Report - networthnow.org/paige-vanzant-onlyfans-net-worth

Report Overview

Visited public
2024-07-15 13:50:40
Tags
URL
networthnow.org/paige-vanzant-onlyfans-net-worth
Finishing URL
bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas
IP / ASN
52.57.221.121
#16509 AMAZON-02
Title
Checking your browser

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vjs.zencdn.net	4968	2011-12-27	2012-05-21 10:26:59	2024-07-14 17:13:58	412 B	7.5 kB	151.101.130.217
chest.cdntoswitchspirit.com	unknown	2024-04-29	2024-05-08 09:27:10	2024-05-28 12:29:34	424 B	20 kB	172.67.209.227
records.perfectlinestarter.com	unknown	unknown	No data	No data	419 B	20 kB	172.67.144.219
www.yametric.com	unknown	2023-12-17	2023-12-17 23:23:49	2024-05-24 12:16:49	400 B	26 kB	172.67.216.63
cdn.rdntocdns.com	unknown	unknown	No data	No data	502 B	6.4 kB	45.9.149.210
bluestepcherry.com	unknown	unknown	No data	No data	1.1 kB	19 kB	104.21.58.244
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-14 18:12:33	2.9 kB	8.0 kB	23.36.76.226
networthnow.org	unknown	2023-06-05	2023-06-05 15:43:24	2024-03-21 10:16:09	3.4 kB	2.0 kB	52.57.221.121
www.ezojs.com	41202	2017-10-23	2017-11-17 08:37:11	2024-07-13 17:52:22	1.7 kB	394 kB	104.21.63.106
the.gatekeeperconsent.com	unknown	2023-03-07	2023-03-10 22:46:24	2024-07-14 18:51:04	631 B	870 B	172.67.199.186
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-14 18:16:24	325 B	700 B	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-15 13:50:23	high	Client IP	45.9.149.210	ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-15	medium	cdntoswitchspirit.com	Sinkholed
2024-07-15	medium	rdntocdns.com	Sinkholed
2024-07-15	medium	bluestepcherry.com	Sinkholed
2024-07-15	medium	bluestepcherry.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-06-08	medium	cdn.rdntocdns.com	Unknown malware

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas	ScriptElement	8.2 kB	2024-08-19	2024-08-19
Pretty URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas IP 104.21.58.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 16:53 Last Seen2024-08-19 16:53 Times Seen1 Hash 6eed9f089de57af8af9a13b802702b56 22324ea38f7e34b972a4d3a5883391a078b0556f 575610282a29b911818cc266e2e3b82778c07e37e586ed726972019b81227c9e Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5733100ffb9b87cdc68cabdbfd557b3f	7.9 kB	2024-08-19 16:53	2024-08-19 16:53
Pretty Observations First Seen2024-08-19 16:53 Last Seen2024-08-19 16:53 Times Seen1 Hash 5733100ffb9b87cdc68cabdbfd557b3f 38e27cb0ae844abd8f8a5bea700272ba649a9b29 62cb1c5da676ca6f97152733fd7bd76fc6aa2f19e74582b92341d6db12724eda Loading...

HTTP Transactions (26)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
59f504b373ca5c60694d89699bf99f9d
98d3531909c87a27c1cedcda49b9450cb398bdc7
7cd67c1e38bf7cf396230f1f4ca4d83bd04fedd7d1258139ecfceda994200568

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7CD67C1E38BF7CF396230F1F4CA4D83BD04FEDD7D1258139ECFCEDA994200568"
Last-Modified: Sat, 13 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10755
Expires: Mon, 15 Jul 2024 16:49:29 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
71d8b1aa21db1e3bd7c1c93ec0a27e67
fedadfaa4439b365295709d4bdc6e3ec0fe6c086
b480a5bc991ec721db08973ad1c2946c09ca899b78ca50bfd56bffac0d2d4e39

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B480A5BC991EC721DB08973AD1C2946C09CA899B78CA50BFD56BFFAC0D2D4E39"
Last-Modified: Sun, 14 Jul 2024 15:29:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Mon, 15 Jul 2024 19:08:33 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3ce85b1d34b1e8024ca9a37cff66221a
39236c242bdb2053821ca7b473582450acff9b39
4efba0f7a3c02e999ff66fdeea5e0170ef5feb724739a1eeb9b4719772c0deac

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4EFBA0F7A3C02E999FF66FDEEA5E0170EF5FEB724739A1EEB9B4719772C0DEAC"
Last-Modified: Sun, 14 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10712
Expires: Mon, 15 Jul 2024 16:48:46 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1069501beed320ba3e21b591ba8dc5ce
9e6b836cfea33a56e2e2598f27cb528578c8033c
568773d146699ebccbd5d393211720dd1b3d4eeb03bdfd8ad4d32c4720814c31

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "568773D146699EBCCBD5D393211720DD1B3D4EEB03BDFD8AD4D32C4720814C31"
Last-Modified: Sun, 14 Jul 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11189
Expires: Mon, 15 Jul 2024 16:56:43 GMT
Date: Mon, 15 Jul 2024 13:50:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80ee007415e4a9cd9ff180ee56d4fd90
08276896e8774d12a699400ffe88939d02acd056
b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80ee007415e4a9cd9ff180ee56d4fd90
08276896e8774d12a699400ffe88939d02acd056
b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80ee007415e4a9cd9ff180ee56d4fd90
08276896e8774d12a699400ffe88939d02acd056
b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80ee007415e4a9cd9ff180ee56d4fd90
08276896e8774d12a699400ffe88939d02acd056
b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80ee007415e4a9cd9ff180ee56d4fd90
08276896e8774d12a699400ffe88939d02acd056
b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15035
Expires: Mon, 15 Jul 2024 18:00:51 GMT
Date: Mon, 15 Jul 2024 13:50:16 GMT
Connection: keep-alive

vjs.zencdn.net/vttjs/0.14.1/vtt.min.js

151.101.130.217

7.1 kB

URL
vjs.zencdn.net/vttjs/0.14.1/vtt.min.js
IP
151.101.130.217:0
ASN
#54113 FASTLY

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20133)
Size
7.1 kB (7089 bytes)
Hash
52c6ba3260a51c570977f84d2bd7bf55
b368af66a643c948398083499d518165d9688fda
5a36011812516a45305217c2fc2d0a0b2fcf9e66e4c84708cc1b6818066024fc

HTTP Headers

GET /vttjs/0.14.1/vtt.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 10 Apr 2018 19:42:19 GMT
etag: "52c6ba3260a51c570977f84d2bd7bf55"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Mon, 15 Jul 2024 13:50:17 GMT
x-served-by: cache-hel1410034-HEL
x-cache: HIT
x-cache-hits: 28430
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 7089
X-Firefox-Spdy: h2

networthnow.org/detroitchicago/imp.gif

52.57.221.121

43 B

URL
networthnow.org/detroitchicago/imp.gif
IP
52.57.221.121:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

HTTP Headers

POST /detroitchicago/imp.gif HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1331
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS, HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://networthnow.org, https://networthnow.org
access-control-max-age: 1728000, 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Mon, 15 Jul 2024 13:50:18 GMT
expires: Sun, 14 Jul 2024 13:50:18 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:18 GMT; HttpOnly
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-middleton-display: imp_sol
content-length: 43
X-Firefox-Spdy: h2

www.ezojs.com/porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-0&shcb=34

104.21.63.106

16 kB

URL
www.ezojs.com/porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-0&shcb=34
IP
104.21.63.106:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2865)
Size
16 kB (16341 bytes)
Hash
2d8aef4b19c5fac9582e967778d69812
310885f66d863cee3159ee10fcca5f13f10f13e2
007078a6fc420ba722a9a08f6237161e0736553b1ea84a0b8f677468ddbcaf11

HTTP Headers

GET /porpoiseant/jellyfish.js?a=a&cb=16&dcb=195-0&shcb=34 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 Jul 2024 13:50:18 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=37695
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Mon, 06 May 2024 22:34:42 GMT
cf-cache-status: HIT
age: 2775075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wgk%2BEVrqvbbJqY7BlmOc4V4VF8w2u5%2FYS3PkrIseqQisgaSWgALwOTXnC%2Ftc13WyjXsvflkCT55nxSWiqkCaA2yHrs3QxOoOI6L%2Bsuk4Jd0iKGo%2BpVDkEA0gDgxd%2Fw2e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a3882db1eb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.ezojs.com/beardeddragon/wyrm.js?cb=8

104.21.63.106

149 kB

URL
www.ezojs.com/beardeddragon/wyrm.js?cb=8
IP
104.21.63.106:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (900)
Size
149 kB (149071 bytes)
Hash
3ee03e4c54d5a41389e7a5c7f159f8c8
367e1cf562f69d9eae0c84db3a785b6a6a758910
bba5bfabf873354d65649204802afb92e12a1c0bd91b5d21ffa5506155fd655b

HTTP Headers

GET /beardeddragon/wyrm.js?cb=8 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:17 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 26 Apr 2024 23:26:10 GMT
cf-cache-status: HIT
age: 2784741
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QdeUcd0Cd0WdmvFU5ayKRfWcnR9Hur9RGErxl2Q8%2Bukjpipi8He%2FiIFyOiddHkF3LcWKnCqjWmSWRQHL%2Bk4LQcyy7ddXYmnJMM%2BtHBFIWVw8yMkUGa%2FVitoDNiEbkjN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a3880fa31b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=networthnow.org&region=default&lang=en-US&cb=231&changeLogId=602464

172.67.199.186

0 B

URL
the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=networthnow.org&region=default&lang=en-US&cb=231&changeLogId=602464
IP
172.67.199.186:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /cmp/v2/main_modal_firstpage?domain=networthnow.org&region=default&lang=en-US&cb=231&changeLogId=602464 HTTP/1.1
Host: the.gatekeeperconsent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://networthnow.org/
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 Jul 2024 13:50:18 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://networthnow.org
access-control-max-age: 1728000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtqvzLGOdPYuq1ScILYao1WK1u5mBVVlk78U69X1NNHlkxC6Id8r2wk8anVvpoj%2B6ZVGGY9OXuF8Lrl8RigAw7MOBmx57JTUTVcvKo6b8Fn3RH%2FM0xLlHCwcK6qwPMyY1jc%2BF8k5PShfwfMy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38859ded5699-OSL
alt-svc: h3=":443"; ma=86400

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
faeb63093fb1d0f167187e09e0cb2180
6767975879cf5f72c22c1f52f93146a6674bc708
1fd679dbccc70120f9d25939c9f9445c4591844822e0712e5836c0a2a1e53eaf

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 Jul 2024 13:50:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

chest.cdntoswitchspirit.com/scripts/connections.js

172.67.209.227

20 kB

URL
chest.cdntoswitchspirit.com/scripts/connections.js
IP
172.67.209.227:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (48629), with no line terminators
Size
20 kB (19559 bytes)
Hash
686a1411eb12a24f8a67880ad8acfbc6
2ec72d311de460a19f4496ff7774e65f47407d7e
33defd33b886a02fd3620983a3fcf9d09b311982f44df73a6781845405ba9c40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/connections.js HTTP/1.1
Host: chest.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 19559
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2224
last-modified: Mon, 15 Jul 2024 13:13:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBMvy0IcbrmMYxDHTl3X4D289gf7dBeZIDsr70m9yV1B%2Bk8gIHXCoPSGdOMG7Zjro0eizToGDHb0tvx3WSiAp%2F9tw0aItNGx7OEWxMS%2FODHUcyCARFXZ26R9wtV127JRg52wv25IJhZgwPHzLUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38a3ba0156c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.rdntocdns.com/rthrttu.php

45.9.149.210

6.0 kB

URL
cdn.rdntocdns.com/rthrttu.php
IP
45.9.149.210:0
ASN
#49447 Nice IT Services Group Inc.

File type
JavaScript source, ASCII text, with very long lines (14233), with no line terminators
Size
6.0 kB (6026 bytes)
Hash
6c899067b95977c68fc5f8501428d1bd
67700832cf8e0d6f21a57dbcdb315cedf7ff9504
99c8d8e412d2f42c88eb77204937bb8e92aad289d959618e507dee5dcb7bfea6

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rthrttu.php HTTP/1.1
Host: cdn.rdntocdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 15 Jul 2024 13:50:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 6026
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

records.perfectlinestarter.com/scripts/run.js

172.67.144.219

19 kB

URL
records.perfectlinestarter.com/scripts/run.js
IP
172.67.144.219:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (46813), with no line terminators
Size
19 kB (19052 bytes)
Hash
510fa9597f6a25dfb2cc6038c2e00856
ae5c86fe6605600531ca1188c2629d14f213f6d7
7dbdec86f70be857d906309249d3ad78a013a31025fa64b0ebdf31f2a5ba4358

HTTP Headers

GET /scripts/run.js HTTP/1.1
Host: records.perfectlinestarter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 14 Jul 2024 17:16:55 GMT
vary: Accept-Encoding
etag: W/"66940807-93d9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 73297
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecTlYPlhgpxf80L6IYfR%2BN4zumCFvBZFksMGR5ZBUMWp8t70GGoNWq7zTXLWe7v%2FJi1jyPVFnx9b7BePARcvYrGda3xJlyioJuPbI1WwMwhFG24E%2B%2BHf2S71nsztNwq6SpIWZUrH5WDK3pALxkMnw%2FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38a398f77130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.ezojs.com/beardeddragon/iguana.js?cb=383

104.21.63.106

25 kB

URL
www.ezojs.com/beardeddragon/iguana.js?cb=383
IP
104.21.63.106:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Size
25 kB (24944 bytes)
Hash
5ad847b8b6d67a0131bf969301a47259
1e7d39b8b2c0102047411280bc8fcee8c45113f4
f4c29e08e6746f62ae82553f8d88c351b2f52c6f58a812012936b67b1eb6e0d1

HTTP Headers

GET /beardeddragon/iguana.js?cb=383 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 15 Jul 2024 13:50:18 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=83256
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 12 Jul 2024 18:56:11 GMT
cf-cache-status: HIT
age: 240826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZ%2BpLp4%2FE4pZieXVM4GxcRqH0LhnsddDRhY1nRVMB7eO1NaYvTGHTBi11Sc1HULaC7CNfKHVoRkZ356Qq%2FgHN6qVbAFhgLov8NI3vM4qaja1Th54w%2Bd2gF1cT8sOHl5A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38845c84b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

networthnow.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDEzNiJ9XX1d

52.57.221.121

0 B

URL
networthnow.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDEzNiJ9XX1d
IP
52.57.221.121:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDEzNiJ9XX1d HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable; _pk_id.3.315e=7223cffac16e927e.1721051424.; _pk_ses.3.315e=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://networthnow.org
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Mon, 15 Jul 2024 13:50:23 GMT
expires: Sun, 14 Jul 2024 13:50:23 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:24 GMT; HttpOnly
vary: Accept-Encoding
x-middleton-display: ezp_sol
X-Firefox-Spdy: h2

www.yametric.com/matomo.js

172.67.216.63

25 kB

URL
www.yametric.com/matomo.js
IP
172.67.216.63:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2854)
Size
25 kB (25442 bytes)
Hash
97b41888a87c22615114d73c91cc70a3
a9e02fdb328a29bd8753e7000d0afe6ef635aad1
f2e8975ed834c578c50d3923ceb26de04d4fa44f74380f45f147585d909a874d

HTTP Headers

GET /matomo.js HTTP/1.1
Host: www.yametric.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 12 Jun 2024 16:18:46 GMT
etag: W/"6669ca66-10784"
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GBk3zUM4PtUTzX2zMc%2BcggKX%2BxCMbDPl6eIygPCdB0MIwGKmZXrkhXK2P5%2FjlFsmlr6Al%2FCIrvJ5wljYi%2FzMnnMCY5SEG3ZjyinE8dSNvw8cLn0Sw74J9eSlQK2LlvfZIEgv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38a80d0356af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

52.57.221.121

0 B

URL
networthnow.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDIxMSJ9XX1d
IP
52.57.221.121:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDIxMSJ9XX1d HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable; _pk_id.3.315e=7223cffac16e927e.1721051424.; _pk_ses.3.315e=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://networthnow.org
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Mon, 15 Jul 2024 13:50:24 GMT
expires: Sun, 14 Jul 2024 13:50:24 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:24 GMT; HttpOnly
vary: Accept-Encoding
x-middleton-display: ezp_sol
X-Firefox-Spdy: h2

52.57.221.121

0 B

URL
networthnow.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDIxMyJ9XX1d
IP
52.57.221.121:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjY2NmVlMjEzLTM2OTgtNDkyOC01OWY3LTc1OTVmZjZmNmU1YSIsInBhZ2V2aWV3X2lkIjoiOTk5N2RlYTYtYzQ0OC00NDZhLTY0M2MtNTZiZTNkYTkzODA0IiwiZG9tYWluX2lkIjoiNDkwNzc2IiwidF9lcG9jaCI6MTcyMTA1MTQxNywiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTA1MTQyNDIxMyJ9XX1d HTTP/1.1
Host: networthnow.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://networthnow.org
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/paige-vanzant-onlyfans-net-worth
Cookie: ezroute=1721051416.229.76405.762373|ec463de781a3115e39c97e8706466df3; ezoictest=stable; _pk_id.3.315e=7223cffac16e927e.1721051424.; _pk_ses.3.315e=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: https://networthnow.org
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Mon, 15 Jul 2024 13:50:23 GMT
expires: Sun, 14 Jul 2024 13:50:23 GMT
set-cookie: ezoictest=stable; Path=/; Domain=networthnow.org; Expires=Mon, 15 Jul 2024 14:20:24 GMT; HttpOnly
vary: Accept-Encoding
x-middleton-display: ezp_sol
X-Firefox-Spdy: h2

bluestepcherry.com/favicon.ico

104.21.58.244

204 No Content

0 B

URL GET HTTP/3
bluestepcherry.com/favicon.ico
IP
104.21.58.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas
Certificate
IssuerGoogle Trust Services
Subjectbluestepcherry.com
FingerprintFD:01:46:32:7C:47:CD:8A:CB:30:B4:74:0A:A7:85:7F:A0:14:17:96
ValidityTue, 18 Jun 2024 15:47:51 GMT - Mon, 16 Sep 2024 15:47:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bluestepcherry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas
Cookie: uuid=0360386f-1672-4c5f-8610-1e3c185f3c09
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 15 Jul 2024 13:50:25 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cbVeSjUQCuXcXPGHE2GZEZ3Vkgmd36eny8t7Xz11YI0rAk%2BImTHnqNn1LYHLcGfGvArWZFKqSFGeHGRXRSb3t09dcf7zeJ43UPwnU9eyKkDz7eU%2FGeq6aecwScZpyeFfk5K6nno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a3a38ae8bff56bb-OSL
alt-svc: h3=":443"; ma=86400

www.ezojs.com/beardeddragon/wyvern.js?cb=127

104.21.63.106

201 kB

URL
www.ezojs.com/beardeddragon/wyvern.js?cb=127
IP
104.21.63.106:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size
201 kB (200886 bytes)
Hash
7cf45d5761e8c0a18228df410d9393eb
7d80f9d3ce187290adca88c9aa0788e042191cf5
b4255164a4e929140858b88981f4d90805d234a25bece9fb96407213c46ec7e1

HTTP Headers

GET /beardeddragon/wyvern.js?cb=127 HTTP/1.1
Host: www.ezojs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://networthnow.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:17 GMT
content-type: application/javascript
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=672987
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 26 Jun 2024 21:29:35 GMT
cf-cache-status: HIT
age: 882315
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tAf8e02R%2Fu3xs2zkMQcIgKoz%2F8%2FGBF4FC6sDKCda14Fu%2B16VEDfe3OaLOJR0QA4oIjSA%2BX3DWWLhdN0WQYRIcWsRfLrYxF26LqHmxZq8Sz9OG3YuuSpJ7BTpDxT%2Fr%2Ba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a3880fa32b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas

104.21.58.244

200 OK

18 kB

URL User Request GET HTTP/2
bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas
IP
104.21.58.244:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbluestepcherry.com
FingerprintFD:01:46:32:7C:47:CD:8A:CB:30:B4:74:0A:A7:85:7F:A0:14:17:96
ValidityTue, 18 Jun 2024 15:47:51 GMT - Mon, 16 Sep 2024 15:47:50 GMT

File type

Size
18 kB (18106 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?p=g5tdgmbxhe5gi3bpha4dena&sub1=birmas&sub3=rosettas HTTP/1.1
Host: bluestepcherry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 15 Jul 2024 13:50:24 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=0360386f-1672-4c5f-8610-1e3c185f3c09; expires=Wed, 14-Aug-2024 13:50:24 GMT; Max-Age=2592000; path=/; domain=bluestepcherry.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JwI2r0XjWj2Cm3UFSMqdYpwMf1ocfVugSnHzrPksGim%2BMtDUe%2BsRdYJegkc3fSRHuLfUfNpb8M0ywwRm5b7x2mDhxj45vOdMSGiUvzNq6pAHnpYQT5K0KKeqCyjqmy0X%2F5IhuTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a3a38ad7a5d7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (26)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL