Report - new3.gdtot.cfd/file/2859910309

Report Overview

Submitted URL
new3.gdtot.cfd/file/2859910309
IP
104.21.7.69
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-09 04:55:43
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
moksoxos.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	753 B	25 kB	139.45.197.239
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	743 B	139.45.195.8
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	36 kB	139.45.197.242
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	485 B	482 B	139.45.195.254
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	80 kB	142.250.74.40
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	774 B	14 kB	104.16.126.175
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	1.9 kB	139.45.197.237
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	878 B	1.4 kB	139.45.197.236
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.53.106
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	561 B	216.239.34.36
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	6.7 kB	104.17.25.14
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	32 kB	142.250.74.138
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
new3.gdtot.cfd	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	820 B	1.5 kB	104.21.7.69
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	12 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478 B	37 kB	216.58.207.227
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	418 B	11 kB	104.22.33.172
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	20 kB	139.45.197.155
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	746 B	142.250.74.106
stackpath.bootstrapcdn.com	2467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	947 B	104.18.11.207
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	7.2 kB	142.250.74.131
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.6 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-08	medium	moksoxos.com	Sinkholed
2022-12-08	medium	nanouwho.com	Sinkholed
2022-12-08	medium	fleraprt.com	Sinkholed
2022-12-08	medium	nanouwho.com	Sinkholed
2022-12-08	medium	nanouwho.com	Sinkholed
2022-12-09	medium	unphionetor.com	Sinkholed
2022-12-09	medium	unphionetor.com	Sinkholed
2022-12-08	medium	moksoxos.com	Sinkholed
2022-12-08	medium	nanouwho.com	Sinkholed

JavaScript (21)

	URL	Size	First Seen	Last Seen
	new3.gdtot.cfd/file/2859910309	447 B	2023-03-07	2023-10-25
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:01:52 Last Seen2023-10-25 14:28:26 Times Seen7 Hash 0c280a6ac9cbcd00f43bea7de6c94820 77c355851c80acb43d6146e5e7874f731a5ce8c2 9df31545927f5976abad41b543ab4e52d9a547dcd21601871c53fcd6888196f4 Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 17:25:52 Times Seen37042250 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-04-24
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-24 16:29:07 Times Seen95416 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	new3.gdtot.cfd/assets/js/get-stats2.5.js	398 B	2023-03-07	2023-03-12
Pretty URL new3.gdtot.cfd/assets/js/get-stats2.5.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2023-03-12 16:47:37 Times Seen1 Hash f42ed807d746aebdf476bc83b2a358e7 08ca86b12900dfbf10d0e135275dd38a956452db d81b1d382650248c064f7c377563fd88cc06d0d233c4ec89514092e6aa610250 Loading...

	new3.gdtot.cfd/file/2859910309	223 B	2023-03-07	2023-08-30
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2023-08-30 18:18:03 Times Seen4 Hash e1ab9f6fb1960e3a5efce934ddd14061 863a7d0d87ced0a56af508156f8d6e9a09e1eca0 90551fe01a652842291edcf3b3cf1d558c66e1515f24a4448c47a9a3e063a36c Loading...

	new3.gdtot.cfd/assets/vendor/jquery-easing/jquery.easing.min.js	2.5 kB	2023-03-07	2024-04-24
Pretty URL new3.gdtot.cfd/assets/vendor/jquery-easing/jquery.easing.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-24 10:59:09 Times Seen4413 Hash e2d41e5c8fed838d9014fea53d45ce75 bde98133f735398b27339c423a817e755329f7d1 1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349 Loading...

	new3.gdtot.cfd/assets/js/sb-admin-2.min.js	1.1 kB	2023-03-07	2024-04-19
Pretty URL new3.gdtot.cfd/assets/js/sb-admin-2.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2024-04-19 13:21:20 Times Seen75 Hash 35981960a6594dbe56f6c8731a1b94b4 bf9a234b7c841ff4855fce0c0b3887ce74901f51 b427d8f35f62c5248275f275507fcff1f57dfcf743d9a95d12083a4ded0768e5 Loading...

	new3.gdtot.cfd/assets/vendor/bootstrap/js/bootstrap.bundle.min.js	79 kB	2023-03-07	2024-04-24
Pretty URL new3.gdtot.cfd/assets/vendor/bootstrap/js/bootstrap.bundle.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:59 Last Seen2024-04-24 17:13:41 Times Seen15671 Hash a454220fc07088bf1fdd19313b6bfd50 265a733cb7fbc481fd2510a659a85ad55c93c895 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c Loading...

	new3.gdtot.cfd/file/2859910309	59 kB	2023-03-07	2023-10-25
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:01:52 Last Seen2023-10-25 14:28:25 Times Seen7 Hash 51f66086295f9fe9c604480822dc7a29 710c5d64036ae412029aff4ceed51804da69cd34 8fcf4dcfb7534eb5715b1bc9fe83542a2c5faf83eae29e0d6943dc4989047098 Loading...

	new3.gdtot.cfd/file/2859910309	91 B	2023-03-07	2023-08-30
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2023-08-30 18:18:03 Times Seen4 Hash 91b8a3db676f5b428b454aa6aa546a8a 7b9e6fcff1f040c25a57fbae18d23a4267f47fa4 eb2e94a7bdbfddedf02b9c3bc5a46b98ab4755b9f83e665f529b0f50e9477f0b Loading...

	nanouwho.com/1?z=4739444	17 kB	2023-03-08	2023-03-08
Pretty URL nanouwho.com/1?z=4739444 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:26:21 Last Seen2023-03-08 23:26:21 Times Seen1 Hash c992db9da77be76a18820d006f76f22c a40d4ce6e32d2684cf775d9aef1d712a261139a7 078ac8b137ea9052667a276007ab72c0b6ce1bfdd7067012c070a31a8af70f72 Loading...

	unphionetor.com/fv.js?t=72747&cb=484356259	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=484356259 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	interstitial-07.com/?l=bRwStrM6CwEGdlc&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D839354602%26z%3D4739444%26b%3D16033039%26c%3D6404088%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0%3D%26bag%3Da9-OYwXQr-qHbm9hIb80PA%3D%3D%26ruid%3D0809ca5e-044b-48ab-b82c-ccaf3a184080%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fnew3.gdtot.cfd%252Ffile%252F2859910309%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1	1.4 kB	2023-03-08	2023-03-08
Pretty URL interstitial-07.com/?l=bRwStrM6CwEGdlc&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D839354602%26z%3D4739444%26b%3D16033039%26c%3D6404088%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0%3D%26bag%3Da9-OYwXQr-qHbm9hIb80PA%3D%3D%26ruid%3D0809ca5e-044b-48ab-b82c-ccaf3a184080%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fnew3.gdtot.cfd%252Ffile%252F2859910309%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 IP 139.45.197.155 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:26:21 Last Seen2023-03-08 23:26:21 Times Seen1 Hash 1209cc7c0af0c974ded34cd60ffc0c26 a12f18f9ebb5b4b922477fa0ba696f9288603825 780ede794968ed0952acca3e21300908eb670e815147d4bde0e77ca340469b2e Loading...

	new3.gdtot.cfd/file/2859910309	153 B	2023-03-08	2024-02-03
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:44:01 Last Seen2024-02-03 22:20:12 Times Seen12 Hash e83992c74f2d98c9d439256e7847bc83 9c804eaf06362fd06acd3363829fda91bbac114d b5633c3afcb394bfcf0677872ed88d8445d9995554f86fbca09bcc2841f7c495 Loading...

	new3.gdtot.cfd/file/2859910309	239 B	2023-03-07	2024-04-19
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2024-04-19 13:21:18 Times Seen14 Hash d7fc9616e0608d032017609b3438a656 29801fc86b2786fd8b6d5141e4d75db709870441 a26e10c3ab43006dbf30393139b7758bff82e5b2f9da395dfb47a4f12f74cbd1 Loading...

	moksoxos.com/tag.min.js	74 kB	2023-03-08	2023-03-08
Pretty URL moksoxos.com/tag.min.js IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:42:04 Last Seen2023-03-08 23:30:48 Times Seen1 Hash 2921285bc62dca512b598b9b31581ec8 962ff02da1697efa86f8085a0bb4fbfe9380946c 989d8da33b8ae904a91ad4694d4d82f2afa2c048d1ea19fd7881c6157e90d124 Loading...

	betotodilea.com/400/4488236	84 kB	2023-03-08	2023-03-08
Pretty URL betotodilea.com/400/4488236 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:26:21 Last Seen2023-03-08 23:26:21 Times Seen1 Hash f2883bd23ba18a718a6eacf45b38a2eb f1c3b37ea442d47d08d54d47f9a03cdbed42151f 0a891c745c4c856ff79b96588b0f58f7dbff20aea976c0a4db10669ad2cb5f6c Loading...

	unpkg.com/sweetalert/dist/sweetalert.min.js	41 kB	2023-03-07	2024-04-23
Pretty URL unpkg.com/sweetalert/dist/sweetalert.min.js IP 104.16.126.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:31 Last Seen2024-04-23 18:47:16 Times Seen7303 Hash f3b8ce97ff6ce324da6232da353adf40 2a3daabc70232c6350ab48d32605dc4a6ac1f1fa 2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b Loading...

	new3.gdtot.cfd/assets/js/gdt.min.js	8.5 kB	2023-03-07	2023-12-12
Pretty URL new3.gdtot.cfd/assets/js/gdt.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2023-12-12 07:49:07 Times Seen22 Hash 6b18ab4f79371f0e5a1483228f0e50a3 f8032818c9761206f8766baf0a51affd085b8f2b b4330212434ce55c3a47c690d6d55bb8403327047f68abc3c6b867334f8ed2ce Loading...

	new3.gdtot.cfd/file/2859910309	91 B	2023-03-07	2023-08-30
Pretty URL new3.gdtot.cfd/file/2859910309 IP 104.21.7.69 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:24 Last Seen2023-08-30 18:18:03 Times Seen4 Hash f9960f235b2a8756aa281e49cbcaa16c 088b9522c2bafb70dbf2fa07e0a0d06ff5f8697a 4e1e08b318664237fff6c136cb00ea42e87238bfea1d6ebc0af428298080b17f Loading...

HTTP Transactions (66)

URL IP Response Size

new3.gdtot.cfd/file/2859910309

104.21.7.69

301 Moved Permanently

0 B

URL HTTP/1.1
new3.gdtot.cfd/file/2859910309
IP
104.21.7.69:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /file/2859910309 HTTP/1.1
Host: new3.gdtot.cfd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 04:55:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 05:55:32 GMT
Location: https://new3.gdtot.cfd/file/2859910309
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bv%2F%2B8D9XDQYwSfw30eVlZZJQ77KmmkwaNmEQExJTxIEf9E9WQLjyqEM3ox6NxwCmLVSrnTL64CTEh3b4JTCJLgMqKHtHt40z6pb%2BgtVDx%2FowPXVi6TF1%2FG09kZe%2F47qTtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776b262d89be1bfe-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3960
Expires: Fri, 09 Dec 2022 06:01:33 GMT
Date: Fri, 09 Dec 2022 04:55:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6900
Expires: Fri, 09 Dec 2022 06:50:33 GMT
Date: Fri, 09 Dec 2022 04:55:33 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 04:08:17 GMT
content-type: application/json
age: 2836
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/6clxhrDNtlg

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/6clxhrDNtlg
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47f076b7130f3c01e6bce2006604b08d
7fedb3984d7188080bb8c93cf62b6a5d87e0232e
e2ad8916f6c71b434adf5746a485355810cae9cef130f1755ec2f548a8cbe0bd

HTTP Headers

POST /s/gts1p5/6clxhrDNtlg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:33 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20651
Expires: Fri, 09 Dec 2022 10:39:44 GMT
Date: Fri, 09 Dec 2022 04:55:33 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: X3AJSqteC37BfgScS3ad0QxIA8fC5E/sdLCetQxidR/UQSRC09JIM/4NztG5P0WJg6uvzuF/3NU=
x-amz-request-id: WJVDR21FJVHFVNW8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 04:48:11 GMT
age: 442
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:33 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 04:07:59 GMT
age: 2854
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 794
Cache-Control: max-age=102273
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:33 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 09:20:06 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.148.53.106

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.53.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rwNLEU695NNEdhiffztRyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V2zBAqCCbsf9FkB3j9hrdwW55sc=

ocsp.pki.goog/s/gts1p5/6clxhrDNtlg

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/6clxhrDNtlg
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47f076b7130f3c01e6bce2006604b08d
7fedb3984d7188080bb8c93cf62b6a5d87e0232e
e2ad8916f6c71b434adf5746a485355810cae9cef130f1755ec2f548a8cbe0bd

HTTP Headers

POST /s/gts1p5/6clxhrDNtlg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.25.14

200 OK

5.6 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 802923
expires: Wed, 29 Nov 2023 04:55:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QSGBRDdISBDPq8aWEX1NPhDMHbeE7uHO29nTboW91oc%2FCipq2ULuDtH5wDj1VtTFT8bkLX2KWdRt%2FOs7jaB0jyeVGPxVCsC5DIFHNo7vjZpcvt5Z5fnt8N0OcgYDlGgMw%2BbBbrV3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 776b263d6fbe0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
40ed5ec0836e5a03f0c1347b5db96966
40a1f62afbf3c26ea40be6d287122f3ffd19870e
2fd03cac65cc434ddade13acacc1c68a2a4bbc557e3a03777ea20fdd6c91a441

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 474
Cache-Control: max-age=94430
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Etag: "63918bcb-117"
Expires: Sat, 10 Dec 2022 07:09:25 GMT
Last-Modified: Thu, 08 Dec 2022 07:01:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5202
Expires: Fri, 09 Dec 2022 06:22:17 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=G-FQB0C6P3KM

142.250.74.40

200 OK

79 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-FQB0C6P3KM
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (26337)
Size
79 kB (79011 bytes)
Hash
e049ccd1951ef6e052dc11665c941a8c
b0c40909e0ab36e6fc43aebf686c879360db6142
965d8451669ca4dee1a825847cec065f5a17274c31e7e8e86e212e40589fe956

HTTP Headers

GET /gtag/js?id=G-FQB0C6P3KM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 04:55:35 GMT
expires: Fri, 09 Dec 2022 04:55:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79011
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5202
Expires: Fri, 09 Dec 2022 06:22:17 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

2.0 kB

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
2.0 kB (2006 bytes)
Hash
e1815322d3af5b3feacf0ea4222bd4a1
94a991a18030909344851f785e302336b1d33e27
7b80b51bdc38c93f765af0a484da8f7c6002e294949fb0c3904ed9d83ec6a9c3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5202
Expires: Fri, 09 Dec 2022 06:22:17 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.138

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 06:48:11 GMT
expires: Thu, 07 Dec 2023 06:48:11 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
age: 166044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7960 bytes)
Hash
eb00a2a503a690cee3e4dd729b5bc9bd
cfb1e5bcab2148a777889680e6e36b9d7e8917ec
7e4583ae78ab597639f53669ac2d67d1ebd26be3278c2fc3fc95af934178c116

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7960
x-amzn-requestid: beadd240-39d0-407d-a890-6a095657cac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEd8HC0oAMFUag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb459-44d4f63c62f58684782ef14a;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yL-FrFYh-3PuCZCpCHYg--ebTS7wMmMQ7IE2mgimDVsKWFEtKC2gVQ==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 05:44:09 GMT
age: 83486
etag: "cfb1e5bcab2148a777889680e6e36b9d7e8917ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7b1b2f1-0b18-4097-a282-a7ddd9b33b97.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6637 bytes)
Hash
3cb7655c8fe89a83f0096c51684aa21c
4946fcab2a99d926c45abaecf8f97b6214dee0cd
60a3066f2dcc2f696413ecec56ef1d0c1a9392f6845fac5c4319b8b9e02074fd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7b1b2f1-0b18-4097-a282-a7ddd9b33b97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6637
x-amzn-requestid: dfcef102-5fc6-4a59-bb21-ff0532c9fdda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlg4GtVIAMFdTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb605-0c2f58da0ae148fb4d698ecc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jQs6m8oGHeWNYbOnPM34f-YW75VuH0yNWU-TzoDMOkYcwGa9BfqBhA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:22 GMT
age: 25453
etag: "4946fcab2a99d926c45abaecf8f97b6214dee0cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

unpkg.com/sweetalert@2.1.2/dist/sweetalert.min.js

104.16.126.175

200 OK

13 kB

URL HTTP/2
unpkg.com/sweetalert@2.1.2/dist/sweetalert.min.js
IP
104.16.126.175:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (40808), with no line terminators
Size
13 kB (12643 bytes)
Hash
0c61f002bc0513a4f2316d94d96ed290
f520242e230f7cc9834a07f5292e2e57e93b3ac3
c04594eebdad5eb52187756681b9652b8ce196a8c26a22a78e075fddd9348966

HTTP Headers

GET /sweetalert@2.1.2/dist/sweetalert.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new3.gdtot.cfd/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"9f68-Kj2qvHAjLGNQq0jTJgXcSmrB8fo"
via: 1.1 fly.io
fly-request-id: 01F3YGW88676FQX0FXNA5B1VWZ
cf-cache-status: HIT
age: 19872460
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 776b263d7a7eb527-OSL
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10205 bytes)
Hash
45e0c1638ad919bde19731f7987ab064
1e492807c665e6e6b24ec6ce19035fdfc6f23b92
f0d3738ec8406958470c8fd152a02a123d7654c30f974c1df5c4977a380c2d62

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10205
x-amzn-requestid: c5704c7a-60c4-402b-8018-5885a8dae971
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F9BIAMF3ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-3e9573d900714e3250f43e17;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mLTL7L808-OguYGrl3FUvwmFmPQjBPRj7PVfgEheFHWg4g4skoBvOg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 18:05:28 GMT
age: 39007
etag: "1e492807c665e6e6b24ec6ce19035fdfc6f23b92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c8ed2c5-144c-4fce-bb57-7d9918c1ab31.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (4049 bytes)
Hash
44ed82780732ed682ee46b2df52b3ca2
0b3fe77e142178561b28c93b94b1aea2e1c395a5
383da5ca2927044c69ff1d10b630fe3439ca48f1845031ef1b6607fcd054c54b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c8ed2c5-144c-4fce-bb57-7d9918c1ab31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4049
x-amzn-requestid: dbde9a26-7609-43b7-a9a5-6e4d2f559989
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwRFHIooAMFVmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-5f5131b8315a458d18cdc70f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0hIxbSpQqCv6Ud-7HmBaRxkFrdLYrV-Lr2u3nIzd8jPXpQ8E7ahp1g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:18:08 GMT
age: 63447
etag: "0b3fe77e142178561b28c93b94b1aea2e1c395a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8803 bytes)
Hash
46275ec87d8221804dbb99f95b035131
c47af4e5770daad212f4290527b00321285105f8
2118ec68c738683d8f7e11b95239ca92fda2b9b5054aa7b128267eec0d0634c5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8803
x-amzn-requestid: e8516be3-5ce9-4f15-b522-c81c1e57a0e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtK9GavoAMFjpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af579-538cc8f300938698004f2241;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MiOdXHxd9Vmeji8Yqd8LG_EqYoMGf0YBy6by9bhfjb12y1OxKVvvqw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:56:08 GMT
age: 3567
etag: "c47af4e5770daad212f4290527b00321285105f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5169 bytes)
Hash
06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:01:14 GMT
age: 78861
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
40ed5ec0836e5a03f0c1347b5db96966
40a1f62afbf3c26ea40be6d287122f3ffd19870e
2fd03cac65cc434ddade13acacc1c68a2a4bbc557e3a03777ea20fdd6c91a441

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 474
Cache-Control: max-age=94430
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Etag: "63918bcb-117"
Expires: Sat, 10 Dec 2022 07:09:25 GMT
Last-Modified: Thu, 08 Dec 2022 07:01:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

216.58.207.227

200 OK

36 kB

URL HTTP/2
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Size
36 kB (35904 bytes)
Hash
c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

HTTP Headers

GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 21:26:12 GMT
expires: Tue, 05 Dec 2023 21:26:12 GMT
cache-control: public, max-age=31536000
age: 286163
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a945178980de67139466620cf9bd0ad1
eaf76b9d8d36baed89cc858c1f428d6bee893862
a0548c8da7e83489c2080a1ddf495d34965ddad77cc1362366338fb19ae19c60

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0548C8DA7E83489C2080A1DDF495D34965DDAD77CC1362366338FB19AE19C60"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7698
Expires: Fri, 09 Dec 2022 07:03:53 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

moksoxos.com/tag.min.js

139.45.197.239

200 OK

23 kB

URL HTTP/2
moksoxos.com/tag.min.js
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23393 bytes)
Hash
391a9fe961c74a035ed5ac424bfc5fb2
65bf15f254531c80c76212bb6d3c5f33d6a501ee
73f16b3e042c5e5f34570279688fb08577d95105d0707d1a21b11c0c1524dcfb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: moksoxos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: text/javascript; charset=utf-8
content-length: 23393
content-encoding: br
x-trace-id: f7b1d1610042e438af93b97477fc6af9
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 02 Dec 2022 10:18:23 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
27f907a256adb2c2f78f02a5f9b10c99
3411bd289f7e48859cde22993e8bd795ac9b19b2
907bff5886c7b9a138f540090f7e0010621667c24aa02c3fd075f083d0a3b683

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "907BFF5886C7B9A138F540090F7E0010621667C24AA02C3FD075F083D0A3B683"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8075
Expires: Fri, 09 Dec 2022 07:10:10 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c5e1f14021541984fb7c7ba4f76c5ef9
3334cf1d6297d8fb36a4af2ebf9b993b94897658
aa935a586a8f1e18c93bf12958884d1ee590bedf8531b0f81a90ee09bf66896a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA935A586A8F1E18C93BF12958884D1EE590BEDF8531B0F81A90EE09BF66896A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5319
Expires: Fri, 09 Dec 2022 06:24:14 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5befea1ff179e1346422afeace6ac43d
313a8a8c24dd6a29b69d6fa15a29826250995e29
f61f64c91aed0910ea20c1b3cf030f219d080a3bb2087a1fe2b80a403074edb9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F61F64C91AED0910EA20C1B3CF030F219D080A3BB2087A1FE2B80A403074EDB9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6260
Expires: Fri, 09 Dec 2022 06:39:55 GMT
Date: Fri, 09 Dec 2022 04:55:35 GMT
Connection: keep-alive

my.rtmark.net/gid.js?userId=363c9dc9122f469b87fb725258a351f9

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=363c9dc9122f469b87fb725258a351f9
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
c768ea290992ac650db22653041697c3
93c63ea52fdb51888a6c6dc17a17cdbff1eb47c1
0516f57f4e68fe84eef8598ff742bd97f579af9cd4110a00b0eafd6592177351

HTTP Headers

GET /gid.js?userId=363c9dc9122f469b87fb725258a351f9 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://new3.gdtot.cfd
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=363c9dc9122f469b87fb725258a351f9; expires=Sat, 09 Dec 2023 04:55:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
b52208a27c12901a96bacccdfc82d4a5
ed6371e6e48962c53d3dbe969b2ed37f18f0583b
93681b21e8c2f2db40f11d83e0bdac896c641d351af75e77364038145a9fc900

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 04:55:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 12:52:25 GMT
Expires: Thu, 15 Dec 2022 12:52:24 GMT
Etag: "ed6371e6e48962c53d3dbe969b2ed37f18f0583b"
Cache-Control: max-age=546407,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776b2643ebba0b02-OSL

nanouwho.com/9?z=4739444&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=363c9dc9122f469b87fb725258a351f9

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=4739444&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=363c9dc9122f469b87fb725258a351f9
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=4739444&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=363c9dc9122f469b87fb725258a351f9 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://new3.gdtot.cfd/
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://new3.gdtot.cfd
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-FQB0C6P3KM&gtm=2oebu0&_p=658419130&cid=565249369.1670561735&ul=en-us&sr=1280x1024&_s=1&sid=1670561734&sct=1&seg=0&dl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&dt=GDToT%20%7C%2010%20MS%20Facebook%20Marketing%20by%20Ayman%20_%20Sadman.zip&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-FQB0C6P3KM&gtm=2oebu0&_p=658419130&cid=565249369.1670561735&ul=en-us&sr=1280x1024&_s=1&sid=1670561734&sct=1&seg=0&dl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&dt=GDToT%20%7C%2010%20MS%20Facebook%20Marketing%20by%20Ayman%20_%20Sadman.zip&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FQB0C6P3KM&gtm=2oebu0&_p=658419130&cid=565249369.1670561735&ul=en-us&sr=1280x1024&_s=1&sid=1670561734&sct=1&seg=0&dl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&dt=GDToT%20%7C%2010%20MS%20Facebook%20Marketing%20by%20Ayman%20_%20Sadman.zip&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://new3.gdtot.cfd
date: Fri, 09 Dec 2022 04:55:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 909
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 09 Dec 2022 04:55:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://new3.gdtot.cfd
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

nanouwho.com/11?rnd=3395403106&z=4739444&b=16033039&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0=&ruid=0809ca5e-044b-48ab-b82c-ccaf3a184080&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=106

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=3395403106&z=4739444&b=16033039&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0=&ruid=0809ca5e-044b-48ab-b82c-ccaf3a184080&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=106
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=3395403106&z=4739444&b=16033039&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0=&ruid=0809ca5e-044b-48ab-b82c-ccaf3a184080&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=106 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Cookie: scm=1; OAID=363c9dc9122f469b87fb725258a351f9; oaidts=1670561736
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://new3.gdtot.cfd
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c86ea38a284f20eba293953621287a0c
access-control-expose-headers: X-Sc
set-cookie: OAID=363c9dc9122f469b87fb725258a351f9; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
oaidts=1670561736; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

betotodilea.com/500/4488236?excludes=&oaid=363c9dc9122f469b87fb725258a351f9&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/4488236?excludes=&oaid=363c9dc9122f469b87fb725258a351f9&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4488236?excludes=&oaid=363c9dc9122f469b87fb725258a351f9&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://new3.gdtot.cfd/
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://new3.gdtot.cfd
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b16b33c26d2f1c15ceb01a41b82d9666
25f16e8eef51dd04706936a76b2c8c899095cad6
bda4920c745e13e006293cd7ca600fa230f08860c018c841d9dbe296f36c64be

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDA4920C745E13E006293CD7CA600FA230F08860C018C841D9DBE296F36C64BE"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=662
Expires: Fri, 09 Dec 2022 05:06:38 GMT
Date: Fri, 09 Dec 2022 04:55:36 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
4fbea77a0d1d179d738cb7851746552e
8808e4b54c414ca5a58c5b859ff335d61b472a8c
414fa4b36451eb121315b4a80993f6632206eb5ea7fe8c65ddf65acfdf18ae15

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5068
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:36 GMT
Etag: "63928a33-116"
Last-Modified: Fri, 09 Dec 2022 03:31:08 GMT
Server: ECS (amb/6BAC)
X-Cache: HIT
Content-Length: 278

offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg

104.22.33.172

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg
IP
104.22.33.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10853 bytes)
Hash
2fed87d8d9131d075b72354b838c2d77
69624c46c1556c35c67e85724451cce20ad405ec
8adac582983620ad0421a1be7648f58c731feaf3de0bf027ebefe412505b01ed

HTTP Headers

GET /www/images/2fed87d8d9131d075b72354b838c2d77.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: image/jpeg
content-length: 10853
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62b2c84c-2a65"
expires: Fri, 09 Dec 2022 08:31:44 GMT
last-modified: Wed, 22 Jun 2022 07:44:12 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 73432
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776b2645cdf109a4-ARN
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/ad/7e/e4/f62d273775e4bcd573935273a6/01343090968247.jpeg

139.45.197.155

200 OK

19 kB

URL HTTP/2
interstitial-07.com/contents/s/ad/7e/e4/f62d273775e4bcd573935273a6/01343090968247.jpeg
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
19 kB (18607 bytes)
Hash
ad7ee4f62d273775e4bcd573935273a6
f8109f52540622b5180a4dabc15dc6dacd6e5b5f
f877f3e4a727e4ccb1705bc86263ce98917d2a588d307bb466f3734eebc4c501

HTTP Headers

GET /contents/s/ad/7e/e4/f62d273775e4bcd573935273a6/01343090968247.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=bRwStrM6CwEGdlc&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D839354602%26z%3D4739444%26b%3D16033039%26c%3D6404088%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0%3D%26bag%3Da9-OYwXQr-qHbm9hIb80PA%3D%3D%26ruid%3D0809ca5e-044b-48ab-b82c-ccaf3a184080%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fnew3.gdtot.cfd%252Ffile%252F2859910309%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: image/jpeg
content-length: 18607
last-modified: Thu, 03 Nov 2022 08:12:18 GMT
vary: Accept-Encoding
etag: "636377e2-48af"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
37b19a6e06e8b74ba88ae636820d048c
fed89f5ecc38e39e3f6809a718f97c002997e705
a486d199f675dc6e68d8d0d5fa2e79f7534942f75e423e6a5822ff245bba4f0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A486D199F675DC6E68D8D0D5FA2E79F7534942F75E423E6A5822FF245BBA4F0F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13521
Expires: Fri, 09 Dec 2022 08:40:57 GMT
Date: Fri, 09 Dec 2022 04:55:36 GMT
Connection: keep-alive

139.45.197.242

200 OK

33 kB

URL HTTP/2
nanouwho.com/9?z=4739444&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=363c9dc9122f469b87fb725258a351f9
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
33 kB (32768 bytes)
Hash
2f0ccf6e0c67ea5a934fb448910eece0
d72e71391e773b02470eb4dab46ca6a20b0e6c4a
c8680d3824c150f87ef7404b47a60dd88198a317f67fdb5c645bc9652dead48e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=4739444&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=363c9dc9122f469b87fb725258a351f9 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 97
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Cookie: scm=1; OAID=37f25780ccd3474dae233b112cc44d12; oaidts=1670561736
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://new3.gdtot.cfd
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 01dbee89f25da92772ed1ec78383b589
access-control-expose-headers: X-Sc
set-cookie: OAID=363c9dc9122f469b87fb725258a351f9; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
oaidts=1670561736; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 79e8eb4636ad90ac47f301f058ef1b9d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a38479c1574a5eb30a1344322846ba87
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unpkg.com/sweetalert/dist/sweetalert.min.js

104.16.126.175

302 Found

0 B

URL HTTP/2
unpkg.com/sweetalert/dist/sweetalert.min.js
IP
104.16.126.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sweetalert/dist/sweetalert.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /sweetalert@2.1.2/dist/sweetalert.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GKTK99HN3XSVFWZQ3EKKM476-fra
cf-cache-status: HIT
age: 556
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 776b263d5a73b527-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 04:55:35 GMT
date: Fri, 09 Dec 2022 04:55:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

interstitial-07.com/?l=bRwStrM6CwEGdlc&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D839354602%26z%3D4739444%26b%3D16033039%26c%3D6404088%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0%3D%26bag%3Da9-OYwXQr-qHbm9hIb80PA%3D%3D%26ruid%3D0809ca5e-044b-48ab-b82c-ccaf3a184080%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fnew3.gdtot.cfd%252Ffile%252F2859910309%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1

139.45.197.155

200 OK

0 B

URL HTTP/2
interstitial-07.com/?l=bRwStrM6CwEGdlc&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D839354602%26z%3D4739444%26b%3D16033039%26c%3D6404088%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0%3D%26bag%3Da9-OYwXQr-qHbm9hIb80PA%3D%3D%26ruid%3D0809ca5e-044b-48ab-b82c-ccaf3a184080%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fnew3.gdtot.cfd%252Ffile%252F2859910309%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?l=bRwStrM6CwEGdlc&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D839354602%26z%3D4739444%26b%3D16033039%26c%3D6404088%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D4wEl1tJ_eWQHYbOWtRP6hV-OZNnh2CCI2TLVK1oRlcltfE_BGLjnF7tkn6xwSw_GTZsVI9pOmJ3F_DadiFr0QTMa6KGLjkQkPOqAwzRi7SCgolb03n51D5udRV6ItNGpeHzGqthb0GcqTHzgy0cD5-QNg2KKhAJoWcfUi2lnnT-xQdn_4ZFndt_YBwG01QbXi53QgnlSuFYQMbUj_ySPGeXLggAcK6TAN5R7qJ39I1Hk54nISyxzGdtJH13Rc0lsMsp68kDWT4YVdBUynezVmwO0zmErZxVe7scvnKD11qyOqglxksBuSqk2b40A-cdoCnpWreNmpRhpYvuocY2_df5X3G4ebvs5AacpooP7TXbG65srR0ZHUSduuq8YuGtm2b8B41bPrxUlSkvDNT5QtvA2Asd-KTYgFv2oB4VbSUm8TYvV7WruUPB-yVDEbx-zQtKlVcZyEiyodax7ofj8PLSAtS2rD4WIVJncMgWJ7HibdZeFW52wAzrmESowHDBVik1qu1W451OpmUnpaTpGQ-rqgyVq1S9VouWsRcvIP3oEC2Kj8dwNLBrgBL5ltyPD9WDxNdlPue96pBjSuoBcXYeFrmHdDMaQDIGRKf2Jq4LenIpt2zDsHQEwIRpJKa20gg-1OSyMDZWpEElbuvGzwqnbge0%3D%26bag%3Da9-OYwXQr-qHbm9hIb80PA%3D%3D%26ruid%3D0809ca5e-044b-48ab-b82c-ccaf3a184080%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fnew3.gdtot.cfd%252Ffile%252F2859910309%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=ydoQNbSiw79uZfQ7-KBsR6acI4Aw4S3TPfgvLREtuW0; expires=Fri, 09-Dec-2022 05:55:36 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

new3.gdtot.cfd/file/2859910309

104.21.7.69

200 OK

0 B

URL HTTP/2
new3.gdtot.cfd/file/2859910309
IP
104.21.7.69:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /file/2859910309 HTTP/1.1
Host: new3.gdtot.cfd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
set-cookie: PHPSESSID=jd1tjbdkrlt9oqudnh42dub73a; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, no-cache
pragma: no-cache
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vnt2FDYfOlEiHV3AtYOEOlLGdflF0ZxNMt0PcFssbvQsshED2%2F4bcQ7V0xJkYjmgY8jPpgCZCQu1%2Bcm%2Fk5qnavH12lpRH7%2BuJlFiMnaGbVumN3LUDiXhJgwdIvQnva6cxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776b26300c6db527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

0 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

moksoxos.com/5/3621940/?oo=1&aab=1

139.45.197.239

200 OK

0 B

URL HTTP/2
moksoxos.com/5/3621940/?oo=1&aab=1
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /5/3621940/?oo=1&aab=1 HTTP/1.1
Host: moksoxos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: application/json
x-trace-id: feb517c65c87f29fb52d805bc172d8ba
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://new3.gdtot.cfd
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=363c9dc9122f469b87fb725258a351f9; expires=Sat, 09 Dec 2023 04:55:35 GMT; path=/; secure; SameSite=None
oaidts=1670561735; expires=Sat, 09 Dec 2023 04:55:35 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/1?z=4739444

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/1?z=4739444
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=4739444 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f3a14f585a449e4ed0a9ff27f8158ba5
access-control-expose-headers: X-Sc
x-sc: eZjd5eC-3R4Mgw8T6-t-wqxDmcsKaCTzANDWeynF0l59QVyJcxle0DdervYXMugZQMpTKxEUaEGmMpM_BY1Std85uuw=
set-cookie: scm=1; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
OAID=37f25780ccd3474dae233b112cc44d12; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
oaidts=1670561736; expires=Sat, 09 Dec 2023 04:55:36 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/400/4488236

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/4488236
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /400/4488236 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: application/javascript
x-trace-id: b08b84dc0f28940eebd57c48b716d658
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=bfa5c9917a9f41b789a36208e33602d8; expires=Sat, 09 Dec 2023 04:55:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/4488236?excludes=&oaid=363c9dc9122f469b87fb725258a351f9&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /500/4488236?excludes=&oaid=363c9dc9122f469b87fb725258a351f9&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fnew3.gdtot.cfd%2Ffile%2F2859910309&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Cookie: OAID=bfa5c9917a9f41b789a36208e33602d8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:55:36 GMT
content-type: application/javascript
x-trace-id: 90d831a1b9aedf9945a9764a51a48826
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://new3.gdtot.cfd
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=363c9dc9122f469b87fb725258a351f9; expires=Sat, 09 Dec 2023 04:55:36 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

104.18.11.207

200 OK

0 B

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.4.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://new3.gdtot.cfd
Connection: keep-alive
Referer: https://new3.gdtot.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:55:35 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"7cc40c199d128af6b01e74a28c5900b0"
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
cdn-cachedat: 11/15/2022 10:39:22
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1054
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 7aa3536b4463cb8382af0e0f00ec722c
cdn-cache: HIT
cf-cache-status: HIT
age: 760981
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776b263dfdd5b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP