ea728295a50c882404a7716d3e0e24c042
485ef94c52a4c62277533950ca70e9c4b13f97eed65cc868b22bd8c37e3ada11
GET /wp-content/themes/old/Standard/UI/fonts/fa-brands-400.woff2 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: font/woff2
content-length: 77376
last-modified: Thu, 21 Oct 2021 09:07:46 GMT
etag: "61712de2-12e40"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCM%2FIzdRVqtPyDVBqhVCfaCppP2PNpGuntbqDIfQMGupcmUj4demy3MOIKXSZOzLYTs%2BTt7ANv%2FM%2FtXRKaXRywIB%2FBoIP32VIfyZcd9OWLEkLHwJYnuWbyFQCZ%2Fqef8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56aa8a60b49-OSL
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-brands-400.woff
104.26.4.52200 OK 91 kB URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-brands-400.woff
IP 104.26.4.52:0
File type Web Open Font Format, TrueType, length 90672, version 331.17301\012- data
Hash 5d875e6a4dcceea77fa7d4b8e1440982
1edb8dee0dee319f5038576496465548fb0f391c
3699081dcb9117f29b4a7bcd268c2f88115838c8ded41f8a618513fa907f7f26
GET /wp-content/themes/old/Standard/UI/fonts/fa-brands-400.woff HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: font/woff
content-length: 90672
last-modified: Thu, 21 Oct 2021 09:07:38 GMT
etag: "61712dda-16230"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvtEG9KO2N5B8hcG3a7DAyNIkdeWgH1NyTPx4AjBaxF0yqmpvA%2BqG%2Fg37uISaWBO450%2B8NYN08ZkYPciIXhWc%2FL17JOgzPnWhOBDGq7khAZXirgLW5pmj7OU4a9lgPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56b093f0b49-OSL
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-solid-900.ttf
104.26.4.52200 OK 387 kB URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-solid-900.ttf
IP 104.26.4.52:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size 387 kB (386892 bytes)
Hash 749dd3651c1a97f03faa88723af2371a
63c056127fdd991d308e0040a19a4d7d4972dd18
fbbe4d984471fab7c40c9b05cba69be51bec7ce82817c1615a1c7e24179eb3d9
GET /wp-content/themes/old/Standard/UI/fonts/fa-solid-900.ttf HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/octet-stream
content-length: 386892
last-modified: Thu, 21 Oct 2021 09:07:44 GMT
etag: "61712de0-5e74c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5r4O3UxJoV%2BH6vVFPXCh%2FhltKk%2B%2FWmRQXYzP5PbkiXPK0KQvtksdHAtktS%2Bie9co1%2F78252iizEFZN2Or0DhghlIwZydhNWH%2BcMdxu6nCA4wxcvofjsQRwwZtiKmU4o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56b498b0b49-OSL
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-brands-400.ttf
104.26.4.52200 OK 134 kB URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/fonts/fa-brands-400.ttf
IP 104.26.4.52:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size 134 kB (134316 bytes)
Hash 8ca6e74eddaf8fce3cdcf8647b37cbf1
6106e82411ddcf70a5e41673f202caa6c45339b0
ea6f8caa19922d4d457af5936fca7ac0c8c1be87b0f4e0487f5220551057e94e
GET /wp-content/themes/old/Standard/UI/fonts/fa-brands-400.ttf HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/octet-stream
content-length: 134316
last-modified: Thu, 21 Oct 2021 09:07:42 GMT
etag: "61712dde-20cac"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxE5TXqf5QmHxIXVFaZ7Tt2lCKakZYmeJu3JisUKlr9%2BwYlFmvlbUIksE7lXhZ4KYvuIkLTLPVBRAKTkMq0nvATRwefMwjAQmu00l4HL17rkwGSF4jtt5pFL3ZzA5aM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56b79ac0b49-OSL
X-Firefox-Spdy: h2
initiallycompetitionunderwear.com/89/b3/7d/89b37d3f5919bd6072571f91b8b0bd65.js
192.243.59.13200 OK 21 kB URL HTTP/1.1 initiallycompetitionunderwear.com/89/b3/7d/89b37d3f5919bd6072571f91b8b0bd65.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60172), with no line terminators
Hash eaed88cb2c998acb4a1a6f3c0a7497e4
16c0628d7d0ad235219119d70c8b257889e116e2
bc15fb8700c47cf2575df04bfa7a8f4d18626adc9a7cae5f1cb972684c460f83
Analyzer Verdict Alert quad9 Sinkholed
GET /89/b3/7d/89b37d3f5919bd6072571f91b8b0bd65.js HTTP/1.1
Host: initiallycompetitionunderwear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a18ca1e5007f58d9b28a6b12b575a60c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 21:07:20 GMT
age: 2292
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
nanouwho.com/1?z=4807448
139.45.197.242200 OK 7.1 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (17093)
Hash 63d468ee7452383e30fdf844fa08552c
5ba26783d9a3e9421bfd9f00d6c5c9dae0480cd4
3ea526d4fd8cd4a46a348d544f3db02db4462fda88a1f47a06706597aa069822
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4807448 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
X-Trace-Id: 29f63b1dbbb6a7537289f6578404912c
Access-Control-Expose-Headers: X-Sc
X-Sc: tfPajH28kDiHtTAN72A4xTJjkUwT1AVRJnFJrVp3vEkmMqtpSY3IV76TN2NBbMR7WXtAQ1Uym6EXOuj6cgeSdsUcdMk=
Set-Cookie: scm=1; expires=Mon, 05 Feb 2024 21:45:32 GMT; secure; SameSite=None
OAID=be510b5327b24a66b7f86766fb4fd7d4; expires=Mon, 05 Feb 2024 21:45:32 GMT; secure; SameSite=None
oaidts=1675633532; expires=Mon, 05 Feb 2024 21:45:32 GMT; secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6f5ab3bdbb5ebcebf9a163e0c85ab467
43f1c3de55e528c5be75895eb08b64840a0c8b95
d7c6e6ba9986867972fbc47f35dc823e3c78db46acf5292b6933e0f5760e47be
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7C6E6BA9986867972FBC47F35DC823E3C78DB46ACF5292B6933E0F5760E47BE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3951
Expires: Sun, 05 Feb 2023 22:51:24 GMT
Date: Sun, 05 Feb 2023 21:45:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5176
Expires: Sun, 05 Feb 2023 23:11:49 GMT
Date: Sun, 05 Feb 2023 21:45:33 GMT
Connection: keep-alive
oaphoace.net/401/5097541
139.45.197.239200 OK 33 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 51fcb76aa90d4cc3ec0b41891a33017a
718a9a3a88791597b5fc84901ecb4e8b9ee0bca9
81b5753a1fe47d7bed1e896ae0da753baf5e02846be005686e52d8e93982a47b
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5097541 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 21:45:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: b08067480d3f09f46fc51a8c514873e6
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=ea7c96cf98024c749d97711144d460b5; expires=Mon, 05 Feb 2024 21:45:32 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 2b9fa7773944abe31f5a0d2c89fcf83f
dd497be3ec7fff255da6600a2d92c45d0f4b9a50
68342c1715a25165c46c7832671ce7d31cc3afeda203b110c999875bb79ba116
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 21:45:33 GMT
Last-Modified: Sun, 05 Feb 2023 20:20:00 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6Uoyu01rjB_4Jl8UbUVv-t-RpN7YDLwe5IITeagPpaZ9NOnEBFQebg==
Age: 5133
my.rtmark.net/gid.js?userId=e4f1c924d718441e8fbfd95caf091d6d
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 08ef0de521d466821d3b72e384181e98
f9376b8725e4ed916aebe9679752bad9db17828c
26518a6f59eaee817e06b7e7d42f7d49952e9d677c6e82f5b040acff8fdb2dfd
GET /gid.js?userId=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:33 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://iegybest.film
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e4f1c924d718441e8fbfd95caf091d6d; expires=Mon, 05 Feb 2024 21:45:33 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 7f4453adf9d385d4615a8ad0857c467a
f26f84510edfc770c83495cc5a65118e22bf1598
bff1452f43aa25f64debf7d009615dc58ddffb8e4287431cfa88f560a7dda9bd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://iegybest.film
access-control-allow-credentials: true
set-cookie: uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1; expires=Wed, 02 Feb 2033 21:45:33 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
utilitypresent.com/pixel/purst?dl=0&th=0&sc=0&rs=1045&rd=1045&fd=651&bv=22.10.v.9&tmpl=70
192.243.59.13200 OK 0 B URL HTTP/1.1 utilitypresent.com/pixel/purst?dl=0&th=0&sc=0&rs=1045&rd=1045&fd=651&bv=22.10.v.9&tmpl=70
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1045&rd=1045&fd=651&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
utilitypresent.com/89/1f/18/891f1800b21596f130a8a4b16846ef16.js
192.243.59.13200 OK 13 kB URL HTTP/1.1 utilitypresent.com/89/1f/18/891f1800b21596f130a8a4b16846ef16.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37126), with no line terminators
Hash d19cec6c0ba60aa52248858aac170c81
e041d785c4f5e7d9cd5441aaddfc301f66a30f06
b411a276d5a685ee6b127018816ffc36cdfca3c920a6813414bad663a554cafb
Analyzer Verdict Alert quad9 Sinkholed
GET /89/1f/18/891f1800b21596f130a8a4b16846ef16.js HTTP/1.1
Host: utilitypresent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a88db5aa39774b42ae494d903227e42
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
s.w.org/images/core/emoji/14.0.0/svg/1f4aa.svg
192.0.77.48200 OK 658 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f4aa.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1205), with no line terminators
Hash 9ee3f7cd55f3c4b022f0fd8d79d5a28f
d05bf1532ed1b7888ce8ca0981fe4e8493dc7847
d3620c61cd218c53a128bdb8181c3a2d69cae9e713979077139e477ec6159062
GET /images/core/emoji/14.0.0/svg/1f4aa.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f8d699ffe3b1f12a3150dd92f9e17d11
0e76135a7ba2f06714221aeca75731c93342d331
121ac8cb3bf6cac815569a04ac37a4905eb081589664aa39d44be04dd2e31717
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "121AC8CB3BF6CAC815569A04AC37A4905EB081589664AA39D44BE04DD2E31717"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6062
Expires: Sun, 05 Feb 2023 23:26:35 GMT
Date: Sun, 05 Feb 2023 21:45:33 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 7f4453adf9d385d4615a8ad0857c467a
f26f84510edfc770c83495cc5a65118e22bf1598
bff1452f43aa25f64debf7d009615dc58ddffb8e4287431cfa88f560a7dda9bd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Cookie: uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://iegybest.film
access-control-allow-credentials: true
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/js/owl.carousel.min.js?ver%5B0%5D=jquery
104.26.4.52200 OK 12 kB URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/js/owl.carousel.min.js?ver%5B0%5D=jquery
IP 104.26.4.52:0
File type ASCII text, with very long lines (31997), with CRLF line terminators
Hash 2bea1f6c2de8ca40013bf8c2fbfcd80d
86aaf546d15b407e9926789cf0f8bd1fe7d43919
37920d770bf35a77a363d3777a625e85124bdf1393a1c8c4f51f03a6c53f2dd6
GET /wp-content/themes/old/Standard/UI/js/owl.carousel.min.js?ver%5B0%5D=jquery HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/javascript
last-modified: Thu, 21 Oct 2021 09:07:36 GMT
etag: W/"61712dd8-ad3c"
expires: Fri, 24 Nov 2023 17:20:49 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 6323083
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vq9d603TaBzgPevT2cf47EXpWrVejWkR6nfFSXEravIW9aXOqx1YFWHPu1QvmOQvKtXrcBxEM%2B9QmeZkRmqz9K5CEnswxuPSfIyKUGxnj1b8CP2WMPAG%2FC6HQMMcjbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56a0fac0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 814d236a89e271c8c2ff35360bf34c5e
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 05 Feb 2023 21:45:33 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSTg9stOqaU5Go%2B2giS4LDoUMwK1ucQtWqiSBXPwkUTagzp0JI%2FlkAwQkTvo8FpVxVWzNLwbxy%2Fq9KGRb3aV2FYSHVtrSBW5ZEw%2F6wh2%2BPcRtmv67a%2BE9U5F%2FcXUDOs4JOvWwGs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794ed56eed74f3ef-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
nanouwho.com/27/843a9f1226eda0484b879504742bc6d9
139.45.197.242200 OK 131 kB URL HTTP/2 nanouwho.com/27/843a9f1226eda0484b879504742bc6d9
IP 139.45.197.242:0
Size 131 kB (130564 bytes)
Hash 28f323c6d4b40cd469ce79e5ad487b85
fae3378e1b3e9a91d366502eedabf6d7a0a163ba
b063af2f16f0d772fecc13ab3b1b41b2b1a05e580aa01178af0feb4cf8c5727f
Analyzer Verdict Alert quad9 Sinkholed
GET /27/843a9f1226eda0484b879504742bc6d9 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:33 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 03 Feb 2023 06:00:36 GMT
expires: Fri, 05 Mar 2083 06:00:36 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1293
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 05 Feb 2023 21:45:37 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://iegybest.film
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
banquetunarmedgrater.com/advertisers.js
192.243.59.13200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 22ee191d17ab93272e98876aaefaf477
Strict-Transport-Security: max-age=0; includeSubdomains
nanouwho.com/9?z=4807448&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=4807448&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4807448&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://iegybest.film/
Origin: http://iegybest.film
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Feb 2023 21:45:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://iegybest.film
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
nanouwho.com/9?z=4807448&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
139.45.197.242200 OK 7 B URL HTTP/2 nanouwho.com/9?z=4807448&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4807448&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 647
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:33 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: http://iegybest.film
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: dfc23407a77313b646d31c05bde5efc4
access-control-expose-headers: X-Sc
x-sc: bYDhWqbr8NMzP5QGxwK4iaS5tEf1565qf5eTlfshN2cilJzcdVEBlWfskMXn1MYxbMmu6ed47-Bh5GDgop-ztiZQD4w=
set-cookie: scm=1; expires=Mon, 05 Feb 2024 21:45:33 GMT; secure; SameSite=None
OAID=e4f1c924d718441e8fbfd95caf091d6d; expires=Mon, 05 Feb 2024 21:45:33 GMT; secure; SameSite=None
oaidts=1675633533; expires=Mon, 05 Feb 2024 21:45:33 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
iegybest.film/wp-content/uploads/2019/06/9446b3a03e4d5abf3312ca8a021cdf51.ico.png
104.26.4.52200 OK 13 kB URL HTTP/1.1 iegybest.film/wp-content/uploads/2019/06/9446b3a03e4d5abf3312ca8a021cdf51.ico.png
IP 104.26.4.52:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ab3026db50558c0a51f04a3e6b08f84
e45eadc12aa31836cdca48c64ad01a291af775a9
876f8ecb872feb6cbf7238a6c8c39d4e9d855960666992aec489add64dda32e9
GET /wp-content/uploads/2019/06/9446b3a03e4d5abf3312ca8a021cdf51.ico.png HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87-%D9%81%D9%8A%D9%84%D9%85-how-to-train-your-dragon-2-2014-%D9%85%D8%AA%D8%B1%D8%AC%D9%85-1/
Cookie: ppu_show_on_89b37d3f5919bd6072571f91b8b0bd65=1; _ga_XVZ77D8G75=GS1.1.1675633575.1.0.1675633575.0.0.0; _ga=GA1.1.1195508116.1675633575; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c933470b-121d-4c51-8198-52a23d77b834%3A1%3A1; ppu_main_89b37d3f5919bd6072571f91b8b0bd65=1; ppu_exp_89b37d3f5919bd6072571f91b8b0bd65=1675637175422
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Type: image/png
Content-Length: 12950
Connection: keep-alive
Last-Modified: Wed, 10 Mar 2021 20:18:09 GMT
ETag: "60492981-3296"
Expires: Sat, 20 Jan 2024 06:34:58 GMT
Cache-Control: public, max-age=31536000
Pragma: public
CF-Cache-Status: HIT
Age: 1437035
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atWnVWDKKbmxxObvjcJAnpQQmDhCJss0B%2B7jF0GJJifp%2BH%2BNCMVsMln1sA%2BzomIybY%2Fm0Cr88F10UdvmxeXDyRdAdfv0%2BoN2n1hTfWvXNMmUOh%2BzrtAanDt3cWYiTqs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794ed5715f80b509-OSL
alt-svc: h2=":443"; ma=60
region1.google-analytics.com/g/collect?v=2&tid=G-XVZ77D8G75>m=45je3210&_p=46554905&cid=1195508116.1675633575&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675633575&sct=1&seg=0&dl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&dt=%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87%20%D9%81%D9%8A%D9%84%D9%85%20How%20to%20Train%20Your%20Dragon%202%202014%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%20%7C%20%D8%A7%D9%8A%D8%AC%D9%8A%20%D8%A8%D8%B3%D8%AA&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-XVZ77D8G75>m=45je3210&_p=46554905&cid=1195508116.1675633575&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675633575&sct=1&seg=0&dl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&dt=%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87%20%D9%81%D9%8A%D9%84%D9%85%20How%20to%20Train%20Your%20Dragon%202%202014%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%20%7C%20%D8%A7%D9%8A%D8%AC%D9%8A%20%D8%A8%D8%B3%D8%AA&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-XVZ77D8G75>m=45je3210&_p=46554905&cid=1195508116.1675633575&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675633575&sct=1&seg=0&dl=http%3A%2F%2Fiegybest.film%2F%25D9%2585%25D8%25B4%25D8%25A7%25D9%2587%25D8%25AF%25D9%2587-%25D9%2581%25D9%258A%25D9%2584%25D9%2585-how-to-train-your-dragon-2-2014-%25D9%2585%25D8%25AA%25D8%25B1%25D8%25AC%25D9%2585-1%2F&dt=%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D9%87%20%D9%81%D9%8A%D9%84%D9%85%20How%20to%20Train%20Your%20Dragon%202%202014%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%20%7C%20%D8%A7%D9%8A%D8%AC%D9%8A%20%D8%A8%D8%B3%D8%AA&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://iegybest.film
date: Sun, 05 Feb 2023 21:45:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=89b37d3f5919bd6072571f91b8b0bd65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=89b37d3f5919bd6072571f91b8b0bd65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=89b37d3f5919bd6072571f91b8b0bd65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f762fb6191694c5e9558d0aaac4547d3
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=891f1800b21596f130a8a4b16846ef16&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=891f1800b21596f130a8a4b16846ef16&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=891f1800b21596f130a8a4b16846ef16&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iegybest.film/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:33 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 754163a7693455aeb8b138d551a2abde
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9f1c19037f22ccfd4677354840646cc6
24a3682a0febaeceb7d65d57d5f51084ad22602a
20a5b47c2fa2af138dfb7b49f66cb9d5bf7f55ecaf0dceedfbbe395b4a3bef65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "20A5B47C2FA2AF138DFB7B49F66CB9D5BF7F55ECAF0DCEEDFBBE395B4A3BEF65"
Last-Modified: Sat, 04 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1503
Expires: Sun, 05 Feb 2023 22:10:37 GMT
Date: Sun, 05 Feb 2023 21:45:34 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9f1c19037f22ccfd4677354840646cc6
24a3682a0febaeceb7d65d57d5f51084ad22602a
20a5b47c2fa2af138dfb7b49f66cb9d5bf7f55ecaf0dceedfbbe395b4a3bef65
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "20A5B47C2FA2AF138DFB7B49F66CB9D5BF7F55ECAF0DCEEDFBBE395B4A3BEF65"
Last-Modified: Sat, 04 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1503
Expires: Sun, 05 Feb 2023 22:10:37 GMT
Date: Sun, 05 Feb 2023 21:45:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 93 kB IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fdffe49ca407989626cbc32bb3385501
f3edafb171effb2e2e687cd4d8b8fe49585b06db
fa01d3e2771a852f93169ccd18bd4d39c73992105b6668e70a579471d8212484
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10808
Expires: Mon, 06 Feb 2023 00:45:42 GMT
Date: Sun, 05 Feb 2023 21:45:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10808
Expires: Mon, 06 Feb 2023 00:45:42 GMT
Date: Sun, 05 Feb 2023 21:45:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 37293
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 86048
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mujn0m9G4SIcD-5qZiD5kaYHg8x3rDtx-jYus-hrWFx_UjWEMNM_Tw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 04:43:25 GMT
age: 61329
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 64955
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:05:45 GMT
age: 85189
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 24b541b9-8c86-4809-89b7-a1362cd6e18e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fySZsGwIIAMFdaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd9771-75aa28c5276eb59e22c2eb60;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 23:23:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: eQAgAFvGQtRcxnsba86C1-knGrmwpIEYaMEvC8XgSbt4abgDTXGRTw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:43:39 GMT
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
age: 115
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s12.goved.net/i/01/00042/l26ttwrcxllh.jpg
51.159.101.171200 OK 9.3 kB URL HTTP/1.1 s12.goved.net/i/01/00042/l26ttwrcxllh.jpg
IP 51.159.101.171:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.0.100", baseline, precision 8, 720x306, components 3\012- data
Hash a0b9a4f1612a3f32717a29d0eb72dc63
87aa3636ad3da396e1ccc38df81bc2d66a9de59d
c84e113da6a9b5aaecdbbf03d59fd13908c39ace80bcef6aac813de940545fb4
GET /i/01/00042/l26ttwrcxllh.jpg HTTP/1.1
Host: s12.goved.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 21:45:34 GMT
Content-Type: image/jpeg
Content-Length: 9326
Last-Modified: Wed, 16 Mar 2022 21:07:43 GMT
Connection: keep-alive
ETag: "6232519f-246e"
Expires: Sun, 19 Feb 2023 21:45:34 GMT
Cache-Control: max-age=1209600
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4e848fbf9a6fd3ae14aa8449f20ce76f
e4c490c3bfe9a822552656ccb76c02723a75b69e
86eb6d75e6271962337e47124e4abc5167cfce4e81493ab251bc5471ec42b037
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86EB6D75E6271962337E47124E4ABC5167CFCE4E81493AB251BC5471EC42B037"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20187
Expires: Mon, 06 Feb 2023 03:22:01 GMT
Date: Sun, 05 Feb 2023 21:45:34 GMT
Connection: keep-alive
cy.stetssublet.com/r63ae0e569459a63ae0e569459b/40334
23.109.170.49200 OK 25 B URL HTTP/1.1 cy.stetssublet.com/r63ae0e569459a63ae0e569459b/40334
IP 23.109.170.49:0
File type ASCII text, with no line terminators
Hash 2339750dbbbcbd8fe83612a65b72e03d
672074d493c051cffcc96bce7d15f77ec6ef1889
1fa220e7725025343d910d83e9f0e663b82419a3422e5465dc73c092b0853ccd
Analyzer Verdict Alert fortinet Malware
GET /r63ae0e569459a63ae0e569459b/40334 HTTP/1.1
Host: cy.stetssublet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 21:45:34 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://govad.xyz
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 06-Feb-2023 21:45:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Mon, 06-Feb-2023 21:45:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9a7b059c61a936e7ef3c3202f512d5ec
a2c9aebbf89d5aa5e6cd7be474e1ad4f7424b3c3
d0c1b1d6313501efb509bdb9df2f58aec82a2b26e5f490caac44c16ba778f5f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0C1B1D6313501EFB509BDB9DF2F58AEC82A2B26E5F490CAAC44C16BA778F5F2"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Mon, 06 Feb 2023 03:45:15 GMT
Date: Sun, 05 Feb 2023 21:45:34 GMT
Connection: keep-alive
initiallycompetitionunderwear.com/06/8d/e0/068de0f61fc75f93b5ec620b96ffc803.js
192.243.59.13200 OK 21 kB URL HTTP/1.1 initiallycompetitionunderwear.com/06/8d/e0/068de0f61fc75f93b5ec620b96ffc803.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60210), with no line terminators
Hash 2bcb34e8f16cce77eaf50389abedf137
dc3f2f6ae1dea61be892d242b76347653e2e4dbf
499a5dbe9a26f43aec243055cea96a8c84e1bcfff235e32fab35ee0d0a134ef2
Analyzer Verdict Alert quad9 Sinkholed
GET /06/8d/e0/068de0f61fc75f93b5ec620b96ffc803.js HTTP/1.1
Host: initiallycompetitionunderwear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 973695da7e95082fdf974e0897d3a48a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 7f4453adf9d385d4615a8ad0857c467a
f26f84510edfc770c83495cc5a65118e22bf1598
bff1452f43aa25f64debf7d009615dc58ddffb8e4287431cfa88f560a7dda9bd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://govad.xyz
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bd457a076b9b0d92a6d3a180176a04f8
63fa34001a59177b3ca261ef4c9b172c2bfac3e6
75e8417b644fed12bf350a2331fbb3bbbbcad5f5d764cacf2b266fe062c9709d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75E8417B644FED12BF350A2331FBB3BBBBCAD5F5D764CACF2B266FE062C9709D"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3464
Expires: Sun, 05 Feb 2023 22:43:19 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bd457a076b9b0d92a6d3a180176a04f8
63fa34001a59177b3ca261ef4c9b172c2bfac3e6
75e8417b644fed12bf350a2331fbb3bbbbcad5f5d764cacf2b266fe062c9709d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75E8417B644FED12BF350A2331FBB3BBBBCAD5F5D764CACF2B266FE062C9709D"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3464
Expires: Sun, 05 Feb 2023 22:43:19 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5fb1495442167a14a49ba788fefe4ce9
a16c69f4c65a9cd5749f26493d440b5dc32be878
2bff389795848a07abc28a725001d87aab31efde2356ed22ce132c9808602cea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2BFF389795848A07ABC28A725001D87AAB31EFDE2356ED22CE132C9808602CEA"
Last-Modified: Sun, 05 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=90
Expires: Sun, 05 Feb 2023 21:47:05 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5fb1495442167a14a49ba788fefe4ce9
a16c69f4c65a9cd5749f26493d440b5dc32be878
2bff389795848a07abc28a725001d87aab31efde2356ed22ce132c9808602cea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2BFF389795848A07ABC28A725001D87AAB31EFDE2356ED22CE132C9808602CEA"
Last-Modified: Sun, 05 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=90
Expires: Sun, 05 Feb 2023 21:47:05 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
thaudray.com/tag.min.js
139.45.197.237200 OK 24 kB IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1a417e9b10144729d212117089f3a224
6c16ab6489d19d435fd63bc6c8e991190cc886cb
b9f0f73212140bcc34f47ac279ae6c59c239e4135f70694557c8f119e6dece44
Analyzer Verdict Alert fortinet Malware
GET /tag.min.js HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: text/javascript; charset=utf-8
content-length: 23495
content-encoding: br
x-trace-id: 47e8de3c67c8be3c79be65ea6a2732f3
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 03 Feb 2023 10:47:19 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=9f263e5c5929490fa612a60912c6836a
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=9f263e5c5929490fa612a60912c6836a
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 08ef0de521d466821d3b72e384181e98
f9376b8725e4ed916aebe9679752bad9db17828c
26518a6f59eaee817e06b7e7d42f7d49952e9d677c6e82f5b040acff8fdb2dfd
GET /gid.js?userId=9f263e5c5929490fa612a60912c6836a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: ID=e4f1c924d718441e8fbfd95caf091d6d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://govad.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e4f1c924d718441e8fbfd95caf091d6d; expires=Mon, 05 Feb 2024 21:45:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
subscribestormyapprobation.com/pixel/purst?dl=0&th=0&sc=0&rs=1084&rd=1084&fd=606&bv=22.10.v.9&tmpl=70
173.233.137.60200 OK 0 B URL HTTP/1.1 subscribestormyapprobation.com/pixel/purst?dl=0&th=0&sc=0&rs=1084&rd=1084&fd=606&bv=22.10.v.9&tmpl=70
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1084&rd=1084&fd=606&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 21:45:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
subscribestormyapprobation.com/88/eb/09/88eb0903395b835e80c1dbf7a07299e3.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 subscribestormyapprobation.com/88/eb/09/88eb0903395b835e80c1dbf7a07299e3.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37133), with no line terminators
Hash c2cf9b9e5b5f5deb657ba67cf8a98bfc
c21ed6a2e57a8481e107f9ff7a4fdf495924e54a
1fc50db70d9fea657783998c1a1358d51113ea93f2fa5e9e5458c86f97c71858
Analyzer Verdict Alert quad9 Sinkholed
GET /88/eb/09/88eb0903395b835e80c1dbf7a07299e3.js HTTP/1.1
Host: subscribestormyapprobation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 21:45:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4b6f20bc04842b1c5c8e60e840c97bb2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 56cb3cc147c1039f42a8a47894e9bc6d
3cb18b95a8b12c16c05e060b0445285f1203a517
c4160fc080be4a0f945e6f5d423a8e42c2a4f8b048dc032ceb7aef25773f4eb4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4160FC080BE4A0F945E6F5D423A8E42C2A4F8B048DC032CEB7AEF25773F4EB4"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8986
Expires: Mon, 06 Feb 2023 00:15:21 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
nanouwho.com/9?z=4861570&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=4861570&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4861570&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://govad.xyz/
Origin: https://govad.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://govad.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 7f4453adf9d385d4615a8ad0857c467a
f26f84510edfc770c83495cc5a65118e22bf1598
bff1452f43aa25f64debf7d009615dc58ddffb8e4287431cfa88f560a7dda9bd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://govad.xyz
access-control-allow-credentials: true
X-Firefox-Spdy: h2
nanouwho.com/9?z=4861570&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
139.45.197.242200 OK 7 B URL HTTP/2 nanouwho.com/9?z=4861570&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4861570&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 96
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: scm=1; OAID=e4f1c924d718441e8fbfd95caf091d6d; oaidts=1675633533
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://govad.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: e8531d5d696d4716d2fd167838857d22
access-control-expose-headers: X-Sc
set-cookie: OAID=e4f1c924d718441e8fbfd95caf091d6d; expires=Mon, 05 Feb 2024 21:45:35 GMT; secure; SameSite=None
oaidts=1675633533; expires=Mon, 05 Feb 2024 21:45:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bfea74a6190e45e6b339a9ed62e59fd1
52a5787e4375d9012a8653c14cd5c66d68909ffb
f1251329302001bd0d2de99dfe1100887ff6a7b69de4ad2b9a2a718efe6c91d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F1251329302001BD0D2DE99DFE1100887FF6A7B69DE4AD2B9A2A718EFE6C91D1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11551
Expires: Mon, 06 Feb 2023 00:58:06 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
upgulpinon.com/9?z=5030637&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
139.45.197.242204 No Content 0 B URL HTTP/2 upgulpinon.com/9?z=5030637&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9?z=5030637&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://govad.xyz/
Origin: https://govad.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://govad.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5030637&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
139.45.197.242200 OK 7 B URL HTTP/2 upgulpinon.com/9?z=5030637&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
POST /9?z=5030637&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgovad.xyz%2Fembed-l26ttwrcxllh.html&wy=0&wx=0&ww=1280&wh=1024&cw=0&wiw=0&wih=0&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=e4f1c924d718441e8fbfd95caf091d6d HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 96
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: scm=1; OAID=98cd0a61b836460b9c8f643af0f54623; oaidts=1675633535
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://govad.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: ea33008da8f1bb491da9aa3b3d375c6b
access-control-expose-headers: X-Sc
set-cookie: OAID=e4f1c924d718441e8fbfd95caf091d6d; expires=Mon, 05 Feb 2024 21:45:35 GMT; secure; SameSite=None
oaidts=1675633535; expires=Mon, 05 Feb 2024 21:45:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 7f4453adf9d385d4615a8ad0857c467a
f26f84510edfc770c83495cc5a65118e22bf1598
bff1452f43aa25f64debf7d009615dc58ddffb8e4287431cfa88f560a7dda9bd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://govad.xyz
access-control-allow-credentials: true
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bfea74a6190e45e6b339a9ed62e59fd1
52a5787e4375d9012a8653c14cd5c66d68909ffb
f1251329302001bd0d2de99dfe1100887ff6a7b69de4ad2b9a2a718efe6c91d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F1251329302001BD0D2DE99DFE1100887FF6A7B69DE4AD2B9A2A718EFE6C91D1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11551
Expires: Mon, 06 Feb 2023 00:58:06 GMT
Date: Sun, 05 Feb 2023 21:45:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 32f2303686dd97bd505c717191db295e
ec7f36c2f8416458cac98eee989c51c7f880c747
8f093240519e2239d7c63c9236cb862fe2483d9f641c2beb99287b71d69c789e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F093240519E2239D7C63C9236CB862FE2483D9F641C2BEB99287B71D69C789E"
Last-Modified: Sun, 05 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5877
Expires: Sun, 05 Feb 2023 23:23:33 GMT
Date: Sun, 05 Feb 2023 21:45:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 79e65fc8bd6082f7b42e9235efec43f9
f9a2b2c14c1fa6aa4d832c77066452c72b209274
0266d380456e97ee19ae84c54858fc37d227d79292fb731015a874b3d954eb5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0266D380456E97EE19AE84C54858FC37D227D79292FB731015A874B3D954EB5E"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16914
Expires: Mon, 06 Feb 2023 02:27:30 GMT
Date: Sun, 05 Feb 2023 21:45:36 GMT
Connection: keep-alive
thaudray.com/5/4857820/?oo=1&aab=1
139.45.197.237200 OK 16 kB URL HTTP/2 thaudray.com/5/4857820/?oo=1&aab=1
IP 139.45.197.237:0
Hash 4f395d1fc45911e06bec1e4c70691b85
7190c3eada518e80a534b7cc060d423454e0d74b
b90fdb8a6e50b6652dbf3221868751ea41a4bc65899f34c8f830db070959faae
GET /5/4857820/?oo=1&aab=1 HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: application/json
x-trace-id: 526532386852174456494d803b68ddd4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://govad.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=9f263e5c5929490fa612a60912c6836a; expires=Mon, 05 Feb 2024 21:45:35 GMT; path=/; secure; SameSite=None
oaidts=1675633535; expires=Mon, 05 Feb 2024 21:45:35 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=68eba9a57fac9a92450d23d131a319ff&te=57c7f31b15a75f3d399b017f00a28031&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=1&pk=068de0f61fc75f93b5ec620b96ffc803&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=68eba9a57fac9a92450d23d131a319ff&te=57c7f31b15a75f3d399b017f00a28031&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=1&pk=068de0f61fc75f93b5ec620b96ffc803&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c933470b-121d-4c51-8198-52a23d77b834&eb=68eba9a57fac9a92450d23d131a319ff&te=57c7f31b15a75f3d399b017f00a28031&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=1&pk=068de0f61fc75f93b5ec620b96ffc803&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 21:45:36 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b829851a66b1e08555f71b091456eb5
Strict-Transport-Security: max-age=0; includeSubdomains
withenvisagehurt.com/sbar.json?key=88eb0903395b835e80c1dbf7a07299e3&uuid=c933470b-121d-4c51-8198-52a23d77b834%3A1%3A1
192.243.61.227200 OK 4.4 kB URL HTTP/1.1 withenvisagehurt.com/sbar.json?key=88eb0903395b835e80c1dbf7a07299e3&uuid=c933470b-121d-4c51-8198-52a23d77b834%3A1%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6213), with no line terminators
Hash 9fcaf4d38ca5627ad1dbbc4432e9a694
18c52dea55c3d65ff4f654794ddae05146e3fb41
7bb682b2772096546f9825d896adf394f2ed1a7b08a5a709c9c0df53b49097e9
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=88eb0903395b835e80c1dbf7a07299e3&uuid=c933470b-121d-4c51-8198-52a23d77b834%3A1%3A1 HTTP/1.1
Host: withenvisagehurt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 21:45:36 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://govad.xyz
Access-Control-Allow-Origin: https://govad.xyz
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17572910; expires=Mon, 06 Feb 2023 21:45:36 GMT; secure; SameSite=None
uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1; expires=Sun, 12 Feb 2023 21:45:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 Feb 2023 21:45:36 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 Feb 2023 21:45:36 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 06 Feb 2023 21:45:36 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 06 Feb 2023 21:45:36 GMT; secure; SameSite=None
slec88eb0903395b835e80c1dbf7a07299e3=[3952979]; expires=Sun, 05 Feb 2023 21:45:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6acb739dbdbe5c2ac5cb43acb9e3c08e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5fc2e5e3dacb5f1694d1a313e41dfeff
a2b4b4257d0b674a067709e7fb363aaefb49b527
9bbe470357f73baef6b70ea5c067c0f513822d705a2b7b1c5c5b3711b90dfd11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BBE470357F73BAEF6B70EA5C067C0F513822D705A2B7B1C5C5B3711B90DFD11"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9611
Expires: Mon, 06 Feb 2023 00:25:47 GMT
Date: Sun, 05 Feb 2023 21:45:36 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.3200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:36 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sun, 05 Feb 2023 22:45:36 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
withenvisagehurt.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2scZRj%2Bpran6qHixUNhxB4UzHZmZ6c7Y4VgrZFgTWJTCXj7fs3mM7PzDd83s7MJItGCFE%2FrTfAyeTZpsBa1f4BQNl5sTq6I7MEo%2BCcIHkV2sxh8YeZ93%2B95D%2B%2FzPO%2Bne%2BUJ8VDSydo7ekelKb0aNjz3pQ2VCV1Zd%2BWO63sN77q7obJrretuf%2FozvVd9L2x4L7tvSb6lrzY93%2FN8z3eXlJGJ7l%2BdoVD5w9hvxF6j1Wz4YQt98%2F%2Felg4sdSB6J%2BRZKDG%2BsPnjIyg%2BQtb97qa0W4XOX3mzW6a00AY9cfhetpXpKkP3rEyMgyQ7nE9D2zEhX5yDzg7nDKB7%2B1MGYGpMnF99sOxwviZY7%2BB0U5ZCZmDiIqreCDIdQdERuL4LJX4iABdYWUXWvb%2BiTUW3T1E6Rcfk%2FN9%2FQVVjcv6355B1v7mRqr67rtOyUDqz6Cc1VH8E1RkhL49Q7DhQ1RF48QmUIMi6NZSYXOFxELTaHlvwm75YaPHQX4j8OFoIm7QZiHabRUFrJo1SI6hkhFQOQK2DcvopB2XioMwddMXEpWGceF47YUkQRC3OeRBwHkbXRCiCVpR4KPl09wGKfACeDsDNLnKziy01gCkfw27WsMKBLQh6okYlCSpLUFGCShFUBUHVqw9Eapu2vi9SWzJ%2FnpvzHNRDXXT26IEuOjIje%2FkJuTQVzHn6SgNbcuJGkWRe7AVBHLIoCGXkcV%2BwpE29djOOZQCraih7bkZzR43J5ScRcjU1%2BBkwegSbHoGrS6DlZdBq2G56oJvDVuRhJ3vQU4LRbkObDoSukRfnUWw7e%2BkJeX5m22vvrkPy48Unj%2F%2F87CO7D25q5KbGB%2BoHgk56b3hbV2T%2Ftq4sebSaF6qrdujU0vWCFvLCg7fldqWNWL5pB1%2B9zqfAtHx4R9riFs2EyjqWfH1DCSHNkjZcku%2BX7YZka6XdvFGarMxvrb2xtNzNjbRW6WwEOiX28YfgakwuOtnsXN3%2BCZQZwZQ1uuUxmQeUPgLPd2Hz48Vv6T8vTLIvYTWBSc9mWO6gKuuhabKzx1QRpPKsp6yGlceLv6z%2Bfl28fxlM%2FifInr2HjnFAi7uzI%2B2ZGr20Bk0HsOVTwyI3x4s%2FB7MAS50hS42zz1KTfn4qrlUTV4aJl0ivKVkSz5wVcdKKGY192WYh9VHYMf%2Fjxd1%2FAQAA%2F%2F8BAAD%2F%2FzJDbXiGBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 withenvisagehurt.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2scZRj%2Bpran6qHixUNhxB4UzHZmZ6c7Y4VgrZFgTWJTCXj7fs3mM7PzDd83s7MJItGCFE%2FrTfAyeTZpsBa1f4BQNl5sTq6I7MEo%2BCcIHkV2sxh8YeZ93%2B95D%2B%2FzPO%2Bne%2BUJ8VDSydo7ekelKb0aNjz3pQ2VCV1Zd%2BWO63sN77q7obJrretuf%2FozvVd9L2x4L7tvSb6lrzY93%2FN8z3eXlJGJ7l%2BdoVD5w9hvxF6j1Wz4YQt98%2F%2Felg4sdSB6J%2BRZKDG%2BsPnjIyg%2BQtb97qa0W4XOX3mzW6a00AY9cfhetpXpKkP3rEyMgyQ7nE9D2zEhX5yDzg7nDKB7%2B1MGYGpMnF99sOxwviZY7%2BB0U5ZCZmDiIqreCDIdQdERuL4LJX4iABdYWUXWvb%2BiTUW3T1E6Rcfk%2FN9%2FQVVjcv6355B1v7mRqr67rtOyUDqz6Cc1VH8E1RkhL49Q7DhQ1RF48QmUIMi6NZSYXOFxELTaHlvwm75YaPHQX4j8OFoIm7QZiHabRUFrJo1SI6hkhFQOQK2DcvopB2XioMwddMXEpWGceF47YUkQRC3OeRBwHkbXRCiCVpR4KPl09wGKfACeDsDNLnKziy01gCkfw27WsMKBLQh6okYlCSpLUFGCShFUBUHVqw9Eapu2vi9SWzJ%2FnpvzHNRDXXT26IEuOjIje%2FkJuTQVzHn6SgNbcuJGkWRe7AVBHLIoCGXkcV%2BwpE29djOOZQCraih7bkZzR43J5ScRcjU1%2BBkwegSbHoGrS6DlZdBq2G56oJvDVuRhJ3vQU4LRbkObDoSukRfnUWw7e%2BkJeX5m22vvrkPy48Unj%2F%2F87CO7D25q5KbGB%2BoHgk56b3hbV2T%2Ftq4sebSaF6qrdujU0vWCFvLCg7fldqWNWL5pB1%2B9zqfAtHx4R9riFs2EyjqWfH1DCSHNkjZcku%2BX7YZka6XdvFGarMxvrb2xtNzNjbRW6WwEOiX28YfgakwuOtnsXN3%2BCZQZwZQ1uuUxmQeUPgLPd2Hz48Vv6T8vTLIvYTWBSc9mWO6gKuuhabKzx1QRpPKsp6yGlceLv6z%2Bfl28fxlM%2FifInr2HjnFAi7uzI%2B2ZGr20Bk0HsOVTwyI3x4s%2FB7MAS50hS42zz1KTfn4qrlUTV4aJl0ivKVkSz5wVcdKKGY192WYh9VHYMf%2Fjxd1%2FAQAA%2F%2F8BAAD%2F%2FzJDbXiGBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2scZRj%2Bpran6qHixUNhxB4UzHZmZ6c7Y4VgrZFgTWJTCXj7fs3mM7PzDd83s7MJItGCFE%2FrTfAyeTZpsBa1f4BQNl5sTq6I7MEo%2BCcIHkV2sxh8YeZ93%2B95D%2B%2FzPO%2Bne%2BUJ8VDSydo7ekelKb0aNjz3pQ2VCV1Zd%2BWO63sN77q7obJrretuf%2FozvVd9L2x4L7tvSb6lrzY93%2FN8z3eXlJGJ7l%2BdoVD5w9hvxF6j1Wz4YQt98%2F%2Felg4sdSB6J%2BRZKDG%2BsPnjIyg%2BQtb97qa0W4XOX3mzW6a00AY9cfhetpXpKkP3rEyMgyQ7nE9D2zEhX5yDzg7nDKB7%2B1MGYGpMnF99sOxwviZY7%2BB0U5ZCZmDiIqreCDIdQdERuL4LJX4iABdYWUXWvb%2BiTUW3T1E6Rcfk%2FN9%2FQVVjcv6355B1v7mRqr67rtOyUDqz6Cc1VH8E1RkhL49Q7DhQ1RF48QmUIMi6NZSYXOFxELTaHlvwm75YaPHQX4j8OFoIm7QZiHabRUFrJo1SI6hkhFQOQK2DcvopB2XioMwddMXEpWGceF47YUkQRC3OeRBwHkbXRCiCVpR4KPl09wGKfACeDsDNLnKziy01gCkfw27WsMKBLQh6okYlCSpLUFGCShFUBUHVqw9Eapu2vi9SWzJ%2FnpvzHNRDXXT26IEuOjIje%2FkJuTQVzHn6SgNbcuJGkWRe7AVBHLIoCGXkcV%2BwpE29djOOZQCraih7bkZzR43J5ScRcjU1%2BBkwegSbHoGrS6DlZdBq2G56oJvDVuRhJ3vQU4LRbkObDoSukRfnUWw7e%2BkJeX5m22vvrkPy48Unj%2F%2F87CO7D25q5KbGB%2BoHgk56b3hbV2T%2Ftq4sebSaF6qrdujU0vWCFvLCg7fldqWNWL5pB1%2B9zqfAtHx4R9riFs2EyjqWfH1DCSHNkjZcku%2BX7YZka6XdvFGarMxvrb2xtNzNjbRW6WwEOiX28YfgakwuOtnsXN3%2BCZQZwZQ1uuUxmQeUPgLPd2Hz48Vv6T8vTLIvYTWBSc9mWO6gKuuhabKzx1QRpPKsp6yGlceLv6z%2Bfl28fxlM%2FifInr2HjnFAi7uzI%2B2ZGr20Bk0HsOVTwyI3x4s%2FB7MAS50hS42zz1KTfn4qrlUTV4aJl0ivKVkSz5wVcdKKGY192WYh9VHYMf%2Fjxd1%2FAQAA%2F%2F8BAAD%2F%2FzJDbXiGBAAA HTTP/1.1
Host: withenvisagehurt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: u_pl=17572910; uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 21:45:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa1ece5e26276b6af63dc65e0cbb4170
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15602
Expires: Mon, 06 Feb 2023 02:05:38 GMT
Date: Sun, 05 Feb 2023 21:45:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15602
Expires: Mon, 06 Feb 2023 02:05:38 GMT
Date: Sun, 05 Feb 2023 21:45:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dee62a2a013d4ee8d946cfdb1f4be459
17d8d9f9e538b311321383f7a26f258730f6fe52
e25753484ff7daa3fe858dcf3173286fe242afd6fd13732f8fc38b7b7940a7ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E25753484FF7DAA3FE858DCF3173286FE242AFD6FD13732F8FC38B7B7940A7CA"
Last-Modified: Sun, 05 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5833
Expires: Sun, 05 Feb 2023 23:22:50 GMT
Date: Sun, 05 Feb 2023 21:45:37 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
45.133.44.9200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:37 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Tue, 07 Feb 2023 21:45:37 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15601
Expires: Mon, 06 Feb 2023 02:05:38 GMT
Date: Sun, 05 Feb 2023 21:45:37 GMT
Connection: keep-alive
withenvisagehurt.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br7ar6qLixkXhiV0omOn7MdN5Y4VgrZFgTWJTCbi7v2ZyzZ13H%2Fe%2BN28SRKIFKa7GneDm5ZukwVrU%2FgFCmbixWTkiMguj4J8guBSZyWDwwHvnnPudxfm%2B73y6V5yQAAWdrL1jdpTW9GqjFvgvbahUmNL5K3f8MKgF1%2F0NlV6rX%2Ff705%2FtvRoGjVrwsv%2BW5FvmahSEQRAGob%2BkrGyb%2FtUZCpU9bIW1VlCrR7WwUUff%2Fr93hQdHPYjeCXkWSowvbP74CIqPkHa%2FuyndVm6yV97sFprmxqInDt9Lt1JTpuielW3roZ0ezqdh3JiQL87BpIdzBjC9%2FSkDMDUm3q8hWHo4XxOsd3C6KdOQKZi4iLI3gtQjKDoCN3ehxE8E4AIrq0i791eMLen2KUqn6Jic%2F%2FsvqHJMzv%2F2HNLuNze06vvrRhe5MqlDv11B9UdQnRGy4gj5jgdVHoHnn0AJgrRbQYnJFd6K43ozYAthFIqFOm%2BEC0nYShYaEY1i0WyyJK7PpFFqBNUeQcsBqPNQTD%2FloWh7KDIPXTHxaaPVDoJmm7XjOKlzzuOY80ZyTTREXE%2FaAQo%2B3X2APBuA6wG43UVmd7GlBrDFY7jNCk54cDlBT1QoJUHpCEpKUCqCMicoe9WB0C5y1X2hXcHCeY7mOa6GJu%2Fs0QOTd2RK9rITcmkqmPf0lRq25MRPEsmCVhDHrQZL4oZMAh4K1m7SoBm1WjKGUxWUOzejuaPG5PKTBJmaGvwMGD2C00fg6hJocRm0HDajAHRzWE8C7KQPekow2q0Z24EwFbL8PPJtb0%2BfkOdntr327jokP1588vjPzz5y%2B%2BC2QmYrfKB%2BIOjoe8PbpiT7t03pyKPVLFddtUOnlq7nNJcXHrwtt0tjxfJNN%2FjqdT4FpuXDO9Llt2gqVNpx5OsbSghpl4zlkny%2F7DYkWyvc5o3CpkV2a%2B2NpeVuZqVzyqQj0Cmxjz8EV2Ny0Utn5%2Br3T6DsCLao0C2OyTygzBF4tguXHS9%2BS%2F95YZJ%2BCWcIrD6bYZmHsqiGNmJnj1oRaHnWU1bByePFX1Z%2Fvy7evwwm%2FxNkz91Dx3qg%2Bd3ZkfZshZ6uQPUArnhqmGf2ePHneBZg2hsybb19pq3%2B%2FFRcpyZ%2BI6zLhCVNLgSTXITNKE7iIIiEqDdbMmwhd2P%2Bx4u7%2FwIAAP%2F%2FAQAA%2F%2F8mS%2BOehgQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 withenvisagehurt.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br7ar6qLixkXhiV0omOn7MdN5Y4VgrZFgTWJTCbi7v2ZyzZ13H%2Fe%2BN28SRKIFKa7GneDm5ZukwVrU%2FgFCmbixWTkiMguj4J8guBSZyWDwwHvnnPudxfm%2B73y6V5yQAAWdrL1jdpTW9GqjFvgvbahUmNL5K3f8MKgF1%2F0NlV6rX%2Ff705%2FtvRoGjVrwsv%2BW5FvmahSEQRAGob%2BkrGyb%2FtUZCpU9bIW1VlCrR7WwUUff%2Fr93hQdHPYjeCXkWSowvbP74CIqPkHa%2FuyndVm6yV97sFprmxqInDt9Lt1JTpuielW3roZ0ezqdh3JiQL87BpIdzBjC9%2FSkDMDUm3q8hWHo4XxOsd3C6KdOQKZi4iLI3gtQjKDoCN3ehxE8E4AIrq0i791eMLen2KUqn6Jic%2F%2FsvqHJMzv%2F2HNLuNze06vvrRhe5MqlDv11B9UdQnRGy4gj5jgdVHoHnn0AJgrRbQYnJFd6K43ozYAthFIqFOm%2BEC0nYShYaEY1i0WyyJK7PpFFqBNUeQcsBqPNQTD%2FloWh7KDIPXTHxaaPVDoJmm7XjOKlzzuOY80ZyTTREXE%2FaAQo%2B3X2APBuA6wG43UVmd7GlBrDFY7jNCk54cDlBT1QoJUHpCEpKUCqCMicoe9WB0C5y1X2hXcHCeY7mOa6GJu%2Fs0QOTd2RK9rITcmkqmPf0lRq25MRPEsmCVhDHrQZL4oZMAh4K1m7SoBm1WjKGUxWUOzejuaPG5PKTBJmaGvwMGD2C00fg6hJocRm0HDajAHRzWE8C7KQPekow2q0Z24EwFbL8PPJtb0%2BfkOdntr327jokP1588vjPzz5y%2B%2BC2QmYrfKB%2BIOjoe8PbpiT7t03pyKPVLFddtUOnlq7nNJcXHrwtt0tjxfJNN%2FjqdT4FpuXDO9Llt2gqVNpx5OsbSghpl4zlkny%2F7DYkWyvc5o3CpkV2a%2B2NpeVuZqVzyqQj0Cmxjz8EV2Ny0Utn5%2Br3T6DsCLao0C2OyTygzBF4tguXHS9%2BS%2F95YZJ%2BCWcIrD6bYZmHsqiGNmJnj1oRaHnWU1bByePFX1Z%2Fvy7evwwm%2FxNkz91Dx3qg%2Bd3ZkfZshZ6uQPUArnhqmGf2ePHneBZg2hsybb19pq3%2B%2FFRcpyZ%2BI6zLhCVNLgSTXITNKE7iIIiEqDdbMmwhd2P%2Bx4u7%2FwIAAP%2F%2FAQAA%2F%2F8mS%2BOehgQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2Br7ar6qLixkXhiV0omOn7MdN5Y4VgrZFgTWJTCbi7v2ZyzZ13H%2Fe%2BN28SRKIFKa7GneDm5ZukwVrU%2FgFCmbixWTkiMguj4J8guBSZyWDwwHvnnPudxfm%2B73y6V5yQAAWdrL1jdpTW9GqjFvgvbahUmNL5K3f8MKgF1%2F0NlV6rX%2Ff705%2FtvRoGjVrwsv%2BW5FvmahSEQRAGob%2BkrGyb%2FtUZCpU9bIW1VlCrR7WwUUff%2Fr93hQdHPYjeCXkWSowvbP74CIqPkHa%2FuyndVm6yV97sFprmxqInDt9Lt1JTpuielW3roZ0ezqdh3JiQL87BpIdzBjC9%2FSkDMDUm3q8hWHo4XxOsd3C6KdOQKZi4iLI3gtQjKDoCN3ehxE8E4AIrq0i791eMLen2KUqn6Jic%2F%2FsvqHJMzv%2F2HNLuNze06vvrRhe5MqlDv11B9UdQnRGy4gj5jgdVHoHnn0AJgrRbQYnJFd6K43ozYAthFIqFOm%2BEC0nYShYaEY1i0WyyJK7PpFFqBNUeQcsBqPNQTD%2FloWh7KDIPXTHxaaPVDoJmm7XjOKlzzuOY80ZyTTREXE%2FaAQo%2B3X2APBuA6wG43UVmd7GlBrDFY7jNCk54cDlBT1QoJUHpCEpKUCqCMicoe9WB0C5y1X2hXcHCeY7mOa6GJu%2Fs0QOTd2RK9rITcmkqmPf0lRq25MRPEsmCVhDHrQZL4oZMAh4K1m7SoBm1WjKGUxWUOzejuaPG5PKTBJmaGvwMGD2C00fg6hJocRm0HDajAHRzWE8C7KQPekow2q0Z24EwFbL8PPJtb0%2BfkOdntr327jokP1588vjPzz5y%2B%2BC2QmYrfKB%2BIOjoe8PbpiT7t03pyKPVLFddtUOnlq7nNJcXHrwtt0tjxfJNN%2FjqdT4FpuXDO9Llt2gqVNpx5OsbSghpl4zlkny%2F7DYkWyvc5o3CpkV2a%2B2NpeVuZqVzyqQj0Cmxjz8EV2Ny0Utn5%2Br3T6DsCLao0C2OyTygzBF4tguXHS9%2BS%2F95YZJ%2BCWcIrD6bYZmHsqiGNmJnj1oRaHnWU1bByePFX1Z%2Fvy7evwwm%2FxNkz91Dx3qg%2Bd3ZkfZshZ6uQPUArnhqmGf2ePHneBZg2hsybb19pq3%2B%2FFRcpyZ%2BI6zLhCVNLgSTXITNKE7iIIiEqDdbMmwhd2P%2Bx4u7%2FwIAAP%2F%2FAQAA%2F%2F8mS%2BOehgQAAA%3D%3D HTTP/1.1
Host: withenvisagehurt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: u_pl=17572910; uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 21:45:37 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f24ae95134c5c9e8c9d6d2d3fdfbcee3
Strict-Transport-Security: max-age=0; includeSubdomains
withenvisagehurt.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL HTTP/1.1 withenvisagehurt.com/pixel/sbs?c=1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: withenvisagehurt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Cookie: u_pl=17572910; uid_id2=c933470b-121d-4c51-8198-52a23d77b834:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 21:45:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
iegybest.film/wp-content/themes/old/Standard/UI/js/standard.js?ver=1.0
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/js/standard.js?ver=1.0
IP 104.26.4.52:0
GET /wp-content/themes/old/Standard/UI/js/standard.js?ver=1.0 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/javascript
last-modified: Thu, 21 Oct 2021 09:07:36 GMT
etag: W/"61712dd8-18a7"
expires: Fri, 24 Nov 2023 17:20:49 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 6323083
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3ZaZqNa9RLxPncxHMYQi944im6zDtUuwuIEvI5pUPI9dPE4d%2BL2WpxCqSRf4%2FkZa8%2BgEBi1yDyrtY20bY0WGfeiZDw%2BxLB2n3JushXa60zfgxIexnKprot21f%2B4EYs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569cf710b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
iegybest.film/wp-includes/css/classic-themes.min.css?ver=1
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-includes/css/classic-themes.min.css?ver=1
IP 104.26.4.52:0
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 21:06:33 GMT
etag: W/"639251d9-d9"
expires: Fri, 08 Dec 2023 21:12:41 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 5099571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3MZHX3MFO%2FJzgbdJUtAzJPMq0SpiEc0wGKHxBaIY9DwzJzlN%2FiPEnaXk2Gg0FhoMJSMlySmldqTuqQ%2BOKqjbzRyisvw5NsoSTNxcMxzST5l1vhdJWtzR3rvr3fqdR4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569cf6f0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP 172.64.167.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:37 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GuNzxWXYSYfe7oNvPhCTiQ2sjAnzr%2F4yP0UASrR9p5VwNHEeA%2BUPvoVs4xoOgfix4L69XYqObezKuRZcKELm0BCYThNrg1Ukzf%2Bq9EsaNC6XlLlys3PbRx9X7K6Xx%2BLuspE0D2JVFW4r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed5858a35775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:35 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2e814d7edf428be0f4005c4fdb051eb1
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 05 Feb 2023 21:45:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVpO4PuvNaccbnFzFVGQzZCX%2B%2F3mucGDIdWXgqxeTCXAKaACWGrPS7BajYvpDZvK%2F0%2B2M5IMTGt0t4jRLauBvocnhWJsZhNYZhREoMY5MyU47lt4B1YKchy%2FbPK2nc7IKyiei50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed57d7b047302-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
iegybest.film/wp-includes/js/jquery/jquery.js
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-includes/js/jquery/jquery.js
IP 104.26.4.52:0
GET /wp-includes/js/jquery/jquery.js HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 21:06:33 GMT
etag: W/"639251d9-46c28"
expires: Fri, 19 Jan 2024 03:45:06 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 1533626
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9oet7zZk5cWGQfy7Sjm0mcXN5vLSPRMN0yDNRXhMB9zbCIkaId6jEAT4sViuP7XoSfBhPhy7g0hYzZMDZ2xn8X3RzGmGZkAeq01mycMl2Bd3J1niLzzF42GxaMcCnQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569ffaa0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
govad.xyz/embed-l26ttwrcxllh.html
104.21.84.126200 OK 0 B URL HTTP/2 govad.xyz/embed-l26ttwrcxllh.html
IP 104.21.84.126:0
GET /embed-l26ttwrcxllh.html HTTP/1.1
Host: govad.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:34 GMT
content-type: text/html; charset=UTF-8
expires: Sat, 04 Feb 2023 21:45:34 GMT
x-frame-options: 1
set-cookie: lang=1; domain=.govad.xyz; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l0AWI%2BkfV17y2iAv4MhOdqEmfmlnP6stkXE%2FLwfnKY%2FqDn7magUu46inLERl8BaVSCgeNcn1Zl4a%2BwQMTvRdsYaAP9to1x3X6%2FiB1iq3KYQ%2BZEnyrLxLwNr0NME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794ed573a9afb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
govad.xyz/js/xupload.js
104.21.84.126200 OK 0 B IP 104.21.84.126:0
GET /js/xupload.js HTTP/1.1
Host: govad.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/embed-l26ttwrcxllh.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:34 GMT
content-type: application/javascript
last-modified: Tue, 17 Jul 2018 08:27:00 GMT
etag: W/"2659-5712db5bbbd00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Q56qK%2FQtQ36%2BBquUOkBdxoRE%2FoPkM8ddfR6udP8EUhiJDkowWb0rnO823T1IV9rlH8mc38EKT%2BwD%2BnUgt2clLv9sF%2BoFzDkqWpEQgw5g0qw%2BM4WkZRX2r0kw6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed575bc8eb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
govad.xyz/css/main.css
104.21.84.126200 OK 0 B IP 104.21.84.126:0
GET /css/main.css HTTP/1.1
Host: govad.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/embed-l26ttwrcxllh.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:34 GMT
content-type: text/css
last-modified: Tue, 10 Jul 2018 11:12:00 GMT
etag: W/"bd7b-570a332ee2000"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKOU5%2FnM34EeDWUeHORqVvisSgheMy8%2BCgBgDnq7sLeWZknvLsQVnFnXG4jr04GeUVNTxsJ2gyv0V4TZkFaEfd9nS0EXmjUn1fooxcbvViz0Cr3FXT6tYzvEb9c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed575bc87b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
govad.xyz/player8/jwplayer.js
104.21.84.126200 OK 0 B URL HTTP/2 govad.xyz/player8/jwplayer.js
IP 104.21.84.126:0
GET /player8/jwplayer.js HTTP/1.1
Host: govad.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/embed-l26ttwrcxllh.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:34 GMT
content-type: application/javascript
last-modified: Thu, 17 Jun 2021 10:05:11 GMT
etag: W/"1b948-5c4f357b303c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoiahcfY9VTdtbiDLVlrhdUjizuaZot20AcLm1URTgar0Nn3Nx%2F35sAA85Zzwl4BYin5Gb966nxVy5ugyipleLEkZpKuM3W5eLfONkowyn9d0qj%2FBY7nHSWVswA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed575cc94b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.167.9:0
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://govad.xyz
Connection: keep-alive
Referer: https://govad.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:37 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FOC5xlqcl3XcRmdM2K%2FFhRtxahSmYWK63YOgDIEoC79up17lnqrW7XMATSV7463LYiBZK5kWL9wApYFsECJBCpKRH2VVZIkzdlXvY0Sp%2BxIFSmyMvY5j3AFw3ldF86SE3DvPYdGQ9ldI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed5858a44775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/css/default.min.css?ver=6.1.1
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/css/default.min.css?ver=6.1.1
IP 104.26.4.52:0
GET /wp-content/themes/old/Standard/UI/css/default.min.css?ver=6.1.1 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: text/css
last-modified: Thu, 21 Oct 2021 09:07:36 GMT
etag: W/"61712dd8-20cb"
expires: Fri, 08 Dec 2023 21:12:41 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: HIT
age: 5099571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvB0Y5OzkuKtItyqgeJujSG%2Bz9%2B5Pm40%2F1Vs3HmB8DqCznL2mxG1pRsY2bHc85LPBeoTluQcIMQrdRdGdUcIrwtZfjMyH3ZT08rDPBK8EjdAyf2TeyWgZfj6iIHZbT8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569cf7d0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/js/script.js?ver=1618306100
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/js/script.js?ver=1618306100
IP 104.26.4.52:0
GET /wp-content/themes/old/Standard/UI/js/script.js?ver=1618306100 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: application/javascript
last-modified: Sun, 20 Feb 2022 15:51:27 GMT
etag: W/"6212637f-25db"
expires: Mon, 05 Feb 2024 21:45:32 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ddn0IBW%2F51%2FyJ9pXAkk4z46o9Z8tCcR0OOQiQ7Z%2Fz4m9tuACSe%2B20dMakVHJ0hMc8HgoR2zVwMf7crtep4LtYpiVEFdIMxB%2Bt%2FsBzlh2a9o1d1MYW5JlRfbsZgCfivM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569cf720b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/style.css?74868831
104.26.4.52200 OK 0 B URL HTTP/2 iegybest.film/wp-content/themes/old/style.css?74868831
IP 104.26.4.52:0
GET /wp-content/themes/old/style.css?74868831 HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: text/css
last-modified: Mon, 31 Oct 2022 23:15:42 GMT
etag: W/"6360571e-396b"
expires: Mon, 05 Feb 2024 21:45:32 GMT
cache-control: public, max-age=31536000
pragma: public
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FN5xqxroisX8rkdw8KeTELri14Z2PbA7j%2B4LILAs2Ygn5QZ6ZgSovvmj7wGR%2Bp4n58iEaLlkVSI3i%2BVp%2BQKalzN%2FTmcHn1AyQrBCBXoAP3Fgi%2BM3up8i1Fmmy5JRaQs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed569ffa20b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
iegybest.film/wp-content/themes/old/Standard/UI/fonts/Droid.Arabic.Kufi_DownloadSoftware.iR_.ttf
104.26.4.52404 Not Found 0 B URL HTTP/2 iegybest.film/wp-content/themes/old/Standard/UI/fonts/Droid.Arabic.Kufi_DownloadSoftware.iR_.ttf
IP 104.26.4.52:0
GET /wp-content/themes/old/Standard/UI/fonts/Droid.Arabic.Kufi_DownloadSoftware.iR_.ttf HTTP/1.1
Host: iegybest.film
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://iegybest.film
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Sun, 05 Feb 2023 21:45:32 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCMgZ0nFi7xm%2BRFxSfCV5xL3W7KWLYZBKROPcQ9njcR0HAeeEhbFXdIRWEXSdj8xe0EqKEBaJnst1Jr87BcWeKgks92IPUPMkwWhiIW6NXX4Jk8OPsQjW52cp2PbXBU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56a88530b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.89.122200 OK 0 B IP 104.21.89.122:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://iegybest.film/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:33 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:52 GMT
etag: W/"63dd36bc-43b7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4049
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yb5X%2FXuLAP%2BLa%2BiqQ5LNETHk4ic1rSKSstMFrzS8FJDSFrdlE%2FPUFTgAehyu2jt%2FrxLJ%2BaN8anTykx5pqLsG5lbWZ6buhBrEBxJ4ry85SvEObpoS2HnBt50eBeA5zg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed56e08e60b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
govad.xyz/js/jquery.cookie.js
104.21.84.126200 OK 0 B URL HTTP/2 govad.xyz/js/jquery.cookie.js
IP 104.21.84.126:0
GET /js/jquery.cookie.js HTTP/1.1
Host: govad.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://govad.xyz/embed-l26ttwrcxllh.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 21:45:34 GMT
content-type: application/javascript
last-modified: Tue, 31 May 2011 04:53:00 GMT
etag: W/"10eb-4a48b2da46300"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FOlpd5eduOptL9JI12v2s9%2FPBDd6%2BB3OO5TOOOKmOb67IvVM46OJvjf7%2BY6ze3aD2Icrmwr4W94R09S%2BksAYJN3oRSczhji1Xg3v8QpZTcSbuEwkeyVRiwcbJYQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794ed575bc92b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2