Report - transfer.sh/CtD4p4/richardtools.hta

Report Overview

Submitted URL
transfer.sh/CtD4p4/richardtools.hta
IP
144.76.136.153
ASN
#24940 Hetzner Online GmbH
Submitted
2023-03-28 12:45:08
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
5
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-29T11:19:48Z	1.5 kB	46 kB	142.250.74.35
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
camo.githubusercontent.com	23365	2014-11-08T20:44:23Z	2023-03-28T15:57:50Z	578 B	8.6 kB	185.199.108.133
transfer.sh	404333	2015-07-06T01:06:10Z	2023-03-29T07:26:45Z	3.0 kB	314 kB	144.76.136.153
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-29T05:09:04Z	1.4 kB	2.8 kB	142.250.74.3
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-29T10:13:53Z	796 B	2.6 kB	142.250.74.74
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.2 kB	57 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	2.4 kB	6.2 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413 B	5.9 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-28 12:45:18	medium	Client IP	Internal IP	ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh)
2023-03-28 12:45:18	low	Client IP	Internal IP	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)
2023-03-28 12:45:18	medium	Client IP	Internal IP	ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh)
2023-03-28 12:45:18	low	Client IP	Internal IP	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)
2023-03-28 12:45:18	low	Client IP	144.76.136.153	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	transfer.sh/scripts/vendor/modernizr.js	11 kB	2023-03-07	2024-04-17
Pretty URL transfer.sh/scripts/vendor/modernizr.js IP 144.76.136.153 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:26 Last Seen2024-04-17 13:58:04 Times Seen1710 Hash 1167e9d01ba4947354c13b262fb5933d bfd0268e4204c37d9fdd7df76b63f35582b25641 1a7c584616a7e60c85ab2cf672dfa659ed515205a5106b415be2ca4af06e937d Loading...

	transfer.sh/CtD4p4/richardtools.hta	602 B	2023-03-07	2023-09-27
Pretty URL transfer.sh/CtD4p4/richardtools.hta IP 144.76.136.153 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:26 Last Seen2023-09-27 21:21:00 Times Seen42 Hash 71f0e85e9fcc7285384995553c851060 6bc8fa087b00b8b4cdb383ddbe8474b3fc490467 527c3fb14b4e948326a53fa6ace0ee91e5e75845793e5cca929f7fbcd2f312b6 Loading...

	transfer.sh/CtD4p4/richardtools.hta	362 B	2023-03-07	2024-03-04
Pretty URL transfer.sh/CtD4p4/richardtools.hta IP 144.76.136.153 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:26 Last Seen2024-03-04 09:12:35 Times Seen211 Hash 5c6fcde28e4b58c44dd8a8f96031411a 2b8f4ede7af19e732e65d23d0e5ce8b637c6659f 076bfe420b31858c93d34cce2368488bb29a0e566026954be378e6c3d9a4cd8f Loading...

	transfer.sh/scripts/main.js	146 kB	2023-03-07	2024-04-07
Pretty URL transfer.sh/scripts/main.js IP 144.76.136.153 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:26 Last Seen2024-04-07 09:37:25 Times Seen607 Hash 3168282c2a8e5c8a1f67930bec8cec24 96b1a0b230e76d4499cd9787613142ac9bca5702 0b1ad7d101cdb88226bb0d2ed6c179bb433d223fc1305cda6d74ba89ed2c876d Loading...

HTTP Transactions (34)

	URL	IP	Response	Size
	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash c83d39f350161ed2f5d20dcd68e47c92 2695a888e652cb314f8094cc6073c3364336d272 62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC" Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11789 Expires: Tue, 28 Mar 2023 16:01:27 GMT Date: Tue, 28 Mar 2023 12:44:58 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 93f633ce30c038eb581544323c5a971e 2f60526cb750c6babccc207f75fb5a8ae6f7598b 0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8" Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8953 Expires: Tue, 28 Mar 2023 15:14:11 GMT Date: Tue, 28 Mar 2023 12:44:58 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 9f56a59fa5f71bca2eac778435d7df17 fb7da5efd74658db87c35b81afc631b093ff3aa9 5f66b5e2d3cf0d4b4d3443749340e2521549bdc0be9fa069e01541d2d48a8adb HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "5F66B5E2D3CF0D4B4D3443749340E2521549BDC0BE9FA069E01541D2D48A8ADB" Last-Modified: Sun, 26 Mar 2023 23:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5833 Expires: Tue, 28 Mar 2023 14:22:11 GMT Date: Tue, 28 Mar 2023 12:44:58 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/	35.241.9.150	200 OK	939 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/ IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size 939 B (939 bytes) Hash 29fdbcd53b5646cfcdd46510063734c4 85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e 24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18 HTTP Headers `GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Alert, Content-Type, Backoff, Retry-After, Content-Length content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Tue, 28 Mar 2023 12:15:51 GMT content-type: application/json age: 1747 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 5ad3eec59bebbf969f175627757507c1 b176af3a70db378c9e1f219bab24d9d446070d6f 704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E" Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=17127 Expires: Tue, 28 Mar 2023 17:30:25 GMT Date: Tue, 28 Mar 2023 12:44:58 GMT Connection: keep-alive`

	content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain	34.160.144.191	200 OK	5.3 kB
URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain IP 34.160.144.191:0 ASN #15169 GOOGLE File type PEM certificate\012- , ASCII text Size 5.3 kB (5348 bytes) Hash e7bace7c1e04d44012e37ddffe36e5d5 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2 HTTP Headers `GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK x-amz-id-2: 6M/ztjw1776aDMjpIjwd6Ec3D7Ozsa3JyHvwWL4WV3156aKbiXs83EldbhPyrD1385zO8Gsm9dw= x-amz-request-id: M7XHK477KCA68Y24 x-amz-server-side-encryption: AES256 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Tue, 28 Mar 2023 12:02:02 GMT age: 2576 last-modified: Sat, 11 Mar 2023 16:53:15 GMT etag: "e7bace7c1e04d44012e37ddffe36e5d5" content-type: binary/octet-stream cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2

	contile.services.mozilla.com/v1/tiles	34.117.237.239	200 OK	12 B
URL HTTP/2 contile.services.mozilla.com/v1/tiles IP 34.117.237.239:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with no line terminators Size 12 B (12 bytes) Hash 23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 HTTP Headers `GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Tue, 28 Mar 2023 12:44:58 GMT content-type: application/json content-length: 12 vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-credentials: true access-control-expose-headers: content-type strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	camo.githubusercontent.com/38ef81f8aca64bb9a64448d0d70f1308ef5341ab/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67	185.199.108.133	200 OK	7.8 kB
URL HTTP/2 camo.githubusercontent.com/38ef81f8aca64bb9a64448d0d70f1308ef5341ab/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67 IP 185.199.108.133:0 ASN #54113 FASTLY File type PNG image data, 149 x 149, 8-bit/color RGBA, non-interlaced\012- data Size 7.8 kB (7791 bytes) Hash 5b6b3233153feca50a94aa6c60873a5f 720f49170967eec73248aaf0e8f6325b21802f0d edad626528bbd55bca8926924a4697daddc1acc7bea62ea731d1e6673e9f749c HTTP Headers GET /38ef81f8aca64bb9a64448d0d70f1308ef5341ab/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67 HTTP/1.1 Host: camo.githubusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers HTTP/2 200 OK cache-control: public, max-age=31536000 content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline' content-type: image/png last-modified: Fri, 19 Dec 2008 08:32:39 GMT server: github-camo (325d2008) strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block x-github-request-id: 4426:2220:F55B0:113B83:6406ADFC accept-ranges: bytes date: Tue, 28 Mar 2023 12:44:58 GMT via: 1.1 varnish age: 1848141 x-served-by: cache-bma1637-BMA x-cache: HIT x-cache-hits: 3 x-timer: S1680007498.434665,VS0,VE0 x-fastly-request-id: 666e4bfb7d943072ca3667116b73adf0153292c0 timing-allow-origin: https://github.com content-length: 7791 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash d2d4415f4eeb34e663d209eeddd8d25d 5d239718d7235d1f62e10d7d381c5a063e94c73a cc35be0a21b7442cc2628ea8cd42023f81eb2deea66e5149a22776228b105213 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 28 Mar 2023 12:44:58 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash d2d4415f4eeb34e663d209eeddd8d25d 5d239718d7235d1f62e10d7d381c5a063e94c73a cc35be0a21b7442cc2628ea8cd42023f81eb2deea66e5149a22776228b105213 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 28 Mar 2023 12:44:58 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fonts.googleapis.com/css?family=Droid+Sans+Mono	142.250.74.74	200 OK	757 B
URL HTTP/2 fonts.googleapis.com/css?family=Droid+Sans+Mono IP 142.250.74.74:0 ASN #15169 GOOGLE File type data Size 757 B (757 bytes) Hash a532cf7dd8021490d7faa8e2b8e044bd 5183a74b61ce00c87e51441232694193a9198717 2980bd0e24f09fd0d86698d6e271a7a0c75a4579fca3ee6fbc0ebc662efee8e8 HTTP Headers `GET /css?family=Droid+Sans+Mono HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Tue, 28 Mar 2023 12:44:58 GMT date: Tue, 28 Mar 2023 12:44:58 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	transfer.sh/styles/main.css	144.76.136.153	200 OK	135 kB
URL HTTP/2 transfer.sh/styles/main.css IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type ASCII text, with very long lines (65536), with no line terminators Size 135 kB (134646 bytes) Hash 083dd08702d71bad63ee604f187c19bf 7f4b0d3ce1b19ff1aecc30061023dc5f5dc64ee3 7ee30c7ae34b039d1459bddb24e7493f992781daa842e7e5570108288f53cf97 HTTP Headers `GET /styles/main.css HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/CtD4p4/richardtools.hta Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: text/css; charset=utf-8 content-length: 134646 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 11:37:06 GMT x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	transfer.sh/scripts/vendor/modernizr.js	144.76.136.153	200 OK	11 kB
URL HTTP/2 transfer.sh/scripts/vendor/modernizr.js IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type HTML document, ASCII text, with very long lines (10785), with no line terminators Size 11 kB (10785 bytes) Hash 1167e9d01ba4947354c13b262fb5933d bfd0268e4204c37d9fdd7df76b63f35582b25641 1a7c584616a7e60c85ab2cf672dfa659ed515205a5106b415be2ca4af06e937d HTTP Headers `GET /scripts/vendor/modernizr.js HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/CtD4p4/richardtools.hta Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: text/javascript; charset=utf-8 content-length: 10785 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 11:37:06 GMT x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	transfer.sh/images/Logo-orange.png	144.76.136.153	200 OK	9.1 kB
URL HTTP/2 transfer.sh/images/Logo-orange.png IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type PNG image data, 1000 x 126, 8-bit colormap, non-interlaced\012- data Size 9.1 kB (9074 bytes) Hash 20dddb5da8625839af8fb0d33080640d cf9b6ec17aa2c3ba2eaff4ec15ca421dab3ce768 5a54776361c8ea5bfd434f0199f43756320886db8e93a3fe3b6ac57bca82f1d8 HTTP Headers `GET /images/Logo-orange.png HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/CtD4p4/richardtools.hta Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: image/png content-length: 9074 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 11:37:06 GMT x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	transfer.sh/scripts/main.js	144.76.136.153	200 OK	146 kB
URL HTTP/2 transfer.sh/scripts/main.js IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators Size 146 kB (146191 bytes) Hash 3168282c2a8e5c8a1f67930bec8cec24 96b1a0b230e76d4499cd9787613142ac9bca5702 0b1ad7d101cdb88226bb0d2ed6c179bb433d223fc1305cda6d74ba89ed2c876d HTTP Headers `GET /scripts/main.js HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/CtD4p4/richardtools.hta Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: text/javascript; charset=utf-8 content-length: 146191 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 11:37:06 GMT x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash a740252e7b24892a3e34f6dfed6e3bde d44d21abb95edd1ccc775632254f11ee94fb585e e289995a2b4b340364dd7dfa32c79c7722ece6cc4b893b38fc68bbce680d2f94 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "E289995A2B4B340364DD7DFA32C79C7722ECE6CC4B893B38FC68BBCE680D2F94" Last-Modified: Mon, 27 Mar 2023 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=21487 Expires: Tue, 28 Mar 2023 18:43:05 GMT Date: Tue, 28 Mar 2023 12:44:58 GMT Connection: keep-alive`

	ocsp.pki.goog/gts1c3	142.250.74.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 7927fa1bac0e5bcc27ed32b6b5107bd3 68da43f59df9c524940efc35f40e3599b9a1995b f48f276b9dee3b509dd0554b8e660039fe61020bd793cbf9a0381d3e5f76ae59 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 28 Mar 2023 12:44:58 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2	142.250.74.35	200 OK	13 kB
URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 IP 142.250.74.35:0 ASN #15169 GOOGLE File type Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data Size 13 kB (12956 bytes) Hash 1c772d9d0531b187db80bcfc199c1786 c0c04fb334190e10dffed0dcc5c817c2a6041a15 122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade HTTP Headers `GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://transfer.sh Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 12956 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 24 Mar 2023 10:26:53 GMT expires: Sat, 23 Mar 2024 10:26:53 GMT cache-control: public, max-age=31536000 last-modified: Wed, 27 Apr 2022 16:54:52 GMT content-type: font/woff2 age: 353885 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/droidsansmono/v20/6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2	142.250.74.35	200 OK	18 kB
URL HTTP/2 fonts.gstatic.com/s/droidsansmono/v20/6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2 IP 142.250.74.35:0 ASN #15169 GOOGLE File type Web Open Font Format (Version 2), TrueType, length 18400, version 1.0\012- data Size 18 kB (18400 bytes) Hash bca50bf4a4e3b8abac8f1665032dfe34 edcb128ece330477d413d42a7fdb081cfb95f39e 1a8e7108949ee83e8eeadd9cd0ed0f98bd8870f2afa75c26ccdc9e795fb58e30 HTTP Headers `GET /s/droidsansmono/v20/6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://transfer.sh Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 18400 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 28 Mar 2023 11:23:08 GMT expires: Wed, 27 Mar 2024 11:23:08 GMT cache-control: public, max-age=31536000 last-modified: Tue, 19 Apr 2022 17:56:00 GMT content-type: font/woff2 age: 4910 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2	142.250.74.35	200 OK	13 kB
URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2 IP 142.250.74.35:0 ASN #15169 GOOGLE File type Web Open Font Format (Version 2), TrueType, length 12680, version 1.0\012- data Size 13 kB (12680 bytes) Hash 7996b24caa1cfc66f4f15a949e974826 2523f1ff45314e977722ef1e477e34d0b2390a07 570fccbb23e47f3f48767d3b6199198988328bac118fd6933def8f5fb4478472 HTTP Headers `GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://transfer.sh Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 12680 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 24 Mar 2023 10:27:03 GMT expires: Sat, 23 Mar 2024 10:27:03 GMT cache-control: public, max-age=31536000 last-modified: Wed, 27 Apr 2022 16:05:50 GMT content-type: font/woff2 age: 353875 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	transfer.sh/fonts/transfersh.woff	144.76.136.153	200 OK	3.1 kB
URL HTTP/2 transfer.sh/fonts/transfersh.woff IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type Web Open Font Format, CFF, length 3060, version 1.0\012- data Size 3.1 kB (3060 bytes) Hash cabfd85984a9595ec5217b87afe6b743 8fc07314540a7e281b4dd83661994b1886e230c2 da0a988fdcd19ac15c792e72f8f9807b55b1b6cc6db081ff4b6ca880b703713d HTTP Headers `GET /fonts/transfersh.woff HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: https://transfer.sh/styles/main.css Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: font/woff content-length: 3060 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 11:37:06 GMT x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.3	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.3:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 7927fa1bac0e5bcc27ed32b6b5107bd3 68da43f59df9c524940efc35f40e3599b9a1995b f48f276b9dee3b509dd0554b8e660039fe61020bd793cbf9a0381d3e5f76ae59 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 28 Mar 2023 12:44:58 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US	35.241.9.150	200 OK	329 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size 329 B (329 bytes) Hash 0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 HTTP Headers `GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Retry-After, Content-Length, Backoff, Pragma, Last-Modified, Cache-Control, Alert, Content-Type, ETag, Expires content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Tue, 28 Mar 2023 12:14:35 GMT age: 1823 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" content-type: application/json cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2

	fonts.googleapis.com/css?family=Source+Sans+Pro:100,200,300	142.250.74.74	200 OK	595 B
URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:100,200,300 IP 142.250.74.74:0 ASN #15169 GOOGLE File type ASCII text Size 595 B (595 bytes) Hash d6ef4e2f936da05dbeec497b8ba1b98d 59f648e415c6baf456f6563665fe4445d9571826 639f760c7ff02e98550a25d8322486bded93357e0032d9c00173f2c9d02b2975 HTTP Headers `GET /css?family=Source+Sans+Pro:100,200,300 HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Tue, 28 Mar 2023 12:44:58 GMT date: Tue, 28 Mar 2023 12:44:58 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	transfer.sh/favicon.ico	144.76.136.153	200 OK	7.7 kB
URL HTTP/2 transfer.sh/favicon.ico IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type MS Windows icon resource - 1 icon, 75x75, 8 bits/pixel\012- data Size 7.7 kB (7686 bytes) Hash 3e6539d4bd26ce0b58dd275bcc5db0ea fe53e0eda7946bdc33f703fea4b52724f1a9283a e27519877e9a69cae23b28baeecf1be5df7802d4b02e498bf7862448abcdce7a HTTP Headers `GET /favicon.ico HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://transfer.sh/CtD4p4/richardtools.hta Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: image/vnd.microsoft.icon content-length: 7686 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 11:37:06 GMT x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash be1cd1cf8e462ca6f6acb2f132e614d5 037f3bc7ab850fa2c69f2584bb24340b25bb6f3c e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA" Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5945 Expires: Tue, 28 Mar 2023 14:24:05 GMT Date: Tue, 28 Mar 2023 12:45:00 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.77.32	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash be1cd1cf8e462ca6f6acb2f132e614d5 037f3bc7ab850fa2c69f2584bb24340b25bb6f3c e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA" Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5945 Expires: Tue, 28 Mar 2023 14:24:05 GMT Date: Tue, 28 Mar 2023 12:45:00 GMT Connection: keep-alive`

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg	34.120.237.76	200 OK	12 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 12 kB (11894 bytes) Hash ee9c83faa5fdb77ba988a41207800b0e 4ac4c600767de39c5134cb97f78fcb29a681ee18 9039f7232ada16ae6d8a447225a15ef949c705a6f9e7aa20b367d001cd88c94f HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 11894 x-amzn-requestid: 8b0857c4-1333-45b7-84de-cf3ea7a3240e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CdburGzXoAMF2Cw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-64220cc4-005cc42d48948a3e0ef56b08;Sampled=0 x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:12 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Miss from cloudfront x-amz-cf-id: fw1M0poEZrxuB51jVwizwBuvn_JY1jaEFXGsRor3wj-OSCfU-lUuIQ== via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google date: Mon, 27 Mar 2023 22:05:18 GMT etag: "4ac4c600767de39c5134cb97f78fcb29a681ee18" content-type: image/jpeg age: 52782 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg	34.120.237.76	200 OK	4.0 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 4.0 kB (4000 bytes) Hash 85351059b67b0a42eda7e69a31b3b4b4 b798268806dc2f79f033e5872676019faf0e0cc1 86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 4000 x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CJpraEqyoAMFgNQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0 x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ== via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google date: Tue, 28 Mar 2023 10:12:21 GMT age: 9159 etag: "b798268806dc2f79f033e5872676019faf0e0cc1" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg	34.120.237.76	200 OK	9.0 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 9.0 kB (8961 bytes) Hash 789f11978a1149984408fbbb9a2b3f81 078bd523107096bab5e26d42b18e316c253f1ca7 7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 8961 x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CdbqBGl0IAMFy4w= x-content-type-options: nosniff x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0 x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: Xz5zjv-po5mgSFz_kkZZ5Hvw9SxY-3d-J2DpvFWxM-iI4jXTsUbiyg== via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google date: Tue, 28 Mar 2023 10:16:22 GMT age: 8918 etag: "078bd523107096bab5e26d42b18e316c253f1ca7" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg	34.120.237.76	200 OK	11 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 11 kB (10744 bytes) Hash ada29e049501b12a35b0bcc5f68e3e57 5c1ba9bffbcc9007e7f119dbb3197db34a12f8da b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 10744 x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CdbogF0poAMFTAg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0 x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Miss from cloudfront x-amz-cf-id: KAI78tfv0ATn1DQvBGyodBs9UWsIGdj1Fa50KowbUAO4ab2ceaYhMw== via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google date: Mon, 27 Mar 2023 21:49:26 GMT age: 53734 etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg	34.120.237.76	200 OK	7.5 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 7.5 kB (7537 bytes) Hash 5fdd8a3f935830ca9e5ffdb5824acebc 39caaddec703fdad962d03fff8687bad2c1df4ad 6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 7537 x-amzn-requestid: 2fb06f69-4757-4ba5-9f20-6e829127b931 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CdbqWETgoAMFV5g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-64220ca8-6421e38b3a0ac0590ffa8b52;Sampled=0 x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:44 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: JZfiBSqQdWXqpaxSlepC6hEJ888ja6o10GW0KziDifD8KdTmDTn0eQ== via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google date: Mon, 27 Mar 2023 22:05:18 GMT age: 52782 etag: "39caaddec703fdad962d03fff8687bad2c1df4ad" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg	34.120.237.76	200 OK	7.4 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 7.4 kB (7426 bytes) Hash 1da68df9d96e2758e37b9f15daab027b 5ff19ed6dc5752aa4b15fb88da972b736fd55783 ad924425946dbdf309c764e7097e676185516301feb7722b30d95ffd50b4353f HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53327ce0-8541-4bc8-bd51-59cee099b396.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 7426 x-amzn-requestid: 85a30298-4613-4a96-bdba-0899fe9f9475 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CdcsgGZsoAMFQkw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-64220e4f-10db431e7632048d7b15e0ec;Sampled=0 x-amzn-remapped-date: Mon, 27 Mar 2023 21:44:47 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Miss from cloudfront x-amz-cf-id: JDa9YUJ9xo5mo8tb7poZC8XJDp6USTidZjWEwTZCrioJxR7vur6uJw== via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google date: Mon, 27 Mar 2023 22:00:12 GMT age: 53088 etag: "5ff19ed6dc5752aa4b15fb88da972b736fd55783" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	transfer.sh/CtD4p4/richardtools.hta	144.76.136.153	200 OK	0 B
URL HTTP/2 transfer.sh/CtD4p4/richardtools.hta IP 144.76.136.153:0 ASN #24940 Hetzner Online GmbH File type Size 0 B (0 bytes) Hash HTTP Headers `GET /CtD4p4/richardtools.hta HTTP/1.1 Host: transfer.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1` `HTTP/2 200 OK server: nginx/1.18.0 date: Tue, 28 Mar 2023 12:44:58 GMT content-type: text/html; charset=utf-8 x-made-with: <3 by DutchCoders x-served-by: Proudly served by DutchCoders strict-transport-security: max-age=63072000 content-encoding: gzip X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (34)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type