Report - ww1.cuevana3.to/?s=rick+y+morty

Report Overview

URL

ww1.cuevana3.to/?s=rick+y+morty
IP

188.114.97.1

ASN

#13335 CLOUDFLARENET
Submitted

2023-01-29T20:57:54Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

2
Threat Detection Systems

12

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
uniformyeah.com (2)	unknown	2023-01-24T15:08:43Z	2023-01-29T21:57:56Z	790	35538	173.233.137.52
ocsp.sca1b.amazontrust.com (2)	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700	1948	54.230.245.110
v1.addthisedge.com (1)	1721	2019-05-22T20:56:22Z	2023-03-13T05:11:57Z	421	869	23.38.200.123
s4.histats.com (1)	12782	2012-05-21T19:14:14Z	2023-03-13T05:19:20Z	655	179	54.39.156.32
firefox.settings.services.mozilla.com (1)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	337	1430	35.241.9.150
ocsp.digicert.com (3)	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1023	1632	93.184.220.29
banquetunarmedgrater.com (1)	unknown	2022-08-04T17:12:50Z	2023-03-13T05:26:56Z	374	327	173.233.139.164
use.fontawesome.com (2)	942	2017-01-30T05:43:25Z	2023-03-13T05:09:17Z	961	155480	172.64.132.15
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	52.33.66.202
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3246	50884	34.120.237.76
s10.histats.com (2)	15211	2012-05-21T19:14:14Z	2023-03-13T05:19:20Z	744	11019	46.105.201.240
m.addthis.com (1)	1448	2013-11-06T21:12:22Z	2023-03-13T08:48:31Z	742	360	23.38.200.123
cdn.creative-bars1.com (5)	unknown	2022-11-15T17:46:22Z	2023-03-13T05:15:48Z	2105	10196	172.64.167.9
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	377	1635	142.250.74.106
cdn.barscreative1.com (1)	25648	2021-09-16T13:14:42Z	2023-03-13T08:33:41Z	449	386	45.133.44.3
ww1.cuevana3.to (16)	unknown	2023-01-24T22:29:45Z	2023-01-29T03:27:13Z	7072	85291	188.114.97.1
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413	5855	34.160.144.191
s7.addthis.com (5)	1504	2012-05-21T05:34:04Z	2023-03-13T05:11:56Z	2105	224736	23.38.200.123
simplewebanalysis.com (1)	unknown	2022-02-25T05:06:25Z	2023-03-13T08:33:39Z	391	408	35.156.167.37
experimentalconcerningsuck.com (1)	unknown	2023-01-23T03:36:22Z	2023-03-02T14:09:59Z	457	467	192.243.59.13
excretekings.com (4)	unknown	2023-01-18T05:03:14Z	2023-03-10T02:14:35Z	4597	7482	192.243.61.227
friendshipmale.com (1)	unknown	2022-10-21T14:15:25Z	2023-03-13T08:33:43Z	360	28076	172.64.202.23
fonts.gstatic.com (2)	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	962	33267	216.58.207.227
r3.o.lencr.org (17)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	5746	15069	23.36.76.226
ocsp.pki.goog (7)	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2429	4917	142.250.74.131
e1.o.lencr.org (3)	6159	2021-08-20T09:36:30Z	2023-03-13T05:21:46Z	1014	2186	23.36.76.226
z.moatads.com (1)	374	2014-02-11T17:19:47Z	2023-03-13T05:10:11Z	390	1412	23.38.201.146
api-public.addthis.com (3)	4111	2012-05-21T15:44:35Z	2023-03-13T05:19:27Z	1501	1515	23.38.200.123
cdn.cloudimagesb.com (1)	23099	2021-02-12T17:15:41Z	2023-03-13T05:15:48Z	401	32882	45.133.44.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-29T20:57:52Z	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-29T20:57:52Z	medium	Client IP	Internal IP	ET DNS Query for .to TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k4%2Fml%2BqHoKAAtqAACa9ndvZrSBERQlCUYFtJwBLd%2B5r1Y9%2FOG703s7O2KAxBKA1ooQnl%2BKwdCxIQ%2BQMioTUNuPIigVzEdIg%2BEiVCu15p4Rbv3vPOLc499366k58QHzk9XnvHbCmt6XKj6ldeWVeJMIWrrNyuBH7Vv1hZV0mzfrEymD62%2F3rgN6r%2Bq5W3Je%2Ba5Zof%2BH7gB5WrysrYDJZnLFT6MAqqkV%2Bt16pBo46B%2FS92uQdHPYj%2BCXkGSkzOb%2Fz0CIqPkfS%2BvyJdNzPpa2%2F1ck0zY9EX%2B%2B8m3cQUCXqLMrYe4mR%2F3g3jJoR8dQYm2Z9PANPfnU4ApibE%2By0AS%2FbnMsH6e6dKmYZMwMQFFP0xpB5D0TG4uQMljgjABVZWkfTurxhb0M1Tlk7ZCTn311OoYkLOPXkWSe%2B7y1oNKreMzjNlEodBXEINxlCdMdL8ANmWB1UcgGcfQwmCpFdCieOXWdhqUtakS7zJ%2BVI9brEl1myHS%2B0grEch523W5jNrlBpDxWNoOQR1Z5A7D7nykMce8tRDTxxXaCOKfb8VszgM23XOeRhy3mg3RUOE9XbsI%2BdT7UNk6RBcD8HtNlK7ja76ckLI08dHy9%2FC5j%2FAbZRwwoPLCPqiRCEJCkdQUIJCERQZQdEv94R2NVfeF9rlLJjn2jyH5chknR26Z7KOTMhOekL%2BPzXOe%2B6jEl15XAnrUbvBqd8UlLViWRMtKiNaa9JWK2rxUMKpEsqdAXUettSEvPTJ50jVhJy%2F9zcYPYDTB%2BDKA81fAC1GrZoPujGqt31sJQ94Lvs0oWE1MxCmRJqdQ7bp7egT8vxsf9EfFyD54aV7n63%2BflG8D25LpLbEB%2BpHgo6%2BO7ppCrJ70xSOPFpNM9VTW3S621sZzeTZb67LzcJYce2KG379Bp8S0%2FLhbemyGzQRKuk48uCyEkLaq8ZySR5fc%2BuSreVu43Jukzy9sfbm1Wu91ErnlEnGoOrovQ%2FB1YT8z3ZnV%2Fvin9eh7Bg2L9HLD8k8oMwYPN2GSxfqnSGwetHDUg9FXo5sjS0%2BtSLQcoEpK%2BH%2Bhdmi3nF30bEeaHZndqt9W6KvS1A9hMvPjrLUHl76JZwFmPZGTFtvl2mrvzi11qnjimzEfiz9mmRxxOIW9UUU1yNGo0C2WIMGyNyE%2F%2Frk538AAAD%2F%2FwEAAP%2F%2FbaVQpY0EAAA%3D	Phishing
2023-01-29	medium	friendshipmale.com/sfp.js	Malware
2023-01-29	medium	excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8j1Rd9sx%2FNb6sfgoICcEEBEnFmPLZnTIoVYQmKdkmi3YVIdO9rnIfH80bvzXiciCKwCG0DMjRLOTlONoJdEPsHrIQcGkgVI4FSbOgQ%2FUqUCNmxZLjFu%2Fe8c4tzz72f7uVnxEVOTzfe0Tsqjulio%2BpWXtlUidCFrazdrnhu1V2qbKqkWV%2Bq9CeP6b3uuY2q%2B2rlbck7erHmeq7ruV5lRRkZ6f7ilIVKH7a8asut1mtVr1FH3%2FwX29yBpQ5E74w8AyXGl7d%2BegTFR0i631%2BTtpPp9LW3unlMM23QE4fvJp1EFwm68zIyDqLkcNYNbceEfHUBOjmcTQDd259MAKbGxPnNA0sOZzLBegfnSlkMmYCJKyh6I8h4BEVH4PoOlDghABdYW0fSvb%2BmTUG3z1k6Ycfk0l9PoYoxufTkWSTd75Zj1a%2Fc0nGeKZ1Y9KMSqj%2BCao%2BQ5kfIdhyo4gg8%2BxhKECTdEkqcvsz8oElZky7wJucL9ShgC6wZ%2Bguh59dbPuchC%2FnUGqVGUNEIsRyA2gvIrYNcOcgjB3nqoCtOK7TRilw3iFjk%2B2Gdc%2B77nDfCpmgIvx5GLnI%2B0T5Alg7A4wG42UVqdtFRX44Jefr4ZPFbmPwH2K0SVjiwGUFPlCgkQWEJCkpQKIIiIyh65YGIbc2W90Vsc%2BbNcm2W%2FXKos%2FYePdBZWyZkLz0j%2F58Y5zz3UYmOPK349VbY4NRtCsqCSNZEQGWL1po0CFoB9yWsKqHsBVDrYEeNyUuffI5Ujcnle3%2BD0SPY%2BAhcOaD5C6DFMKi5oFvDeuhiJ3nAc9mjCfWrmYbQJdLsErJtZy8%2BI89P99f64wokP75677P135fE%2B%2BCmRGpKfKB%2BJGjHd4c3dUH2b%2BrCkkfraaa6aodOdnsro5m8%2BM11uV1oI1av2cHXb%2FAJMSkf3pY2u0EToZK2JQ%2BWlRDSrGjDJXm8ajcl28jt1nJukjy9sfHmymo3NdJapZMRqDp570NwNSb%2FM53p1b7453UoM4LJS3TzYzILKD0CT3dh07l6qwlMPO9hqYMiL4emxuafsSKI5RxTVsL%2BC7N5vWfvom0c0OzO9FZ7pkQvLkHjAWx%2BcZil5vjqL%2F40wGJnyGLj7LPYxF%2BcW2vVaaXh1WXIwoALwSQXXlDzQ991a0LUg5b0WsjsmP%2F65Od%2FAAAA%2F%2F8BAAD%2F%2F3mt3kONBAAA	Phishing
2023-01-29	medium	cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	uniformyeah.com	Sinkholed
2023-01-29	medium	uniformyeah.com	Sinkholed
2023-01-29	medium	experimentalconcerningsuck.com	Sinkholed
2023-01-29	medium	banquetunarmedgrater.com	Sinkholed
2023-01-29	medium	excretekings.com	Sinkholed
2023-01-29	medium	excretekings.com	Sinkholed
2023-01-29	medium	excretekings.com	Sinkholed
2023-01-29	medium	excretekings.com	Sinkholed

ThreatFox

No alerts detected

HTTP Transactions (94)

URL IP Response Size

ww1.cuevana3.to/?s=rick+y+morty

188.114.97.1

301 Moved Permanently

URL HTTP/1.1

ww1.cuevana3.to/?s=rick+y+morty
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /?s=rick+y+morty HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Sun, 29 Jan 2023 20:57:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 29 Jan 2023 21:57:43 GMT
Location: https://ww1.cuevana3.to/?s=rick+y+morty
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fu%2FCkmubCJ1Ef1NDLUQTS%2BNOhnvRZkykSfd02Pfqj3W2abcfUtqB5sDo8psxUz9AnqblY%2FVV278FbmS1PX7WB8IL4pYuw%2Fn1jj6zXoVB%2FK%2FHLOLk7mW9lw8EDyuM%2BfEpkO4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7914e1c06a720b39-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a2104f935c638b4767ca5ae0d738ef23

85c6af15af749be0ceeae6de17c36925b750f166

5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3788
Expires: Sun, 29 Jan 2023 22:00:52 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

3eb88dea4fe00db1182370e72683c3ab

ca520abf1e91bfd2aef40c6a1270a911071e8922

d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17852
Expires: Mon, 30 Jan 2023 01:55:16 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

dcd75ca6daca51c5e39d431468511793

07f76d3bf23d65c9110d810fa71a994e39e085d3

73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 20:43:09 GMT
content-type: application/json
age: 875
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

03092d1a1bc7ac91ee342a1a7ab2a562

52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a

03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16706
Expires: Mon, 30 Jan 2023 01:36:10 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

c1dd32a1b75b0116d3a40ad97671e183

ced33fed0621c1dba951025e886878b09ac330b9

f72ac7fae2a547e6681016a14c8af8c8ed0994bf764f354fe478fe74fabd22a6

HTTP Headers

                                        POST /s/gts1p5/qJtpk6yxqQc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: 7nwNT3pjyeDFWnwAaV4RcMikWJVCOfa49x/NTW2m4Em/E7atbMyL3etdda99ph40Ln2LcO+So5SsHeT3pT4b/A==
x-amz-request-id: 549QVXRT3VMFQZYP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 20:50:28 GMT
age: 436
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana-logo.png

188.114.96.1

200 OK

5783

URL HTTP/2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana-logo.png
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 240 x 60, 8-bit/color RGBA, non-interlaced\012- data

Size

5783
Hash

a60e73427dd677b3a22ff75d7a989317

69d9c3b34502c3455ef4a70480a5eb78bb185be8

bb8b54eb1859167182f80670354003360d5380d3ac9315a5c7be2bf3e250df07

HTTP Headers

                                        GET /static/wp-content/themes/cuevana3/public/img/cnt/cuevana-logo.png HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: image/png
content-length: 5783
last-modified: Fri, 24 Jun 2022 06:47:12 GMT
etag: "62b55df0-1697"
expires: Thu, 23 Feb 2023 16:44:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 446423
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooBgV6zRlPG0boCasXBObJin6qYVZWWZdttVDvsg30wZp7xhhGY4ENss7OHUHul7gxNNO6M%2BiYo%2BR6YR5b3POyveMrpxtKxybGa3%2Bgcw8bdb3qeirAkeL%2FoWzTyAzO7WMu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1c5ff88b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ww1.cuevana3.to/?s=rick+y+morty

188.114.96.1

200 OK

4706

URL HTTP/2

ww1.cuevana3.to/?s=rick+y+morty
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2475), with CRLF, LF line terminators

Size

4706
Hash

58320bb85adaa3b3d6f09fbb399e5cb0

69c25bc9ca92aa6b89078565ca9543ddbcbda398

0d457164bd657b84f69ab52477c0d20d7387c7f27173258638c3c9c7a4f4dad4

HTTP Headers

                                        GET /?s=rick+y+morty HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=igL%2FCO1iEutoxipUKCC9exlrPUBHqXA2EOur3Pe6F2fC3U7kFS6gPX3GBpS05S6sc3rNEQwVzKgOUe2W7NiA4Dj6oZV2dYp%2B2kIrVxtiMH22%2FRWTnl3yEq0GZGS0nWAu%2Bts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c2eb0eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/loading.gif

188.114.96.1

200 OK

13952

URL HTTP/2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/loading.gif
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 250 x 250\012- data

Size

13952
Hash

34cc62d1df1c8328f56ae7a7acf2e83a

afb49cf3ebd59e0a02b33ef8f0c1f4ea2cefe1fc

c4492147e1e36bd65d7237c1961a3dc3505852b195bd9fd0ca042b3e7427bb65

HTTP Headers

                                        GET /static/wp-content/themes/cuevana3/public/img/loading.gif HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: image/gif
content-length: 13952
last-modified: Fri, 24 Jun 2022 06:48:34 GMT
etag: "62b55e42-3680"
expires: Thu, 23 Feb 2023 16:44:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 446423
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toHMARp6wXZtPvMby6nmttaQM4Dhb8fmeYCQBeSsnkYLRWy0H4uZkJevFaDEaKPEmmG5lFk4%2BZtQfo%2BXXEkPCAI8hd%2BUioljYdPbQJPTvH5Wo%2F2hnpGAtVAK2q4m%2FvCxKmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1c5ff87b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana3.png

188.114.96.1

200 OK

4675

URL HTTP/2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/img/cnt/cuevana3.png
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 240 x 60, 8-bit/color RGBA, non-interlaced\012- data

Size

4675
Hash

30ecf26d81b4d18a7a568d42e674705e

c846ca657d113edcdb68ae7e53b8ecede50a15cb

f856cb85a867ba1f60a337dbbb095142c0590b426b30c5d35dcbbbd158b79927

HTTP Headers

                                        GET /static/wp-content/themes/cuevana3/public/img/cnt/cuevana3.png HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: image/png
content-length: 4675
last-modified: Fri, 24 Jun 2022 06:48:32 GMT
etag: "62b55e40-1243"
expires: Thu, 23 Feb 2023 16:44:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 446423
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FEgIGbWefdP1RWrTCt%2Fai6jAOlm%2Ber%2Fx8eWTsGpz2arWEKevt6WF08HhS6lfbk%2BTXD%2BxT2uAjKHr2dRInFKZ%2BYGd4hyqe0l%2FJYXk3bgPH1n71CrLoVVdvKKRdyRbORGngU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914e1c5ff84b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/qJtpk6yxqQc
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

c1dd32a1b75b0116d3a40ad97671e183

ced33fed0621c1dba951025e886878b09ac330b9

f72ac7fae2a547e6681016a14c8af8c8ed0994bf764f354fe478fe74fabd22a6

HTTP Headers

                                        POST /s/gts1p5/qJtpk6yxqQc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s7.addthis.com/js/300/addthis_widget.js

23.38.200.123

200 OK

116423

URL HTTP/2

s7.addthis.com/js/300/addthis_widget.js
IP

23.38.200.123:0
ASN

#16625 AKAMAI-AS

Magic

ASCII text, with very long lines (54602)

Size

116423
Hash

d5b9b7a3accd3b7b7de639c072ae3ee2

9583b5c046d78af5c6379d844219f828aa2222d0

648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60

HTTP Headers

                                        GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116423
date: Sun, 29 Jan 2023 20:57:44 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

16a7b6a7128312e2f985d30df18c4487

6017bff79ffb525d9c7f9f32b999b74b5dc69602

663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16395
Expires: Mon, 30 Jan 2023 01:30:59 GMT
Date: Sun, 29 Jan 2023 20:57:44 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

278

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

278
Hash

b042b7f57812777b3726c1474f8164a3

d2a0d1213aa7b5c15a9d1d90a16f50567f78877e

175088c024dbc02cc15755733ae5756b0321025d0c1cd93f00bf706e25159f1f

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6526
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Last-Modified: Sun, 29 Jan 2023 19:08:59 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

278

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

278
Hash

b042b7f57812777b3726c1474f8164a3

d2a0d1213aa7b5c15a9d1d90a16f50567f78877e

175088c024dbc02cc15755733ae5756b0321025d0c1cd93f00bf706e25159f1f

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Last-Modified: Sun, 29 Jan 2023 19:11:04 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278

use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2

172.64.132.15

200 OK

79100

URL HTTP/2

use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
IP

172.64.132.15:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data

Size

79100
Hash

5dc01cfcd5336f696cb85da7ce53fa9b

28a1f2fadc35c5343e0280389fe7955e3d1be607

f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

HTTP Headers

                                        GET /releases/v5.6.3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: font/woff2
content-length: 79100
x-amz-id-2: cYJNFJPrZ6s0flpQXezQRG9k/UeQ8rM4j6UyggJEfzowKWZMH70Gy1w9ErwDy3qoHiPZQmFPmmE=
x-amz-request-id: N60SKH1024ZTR2N6
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 449852
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqCq53MmJXdAIAhNoGnna%2Btx7%2BsO8SviQBO7oraFQUwyw6W04Yjzmx5fwMXj071kyRwG2NqjxjGezDPbRqkQDxnNeNS0SplP3k3cl18r6Q13%2BUYFSYYCUfT2s62LUWsIQLLaOzOH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c7787876e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

278
Hash

b042b7f57812777b3726c1474f8164a3

d2a0d1213aa7b5c15a9d1d90a16f50567f78877e

175088c024dbc02cc15755733ae5756b0321025d0c1cd93f00bf706e25159f1f

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6526
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:57:44 GMT
Last-Modified: Sun, 29 Jan 2023 19:08:59 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278

use.fontawesome.com/releases/v5.6.3/webfonts/fa-brands-400.woff2

172.64.132.15

200 OK

74288

URL HTTP/2

use.fontawesome.com/releases/v5.6.3/webfonts/fa-brands-400.woff2
IP

172.64.132.15:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 74288, version 1.0\012- data

Size

74288
Hash

eac60e8a656781e13d2a674b4d9051c0

0039be9d8a99d1e5cf200ca3e08757692020460e

eed474a49bdbf745c19e463f070e67977c1ab27835603eb749d9e5c249cf81f8

HTTP Headers

                                        GET /releases/v5.6.3/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: font/woff2
content-length: 74288
x-amz-id-2: unWy+2DClS72cy0oGL/5KfRQEVwVmcBFXA2r8EhzL8XiC/7xK1rTxYzATDgLVpGodBv/3UXDz0Y=
x-amz-request-id: N60XM0FWWV0MSGM5
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "eac60e8a656781e13d2a674b4d9051c0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 449852
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=so0Jr4YHm%2BuanaHC10xy%2F3vdr7watkpkbcEwJdtPwpXjcUWiKSXgRyLzzp3j45Pqsp05D3LDc9yNaYdEJvFjl2QK2LROuIrxIn9ZCsBcPCgrrcYAabY4ynDopTio1CVgVOUOCIjv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c7787e76e4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.33.66.202

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.33.66.202:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xXat7r5cl/c3CcH9Gt94Cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Jeh8wrYZc0RxvR7rlYaOhW/FVaU=

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/owl.js

188.114.96.1

200 OK

12491

URL HTTP/2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/owl.js
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (31997)

Size

12491
Hash

96411ee5d22114078e4bd49f9edee935

158aa3a00dfb6eda9563a45d6fdbb763170f8e91

f89d1a3878541630345ba0fbe12ecb1fad0240a647e65781f403c36a07731ba5

HTTP Headers

                                        GET /static/wp-content/themes/cuevana3/public/js/owl.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:50 GMT
vary: Accept-Encoding
etag: W/"62b55f06-ad36"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=de1gGRyO0Ml2Il6S7AIhfAAZ9t1gtwmr8aJ7AFDEcKcPe%2FJ%2FB6e9qvCgrD5F93yW3JbP9vE0mw6RsN4CWY2eexP1axgKKY3FNt%2BP8XkVD%2BlR1n0GdJ78EQcsyq0V7eLqzDY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60f99b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1c393286d896124f17c88a9b1be36272

af340cd7544bb4c6f4986200bc555669edd66fe7

9a56b88f765e4a25d5fe91cb2c7f8ed43e85ed467223f8ee1f5df4b8e2977d2c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A56B88F765E4A25D5FE91CB2C7F8ED43E85ED467223F8EE1F5DF4B8E2977D2C"
Last-Modified: Sun, 29 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16353
Expires: Mon, 30 Jan 2023 01:30:18 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive

uniformyeah.com/a1/44/c9/a144c9e3813266b579399dd6fa80e049.js

173.233.137.52

200 OK

20713

URL HTTP/1.1

uniformyeah.com/a1/44/c9/a144c9e3813266b579399dd6fa80e049.js
IP

173.233.137.52:0
ASN

#7979 SERVERS-COM

Magic

HTML document, ASCII text, with very long lines (60178), with no line terminators

Size

20713
Hash

beb9e8ddd825c4134996dd3a416cb404

8a0fafe8f49f5a9b9cf63e46397f6210f2ecae4e

4150819dddfd5a035b5eb47a3be32ac3fb7dbab4bcd054f5731c02d5233757c7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /a1/44/c9/a144c9e3813266b579399dd6fa80e049.js HTTP/1.1
Host: uniformyeah.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a39a49d0b66dec3cae574d205425778c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

uniformyeah.com/34/98/5c/34985ca06dab7fe2d7ae9a26a7797c3e.js

173.233.137.52

200 OK

13405

URL HTTP/1.1

uniformyeah.com/34/98/5c/34985ca06dab7fe2d7ae9a26a7797c3e.js
IP

173.233.137.52:0
ASN

#7979 SERVERS-COM

Magic

ASCII text, with very long lines (37121), with no line terminators

Size

13405
Hash

123ac530b15c7ba0bf54123d83ebc74f

355ec221c0e09dda5a9da4f802620e2dc38ec32e

4cb7ce3a7544a89fb52690fb07348ab6ac4080058f5976d9381380dee50bd6c6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /34/98/5c/34985ca06dab7fe2d7ae9a26a7797c3e.js HTTP/1.1
Host: uniformyeah.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c81320c1783f238d40b4038c6d40bf25
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

23.38.200.123

200 OK

26421

URL HTTP/2

s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP

23.38.200.123:0
ASN

#16625 AKAMAI-AS

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)

Size

26421
Hash

707317ccaabe08d32d1bd781754e6871

bb82dcd3e044c960e0861c2ce878f5504e628f78

d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051

HTTP Headers

                                        GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sun, 29 Jan 2023 20:57:45 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345

URL HTTP/1.1

e1.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

345
Hash

89231e8fe1afd89090e6a09d61430e11

11b471e4821cade1ea075b8835c892d455bfdaa2

8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12

HTTP Headers

                                        POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13731
Expires: Mon, 30 Jan 2023 00:46:36 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

7cbe935014bf273caf7a25de8734dcfd

4ed11324709feb9cee39c53082039cfdadd9078c

8c52f15bed473733d4ca98b470d5ec2c33fef24410d05d45e97614e76c1f1eaf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C52F15BED473733D4CA98B470D5EC2C33FEF24410D05D45E97614E76C1F1EAF"
Last-Modified: Sat, 28 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5491
Expires: Sun, 29 Jan 2023 22:29:16 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

54.230.245.110:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

0e90c9d5521358d2754bbad686a2e9c1

013349b8f38535bae1e197d5d96d86d17d5a1ef0

47bb6aa901220aeab3800d1ea88eb456cfe3ea337f12c059d9549fa6bd8064ab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 20:57:45 GMT
Last-Modified: Sun, 29 Jan 2023 19:23:34 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U_au64op7dmu0ylAhM4zU4HXfky-5Un5bCsm0_8YL9Pf13RNsq0dYA==
Age: 5651

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

54.230.245.110:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

0e90c9d5521358d2754bbad686a2e9c1

013349b8f38535bae1e197d5d96d86d17d5a1ef0

47bb6aa901220aeab3800d1ea88eb456cfe3ea337f12c059d9549fa6bd8064ab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151804
Date: Sun, 29 Jan 2023 20:57:45 GMT
Etag: "63d67516-1d7"
Expires: Tue, 31 Jan 2023 15:07:49 GMT
Last-Modified: Sun, 29 Jan 2023 13:31:02 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e9vSpc86ml91han2iehgA2AYlq_-ao2hedp0n0vQgpzAKP34l_0pOg==
Age: 5807

simplewebanalysis.com/stats

35.156.167.37

200 OK

URL HTTP/2

simplewebanalysis.com/stats
IP

35.156.167.37:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with no line terminators

Size

40
Hash

40c9c003c4aa656a24f43dcbc6291cfe

3797cd3390c619fb8538855f38637e4f085c3daa

965a11ed723ae129228c526de2aeb68f1fb47de44dc8587ecccf3768340cf1fe

HTTP Headers

                                        GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ww1.cuevana3.to
access-control-allow-credentials: true
set-cookie: uid_id2=b376ab6a-c6cc-4f7b-b683-813493cc8b8c:2:1; expires=Wed, 26 Jan 2033 20:57:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/jquery.js

188.114.96.1

200 OK

31320

URL HTTP/2

ww1.cuevana3.to/static/wp-content/themes/cuevana3/public/js/jquery.js
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65451)

Size

31320
Hash

494d81ebc7952e533fc105d2068f9e78

82d5fb4847db26036a7d924051e7ab1b58677712

98f4730a5265c486c69dbd758d0edd7cfd029bbe7aae0706ec10a87b204f12cb

HTTP Headers

                                        GET /static/wp-content/themes/cuevana3/public/js/jquery.js HTTP/1.1
Host: ww1.cuevana3.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/?s=rick+y+morty
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:57:44 GMT
content-type: application/javascript
last-modified: Fri, 24 Jun 2022 06:51:50 GMT
vary: Accept-Encoding
etag: W/"62b55f06-1538f"
expires: Sun, 29 Jan 2023 21:40:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 39873
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2F9ilhk9z4GP51rfPI%2FG5Y5CQb46f2U7TGj19i%2B7aKmsXoUhyck9JRHwstH9k2DZncJl%2FEq%2BzNTfm4bmiELay5ahDes9B4QSO%2BQOtHxSw03NZMbfrR98HqPW8PziBrpwhSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914e1c60f91b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345

URL HTTP/1.1

e1.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

345
Hash

89231e8fe1afd89090e6a09d61430e11

11b471e4821cade1ea075b8835c892d455bfdaa2

8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12

HTTP Headers

                                        POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13731
Expires: Mon, 30 Jan 2023 00:46:36 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive

experimentalconcerningsuck.com/pixel/purst?dl=0&th=0&sc=0&rs=1787&rd=1787&fd=917&bv=22.10.v.9&tmpl=70

192.243.59.13

200 OK

URL HTTP/1.1

experimentalconcerningsuck.com/pixel/purst?dl=0&th=0&sc=0&rs=1787&rd=1787&fd=917&bv=22.10.v.9&tmpl=70
IP

192.243.59.13:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /pixel/purst?dl=0&th=0&sc=0&rs=1787&rd=1787&fd=917&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: experimentalconcerningsuck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 29 Jan 2023 20:57:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b9ca371a18b1afacc82e035f41dc2b86

8b4a87be43183e4f89e19ecac344915d60574950

8ac3da2f8ce052a3d27fee0dccc5712a55e917f9de8daff8db891d50249aba90

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AC3DA2F8CE052A3D27FEE0DCCC5712A55E917F9DE8DAFF8DB891D50249ABA90"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13100
Expires: Mon, 30 Jan 2023 00:36:05 GMT
Date: Sun, 29 Jan 2023 20:57:45 GMT
Connection: keep-alive

banquetunarmedgrater.com/advertisers.js

173.233.139.164

200 OK

URL HTTP/1.1

banquetunarmedgrater.com/advertisers.js
IP

173.233.139.164:0
ASN

#7979 SERVERS-COM

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 20:57:46 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b5a46d12cfed62d6c48952cc2b4103d3
Strict-Transport-Security: max-age=0; includeSubdomains

s7.addthis.com/l10n/client.es.min.json

23.38.200.123

200 OK

1753

URL HTTP/2

s7.addthis.com/l10n/client.es.min.json
IP

23.38.200.123:0
ASN

#16625 AKAMAI-AS

Magic

JSON data\012- , Unicode text, UTF-8 text, with very long lines (3700), with no line terminators

Size

1753
Hash

0b1cc7df4240eae80c16b0cf2b73c3e6

5f886e4a6d6accb00f5197707f0fda440962d9d7

7ea940fc0e7d3db81bff9c2f2796f3688a60917e77725a1631fa44edfeecef0b

HTTP Headers

                                        GET /l10n/client.es.min.json HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww1.cuevana3.to
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
etag: W/"5d77be05-e9d"
cache-control: public, s-maxage=604800
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 1753
date: Sun, 29 Jan 2023 20:57:46 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f8c63fa451de9b91fdd5654d02681757

e65cb3b5ab2ab137a4cd4df64a7b7ec6ff3b8a7e

06f62bdb1d3bd2a9ee1cd45fafa79ab1ee4eb8039a0693b1e34706c24ee86fc7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06F62BDB1D3BD2A9EE1CD45FAFA79AB1EE4EB8039A0693B1E34706C24EE86FC7"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7760
Expires: Sun, 29 Jan 2023 23:07:06 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive

z.moatads.com/addthismoatframe568911941483/moatframe.js

23.38.201.146

200 OK

948

URL HTTP/2

z.moatads.com/addthismoatframe568911941483/moatframe.js
IP

23.38.201.146:0
ASN

#16625 AKAMAI-AS

Magic

ASCII text, with very long lines (523)

Size

948
Hash

f14b4e1f799b14f798a195f43cf58376

b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86

92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac

HTTP Headers

                                        GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ww1.cuevana3.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=46039
date: Sun, 29 Jan 2023 20:57:46 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

92408803e3a56bf9c29d241a60bc07ce

d68b404d7b51432a8fdca70a6ecfcfaea841b1b9

64edeb4de4110c283651d99e6fe1ecc057acb83af12b3788e227111bd14441ac

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64EDEB4DE4110C283651D99E6FE1ECC057ACB83AF12B3788E227111BD14441AC"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12473
Expires: Mon, 30 Jan 2023 00:25:39 GMT
Date: Sun, 29 Jan 2023 20:57:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

#1 JS:Script (size: 11440)

#2 JS:Script (size: 1563)

#3 JS:Script (size: 1055)

#4 JS:Script (size: 86927)

#5 JS:Script (size: 361292)

#6 JS:Script (size: 33)

#7 JS:Script (size: 47)

#8 JS:Script (size: 84380)

#9 JS:Script (size: 2484)

#10 JS:Script (size: 0)

#11 JS:Script (size: 104169)

#12 JS:Script (size: 135)

#13 JS:Script (size: 428)

#14 JS:Script (size: 89)

#15 JS:Script (size: 269557)

#16 JS:Script (size: 33)

#17 JS:Script (size: 44342)

#18 JS:Script (size: 81194)

#19 JS:Script (size: 37121)

#20 JS:Script (size: 72197)

#21 JS:Script (size: 1705)

#22 JS:Script (size: 14926)

#23 JS:Script (size: 384)

#24 JS:Script (size: 89521)

#25 JS:Script (size: 60178)

#1 JS:Eval (size: 11)

#2 JS:Eval (size: 8)

HTTP Transactions (94)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers