Report - 68.us.silverwinds.xyz/feed/?link=true&tid=68&subid=68.us.android&ref=t2.hightid.com&s1=6363d3fc3954e209c91f1982

Report Overview

Submitted URL
68.us.silverwinds.xyz/feed/?link=true&tid=68&subid=68.us.android&ref=t2.hightid.com&s1=6363d3fc3954e209c91f1982
IP
23.235.251.114
ASN
#19437 SS-ASH
Submitted
2022-11-03 14:45:51
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
redir.tealwinds.xyz	unknown	2022-07-28T07:22:11Z	2022-12-09T12:09:16Z	490 B	649 B	198.211.113.186
topsolutions.rdtk.io	308069	2020-04-27T11:12:54Z	2023-03-04T16:23:09Z	637 B	995 B	85.17.54.17
adverster.g2afse.com	200149	2021-05-26T13:36:17Z	2023-03-04T16:23:11Z	550 B	562 B	34.91.145.202
free3dgame.xyz	unknown	2021-03-11T14:07:41Z	2023-03-10T15:33:32Z	4.4 kB	892 kB	146.190.28.107
www.linkonclick.com	107259	2017-11-26T06:50:32Z	2023-03-04T13:37:58Z	2.1 kB	4.2 kB	35.186.193.41
ocsp.usertrust.com	899	2012-05-21T17:43:18Z	2023-03-10T05:21:21Z	342 B	1.0 kB	172.64.155.188
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.162.52.254
ron.trffclb.com	unknown	2022-09-30T15:04:48Z	2023-03-09T23:44:14Z	1.2 kB	1.3 kB	51.83.143.92
popmyads.com	44134	2014-04-04T13:58:21Z	2023-03-09T23:44:17Z	1.2 kB	94 kB	104.21.54.194
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.7 kB	7.1 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.7 kB	3.4 kB	93.184.220.29
t2.lowtid.com	unknown	2022-08-03T15:42:14Z	2023-03-09T11:02:33Z	503 B	285 B	51.161.115.163
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.8 kB	74 kB	34.120.237.76
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	1.0 kB	2.1 kB	142.250.74.35
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	418 B	41 kB	142.250.74.10
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
68.us.silverwinds.xyz	unknown	2022-10-25T11:43:19Z	2022-11-10T18:00:05Z	442 B	250 B	23.235.251.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-03	medium	trffclb.com	Sinkholed
2022-11-03	medium	trffclb.com	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed
2022-11-03	medium	free3dgame.xyz	Sinkholed

JavaScript (11)

	URL	Size	First Seen	Last Seen
	free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364	183 B	2023-03-07	2023-03-11
Pretty URL free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364 IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-03-11 11:33:41 Times Seen1 Hash 3021debdb3a8269f54d162a9ea34187f 53c110199cf7fd52e2f4ea57f68f8bf3715279d4 9dc51ebac0e8dfb74a6729d034ab8678112dc631b80cc391994cd5c811013f4b Loading...

	ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p	288 B	2023-03-07	2023-04-02
Pretty URL ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash 39b0d0273a1fb864d830216dd7c2e357 dc5db9208682c1f704ac3f47978f9667c1371fb5 6e15d354cc231f333118b1508b21ece489e38854d556fa95d1e0cd222a8ea570 Loading...

	ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p	243 B	2023-03-07	2023-04-02
Pretty URL ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash c5ece1e9d202b87cb431d3d96e5575b6 f6d83964155d7c1613c5708b3dd802cedd431061 f2bbcb4681e3c185c2ab19b1c09ce623d2d516dc49f32d3773e769ae0db74be4 Loading...

	popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=	1.3 kB	2023-03-10	2023-03-10
Pretty URL popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= IP 104.21.54.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:41:24 Last Seen2023-03-10 19:41:24 Times Seen1 Hash 145c97dc58f1b8ebb23e35f3add6969a 094cc8c3221a4a328d3085c36208d67abeb29a10 cfab3248c2b8b73328b26d095122207c96cc67c2ab21ef8dee03d098a7805f26 Loading...

	www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100	6.7 kB	2023-03-08	2023-03-12
Pretty URL www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100 IP 35.186.193.41 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:35:02 Last Seen2023-03-12 16:47:28 Times Seen1 Hash 39223d850b11588d4799754d935f9f42 34261a027f4da154aacdde04be64a1652a6a1599 a71eaded86e065a371180682176e12972bee2b1ac1c61ee08ff3fae932918517 Loading...

	free3dgame.xyz/files/lang.js	8.0 kB	2023-03-07	2023-04-16
Pretty URL free3dgame.xyz/files/lang.js IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-04-16 16:57:52 Times Seen2 Hash 0e2dc8ac9fdfd903c9203e349acddd2e 181c12848afc8b434b57841de2198df03321e522 ab8a6ecd933190ba9899ec8a18386cab4de96f8ab74e9b8884bdc1963a34c938 Loading...

	free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364	59 B	2023-03-07	2023-03-11
Pretty URL free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364 IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-03-11 11:33:41 Times Seen1 Hash 94c9790c83e7d66a55ec2f8d453705b6 a6e0e091038c42e08aafda94e02e7c98550fa774 265bdb8b880d0badbc6f10623b17bc6329536a0dbbfcb5bd22abe96b3ed5e12a Loading...

	free3dgame.xyz/files/jquery.min.js	88 kB	2023-03-07	2024-04-24
Pretty URL free3dgame.xyz/files/jquery.min.js IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-24 06:39:35 Times Seen95375 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364	63 B	2023-03-07	2023-05-18
Pretty URL free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364 IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-05-18 05:53:27 Times Seen3 Hash 1eeaee32d7ccd06fdd9d09f92c83fcfc d33200f757a75fcc9d7216c2e29bc620f38ecc69 00f8a44fa20901e0b6437027cbd74815d9cd70c6fedbdecce1647a9847afe88c Loading...

		Size	First Seen	Last Seen
	#1 Write - 1b0793fab33f3fe17a1da6c6f085b123	10 B	2023-03-07	2023-05-29
Pretty Observations First Seen2023-03-07 13:17:55 Last Seen2023-05-29 01:56:03 Times Seen10 Hash 1b0793fab33f3fe17a1da6c6f085b123 365f992a0a10615ba2ae06d707bb66c9e6c66bbe 62e0df134d7e80abb976d863e3602a9a240fe509ac17654521ac4ac6bffda44d Loading...

	#2 Write - b771763a75e71e492aa8bb0d3a767222	52 B	2023-03-07	2023-05-18
Pretty Observations First Seen2023-03-07 13:17:55 Last Seen2023-05-18 05:53:28 Times Seen6 Hash b771763a75e71e492aa8bb0d3a767222 87ae2798daad2ff86d276d909397d482b9f0825d 0deedc1abfc3b275016994191944c57799852bae497d3a06461ac07e741712b9 Loading...

HTTP Transactions (48)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14766
Expires: Thu, 03 Nov 2022 18:51:44 GMT
Date: Thu, 03 Nov 2022 14:45:38 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6233
Cache-Control: max-age=160163
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:38 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 11:15:01 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43ea74d83493710eb8b64a74046ff569
74dee6d9e8b796d34f2788a472b90b3f7fc79ecd
f62eff2ad4d64d785a48e2761d7f2bda9171f1e60b0e9dc525d8f589f9ef7c60

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F62EFF2AD4D64D785A48E2761D7F2BDA9171F1E60B0E9DC525D8F589F9EF7C60"
Last-Modified: Tue, 01 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7223
Expires: Thu, 03 Nov 2022 16:46:01 GMT
Date: Thu, 03 Nov 2022 14:45:38 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: gRuCApSHIeb2a7OcxTxpWvEL0b3y0LLthhgUhfnbo7KhhF7Wbvc1+r//4yKXmwkV0WFkNSCNHig=
x-amz-request-id: P7GP0KTPWFKCT1PD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 03 Nov 2022 14:09:12 GMT
age: 2186
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
670d0b2f341e8ff1e4ee9fe4fe21e210
dcd277daebf63623b985a81a96bcdc6a6f67c518
75029ab8db44811ac539aa3e2f1f8e015a45b80cb5a1099cec7d64e55e2a72a6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2267
Cache-Control: max-age=151136
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:39 GMT
Etag: "63637698-1d7"
Expires: Sat, 05 Nov 2022 08:44:35 GMT
Last-Modified: Thu, 03 Nov 2022 08:06:48 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.162.52.254

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.52.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Rr93GdeQLgVWqvPT83TNWw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KHRSWXc6hUA002GzDk1e3tT2+7E=

68.us.silverwinds.xyz/feed/?link=true&tid=68&subid=68.us.android&ref=t2.hightid.com&s1=6363d3fc3954e209c91f1982

23.235.251.114

301 Moved Permanently

0 B

URL HTTP/1.1
68.us.silverwinds.xyz/feed/?link=true&tid=68&subid=68.us.android&ref=t2.hightid.com&s1=6363d3fc3954e209c91f1982
IP
23.235.251.114:0
ASN
#19437 SS-ASH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /feed/?link=true&tid=68&subid=68.us.android&ref=t2.hightid.com&s1=6363d3fc3954e209c91f1982 HTTP/1.1
Host: 68.us.silverwinds.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/click/invalid/?tid=68&subid=68.us.android
Date: Thu, 03 Nov 2022 14:45:39 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a3bfb072f4ebe2a6de9399b051780e9c
3da1d18e9a576113f7422bbe8880f554aff5682c
b89a17ac352a5b0b34acd694f95adc6cc0461494c992510c2a2c9f50482dd2eb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B89A17AC352A5B0B34ACD694F95ADC6CC0461494C992510C2A2C9F50482DD2EB"
Last-Modified: Tue, 01 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20167
Expires: Thu, 03 Nov 2022 20:21:47 GMT
Date: Thu, 03 Nov 2022 14:45:40 GMT
Connection: keep-alive

redir.tealwinds.xyz/click/invalid/?tid=68&subid=68.us.android

198.211.113.186

302 Found

224 B

URL HTTP/1.1
redir.tealwinds.xyz/click/invalid/?tid=68&subid=68.us.android
IP
198.211.113.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
224 B (224 bytes)
Hash
bd92fe68a5e1560baf109e602cf40836
8200bbb9f82243f181f0c524ff2113b2f45bf6a3
303cf094d8e1d56c1c300c3abbf6a4b24c6ad6ae77d695018aa9fc9b23061490

HTTP Headers

GET /click/invalid/?tid=68&subid=68.us.android HTTP/1.1
Host: redir.tealwinds.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=68p
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 224
Date: Thu, 03 Nov 2022 14:45:40 GMT
Connection: keep-alive
Keep-Alive: timeout=5

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
75f85a5b8482b95e74f3bac15f3f26c9
4fa0829ee9900e929a3b57d87b2541985b3d1b64
bd60fc9fb8355b84d323819e19f89f04a45da53fb19d245630064122edf11edc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD60FC9FB8355B84D323819E19F89F04A45DA53FB19D245630064122EDF11EDC"
Last-Modified: Tue, 01 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2172
Expires: Thu, 03 Nov 2022 15:21:52 GMT
Date: Thu, 03 Nov 2022 14:45:40 GMT
Connection: keep-alive

t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=68p

51.161.115.163

302 Found

0 B

URL HTTP/1.1
t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=68p
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=68p HTTP/1.1
Host: t2.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 03 Nov 2022 14:45:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: 1yh
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c18aead96956fc8de41d067a99071c73
29b784835d23ec09a11f91dda1f3ac9f9550c129
106617c550459147e0e38e15d84305ed944cbc259b78291ad0c9fc01083c182d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "106617C550459147E0E38E15D84305ED944CBC259B78291AD0C9FC01083C182D"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7999
Expires: Thu, 03 Nov 2022 16:58:59 GMT
Date: Thu, 03 Nov 2022 14:45:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c18aead96956fc8de41d067a99071c73
29b784835d23ec09a11f91dda1f3ac9f9550c129
106617c550459147e0e38e15d84305ed944cbc259b78291ad0c9fc01083c182d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "106617C550459147E0E38E15D84305ED944CBC259B78291AD0C9FC01083C182D"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7999
Expires: Thu, 03 Nov 2022 16:58:59 GMT
Date: Thu, 03 Nov 2022 14:45:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F116416c7-b158-4c98-af55-3027f9bfbd6c.jpeg

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F116416c7-b158-4c98-af55-3027f9bfbd6c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7044 bytes)
Hash
cc615bd01e1ac97fec7bf47b18f0e999
ee2c892adba5d3e12ac8443065c38317752f3e4a
ca41974691496f2629f45cba9bb21b84e7dbb9cefbf7e8e3348c98b101002269

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F116416c7-b158-4c98-af55-3027f9bfbd6c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7044
x-amzn-requestid: 6ed2687f-f478-4206-a9b7-fc63428966bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a5sd1GcvIAMFYew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63608df1-79ada3087098484923a3b64d;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 03:09:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P4UrqlJZWYrmIAiDpmH9bVbInYj8XEMphiiYbi_5GygjACRrpJ54dg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 03:30:28 GMT
age: 40512
etag: "ee2c892adba5d3e12ac8443065c38317752f3e4a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11421 bytes)
Hash
2ae2b8d827fb2c8bef64febcd36f1645
f7705fcd2d91ce90c58e79324cce1e3abba6c1c8
2dc55e97ef3a85fccb104b80161a8bac16b12d37527c336563677432584c7ad5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11421
x-amzn-requestid: 8436166b-f342-44e9-9a31-e25dcaa7b85c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a2gEOEYRIAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f46e7-0616a6b95503fffd4f597509;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 03:54:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: g3OtcJnT2JfzIAvUjoLvC8pOzfwGFQ-M0cH4uwNSVcr2T9jYgCihTw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 08:08:09 GMT
etag: "f7705fcd2d91ce90c58e79324cce1e3abba6c1c8"
content-type: image/jpeg
age: 23851
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0fd9f33f-0320-43c5-8548-66ecd4351e7b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10267 bytes)
Hash
77d8a7cf42ff05cb87709edd2be1629a
d5c6d638c11cd9cbd3a7d8f0bd0caa089f0a2bd5
69d895489e1e3524ef7fca81b67fbf753c25f2dd4b41b995d64b89529ed58281

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0fd9f33f-0320-43c5-8548-66ecd4351e7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10267
x-amzn-requestid: e7398a94-8c16-48d0-af7b-1a990cbc0595
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a_iCXE6vIAMF3uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362e3a8-0ba08fc20f5cbebb4b1f51f1;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 21:39:52 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SQ6ksxtTI01DEL1wRX-ldrRL0RuMyhHJK1XTIs5I0Yo2Mp3A6SNbzQ==
via: 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 02 Nov 2022 21:42:56 GMT
age: 61364
etag: "d5c6d638c11cd9cbd3a7d8f0bd0caa089f0a2bd5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c1f0aa-9ef9-468e-9e11-7a02b7969f7f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10411 bytes)
Hash
f6a0b42162a59f85f6ddb149bbb09517
107817da1e00f629351ebbeb62caf795a6a8393b
0e6094306076439f0aaa893d8a4f4188a9ded69f4dca19b47d4762a19b5fc8fa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c1f0aa-9ef9-468e-9e11-7a02b7969f7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10411
x-amzn-requestid: d2e3df80-e308-4eb1-a1a5-85a0a3657dd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a-lvpGsIoAMFhqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63628330-74d69aa323713c9d01310cf0;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 14:48:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pilXnOiVEgsD3xO7QRWL_SusEk8zpXuVyXq3AbVsUp2x9TC6y_8rRg==
via: 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 08:28:35 GMT
age: 22625
etag: "107817da1e00f629351ebbeb62caf795a6a8393b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb158669e-8bf1-47dd-afff-d12ea7777cff.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7068 bytes)
Hash
7374ceacc76dbef905a58f1bd3788f0a
a6214182c5a1dabee4051247de0068b774bfd555
459f07eece770ab33c0fa2b3d5c2592c524ebc7f02a5123dc551f19562bf327c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb158669e-8bf1-47dd-afff-d12ea7777cff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7068
x-amzn-requestid: 4f808d20-12db-400f-952f-13f5641deb98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: atDhrHq3IAMFgpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635b7fa4-19a05fe3542d51927907bb8b;Sampled=0
x-amzn-remapped-date: Fri, 28 Oct 2022 07:07:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: v5m_2pmyk1UuvVsGfTt-BLOTZyBbL99VOIJpiNafZwh9jJ6gzwne2w==
via: 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 11:20:34 GMT
age: 12306
etag: "a6214182c5a1dabee4051247de0068b774bfd555"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F623cd169-7ed9-42a3-aa0b-e5d3053dad6c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9464 bytes)
Hash
f22f82690184549a27cacc59906590bd
f387ae7704ac36d6a3e20da098cb9f75829d1e0f
a9804db6a2263ed8d70634921ac39079c2a803f180a3347eeb92d7bbede66b67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F623cd169-7ed9-42a3-aa0b-e5d3053dad6c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9464
x-amzn-requestid: 63126894-cf2b-4b97-9115-4782d4418e52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a2ZVpFtqoAMFZdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f3c23-766a430e679848b74e1f7d06;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 03:08:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C2OkZKFMBBgW_A2TEjx49rNbs3uYHwWAcNROojSt9K4J3Qsz2sJPHQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 03:25:28 GMT
age: 40812
etag: "f387ae7704ac36d6a3e20da098cb9f75829d1e0f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
96444d94a98a69eec68a2454eb9b358b
efbe5dfcbf44d74daee10c2154ff81a1d94fb0d3
f0f2d3b8d2ec94551f14660bda46221d22ea3fdae4c690a443ef3e4931c330c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0F2D3B8D2EC94551F14660BDA46221D22EA3FDAE4C690A443EF3E4931C330C6"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10901
Expires: Thu, 03 Nov 2022 17:47:21 GMT
Date: Thu, 03 Nov 2022 14:45:40 GMT
Connection: keep-alive

ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p

51.83.143.92

200 OK

490 B

URL HTTP/1.1
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (537)
Size
490 B (490 bytes)
Hash
f7441a430c752e7aae4ae43782257fc1
fcbc972b2fd65855bb9cde0ff3eb4b9d2d599663
9b44f4e4cb96d952549c4a566208474214ffbb89bf134739a1e77c3b9bdb2c5a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 03 Nov 2022 14:45:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=6363d4146b5a83336e00ef32; expires=Sun, 06-Nov-2022 14:45:40 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip

ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p&bv=1

51.83.143.92

302 Found

0 B

URL HTTP/1.1
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p&bv=1
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-68p
Cookie: bt-603611c5b7eaf46891533240=6363d4146b5a83336e00ef32
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 03 Nov 2022 14:45:41 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 11kgq037yu
Raund: 2g2
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f5bbf4e7f3dcaa872ff90fc71906f478
55642226c18cc247460616e6ee92aadb13ae578a
60fbb7de04773f92e16b4ab00664418b8c7dc2decebbbcd93948fe96f51d9dc9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6506
Cache-Control: max-age=147815
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:41 GMT
Etag: "63635912-118"
Expires: Sat, 05 Nov 2022 07:49:16 GMT
Last-Modified: Thu, 03 Nov 2022 06:00:50 GMT
Server: ECS (amb/6BC2)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f5bbf4e7f3dcaa872ff90fc71906f478
55642226c18cc247460616e6ee92aadb13ae578a
60fbb7de04773f92e16b4ab00664418b8c7dc2decebbbcd93948fe96f51d9dc9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6506
Cache-Control: max-age=147815
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:41 GMT
Etag: "63635912-118"
Expires: Sat, 05 Nov 2022 07:49:16 GMT
Last-Modified: Thu, 03 Nov 2022 06:00:50 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280

www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100

35.186.193.41

200 OK

2.7 kB

URL HTTP/1.1
www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100
IP
35.186.193.41:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
2.7 kB (2657 bytes)
Hash
25fecec5d50ce001cd00a9a1d8cba490
42db68c91519a5317f07e82f5f19d354cdee06d6
1edb790bce20288993dd74f2c665f504e87c2f7973bd943887fff9a4b0eb01ed

HTTP Headers

GET /jump/next.php?r=1041905&sub1=0646614100 HTTP/1.1
Host: www.linkonclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 03 Nov 2022 14:45:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google

www.linkonclick.com/jump/next.php?stamat=m%257C%252Coo2djdjarB1dQO0dEdHP3xP.681%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6bFmvq_XsOZ11dNi5wjwW8w%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100&cbur=0.49299105999630577&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=

35.186.193.41

302 Moved Temporarily

1 B

URL HTTP/1.1
www.linkonclick.com/jump/next.php?stamat=m%257C%252Coo2djdjarB1dQO0dEdHP3xP.681%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6bFmvq_XsOZ11dNi5wjwW8w%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100&cbur=0.49299105999630577&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
IP
35.186.193.41:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /jump/next.php?stamat=m%257C%252Coo2djdjarB1dQO0dEdHP3xP.681%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6bFmvq_XsOZ11dNi5wjwW8w%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100&cbur=0.49299105999630577&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1
Host: www.linkonclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 03 Nov 2022 14:45:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CwiMqIhKuoGU3B5-GH0dEdHP3xP.87c%252CNiDmnyB5S3D4HqjWn8jYT1cAI_prTOPqFK4QaOpcKeHvYXWtP2QZfQWxpeODR5pxeBgZHzRnkefY_UBmTBhyiX_XVBlfYZ0ZYvC-l0ycKaoXBKziO_qwrB57RoCZx5TLttqzsDhlTPRCIpqlVg9UZqFfnDNwrqXxoAyP9iwJP9pOMLyY163aaAtNBWPa-r3apz4SvZ2nedA9MXOcADD8E-r3gGVoI_mdllTkDP5pKS2-5DKQCpIe2eI-PoKVATS6322es6-Eks-URR8TwkI2W2-riLBObvw_vRawKNIB0TkazFXoIKDI01bmpytx-dENWxZCu_DpXFN0o4134Fa16z3v9QQVXnxLTv9Y9ng6vHNWHER-hW5-616hHlNK1jZuW6UMZF-MKQTDInvU__CKdVmofAL3Vu68N8DObDE2qNERJWuY-xDOeWaiT-3yC0kKPOz91UHc4FONf_EsliS9XnhkryoCq0tA_4H9sl4DzKBcR9xhCA7uoF0rpLrqX6dppMceGGm2xmSpedy2C-f9TDouBHrFSpwi13nyuUJZ2RW9XW-rhHimgam7xDNcplFTu6FG2FzRCd3Tx8psVEfiFQ%252C%252C
Via: 1.1 google

www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CwiMqIhKuoGU3B5-GH0dEdHP3xP.87c%252CNiDmnyB5S3D4HqjWn8jYT1cAI_prTOPqFK4QaOpcKeHvYXWtP2QZfQWxpeODR5pxeBgZHzRnkefY_UBmTBhyiX_XVBlfYZ0ZYvC-l0ycKaoXBKziO_qwrB57RoCZx5TLttqzsDhlTPRCIpqlVg9UZqFfnDNwrqXxoAyP9iwJP9pOMLyY163aaAtNBWPa-r3apz4SvZ2nedA9MXOcADD8E-r3gGVoI_mdllTkDP5pKS2-5DKQCpIe2eI-PoKVATS6322es6-Eks-URR8TwkI2W2-riLBObvw_vRawKNIB0TkazFXoIKDI01bmpytx-dENWxZCu_DpXFN0o4134Fa16z3v9QQVXnxLTv9Y9ng6vHNWHER-hW5-616hHlNK1jZuW6UMZF-MKQTDInvU__CKdVmofAL3Vu68N8DObDE2qNERJWuY-xDOeWaiT-3yC0kKPOz91UHc4FONf_EsliS9XnhkryoCq0tA_4H9sl4DzKBcR9xhCA7uoF0rpLrqX6dppMceGGm2xmSpedy2C-f9TDouBHrFSpwi13nyuUJZ2RW9XW-rhHimgam7xDNcplFTu6FG2FzRCd3Tx8psVEfiFQ%252C%252C

35.186.193.41

302 Moved Temporarily

1 B

URL HTTP/1.1
www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CwiMqIhKuoGU3B5-GH0dEdHP3xP.87c%252CNiDmnyB5S3D4HqjWn8jYT1cAI_prTOPqFK4QaOpcKeHvYXWtP2QZfQWxpeODR5pxeBgZHzRnkefY_UBmTBhyiX_XVBlfYZ0ZYvC-l0ycKaoXBKziO_qwrB57RoCZx5TLttqzsDhlTPRCIpqlVg9UZqFfnDNwrqXxoAyP9iwJP9pOMLyY163aaAtNBWPa-r3apz4SvZ2nedA9MXOcADD8E-r3gGVoI_mdllTkDP5pKS2-5DKQCpIe2eI-PoKVATS6322es6-Eks-URR8TwkI2W2-riLBObvw_vRawKNIB0TkazFXoIKDI01bmpytx-dENWxZCu_DpXFN0o4134Fa16z3v9QQVXnxLTv9Y9ng6vHNWHER-hW5-616hHlNK1jZuW6UMZF-MKQTDInvU__CKdVmofAL3Vu68N8DObDE2qNERJWuY-xDOeWaiT-3yC0kKPOz91UHc4FONf_EsliS9XnhkryoCq0tA_4H9sl4DzKBcR9xhCA7uoF0rpLrqX6dppMceGGm2xmSpedy2C-f9TDouBHrFSpwi13nyuUJZ2RW9XW-rhHimgam7xDNcplFTu6FG2FzRCd3Tx8psVEfiFQ%252C%252C
IP
35.186.193.41:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /script/i.php?stamat=m%257C%252C%252CwiMqIhKuoGU3B5-GH0dEdHP3xP.87c%252CNiDmnyB5S3D4HqjWn8jYT1cAI_prTOPqFK4QaOpcKeHvYXWtP2QZfQWxpeODR5pxeBgZHzRnkefY_UBmTBhyiX_XVBlfYZ0ZYvC-l0ycKaoXBKziO_qwrB57RoCZx5TLttqzsDhlTPRCIpqlVg9UZqFfnDNwrqXxoAyP9iwJP9pOMLyY163aaAtNBWPa-r3apz4SvZ2nedA9MXOcADD8E-r3gGVoI_mdllTkDP5pKS2-5DKQCpIe2eI-PoKVATS6322es6-Eks-URR8TwkI2W2-riLBObvw_vRawKNIB0TkazFXoIKDI01bmpytx-dENWxZCu_DpXFN0o4134Fa16z3v9QQVXnxLTv9Y9ng6vHNWHER-hW5-616hHlNK1jZuW6UMZF-MKQTDInvU__CKdVmofAL3Vu68N8DObDE2qNERJWuY-xDOeWaiT-3yC0kKPOz91UHc4FONf_EsliS9XnhkryoCq0tA_4H9sl4DzKBcR9xhCA7uoF0rpLrqX6dppMceGGm2xmSpedy2C-f9TDouBHrFSpwi13nyuUJZ2RW9XW-rhHimgam7xDNcplFTu6FG2FzRCd3Tx8psVEfiFQ%252C%252C HTTP/1.1
Host: www.linkonclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 03 Nov 2022 14:45:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: https://topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=1041905-4051373425-0&sub2=[udid]&sub3=309529620&sub4=126766&sub5=1667486741&sub6=1041905&sub7=NO&sub8=1000&sub9=Blix Solutions&ref_id=166748674110000TNOTV415326358024V3a
Via: 1.1 google

ocsp.usertrust.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
c2b17f7c0b15aa075b09d232a5016608
cd1d90f39992ef65c2d42692bfe932d640e0bf3d
2a64b149ecf36034c2009f40b2f8b01ddfcfcc0aeb7342c01a5837e1cc9703da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 03 Nov 2022 14:45:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 22:07:28 GMT
Expires: Mon, 07 Nov 2022 22:07:27 GMT
Etag: "cd1d90f39992ef65c2d42692bfe932d640e0bf3d"
Cache-Control: max-age=603279,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1456
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7645e5292bd81c16-OSL

topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=1041905-4051373425-0&sub2=[udid]&sub3=309529620&sub4=126766&sub5=1667486741&sub6=1041905&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166748674110000TNOTV415326358024V3a

85.17.54.17

302 Found

182 B

URL HTTP/1.1
topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=1041905-4051373425-0&sub2=[udid]&sub3=309529620&sub4=126766&sub5=1667486741&sub6=1041905&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166748674110000TNOTV415326358024V3a
IP
85.17.54.17:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text
Size
182 B (182 bytes)
Hash
4f5ce4a30734f1d4620c9951548ee3fa
c8f262fd3365b246e9cd679385faef874bb68d9b
a6dc5836c382190c9e484c7fa34e40cfb025f703fd9e95c2ab4e91d4baa2dbb9

HTTP Headers

GET /631d71ca60776e00012e0e8f?sub1=1041905-4051373425-0&sub2=[udid]&sub3=309529620&sub4=126766&sub5=1667486741&sub6=1041905&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166748674110000TNOTV415326358024V3a HTTP/1.1
Host: topsolutions.rdtk.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Thu, 03 Nov 2022 14:45:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 182
Connection: keep-alive
Location: https://adverster.g2afse.com/click?pid=364&offer_id=140&sub4=1041905-4051373425-0&ref_id=6363d4156177e20001cd493d&sub2=5cc839de65115c0001015b85
Referer: 
Referrer-Policy: no-referrer
Set-Cookie: redhash=NjM2M2Q0MTU2MTc3ZTIwMDAxY2Q0OTNkfDB8NjMxZDcxY2E2MDc3NmUwMDAxMmUwZThmfHw0OTAyZGY4Ni01MGM1LTQ3MmItOTFlMS04NWUxMTZlMmE5MTV8MTY2NzQ4Njc0MQ==; Path=/; Domain=topsolutions.rdtk.io; Expires=Fri, 03 Nov 2023 14:45:41 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
371281c859dce2fa5d41d72ed2f33c34
47ad82c18381adf2f10a21d6d034b4d1112a200d
c5a9248c02107664bf470e28c3a72afde398e114081cd5d96529ff267bc6f258

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5916
Cache-Control: max-age=121342
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:42 GMT
Etag: "6362f3f8-138"
Expires: Sat, 05 Nov 2022 00:28:04 GMT
Last-Modified: Wed, 02 Nov 2022 22:49:28 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 312

adverster.g2afse.com/click?pid=364&offer_id=140&sub4=1041905-4051373425-0&ref_id=6363d4156177e20001cd493d&sub2=5cc839de65115c0001015b85

34.91.145.202

302 Found

0 B

URL HTTP/2
adverster.g2afse.com/click?pid=364&offer_id=140&sub4=1041905-4051373425-0&ref_id=6363d4156177e20001cd493d&sub2=5cc839de65115c0001015b85
IP
34.91.145.202:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=364&offer_id=140&sub4=1041905-4051373425-0&ref_id=6363d4156177e20001cd493d&sub2=5cc839de65115c0001015b85 HTTP/1.1
Host: adverster.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-length: 0
location: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6363d416ac00210001b51ff1; expires=Fri, 03 Nov 2023 14:45:42 GMT; secure; SameSite=None
afoffers={"140":1667486742}; expires=Fri, 03 Nov 2023 14:45:42 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f52e2443620b9ca6bc8490d6259214
c44d5ce5a31076d475663af11a73318b340d7272
f75c4138517c1cbab6310f0a3ae49caff31e04160d474e1678e717e855047233

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F75C4138517C1CBAB6310F0A3AE49CAFF31E04160D474E1678E717E855047233"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1850
Expires: Thu, 03 Nov 2022 15:16:32 GMT
Date: Thu, 03 Nov 2022 14:45:42 GMT
Connection: keep-alive

popmyads.com/gget

104.21.54.194

302 Found

471 B

URL HTTP/2
popmyads.com/gget
IP
104.21.54.194:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e539fa08ddc0ce1396c84ecc16c2bec7
69414e0693690cc9cc14b48b2f952efe942198d5
b6609b24198f2c6c9eefaa3b1cb2f2db9dd8b81c6a7135a5b46c3a9a165c8266

HTTP Headers

POST /gget HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 517
Origin: https://popmyads.com
Connection: keep-alive
Referer: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
date: Thu, 03 Nov 2022 14:45:41 GMT
content-type: text/html; charset=UTF-8
location: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Thu, 03-Nov-2022 14:45:43 GMT; Max-Age=2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FnfviGsvwcaZDpjp%2Fq4VRRn%2FE4NUB0hqYYWDmsZutpBL2gU0hY9lrFuKsZJQo5DpFTk4mwe2yXUyCk2%2BS5yaVqdfEbNi9QFHodI8%2FHejjCTFdSkkwW744qQudrn2VE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7645e5251cee0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

104.21.54.194

200 OK

92 kB

URL HTTP/2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP
104.21.54.194:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
92 kB (92197 bytes)
Hash
1328832f6c5d2c814bc89a3c9f0034a2
f67ab1b1d8caede934efba6f48d9862e85b5f174
7dfd40af85d104d49c67154cc74f8c2cba114ab1e56ea63b19df2bfad55c2638

HTTP Headers

GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 03 Nov 2022 14:45:41 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3wVTDmDx9DDFWc4gKaEK6BLoikoEgpFl1B%2FSY7DMKpWSSuMUn1hLB84K9MmP%2BMuY9C2qx8XjKY6S2tm5WCpaD2B%2BdPJARAhQytM6XhbWAS%2BpvaynuqhimrvtKh9t%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7645e5246c090b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

free3dgame.xyz/files/desc.jpg

146.190.28.107

200 OK

517 kB

URL HTTP/2
free3dgame.xyz/files/desc.jpg
IP
146.190.28.107:0
ASN
#0

File type
JPEG image data, progressive, precision 8, 3360x1882, components 3\012- data
Size
517 kB (517070 bytes)
Hash
abd6f700139d33406e689ae523063675
6fa1dd814d4c2d6a770e644c5aa0a0d7facdeba0
99f3f7d43320f66092019658c89c57d8a0bb5b748b9841384c4324acab71cc52

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/desc.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: image/jpeg
content-length: 517070
last-modified: Tue, 24 May 2022 11:29:05 GMT
etag: "628cc181-7e3ce"
expires: Sat, 03 Dec 2022 14:45:42 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

free3dgame.xyz/files/mob.jpg

146.190.28.107

200 OK

294 kB

URL HTTP/2
free3dgame.xyz/files/mob.jpg
IP
146.190.28.107:0
ASN
#0

File type
JPEG image data, progressive, precision 8, 1182x2100, components 3\012- data
Size
294 kB (294511 bytes)
Hash
6293f6397f0fc4f54cdee9f1016aa620
e1fe2d942487529eef53fc77e5eae9b518ec2944
657405356cbcd646c8090fdb0dbc62755bea4b1b2b0fae0fdade66a4af776f2b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/mob.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: image/jpeg
content-length: 294511
last-modified: Tue, 24 May 2022 11:28:39 GMT
etag: "628cc167-47e6f"
expires: Sat, 03 Dec 2022 14:45:42 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e539fa08ddc0ce1396c84ecc16c2bec7
69414e0693690cc9cc14b48b2f952efe942198d5
b6609b24198f2c6c9eefaa3b1cb2f2db9dd8b81c6a7135a5b46c3a9a165c8266

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Archivo:wght@400;600&display=swap

142.250.74.10

200 OK

40 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Archivo:wght@400;600&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
40 kB (40276 bytes)
Hash
708da6335c7ac373668869616b3dfa7b
9df23e592dcbe549e08ffa19e10bdde26be7a5fc
0b6560af787804f10351ec70be4750876a264e52cd166e5a5ad305d35e01b9f4

HTTP Headers

GET /css2?family=Archivo:wght@400;600&amp;display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 03 Nov 2022 14:45:42 GMT
date: Thu, 03 Nov 2022 14:45:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b15f7682b457e5834de92ef3c85ea1ea
cc5387f279481cc0d3269922912add491abfc0e8
33b00b3c9f71cd2df7127c04aef4e4477c5007e615125b5a1331643954dbee93

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b15f7682b457e5834de92ef3c85ea1ea
cc5387f279481cc0d3269922912add491abfc0e8
33b00b3c9f71cd2df7127c04aef4e4477c5007e615125b5a1331643954dbee93

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 03 Nov 2022 14:45:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

free3dgame.xyz/files/main.css

146.190.28.107

200 OK

33 kB

URL HTTP/2
free3dgame.xyz/files/main.css
IP
146.190.28.107:0
ASN
#0

File type
data
Size
33 kB (32907 bytes)
Hash
45a1ebbb14488458fdca87ee9d31ec84
911fc66366854ace17d8f1c2b7521ec8853a6c62
dc23eaf2c9c3d99b98bdd91ef11c5c9d9141d5ed915b808ed05f8a22cf0c654c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/main.css HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: text/css
last-modified: Wed, 25 May 2022 07:54:53 GMT
vary: Accept-Encoding
etag: W/"628de0cd-11de"
expires: Fri, 04 Nov 2022 02:45:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

free3dgame.xyz/files/jquery.min.js

146.190.28.107

200 OK

35 kB

URL HTTP/2
free3dgame.xyz/files/jquery.min.js
IP
146.190.28.107:0
ASN
#0

File type
data
Size
35 kB (34960 bytes)
Hash
d9529b0bda7db58ccde7eb769de32bae
d0e9e01e674be628cb21aaf109f4c583006f9976
184fcc4f4294104e966a8a8c613fea5327cb544aef1acbafe3f3aab75af3a8a4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/jquery.min.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 10:25:01 GMT
vary: Accept-Encoding
etag: W/"628cb27d-15851"
expires: Fri, 04 Nov 2022 02:45:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

free3dgame.xyz/files/apple-touch-icon.png

146.190.28.107

200 OK

9.4 kB

URL HTTP/2
free3dgame.xyz/files/apple-touch-icon.png
IP
146.190.28.107:0
ASN
#0

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
9.4 kB (9390 bytes)
Hash
049ac8181fb1c147054e1ec9ae763d70
565397e7f0a82d7c31abccddbd9a310fddb3591d
6812893aafb0fdffa269b19ed588193637747a850b3d20ac51c38d09ccffdc95

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/apple-touch-icon.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: image/png
content-length: 9390
last-modified: Tue, 24 May 2022 10:25:37 GMT
etag: "628cb2a1-24ae"
expires: Sat, 03 Dec 2022 14:45:42 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

free3dgame.xyz/files/favicon-16x16.png

146.190.28.107

200 OK

493 B

URL HTTP/2
free3dgame.xyz/files/favicon-16x16.png
IP
146.190.28.107:0
ASN
#0

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
493 B (493 bytes)
Hash
a2a4b5d7c260fd7b81ea7daa0922c45c
736f12c449c0d7b8809bd0efc96a041b2dd0b377
80a2bb3256c6169c7b0784d69b3f199510a9e345bbff1f7480ac209fcd985b78

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/favicon-16x16.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: image/png
content-length: 493
last-modified: Tue, 24 May 2022 10:22:25 GMT
etag: "628cb1e1-1ed"
expires: Sat, 03 Dec 2022 14:45:42 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68776550-80bb-42be-9be2-eb62bcccccc1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11437 bytes)
Hash
3fe3ed0509ad6dbbf9e911a1154a3bc0
221b2d7a48090242bffda933cfa9f7ff3932d92a
415b3782419e0157a9a522f98bfc32dd133a374546ab1b57954e2cb37ec6554d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68776550-80bb-42be-9be2-eb62bcccccc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11437
x-amzn-requestid: 52f99e39-e3f4-450c-ac61-e613cb1e7a08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a_iCaHvYoAMFRmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362e3a8-3b8d8f595238263410e90feb;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 21:39:52 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QLBG44y9BzR83aEu7oqlxZHCVcd1K5qhBddrsujZoKS-Jbzc2Pm3eg==
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 02 Nov 2022 21:44:36 GMT
age: 61271
etag: "221b2d7a48090242bffda933cfa9f7ff3932d92a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364

146.190.28.107

200 OK

0 B

URL HTTP/2
free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
IP
146.190.28.107:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364 HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: text/html
last-modified: Tue, 24 May 2022 17:49:19 GMT
vary: Accept-Encoding
etag: W/"628d1a9f-730"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

free3dgame.xyz/files/lang.js

146.190.28.107

200 OK

0 B

URL HTTP/2
free3dgame.xyz/files/lang.js
IP
146.190.28.107:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/lang.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6363d416ac00210001b51ff1&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=1041905-4051373425-0&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 03 Nov 2022 14:45:42 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:43:28 GMT
vary: Accept-Encoding
etag: W/"628cd2f0-1f66"
expires: Fri, 04 Nov 2022 02:45:42 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations