Report - networthnow.org/paige-vanzant-onlyfans-net-worth

Report Overview

Visitedpublic

2024-07-15 13:50:40

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vjs.zencdn.net	4968	2011-12-27	2012-05-21 10:26:59	2024-07-14 17:13:58	412 B	7.5 kB	151.101.130.217
chest.cdntoswitchspirit.com	unknown	2024-04-29	2024-05-08 09:27:10	2024-05-28 12:29:34	424 B	20 kB	172.67.209.227
records.perfectlinestarter.com	unknown	unknown	No data	No data	419 B	20 kB	172.67.144.219
www.yametric.com	unknown	2023-12-17	2023-12-17 23:23:49	2024-05-24 12:16:49	400 B	26 kB	172.67.216.63
cdn.rdntocdns.com	unknown	unknown	No data	No data	502 B	6.4 kB	45.9.149.210
bluestepcherry.com	unknown	unknown	No data	No data	1.1 kB	19 kB	104.21.58.244
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-14 18:12:33	2.9 kB	8.0 kB	23.36.76.226
networthnow.org	unknown	2023-06-05	2023-06-05 15:43:24	2024-03-21 10:16:09	3.4 kB	2.0 kB	52.57.221.121
www.ezojs.com	41202	2017-10-23	2017-11-17 08:37:11	2024-07-13 17:52:22	1.7 kB	394 kB	104.21.63.106
the.gatekeeperconsent.com	unknown	2023-03-07	2023-03-10 22:46:24	2024-07-14 18:51:04	631 B	870 B	172.67.199.186
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-14 18:16:24	325 B	700 B	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-15 13:50:23	high	Client IP	45.9.149.210	ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-15	medium	cdntoswitchspirit.com	Sinkholed
2024-07-15	medium	rdntocdns.com	Sinkholed
2024-07-15	medium	bluestepcherry.com	Sinkholed
2024-07-15	medium	bluestepcherry.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-06-08	medium	cdn.rdntocdns.com	Unknown malware

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas	ScriptElement	8.2 kB	2024-08-19	2024-08-19
URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas IP / ASN 104.21.58.244 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 8.2 kB (8247 bytes) MD5 6eed9f089de57af8af9a13b802702b56 SHA1 22324ea38f7e34b972a4d3a5883391a078b0556f SHA256 575610282a29b911818cc266e2e3b82778c07e37e586ed726972019b81227c9e Format Code Loading...

HTTP Transactions (26)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-13

Last Seen2024-08-19

Times Seen41364

Size504 B (504 bytes)

MD559f504b373ca5c60694d89699bf99f9d

SHA198d3531909c87a27c1cedcda49b9450cb398bdc7

SHA2567cd67c1e38bf7cf396230f1f4ca4d83bd04fedd7d1258139ecfceda994200568

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7CD67C1E38BF7CF396230F1F4CA4D83BD04FEDD7D1258139ECFCEDA994200568"
Last-Modified: Sat, 13 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10755
Expires: Mon, 15 Jul 2024 16:49:29 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-14

Last Seen2024-08-19

Times Seen9282

Size504 B (504 bytes)

MD571d8b1aa21db1e3bd7c1c93ec0a27e67

SHA1fedadfaa4439b365295709d4bdc6e3ec0fe6c086

SHA256b480a5bc991ec721db08973ad1c2946c09ca899b78ca50bfd56bffac0d2d4e39

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B480A5BC991EC721DB08973AD1C2946C09CA899B78CA50BFD56BFFAC0D2D4E39"
Last-Modified: Sun, 14 Jul 2024 15:29:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Mon, 15 Jul 2024 19:08:33 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-15

Last Seen2024-08-19

Times Seen19833

Size504 B (504 bytes)

MD53ce85b1d34b1e8024ca9a37cff66221a

SHA139236c242bdb2053821ca7b473582450acff9b39

SHA2564efba0f7a3c02e999ff66fdeea5e0170ef5feb724739a1eeb9b4719772c0deac

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4EFBA0F7A3C02E999FF66FDEEA5E0170EF5FEB724739A1EEB9B4719772C0DEAC"
Last-Modified: Sun, 14 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10712
Expires: Mon, 15 Jul 2024 16:48:46 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-14

Last Seen2024-08-19

Times Seen13589

Size504 B (504 bytes)

MD51069501beed320ba3e21b591ba8dc5ce

SHA19e6b836cfea33a56e2e2598f27cb528578c8033c

SHA256568773d146699ebccbd5d393211720dd1b3d4eeb03bdfd8ad4d32c4720814c31

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "568773D146699EBCCBD5D393211720DD1B3D4EEB03BDFD8AD4D32C4720814C31"
Last-Modified: Sun, 14 Jul 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11189
Expires: Mon, 15 Jul 2024 16:56:43 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-13

Last Seen2024-08-19

Times Seen47007

Size504 B (504 bytes)

MD580ee007415e4a9cd9ff180ee56d4fd90

SHA108276896e8774d12a699400ffe88939d02acd056

SHA256b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-13

Last Seen2024-08-19

Times Seen47007

Size504 B (504 bytes)

MD580ee007415e4a9cd9ff180ee56d4fd90

SHA108276896e8774d12a699400ffe88939d02acd056

SHA256b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-13

Last Seen2024-08-19

Times Seen47007

Size504 B (504 bytes)

MD580ee007415e4a9cd9ff180ee56d4fd90

SHA108276896e8774d12a699400ffe88939d02acd056

SHA256b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-13

Last Seen2024-08-19

Times Seen47007

Size504 B (504 bytes)

MD580ee007415e4a9cd9ff180ee56d4fd90

SHA108276896e8774d12a699400ffe88939d02acd056

SHA256b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-13

Last Seen2024-08-19

Times Seen47007

Size504 B (504 bytes)

MD580ee007415e4a9cd9ff180ee56d4fd90

SHA108276896e8774d12a699400ffe88939d02acd056

SHA256b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

vjs.zencdn.net/vttjs/0.14.1/vtt.min.js

151.101.130.217

7.1 kB

URL HTTP

vjs.zencdn.net/vttjs/0.14.1/vtt.min.js

IP / ASN

151.101.130.217

#54113 FASTLY

Requested byN/A

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (20133)

First Seen2023-03-09

Last Seen2025-07-12

Times Seen180

Size7.1 kB (7089 bytes)

MD552c6ba3260a51c570977f84d2bd7bf55

SHA1b368af66a643c948398083499d518165d9688fda

SHA2565a36011812516a45305217c2fc2d0a0b2fcf9e66e4c84708cc1b6818066024fc

HTTP Headers

GET /vttjs/0.14.1/vtt.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 10 Apr 2018 19:42:19 GMT
etag: "52c6ba3260a51c570977f84d2bd7bf55"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Mon, 15 Jul 2024 13:50:17 GMT
x-served-by: cache-hel1410034-HEL
x-cache: HIT
x-cache-hits: 28430
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 7089
X-Firefox-Spdy: h2

networthnow.org/detroitchicago/imp.gif

52.57.221.121

43 B

URL HTTP

networthnow.org/detroitchicago/imp.gif

IP / ASN

52.57.221.121

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeGIF image data, version 89a, 1 x 1

First Seen2023-04-05

Last Seen2025-08-07

Times Seen15062

Size43 B (43 bytes)

MD5f837aa60b6fe83458f790db60d529fc9

SHA114af87ccec7f81bb28d53c84da2fd5a9d5925cda

SHA256dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

HTTP Headers

POST /detroitchicago/imp.gif HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1331
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS, HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://networthnow.org, https://networthnow.org
access-control-max-age: 1728000, 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Mon, 15 Jul 2024 13:50:18 GMT
expires: Sun, 14 Jul 2024 13:50:18 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:18 GMT; HttpOnly
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-middleton-display: imp_sol
content-length: 43
X-Firefox-Spdy: h2

www.ezojs.com/porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-0&shcb=34

104.21.63.106

16 kB

URL HTTP

www.ezojs.com/porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-0&shcb=34

IP / ASN

104.21.63.106

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2865)

First Seen2024-05-07

Last Seen2024-10-30

Times Seen237

Size16 kB (16341 bytes)

MD52d8aef4b19c5fac9582e967778d69812

SHA1310885f66d863cee3159ee10fcca5f13f10f13e2

SHA256007078a6fc420ba722a9a08f6237161e0736553b1ea84a0b8f677468ddbcaf11

HTTP Headers

GET /porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-0&shcb=34 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 Jul 2024 13:50:18 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=37695
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Mon, 06 May 2024 22:34:42 GMT
cf-cache-status: HIT
age: 2775075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wgk%2BEVrqvbbJqY7BlmOc4V4VF8w2u5%2FYS3PkrIseqQisgaSWgALwOTXnC%2Ftc13WyjXsvflkCT55nxSWiqkCaA2yHrs3QxOoOI6L%2Bsuk4Jd0iKGo%2BpVDkEA0gDgxd%2Fw2e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a3882db1eb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.ezojs.com/beardeddragon/wyrm.js?cb=8

104.21.63.106

149 kB

URL HTTP

www.ezojs.com/beardeddragon/wyrm.js?cb=8

IP / ASN

104.21.63.106

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (900)

First Seen2024-04-27

Last Seen2025-07-06

Times Seen155

Size149 kB (149071 bytes)

MD53ee03e4c54d5a41389e7a5c7f159f8c8

SHA1367e1cf562f69d9eae0c84db3a785b6a6a758910

SHA256bba5bfabf873354d65649204802afb92e12a1c0bd91b5d21ffa5506155fd655b

HTTP Headers

GET /beardeddragon/wyrm.js?cb=8 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:17 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 26 Apr 2024 23:26:10 GMT
cf-cache-status: HIT
age: 2784741
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QdeUcd0Cd0WdmvFU5ayKRfWcnR9Hur9RGErxl2Q8%2Bukjpipi8He%2FiIFyOiddHkF3LcWKnCqjWmSWRQHL%2Bk4LQcyy7ddXYmnJMM%2BtHBFIWVw8yMkUGa%2FVitoDNiEbkjN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a3880fa31b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=networthnow.org&region=default&lang=en-US&cb=231&changeLogId=602464

172.67.199.186

0 B

URL HTTP

the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=networthnow.org&region=default&lang=en-US&cb=231&changeLogId=602464

IP / ASN

172.67.199.186

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /cmp/v2/main_modal_firstpage?domain=networthnow.org&region=default&lang=en-US&cb=231&changeLogId=602464 HTTP/1.1
Host: the.gatekeeperconsent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://networthnow.org/
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 Jul 2024 13:50:18 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://networthnow.org
access-control-max-age: 1728000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtqvzLGOdPYuq1ScILYao1WK1u5mBVVlk78U69X1NNHlkxC6Id8r2wk8anVvpoj%2B6ZVGGY9OXuF8Lrl8RigAw7MOBmx57JTUTVcvKo6b8Fn3RH%2FM0xLlHCwcK6qwPMyY1jc%2BF8k5PShfwfMy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38859ded5699-OSL
alt-svc: h3=":443"; ma=86400

o.pki.goog/wr2

142.250.74.131

472 B

URL HTTP

o.pki.goog/wr2

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-07-14

Last Seen2024-08-19

Times Seen1321

Size472 B (472 bytes)

MD5faeb63093fb1d0f167187e09e0cb2180

SHA16767975879cf5f72c22c1f52f93146a6674bc708

SHA2561fd679dbccc70120f9d25939c9f9445c4591844822e0712e5836c0a2a1e53eaf

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 Jul 2024 13:50:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

chest.cdntoswitchspirit.com/scripts/connections.js

172.67.209.227

20 kB

URL HTTP

chest.cdntoswitchspirit.com/scripts/connections.js

IP / ASN

172.67.209.227

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48629), with no line terminators

First Seen2024-06-02

Last Seen2024-08-19

Times Seen350

Size20 kB (19559 bytes)

MD5686a1411eb12a24f8a67880ad8acfbc6

SHA12ec72d311de460a19f4496ff7774e65f47407d7e

SHA25633defd33b886a02fd3620983a3fcf9d09b311982f44df73a6781845405ba9c40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/connections.js HTTP/1.1
Host: chest.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 19559
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2224
last-modified: Mon, 15 Jul 2024 13:13:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBMvy0IcbrmMYxDHTl3X4D289gf7dBeZIDsr70m9yV1B%2Bk8gIHXCoPSGdOMG7Zjro0eizToGDHb0tvx3WSiAp%2F9tw0aItNGx7OEWxMS%2FODHUcyCARFXZ26R9wtV127JRg52wv25IJhZgwPHzLUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38a3ba0156c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.rdntocdns.com/rthrttu.php

45.9.149.210

6.0 kB

URL HTTP

cdn.rdntocdns.com/rthrttu.php

IP / ASN

45.9.149.210

#49447 Nice IT Services Group Inc.

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (14233), with no line terminators

First Seen2024-06-01

Last Seen2024-08-19

Times Seen1170

Size6.0 kB (6026 bytes)

MD56c899067b95977c68fc5f8501428d1bd

SHA167700832cf8e0d6f21a57dbcdb315cedf7ff9504

SHA25699c8d8e412d2f42c88eb77204937bb8e92aad289d959618e507dee5dcb7bfea6

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rthrttu.php HTTP/1.1
Host: cdn.rdntocdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 15 Jul 2024 13:50:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 6026
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

records.perfectlinestarter.com/scripts/run.js

172.67.144.219

19 kB

URL HTTP

records.perfectlinestarter.com/scripts/run.js

IP / ASN

172.67.144.219

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (46813), with no line terminators

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size19 kB (19052 bytes)

MD5510fa9597f6a25dfb2cc6038c2e00856

SHA1ae5c86fe6605600531ca1188c2629d14f213f6d7

SHA2567dbdec86f70be857d906309249d3ad78a013a31025fa64b0ebdf31f2a5ba4358

HTTP Headers

GET /scripts/run.js HTTP/1.1
Host: records.perfectlinestarter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 14 Jul 2024 17:16:55 GMT
vary: Accept-Encoding
etag: W/"66940807-93d9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 73297
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecTlYPlhgpxf80L6IYfR%2BN4zumCFvBZFksMGR5ZBUMWp8t70GGoNWq7zTXLWe7v%2FJi1jyPVFnx9b7BePARcvYrGda3xJlyioJuPbI1WwMwhFG24E%2B%2BHf2S71nsztNwq6SpIWZUrH5WDK3pALxkMnw%2FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38a398f77130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.ezojs.com/beardeddragon/iguana.js?cb=383

104.21.63.106

25 kB

URL HTTP

www.ezojs.com/beardeddragon/iguana.js?cb=383

IP / ASN

104.21.63.106

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65509), with no line terminators

First Seen2024-07-13

Last Seen2024-08-19

Times Seen5

Size25 kB (24944 bytes)

MD55ad847b8b6d67a0131bf969301a47259

SHA11e7d39b8b2c0102047411280bc8fcee8c45113f4

SHA256f4c29e08e6746f62ae82553f8d88c351b2f52c6f58a812012936b67b1eb6e0d1

HTTP Headers

GET /beardeddragon/iguana.js?cb=383 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 Jul 2024 13:50:18 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=83256
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 12 Jul 2024 18:56:11 GMT
cf-cache-status: HIT
age: 240826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZ%2BpLp4%2FE4pZieXVM4GxcRqH0LhnsddDRhY1nRVMB7eO1NaYvTGHTBi11Sc1HULaC7CNfKHVoRkZ356Qq%2FgHN6qVbAFhgLov8NI3vM4qaja1Th54w%2Bd2gF1cT8sOHl5A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38845c84b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

networthnow.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDEzNiJ9XX1d

52.57.221.121

0 B

URL HTTP

IP / ASN

52.57.221.121

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDEzNiJ9XX1d HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable; _pk_id.3.315e=7223cffac16e927e.1721051424.; _pk_ses.3.315e=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://networthnow.org
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Mon, 15 Jul 2024 13:50:23 GMT
expires: Sun, 14 Jul 2024 13:50:23 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:24 GMT; HttpOnly
vary: Accept-Encoding
x-middleton-display: ezp_sol
X-Firefox-Spdy: h2

www.yametric.com/matomo.js

172.67.216.63

25 kB

URL HTTP

www.yametric.com/matomo.js

IP / ASN

172.67.216.63

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2854)

First Seen2024-05-09

Last Seen2025-08-06

Times Seen3076

Size25 kB (25442 bytes)

MD597b41888a87c22615114d73c91cc70a3

SHA1a9e02fdb328a29bd8753e7000d0afe6ef635aad1

SHA256f2e8975ed834c578c50d3923ceb26de04d4fa44f74380f45f147585d909a874d

HTTP Headers

GET /matomo.js HTTP/1.1
Host: www.yametric.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 12 Jun 2024 16:18:46 GMT
etag: W/"6669ca66-10784"
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GBk3zUM4PtUTzX2zMc%2BcggKX%2BxCMbDPl6eIygPCdB0MIwGKmZXrkhXK2P5%2FjlFsmlr6Al%2FCIrvJ5wljYi%2FzMnnMCY5SEG3ZjyinE8dSNvw8cLn0Sw74J9eSlQK2LlvfZIEgv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38a80d0356af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

52.57.221.121

0 B

URL HTTP

IP / ASN

52.57.221.121

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDIxMSJ9XX1d HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable; _pk_id.3.315e=7223cffac16e927e.1721051424.; _pk_ses.3.315e=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://networthnow.org
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Mon, 15 Jul 2024 13:50:24 GMT
expires: Sun, 14 Jul 2024 13:50:24 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:24 GMT; HttpOnly
vary: Accept-Encoding
x-middleton-display: ezp_sol
X-Firefox-Spdy: h2

52.57.221.121

0 B

URL HTTP

IP / ASN

52.57.221.121

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDIxMyJ9XX1d HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable; _pk_id.3.315e=7223cffac16e927e.1721051424.; _pk_ses.3.315e=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://networthnow.org
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Mon, 15 Jul 2024 13:50:23 GMT
expires: Sun, 14 Jul 2024 13:50:23 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:24 GMT; HttpOnly
vary: Accept-Encoding
x-middleton-display: ezp_sol
X-Firefox-Spdy: h2

GET bluestepcherry.com/favicon.ico

104.21.58.244

204 No Content

0 B

URL GET HTTPS

bluestepcherry.com/favicon.ico

IP / ASN

104.21.58.244

#13335 CLOUDFLARENET

Requested byhttps://bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectbluestepcherry.com

FingerprintFD:01:46:32:7C:47:CD:8A:CB:30:B4:74:0A:A7:85:7F:A0:14:17:96

ValidityTue, 18 Jun 2024 15:47:51 GMT - Mon, 16 Sep 2024 15:47:50 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bluestepcherry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas
Cookie: uuid=0360386f-1672-4c5f-8610-1e3c185f3c09
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 15 Jul 2024 13:50:25 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cbVeSjUQCuXcXPGHE2GZEZ3Vkgmd36eny8t7Xz11YI0rAk%2BImTHnqNn1LYHLcGfGvArWZFKqSFGeHGRXRSb3t09dcf7zeJ43UPwnU9eyKkDz7eU%2FGeq6aecwScZpyeFfk5K6nno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a3a38ae8bff56bb-OSL
alt-svc: h3=":443"; ma=86400

www.ezojs.com/beardeddragon/wyvern.js?cb=127

104.21.63.106

201 kB

URL HTTP

www.ezojs.com/beardeddragon/wyvern.js?cb=127

IP / ASN

104.21.63.106

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65528), with no line terminators

First Seen2024-05-08

Last Seen2024-09-28

Times Seen73

Size201 kB (200886 bytes)

MD57cf45d5761e8c0a18228df410d9393eb

SHA17d80f9d3ce187290adca88c9aa0788e042191cf5

SHA256b4255164a4e929140858b88981f4d90805d234a25bece9fb96407213c46ec7e1

HTTP Headers

GET /beardeddragon/wyvern.js?cb=127 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:17 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=672987
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 26 Jun 2024 21:29:35 GMT
cf-cache-status: HIT
age: 882315
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tAf8e02R%2Fu3xs2zkMQcIgKoz%2F8%2FGBF4FC6sDKCda14Fu%2B16VEDfe3OaLOJR0QA4oIjSA%2BX3DWWLhdN0WQYRIcWsRfLrYxF26LqHmxZq8Sz9OG3YuuSpJ7BTpDxT%2Fr%2Ba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a3880fa32b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas

104.21.58.244

200 OK

18 kB

URL User Request GET HTTPS

bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas

IP / ASN

104.21.58.244

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706983

Size18 kB (18106 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectbluestepcherry.com

FingerprintFD:01:46:32:7C:47:CD:8A:CB:30:B4:74:0A:A7:85:7F:A0:14:17:96

ValidityTue, 18 Jun 2024 15:47:51 GMT - Mon, 16 Sep 2024 15:47:50 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas HTTP/1.1
Host: bluestepcherry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:24 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=0360386f-1672-4c5f-8610-1e3c185f3c09; expires=Wed, 14-Aug-2024 13:50:24 GMT; Max-Age=2592000; path=/; domain=bluestepcherry.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JwI2r0XjWj2Cm3UFSMqdYpwMf1ocfVugSnHzrPksGim%2BMtDUe%2BsRdYJegkc3fSRHuLfUfNpb8M0ywwRm5b7x2mDhxj45vOdMSGiUvzNq6pAHnpYQT5K0KKeqCyjqmy0X%2F5IhuTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38ad7a5d7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2