r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4072
Expires: Wed, 08 Feb 2023 01:32:06 GMT
Date: Wed, 08 Feb 2023 00:24:14 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7208
Expires: Wed, 08 Feb 2023 02:24:22 GMT
Date: Wed, 08 Feb 2023 00:24:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 23:36:32 GMT
content-type: application/json
age: 2862
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14888
Expires: Wed, 08 Feb 2023 04:32:22 GMT
Date: Wed, 08 Feb 2023 00:24:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MzGADR2ENxyH6BUSf7tITtHJiUzjmR9tmWzTO1q66LZK9XPlttT5KmGC/IaR3P/0Ded5s4JSLriqswboJUyVEQ==
x-amz-request-id: TD2V1MYEWWZMT0Z8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 23:35:42 GMT
age: 2912
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 00:24:14 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
sekigae.fun.w3ja.com/
212.52.0.31301 Moved Permanently 169 B IP 212.52.0.31:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 331c088c862081c21c2e74d7433d2ef2
4eeebc47e9a9692e782b9653fd58eb16ef2bc675
f165a1edcb876ac2682fd8d673b34f75297d885fa2a96c01a2f2685928783b86
Analyzer Verdict Alert openphish Rogers Wireless
fortinet Malware
GET / HTTP/1.1
Host: sekigae.fun.w3ja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.23.2
Date: Wed, 08 Feb 2023 00:24:14 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://sekigae.fun.w3ja.com/
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 23:51:19 GMT
age: 1975
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4241
Expires: Wed, 08 Feb 2023 01:34:56 GMT
Date: Wed, 08 Feb 2023 00:24:15 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4f6cce12fc9d7d56c4f971d3e1795d67
f2c3542ffdcff64c13da849d6c8879f25787441f
871c28ec2e3c581f5adeedef27c04376e88dc6ca39862fef5486c594d811f648
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "871C28EC2E3C581F5ADEEDEF27C04376E88DC6CA39862FEF5486C594D811F648"
Last-Modified: Tue, 07 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 06:24:15 GMT
Date: Wed, 08 Feb 2023 00:24:15 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4f6cce12fc9d7d56c4f971d3e1795d67
f2c3542ffdcff64c13da849d6c8879f25787441f
871c28ec2e3c581f5adeedef27c04376e88dc6ca39862fef5486c594d811f648
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "871C28EC2E3C581F5ADEEDEF27C04376E88DC6CA39862FEF5486C594D811F648"
Last-Modified: Tue, 07 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 06:24:15 GMT
Date: Wed, 08 Feb 2023 00:24:15 GMT
Connection: keep-alive
push.services.mozilla.com/
52.37.106.154101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.37.106.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SaRUbrdUukbnA9WTL/ZUZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5dnewxMQK1xct2Ouo1W1U/YzNJA=
sekigae.fun.w3ja.com/
212.52.0.31200 OK 7.1 kB IP 212.52.0.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (464), with CRLF, LF line terminators
Hash 163c70792cd01ce48e5d3cbdcd0b013c
a2a98ab3125a69ac08e6d73bf5d8d7aa42c1e37e
82dcda13901ae999bb531ddbdfd667baf2a5653a272f903151c2124e11c46373
Analyzer Verdict Alert openphish Rogers Wireless
fortinet Malware
GET / HTTP/1.1
Host: sekigae.fun.w3ja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx/1.23.2
Date: Wed, 08 Feb 2023 00:24:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.20
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4105
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:15:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5300
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 22:55:55 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2908
Cache-Control: max-age=161359
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 21:13:34 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3483
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:26:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css
104.17.24.14200 OK 17 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (65324)
Hash 2220bb5ed14b4dfe40394499d6baf7c7
0ba7f85e9090ad666586e3222e87fdb499645876
bb4b9b4472f13a89d27a0d028e706575a9a623754d7277d47defcdb2e5e6cd98
GET /ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: text/css; charset=utf-8
content-length: 17210
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-2606e"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5382515
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7bw%2FsFGRY8E80De2glEoEanX1ZT2Ld62bwx%2B%2BbZeEofmqIvYmaFpVaOcwOllFyHB9v1pdZcJb1Gy6U%2BEDag%2BdLmTqN0ty%2BtvyafFQSKckRhEKZQR%2FYX2YWJqgnXD1eByi8%2FcoA8v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5f90b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js
104.17.24.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (57791)
Hash f7ec1f608a6644d182a2aef3308d3fc1
504609ff13eb3af8a2364b6753f73bc3ad3b4e1b
398376b9590200f385c71475b834492c281ce9cd34bc137a57f087e7a65bd7fb
GET /ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 13537
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-e2d8"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 26709852
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBPUQcaRmauzU%2FlopQhB793vBpg%2Fz1GtIxW48jAdfL3lG24d%2BXa84sQ56vIfMADA9UMhinE6aaHi3URAR6dglg3u2EoBvz7pX62fDJHDaPlvMvkFmZjArpJv%2F3Q1Gr2FlKXx6UOV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5bc3fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.15.0/umd/popper.min.js
104.17.24.14200 OK 6.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.15.0/umd/popper.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (20989)
Hash 12823d3177e37701ecf67f10fe002251
d9a4c13eb4557008f46b063948f2997a55c498e8
a58e2e99f9569a968e240697a5ef755e73a677746f4fc5ba11cfea02260f13cd
GET /ajax/libs/popper.js/1.15.0/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 6680
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-52aa"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11479542
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5yufMaaw%2F060KBoe2aM3Cyzzl1Un6BsURo2zxv9WYF2dD4tBJuOQG3E9GBxsy2QsnmqBviupGK5EyHjd%2B60MZMOCTIeRztJJUiXpa9gLY9AIxrU%2BsLOsb3VsW6u%2F%2BFzo6CT8PAq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5bc5fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
104.17.24.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65451)
Hash 638a4990025383a0f83ebf29bdb84a68
153e8818dc42f598e47fde8cf398f1447649a4d0
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1548439
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cVbc%2B9QAgiw9WTze6fNu8Lt%2BweJiVU8pftOeeamqNCzzBBbj42oFzOrPwc6rHJzcCHLYQRkdg66na5yuFU85Boiq9m%2BLgJXZmWCwJxSStVckNNm1xMau1i4FxcPH0dPVXUoAonk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5bc4fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4105
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:15:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw
IP 142.250.74.163:0
Hash 537e2e9cd7d39540ab7473e453fdf876
53841e9819f5010d4fab2314792111b1a9c49738
0c4ad47c1bcf6a020c834e708cf7e53c94915e84930305f1a2d7155e48e95ab0
POST /s/gts1p5/jLQWPPuTvEw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw
IP 142.250.74.163:0
Hash 537e2e9cd7d39540ab7473e453fdf876
53841e9819f5010d4fab2314792111b1a9c49738
0c4ad47c1bcf6a020c834e708cf7e53c94915e84930305f1a2d7155e48e95ab0
POST /s/gts1p5/jLQWPPuTvEw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10928
Expires: Wed, 08 Feb 2023 03:26:24 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10928
Expires: Wed, 08 Feb 2023 03:26:24 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10928
Expires: Wed, 08 Feb 2023 03:26:24 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 59929
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
w3ja.com/js/jquery.js
172.67.128.240200 OK 46 kB IP 172.67.128.240:0
File type ASCII text, with very long lines (1300)
Hash d11cce06d2d4c318a8a24ee962ad8c9b
6d61b93a1a08c7df836c668b7ebd064b0b8c6f4e
5802b0b281856227ea28471a726170c1ca1d1ef4e029d9ab3669af8bf5203fd9
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.js HTTP/1.1
Host: w3ja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: application/x-javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6355e63f-201e6"
expires: Wed, 08 Feb 2023 02:58:00 GMT
last-modified: Mon, 24 Oct 2022 01:11:27 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 33976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kAkN1DUelyQHPQsrPGeSWD5sjugVU5LUzhFNg8f0lsCoHXaAYWgmPB%2FO8Xz0cUizSj0QuIk6XhmBzJ4Y3WJm8ep3myhUq4uRSfiuejZY0K4TjzB65ggFanFVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796038ac8cce1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8122ba3b-f49a-49fa-acfb-88990087de42.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8122ba3b-f49a-49fa-acfb-88990087de42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 25fb37d8b072e47aae74933481fb9418
b073d213a6a7939efed7ee5ef62a5548e00082bc
59a9c61013b3a4faab6f1c578f45bb87397d2f9e7975ae58e53e2c4e4a791da2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8122ba3b-f49a-49fa-acfb-88990087de42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6177
x-amzn-requestid: 729ae67c-5468-42a6-ba16-2a6a55db001d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f-tUbE7EoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e28f4f-7f1fa6e162899c495e44e643;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 17:50:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xTJKf69wk7qWWhBYf-qO61jOY2jXIC4FNdt4Mxt2dLDmLm5U9OocVQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 18:24:36 GMT
etag: "b073d213a6a7939efed7ee5ef62a5548e00082bc"
content-type: image/jpeg
age: 21580
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 33b061f03be149fea0df63b42a8ec226
e5e491c6ef8b6234450a34ee5df28b9a58a8ad43
a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0hu3nATq26ngjS5942rJgt7AcT4wjG0mFfNrtsajSN2PpdAOYhTjFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:42 GMT
age: 9634
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qYXu_I4vL00EOopA1nQcxCTMKf4nObKFk9XQozhw6FezKsfTDem3Mw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:35 GMT
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
age: 8261
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb0e725719ac378134b01b6473a6581
a8a1780c88e8ae219048bed28ecfbd8019d9af35
187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:41:46 GMT
age: 60150
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8840
Expires: Wed, 08 Feb 2023 02:51:36 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6889
Expires: Wed, 08 Feb 2023 02:19:05 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6834
Expires: Wed, 08 Feb 2023 02:18:10 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
pl17991643.highperformancecpmgate.com/3b9e72e9797c159b735f64a9225e5b2e/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 pl17991643.highperformancecpmgate.com/3b9e72e9797c159b735f64a9225e5b2e/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25062), with no line terminators
Hash 321d61cede7fd820655292a2fd5e99ff
779ab56fd58cdb396e6833e89de466f7531a7f65
a299900695ec56dc8657d94d566a0e1dc9a41dcd6b533354ed7a56ba24ff6c65
Analyzer Verdict Alert quad9 Sinkholed
GET /3b9e72e9797c159b735f64a9225e5b2e/invoke.js HTTP/1.1
Host: pl17991643.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6668b8464ab88efaef8c2c9ecba8be7b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pl17986764.highperformancecpmgate.com/f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js
173.233.137.44200 OK 21 kB URL HTTP/1.1 pl17986764.highperformancecpmgate.com/f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (60130), with no line terminators
Hash 2fc3ce7442c62f8f297b737757655b96
11f79a7fb9004c93370e04c85aca1a5a648dc7fe
f55c5a236ed735ac8040cf5bc298773fa6fc014bb0bd579d4d1f3549bec6eb0f
Analyzer Verdict Alert quad9 Sinkholed
GET /f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js HTTP/1.1
Host: pl17986764.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eb537886bf7432eb55e9d25fdc57e29e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pl17991630.highperformancecpmgate.com/1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 pl17991630.highperformancecpmgate.com/1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37155), with no line terminators
Hash d80e427a5c709b15f0b9c8a0fe21b5ea
c46fc0d1e71ba22d8054f5df1310b729ba75e798
25fb6d6233503dcf3d1d510ceb8110d85faa7fe4fc332592b604307bab147455
Analyzer Verdict Alert quad9 Sinkholed
GET /1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js HTTP/1.1
Host: pl17991630.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f416dc282577c14d7376461e2feb3bf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 162cf16c04c5e61dc5ded18807e1686d
82297027d3933d4324dbdcfadc09521c66d9e6b1
b2d018f4c0c6f21ef882829859ba49af6ccf5cc15f9cf3d13407905f301a0759
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 00:24:16 GMT
Last-Modified: Tue, 07 Feb 2023 23:45:52 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qUJvZXeXV9apDosi2R7bD3rbvktjjGQRB3VL4nsACClEF_yK-a9o7Q==
Age: 2305
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 8eb7e0c18c11137480c5ca36787126ef
4a84702650330d95872fdb1d03bb20ede2f48d76
6b1036d7e8d587ef95a153e9d9b84dbf8f29ebba44d7577fbb584dac2cb6b28f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
set-cookie: uid_id2=934a3c62-4d46-46e5-a5f1-3e7c7e5de7d5:2:1; expires=Sat, 05 Feb 2033 00:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 162cf16c04c5e61dc5ded18807e1686d
82297027d3933d4324dbdcfadc09521c66d9e6b1
b2d018f4c0c6f21ef882829859ba49af6ccf5cc15f9cf3d13407905f301a0759
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135296
Date: Wed, 08 Feb 2023 00:24:16 GMT
Etag: "63e25293-1d7"
Expires: Thu, 09 Feb 2023 13:59:12 GMT
Last-Modified: Tue, 07 Feb 2023 13:30:59 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Jz6fuwZDSgdSr1e36XUUkbIXHGGkhhGR5EwquPO3mjVrESo9JASoVg==
Age: 1693
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c41c722798f0e3638024f21a5a7a8d83
db3ccc45ee1b163a36affe20ac87fa33c5fd6146
2c47b9c17f99c9852ece1fdf54f4c6dc7b97fc61c663126a5136162560cfb399
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2C47B9C17F99C9852ECE1FDF54F4C6DC7B97FC61C663126A5136162560CFB399"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5486
Expires: Wed, 08 Feb 2023 01:55:42 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash e68b402e239ac7335be59297a132a624
f0b848d2356f7be9756f1b857ddc781a951af35c
65404b7e99eb29f11cca62815575ec83a6b2c6b67517080e779c6ef4c697962e
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
set-cookie: uid_id2=3b335ab7-5410-4ce1-83a6-38a8a8e47ed6:2:1; expires=Sat, 05 Feb 2033 00:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 021ee1ac5232d9cf0695e1b73092979a
359907469ba4eab4973f7ca180a7ddff23049f0d
5e08cc676ef7645ac2af1fc50429210a0e41dcd05f6ab7ab62c7ce2c440c3745
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
set-cookie: uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; expires=Sat, 05 Feb 2033 00:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c427f0a40e9a37185a90f0cb32c47dca
d6d6eb862f7ad162b809aec3e278157dea68f530
8e80aa6b23166b468ad5da901087251dfe3def8a81adecbdc2d9908da74678d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E80AA6B23166B468AD5DA901087251DFE3DEF8A81ADECBDC2D9908DA74678D6"
Last-Modified: Mon, 06 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7599
Expires: Wed, 08 Feb 2023 02:30:55 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive
priestsuede.com/pixel/purst?dl=0&th=0&sc=0&rs=2620&rd=2620&fd=958&bv=22.10.v.9&tmpl=70
192.243.59.20200 OK 0 B URL HTTP/1.1 priestsuede.com/pixel/purst?dl=0&th=0&sc=0&rs=2620&rd=2620&fd=958&bv=22.10.v.9&tmpl=70
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2620&rd=2620&fd=958&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: priestsuede.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ffbbcf667390418f2cbb808a726b9342
590778522d88baa02439cc5204d9a62a4751f7bb
e0f5a131b37d57d4165866a387a7d613406770013f5566b0f5443e6dfc47acde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0F5A131B37D57D4165866A387A7D613406770013F5566B0F5443E6DFC47ACDE"
Last-Modified: Sun, 05 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5522
Expires: Wed, 08 Feb 2023 01:56:19 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c41c722798f0e3638024f21a5a7a8d83
db3ccc45ee1b163a36affe20ac87fa33c5fd6146
2c47b9c17f99c9852ece1fdf54f4c6dc7b97fc61c663126a5136162560cfb399
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2C47B9C17F99C9852ECE1FDF54F4C6DC7B97FC61C663126A5136162560CFB399"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5485
Expires: Wed, 08 Feb 2023 01:55:42 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bd323d791dcb256ff08d90c5001ccada
380b8b726dfbe5ca828512ce4f73ea2d3cb2ed9a
d9d54aad7f3a2eebbef4ae07fce2c11f4f750d8faf6613e5b5ec7540b4d478b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D9D54AAD7F3A2EEBBEF4AE07FCE2C11F4F750D8FAF6613E5B5EC7540B4D478B7"
Last-Modified: Tue, 07 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1913
Expires: Wed, 08 Feb 2023 00:56:10 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 20c9ebcf0c6fd584f93b39650cdf4f64
269ce37f5fd5c65f9c7ab87c7d42ab172f726d48
87c17eb5a87932c6dce03fccbaa0c0f80cdcf4c09653bd4f11a445404f15b068
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C17EB5A87932C6DCE03FCCBAA0C0F80CDCF4C09653BD4F11A445404F15B068"
Last-Modified: Tue, 07 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7579
Expires: Wed, 08 Feb 2023 02:30:36 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iceboxlitre.com/ntv.json?key=3b9e72e9797c159b735f64a9225e5b2e&vstc=4
173.233.137.60200 OK 17 kB URL HTTP/1.1 iceboxlitre.com/ntv.json?key=3b9e72e9797c159b735f64a9225e5b2e&vstc=4
IP 173.233.137.60:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (17000), with no line terminators
Hash 85c4301e11ca114ae9c099ae222b41e1
b5fb7b6648d95b028bfe3cafbb7da41f5f307f56
f8b0fe25a4e3ce1c4912cf5f629d7aee8fbd03a0cf2da752095f3fcf9f19e401
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=3b9e72e9797c159b735f64a9225e5b2e&vstc=4 HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: application/json
Content-Length: 17002
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sekigae.fun.w3ja.com
Access-Control-Allow-Origin: https://sekigae.fun.w3ja.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17891144; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv49=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs49=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
nlec3b9e72e9797c159b735f64a9225e5b2e=[3254344,3254354,3254335,3254345]; expires=Wed, 08 Feb 2023 00:24:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 44d47e35d8eaf15050a88cfa7c60cf04
Strict-Transport-Security: max-age=0; includeSubdomains
www.google.com/s2/favicons?domain_url=https://sekigae.fun
216.58.211.4301 Moved Permanently 332 B URL HTTP/2 www.google.com/s2/favicons?domain_url=https://sekigae.fun
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 714ac3d1dc1e67b4e56d7a12f69abf62
46686e165dc9ba9d0b18f7b4f713ab67f79d84f8
cc37f8ea173c6821e71df33c802d2386395f94d51b9a0e282144f76beac78732
GET /s2/favicons?domain_url=https://sekigae.fun HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://sekigae.fun&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 00:24:17 GMT
expires: Wed, 08 Feb 2023 00:54:17 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 332
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 61d478faa89367a80894816ec3477057
a1adece785b4023969912ff69f3f44ca23474838
e4cdcf23a08cd9db8874059179d4f83e5763ddbc45ee07a8ea53641d4bb75f5c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:34:04 GMT
Expires: Tue, 14 Feb 2023 06:34:03 GMT
Etag: "a1adece785b4023969912ff69f3f44ca23474838"
Cache-Control: max-age=539985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796038b65eb2b503-OSL
banquetunarmedgrater.com/advertisers.js
192.243.59.20200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 034bcbbc94402cf0b3d9f0e1f7d05add
Strict-Transport-Security: max-age=0; includeSubdomains
www.statcounter.com/counter/counter.js
104.20.219.77200 OK 15 kB URL HTTP/2 www.statcounter.com/counter/counter.js
IP 104.20.219.77:0
File type ASCII text, with very long lines (43632), with no line terminators
Hash 0b14cd5eb84ba7460f84810d532eba11
e8905bc7cd1d0429e729273c9456190b34907151
0ce0a345de02f867b146fa07999105cbec875fa3d3ef4ff217eb4db27305aa65
GET /counter/counter.js HTTP/1.1
Host: www.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 11:47:55 GMT
etag: W/"63e23a6b-aa70"
expires: Wed, 08 Feb 2023 10:53:07 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 5470
server: cloudflare
cf-ray: 796038b6af71b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2hdS4aR9nvv7fcO3%2Ffe%2B3w3PyU%2BcnqydssMldb0Qtjw629uqESYwtVX79YDv%2BFfqm%2Bo5GL7Un1Qge2%2FE%2Fhhw3%2Brfk3yLXOh6Qe%2BH%2FhBfVlZGZvBhRkLlT6OgkbkN9rNRhC2MbD%2Fr13uwVEPon9KXocS0xc2nx5C8QmS3vdXpdvKTPr2%2B71c08xY9MXBh8lWYooEvUUaWw9xcjDvhnFTQr48A5MczB3A9PcqB2BqSrxfArDkYC4TrL%2F%2FXCnTkAmYeAVFfwKpJ1B0Am7uQ4lnBOACq7eR9B6uGlvQ7ecsrdgpqf39F1QxJbXfziHpPbmi1aB%2Bx%2Bg8UyZxGMQl1GAC1Z0gzY%2BQDT2o4gg8%2BxRKECS9EkqUM9dKTaDiCbQcgToPefUpD3nsIU899MRJnYZR7PudmMWt1lKbc95qcR4uXRShaLWXYh85r2SNkKUjcD0CtztI7Q621Ag2%2FxFus4QTHlw2Jd4HO%2BiLEoUkKBxBQQkKRVBkBEW%2F3BfaNV35UGiXs2Aem%2FPYKscm6%2B7SfZN1ZUJ201PyWjUP79V%2FrmNLntRbLJKdpow6UYcHYcQ6rTC%2B2KZRsxnKkDUlnCqh3JmZ1aGakjduCaRqSl688SsYPYLTR%2BDqLGgegBbjTtMH3Ry3l3wMk0dF6x5tcNODMCXSrIZs29vVp%2BT8bCfBo%2BuQ%2FPjyZ8Pfrz059wm4LZHaEvfUTwRd%2FWC8bgqyt24KRw5vp5nqqSGt9nUno5k8%2B%2B0NuV0YK1auutE37%2FKKqNLHd6XLbtJEqKTryHdXlBDSLhvLJflhxW1Itpa7zSu5TfL05tp7yyu91ErnlEkmoOrZR%2Fvgakpe%2Bvjn2SWeH%2BZQdgKbl%2Bjlx2T%2BoMwReLoDly7UO0Ng9aKHpR6KvBzbJlv81IpAy0VNWQn3n5ot8l33AF1bA83uz%2B6vb0v0dQmqR3D5y%2BMstceXn35Vva%2FBdG3MtK3tMW31F7PRVrBeweUKVuDUSV2GsR9LvylZHLG4Q30Rxe2I0SiQHRbSAJmb8j%2F%2BPPwXAAD%2F%2FwEAAP%2F%2FD4CcjHAEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2hdS4aR9nvv7fcO3%2Ffe%2B3w3PyU%2BcnqydssMldb0Qtjw629uqESYwtVX79YDv%2BFfqm%2Bo5GL7Un1Qge2%2FE%2Fhhw3%2Brfk3yLXOh6Qe%2BH%2FhBfVlZGZvBhRkLlT6OgkbkN9rNRhC2MbD%2Fr13uwVEPon9KXocS0xc2nx5C8QmS3vdXpdvKTPr2%2B71c08xY9MXBh8lWYooEvUUaWw9xcjDvhnFTQr48A5MczB3A9PcqB2BqSrxfArDkYC4TrL%2F%2FXCnTkAmYeAVFfwKpJ1B0Am7uQ4lnBOACq7eR9B6uGlvQ7ecsrdgpqf39F1QxJbXfziHpPbmi1aB%2Bx%2Bg8UyZxGMQl1GAC1Z0gzY%2BQDT2o4gg8%2BxRKECS9EkqUM9dKTaDiCbQcgToPefUpD3nsIU899MRJnYZR7PudmMWt1lKbc95qcR4uXRShaLWXYh85r2SNkKUjcD0CtztI7Q621Ag2%2FxFus4QTHlw2Jd4HO%2BiLEoUkKBxBQQkKRVBkBEW%2F3BfaNV35UGiXs2Aem%2FPYKscm6%2B7SfZN1ZUJ201PyWjUP79V%2FrmNLntRbLJKdpow6UYcHYcQ6rTC%2B2KZRsxnKkDUlnCqh3JmZ1aGakjduCaRqSl688SsYPYLTR%2BDqLGgegBbjTtMH3Ry3l3wMk0dF6x5tcNODMCXSrIZs29vVp%2BT8bCfBo%2BuQ%2FPjyZ8Pfrz059wm4LZHaEvfUTwRd%2FWC8bgqyt24KRw5vp5nqqSGt9nUno5k8%2B%2B0NuV0YK1auutE37%2FKKqNLHd6XLbtJEqKTryHdXlBDSLhvLJflhxW1Itpa7zSu5TfL05tp7yyu91ErnlEkmoOrZR%2Fvgakpe%2Bvjn2SWeH%2BZQdgKbl%2Bjlx2T%2BoMwReLoDly7UO0Ng9aKHpR6KvBzbJlv81IpAy0VNWQn3n5ot8l33AF1bA83uz%2B6vb0v0dQmqR3D5y%2BMstceXn35Vva%2FBdG3MtK3tMW31F7PRVrBeweUKVuDUSV2GsR9LvylZHLG4Q30Rxe2I0SiQHRbSAJmb8j%2F%2BPPwXAAD%2F%2FwEAAP%2F%2FD4CcjHAEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2hdS4aR9nvv7fcO3%2Ffe%2B3w3PyU%2BcnqydssMldb0Qtjw629uqESYwtVX79YDv%2BFfqm%2Bo5GL7Un1Qge2%2FE%2Fhhw3%2Brfk3yLXOh6Qe%2BH%2FhBfVlZGZvBhRkLlT6OgkbkN9rNRhC2MbD%2Fr13uwVEPon9KXocS0xc2nx5C8QmS3vdXpdvKTPr2%2B71c08xY9MXBh8lWYooEvUUaWw9xcjDvhnFTQr48A5MczB3A9PcqB2BqSrxfArDkYC4TrL%2F%2FXCnTkAmYeAVFfwKpJ1B0Am7uQ4lnBOACq7eR9B6uGlvQ7ecsrdgpqf39F1QxJbXfziHpPbmi1aB%2Bx%2Bg8UyZxGMQl1GAC1Z0gzY%2BQDT2o4gg8%2BxRKECS9EkqUM9dKTaDiCbQcgToPefUpD3nsIU899MRJnYZR7PudmMWt1lKbc95qcR4uXRShaLWXYh85r2SNkKUjcD0CtztI7Q621Ag2%2FxFus4QTHlw2Jd4HO%2BiLEoUkKBxBQQkKRVBkBEW%2F3BfaNV35UGiXs2Aem%2FPYKscm6%2B7SfZN1ZUJ201PyWjUP79V%2FrmNLntRbLJKdpow6UYcHYcQ6rTC%2B2KZRsxnKkDUlnCqh3JmZ1aGakjduCaRqSl688SsYPYLTR%2BDqLGgegBbjTtMH3Ry3l3wMk0dF6x5tcNODMCXSrIZs29vVp%2BT8bCfBo%2BuQ%2FPjyZ8Pfrz059wm4LZHaEvfUTwRd%2FWC8bgqyt24KRw5vp5nqqSGt9nUno5k8%2B%2B0NuV0YK1auutE37%2FKKqNLHd6XLbtJEqKTryHdXlBDSLhvLJflhxW1Itpa7zSu5TfL05tp7yyu91ErnlEkmoOrZR%2Fvgakpe%2Bvjn2SWeH%2BZQdgKbl%2Bjlx2T%2BoMwReLoDly7UO0Ng9aKHpR6KvBzbJlv81IpAy0VNWQn3n5ot8l33AF1bA83uz%2B6vb0v0dQmqR3D5y%2BMstceXn35Vva%2FBdG3MtK3tMW31F7PRVrBeweUKVuDUSV2GsR9LvylZHLG4Q30Rxe2I0SiQHRbSAJmb8j%2F%2BPPwXAAD%2F%2FwEAAP%2F%2FD4CcjHAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c62ad2dea0f12b9dcb1761ab3cafd4df
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9c5cd500f3412d0bb91099f1046874e6
8e2a5b67289ca10a9b5a7f1dcc200d4ee1a748e9
af33d47f4cac0f71eedcdc9ea9f1bf5b71b4b2b8284c5e8a7a73f2aba2373d8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF33D47F4CAC0F71EEDCDC9EA9F1BF5B71B4B2B8284C5E8A7A73F2ABA2373D8C"
Last-Modified: Sun, 05 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18484
Expires: Wed, 08 Feb 2023 05:32:21 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9c5cd500f3412d0bb91099f1046874e6
8e2a5b67289ca10a9b5a7f1dcc200d4ee1a748e9
af33d47f4cac0f71eedcdc9ea9f1bf5b71b4b2b8284c5e8a7a73f2aba2373d8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF33D47F4CAC0F71EEDCDC9EA9F1BF5B71B4B2B8284C5E8A7A73F2ABA2373D8C"
Last-Modified: Sun, 05 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18484
Expires: Wed, 08 Feb 2023 05:32:21 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
45.133.44.9200 OK 19 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash e3f84420ce3bd43532e3ddb8b22a465e
3d7ad384f893e1dbcd8d3bfb260bfc8c4848138a
428d48c9b4e20910da3a15d23ca23eee970be4c013a4cbf5f66355537a8ddd10
GET /si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 18886
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:15:36 GMT
etag: "621ba3a8-49c6"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/c8/d2/75/c8d2755494a79da6a1198b4e843c465e/1645978536.jpg
45.133.44.9200 OK 21 kB URL HTTP/2 cdn.cloudimagesb.com/si/c8/d2/75/c8d2755494a79da6a1198b4e843c465e/1645978536.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash e76141a73e3867caa30e71f21f24f019
7664dbf096108e45ad2d376514565d1a859bd169
98acf73ddbba7ea1c25ae6edf6ab6817ef442cf1c2343909083b2601ea8b62ca
GET /si/c8/d2/75/c8d2755494a79da6a1198b4e843c465e/1645978536.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 21046
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:15:46 GMT
etag: "621ba3b2-5236"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzW8b1Rd90%2Fr3E4INoG66wkuQkDtje%2BoMXVSUkjZqm4a0KDuk9zXOa57nDe%2FNeByzIKIIdekFC2A1OU6aAlVF%2FgAk5LCpsqqFhCJEJNiyRGILGteS4UrvfrxzF%2Bfcez%2FbzU%2BJj5yerN0yQ6U1vRA2%2FPrrGyoRpnD11bv1wG%2F4l%2BobKrnYvlQfVM723wr8sOG%2FUb8m%2BZa50PQD3w%2F8oL6srIzN4MIMhUofR0Ej8hvtZiMI2xjY%2F9Yu9%2BCoB9E%2FJa9Cien%2FNp8eQvEJkt53V6Xbykz65ru9XNPMWPTFwfvJVmKKBL1FGlsPcXIw74ZxU0K%2BOAOTHMwVwPT3KgVgakq8nwOw5GBOE6y%2F%2F5wp05AJmHgJRX8CqSdQdAJu7kOJZwTgAqu3kfQerhpb0O3nKK3QKan99SdUMSW1X88h6T25otWgfsfoPFMmcRjEJdRgAtWdIM2PkA09qOIIPPsEShAkvRJKlDPVSk2g4gm0HIE6D3n1lIc89pCnHnripE7DKPb9TsziVmupzTlvtTgPly6KULTaS7GPnFe0RsjSEbgegdsdpHYHW2oEm%2F8At1nCCQ8umxLvvR30RYlCEhSOoKAEhSIoMoKiX%2B4L7ZqufCi0y1kwj815bJVjk3V36b7JujIhu%2BkpeaWah%2Ffy39exJU%2FqLRbJTlNGnajDgzBinVYYX2zTqNkMZciaEk6VUO7MTOpQTclrtwRSNSX%2Fv%2FELGD2C00fg6ixoHoAW407TB90ct5d8DJNHResebXDTgzAl0qyGbNvb1afk%2FGwnwaN1SH58%2BdPhb9eenPsI3JZIbYl76keCrn4wXjcF2Vs3hSOHt9NM9dSQVvu6k9FMnv3mhtwujBUrV93o67d5BVTp47vSZTdpIlTSdeTbK0oIaZeN5ZJ8v%2BI2JFvL3eaV3CZ5enPtneWVXmqlc8okE1D17IN9cDUlL3z40%2BwSzw8%2FhrIT2LxELz8mc4MyR%2BDpDly6YO8MgdWLHpaeQZGXY9tki0%2BtCLRc1JSVcP%2Bq2SLfdQ%2FQtTXQ7P7s%2Fvq2RF%2BXoHoEl784zlJ7fPnpl5V9BaZrY6ZtbY9pqz%2BvRnt9Nt%2FKXa7cCpw6qcsw9mPpNyWLIxZ3qC%2BiuB0xGgWyw0IaIHNT%2Fvsfh%2F8AAAD%2F%2FwEAAP%2F%2Fdl3Z8nAEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzW8b1Rd90%2Fr3E4INoG66wkuQkDtje%2BoMXVSUkjZqm4a0KDuk9zXOa57nDe%2FNeByzIKIIdekFC2A1OU6aAlVF%2FgAk5LCpsqqFhCJEJNiyRGILGteS4UrvfrxzF%2Bfcez%2FbzU%2BJj5yerN0yQ6U1vRA2%2FPrrGyoRpnD11bv1wG%2F4l%2BobKrnYvlQfVM723wr8sOG%2FUb8m%2BZa50PQD3w%2F8oL6srIzN4MIMhUofR0Ej8hvtZiMI2xjY%2F9Yu9%2BCoB9E%2FJa9Cien%2FNp8eQvEJkt53V6Xbykz65ru9XNPMWPTFwfvJVmKKBL1FGlsPcXIw74ZxU0K%2BOAOTHMwVwPT3KgVgakq8nwOw5GBOE6y%2F%2F5wp05AJmHgJRX8CqSdQdAJu7kOJZwTgAqu3kfQerhpb0O3nKK3QKan99SdUMSW1X88h6T25otWgfsfoPFMmcRjEJdRgAtWdIM2PkA09qOIIPPsEShAkvRJKlDPVSk2g4gm0HIE6D3n1lIc89pCnHnripE7DKPb9TsziVmupzTlvtTgPly6KULTaS7GPnFe0RsjSEbgegdsdpHYHW2oEm%2F8At1nCCQ8umxLvvR30RYlCEhSOoKAEhSIoMoKiX%2B4L7ZqufCi0y1kwj815bJVjk3V36b7JujIhu%2BkpeaWah%2Ffy39exJU%2FqLRbJTlNGnajDgzBinVYYX2zTqNkMZciaEk6VUO7MTOpQTclrtwRSNSX%2Fv%2FELGD2C00fg6ixoHoAW407TB90ct5d8DJNHResebXDTgzAl0qyGbNvb1afk%2FGwnwaN1SH58%2BdPhb9eenPsI3JZIbYl76keCrn4wXjcF2Vs3hSOHt9NM9dSQVvu6k9FMnv3mhtwujBUrV93o67d5BVTp47vSZTdpIlTSdeTbK0oIaZeN5ZJ8v%2BI2JFvL3eaV3CZ5enPtneWVXmqlc8okE1D17IN9cDUlL3z40%2BwSzw8%2FhrIT2LxELz8mc4MyR%2BDpDly6YO8MgdWLHpaeQZGXY9tki0%2BtCLRc1JSVcP%2Bq2SLfdQ%2FQtTXQ7P7s%2Fvq2RF%2BXoHoEl784zlJ7fPnpl5V9BaZrY6ZtbY9pqz%2BvRnt9Nt%2FKXa7cCpw6qcsw9mPpNyWLIxZ3qC%2BiuB0xGgWyw0IaIHNT%2Fvsfh%2F8AAAD%2F%2FwEAAP%2F%2Fdl3Z8nAEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzW8b1Rd90%2Fr3E4INoG66wkuQkDtje%2BoMXVSUkjZqm4a0KDuk9zXOa57nDe%2FNeByzIKIIdekFC2A1OU6aAlVF%2FgAk5LCpsqqFhCJEJNiyRGILGteS4UrvfrxzF%2Bfcez%2FbzU%2BJj5yerN0yQ6U1vRA2%2FPrrGyoRpnD11bv1wG%2F4l%2BobKrnYvlQfVM723wr8sOG%2FUb8m%2BZa50PQD3w%2F8oL6srIzN4MIMhUofR0Ej8hvtZiMI2xjY%2F9Yu9%2BCoB9E%2FJa9Cien%2FNp8eQvEJkt53V6Xbykz65ru9XNPMWPTFwfvJVmKKBL1FGlsPcXIw74ZxU0K%2BOAOTHMwVwPT3KgVgakq8nwOw5GBOE6y%2F%2F5wp05AJmHgJRX8CqSdQdAJu7kOJZwTgAqu3kfQerhpb0O3nKK3QKan99SdUMSW1X88h6T25otWgfsfoPFMmcRjEJdRgAtWdIM2PkA09qOIIPPsEShAkvRJKlDPVSk2g4gm0HIE6D3n1lIc89pCnHnripE7DKPb9TsziVmupzTlvtTgPly6KULTaS7GPnFe0RsjSEbgegdsdpHYHW2oEm%2F8At1nCCQ8umxLvvR30RYlCEhSOoKAEhSIoMoKiX%2B4L7ZqufCi0y1kwj815bJVjk3V36b7JujIhu%2BkpeaWah%2Ffy39exJU%2FqLRbJTlNGnajDgzBinVYYX2zTqNkMZciaEk6VUO7MTOpQTclrtwRSNSX%2Fv%2FELGD2C00fg6ixoHoAW407TB90ct5d8DJNHResebXDTgzAl0qyGbNvb1afk%2FGwnwaN1SH58%2BdPhb9eenPsI3JZIbYl76keCrn4wXjcF2Vs3hSOHt9NM9dSQVvu6k9FMnv3mhtwujBUrV93o67d5BVTp47vSZTdpIlTSdeTbK0oIaZeN5ZJ8v%2BI2JFvL3eaV3CZ5enPtneWVXmqlc8okE1D17IN9cDUlL3z40%2BwSzw8%2FhrIT2LxELz8mc4MyR%2BDpDly6YO8MgdWLHpaeQZGXY9tki0%2BtCLRc1JSVcP%2Bq2SLfdQ%2FQtTXQ7P7s%2Fvq2RF%2BXoHoEl784zlJ7fPnpl5V9BaZrY6ZtbY9pqz%2BvRnt9Nt%2FKXa7cCpw6qcsw9mPpNyWLIxZ3qC%2BiuB0xGgWyw0IaIHNT%2Fvsfh%2F8AAAD%2F%2FwEAAP%2F%2Fdl3Z8nAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4afbfd0d7cd8be66910b05dde59946a0
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg
45.133.44.9200 OK 22 kB URL HTTP/2 cdn.cloudimagesb.com/si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash dea5f1ea2c9a47f7f4d05c62e70a2527
b88486270a197dd93dfc0ec3d6609c35dda8f928
638a55cc2116fa90536d6c306d288d9400921d7b3338ec9ff374eabc218f8b9c
GET /si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 21546
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:18:35 GMT
etag: "621ba45b-542a"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
45.133.44.9200 OK 25 kB URL HTTP/2 cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash f1a49a7d784361bbce9f7ed99c6fc6ec
bb1a5732dc954a89c85089d16d71a00ade1fe682
deb5daa6fcbf7a78b9361e5ac56f09b27986953f03977adbaf32d04a93996bdd
GET /si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 25012
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:14:05 GMT
etag: "621ba34d-61b4"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
indignationmapprohibited.com/sbar.json?key=1b83b8ebd54a9ba1fdb63f527fb4f778&uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232%3A2%3A1
173.233.137.36200 OK 4.4 kB URL HTTP/1.1 indignationmapprohibited.com/sbar.json?key=1b83b8ebd54a9ba1fdb63f527fb4f778&uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232%3A2%3A1
IP 173.233.137.36:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6249), with no line terminators
Hash c4a4e966db918a49c331e3cc4bc87928
fba1b32882eb76d21adfdb66d967e708992e99a3
294cbe196d0aad3d60776873c42725addf9ab5b4fcb7546b8d58f883d339626d
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=1b83b8ebd54a9ba1fdb63f527fb4f778&uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232%3A2%3A1 HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sekigae.fun.w3ja.com
Access-Control-Allow-Origin: https://sekigae.fun.w3ja.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17891131; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; expires=Wed, 15 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
slec1b83b8ebd54a9ba1fdb63f527fb4f778=[3905509]; expires=Wed, 08 Feb 2023 00:24:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5c03e725aa8591ecc9d6b642c9d4f3ae
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4lJzqC4oQkeDKEYkraF1LhifN%2BzHfO3zfe%2B%2Fz3fyU%2BMjpydotM1Ra0wthw6%2B%2FuaESYQpXX71bD%2FyGf6m%2BoZKL7Uv1QeVs%2F53ADxv%2BW%2FVrkm%2BZC00%2F8P3AD%2BrLysrYDC7MUKj0cRQ0Ir%2FRbjaCsI2B%2FX%2Ftcg%2BOehD9U%2FI6lJi%2BsPn0EIpPkPS%2BvyrdVmbSt9%2Fv5ZpmxqIvDj5MthJTJOgt0th6iJODeTeMmxLy5RmY5GCuAKa%2FVykAU1Pi%2FRKAJQdzmmD9%2FedMmYZMwMQrKPoTSD2BohNwcx9KPCMAF1i9jaT3cNXYgm4%2FR2mFTknt77%2Bgiimp%2FXYOSe%2FJFa0G9TtG55kyicMgLqEGE6juBGl%2BhGzoQRVH4NmnUIIg6ZVQopypVmoCFU%2Bg5QjUecirpzzksYc89dATJ3UaRrHvd2IWt1pLbc55q8V5uHRRhKLVXop95LyiNUKWjsD1CNzuILU72FIj2PxHuM0STnhw2ZR4H%2BygL0oUkqBwBAUlKBRBkREU%2FXJfaNd05UOhXc6CeWzOY6scm6y7S%2FdN1pUJ2U1PyWvVPLxX%2F7mOLXlSb7FIdpoy6kQdHoQR67TC%2BGKbRs1mKEPWlHCqhHJnZlKHakreuCWQqil58cavYPQITh%2BBq7OgeQBajDtNH3Rz3F7yMUweFa17tMFND8KUSLMasm1vV5%2BS87OdBI8uQ%2FLjy58Nf7%2F25Nwn4LZEakvcUz8RdPWD8bopyN66KRw5vJ1mqqeGtNrXnYxm8uy3N%2BR2YaxYuepG37zLK6BKH9%2BVLrtJE6GSriPfXVFCSLtsLJfkhxW3Idla7jav5DbJ05tr7y2v9FIrnVMmmYCqZx%2Ftg6speenjn2eXeH6ooewENi%2FRy4%2FJ3KDMEXi6A5cu2DtDYPWih6VnUeTl2DbZ4lMrAi0XNWUl3H9qtsh33QN0bQ00uz%2B7v74t0dclqB7B5S%2BPs9QeX376VWVfg%2BnamGlb22Pa6i%2Bq0V6v3PpsyJVbgVMndRnGfiz9pmRxxOIO9UUUtyNGo0B2WEgDZG7K%2F%2Fjz8F8AAAD%2F%2FwEAAP%2F%2FU3W0FnAEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4lJzqC4oQkeDKEYkraF1LhifN%2BzHfO3zfe%2B%2Fz3fyU%2BMjpydotM1Ra0wthw6%2B%2FuaESYQpXX71bD%2FyGf6m%2BoZKL7Uv1QeVs%2F53ADxv%2BW%2FVrkm%2BZC00%2F8P3AD%2BrLysrYDC7MUKj0cRQ0Ir%2FRbjaCsI2B%2FX%2Ftcg%2BOehD9U%2FI6lJi%2BsPn0EIpPkPS%2BvyrdVmbSt9%2Fv5ZpmxqIvDj5MthJTJOgt0th6iJODeTeMmxLy5RmY5GCuAKa%2FVykAU1Pi%2FRKAJQdzmmD9%2FedMmYZMwMQrKPoTSD2BohNwcx9KPCMAF1i9jaT3cNXYgm4%2FR2mFTknt77%2Bgiimp%2FXYOSe%2FJFa0G9TtG55kyicMgLqEGE6juBGl%2BhGzoQRVH4NmnUIIg6ZVQopypVmoCFU%2Bg5QjUecirpzzksYc89dATJ3UaRrHvd2IWt1pLbc55q8V5uHRRhKLVXop95LyiNUKWjsD1CNzuILU72FIj2PxHuM0STnhw2ZR4H%2BygL0oUkqBwBAUlKBRBkREU%2FXJfaNd05UOhXc6CeWzOY6scm6y7S%2FdN1pUJ2U1PyWvVPLxX%2F7mOLXlSb7FIdpoy6kQdHoQR67TC%2BGKbRs1mKEPWlHCqhHJnZlKHakreuCWQqil58cavYPQITh%2BBq7OgeQBajDtNH3Rz3F7yMUweFa17tMFND8KUSLMasm1vV5%2BS87OdBI8uQ%2FLjy58Nf7%2F25Nwn4LZEakvcUz8RdPWD8bopyN66KRw5vJ1mqqeGtNrXnYxm8uy3N%2BR2YaxYuepG37zLK6BKH9%2BVLrtJE6GSriPfXVFCSLtsLJfkhxW3Idla7jav5DbJ05tr7y2v9FIrnVMmmYCqZx%2Ftg6speenjn2eXeH6ooewENi%2FRy4%2FJ3KDMEXi6A5cu2DtDYPWih6VnUeTl2DbZ4lMrAi0XNWUl3H9qtsh33QN0bQ00uz%2B7v74t0dclqB7B5S%2BPs9QeX376VWVfg%2BnamGlb22Pa6i%2Bq0V6v3PpsyJVbgVMndRnGfiz9pmRxxOIO9UUUtyNGo0B2WEgDZG7K%2F%2Fjz8F8AAAD%2F%2FwEAAP%2F%2FU3W0FnAEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4lJzqC4oQkeDKEYkraF1LhifN%2BzHfO3zfe%2B%2Fz3fyU%2BMjpydotM1Ra0wthw6%2B%2FuaESYQpXX71bD%2FyGf6m%2BoZKL7Uv1QeVs%2F53ADxv%2BW%2FVrkm%2BZC00%2F8P3AD%2BrLysrYDC7MUKj0cRQ0Ir%2FRbjaCsI2B%2FX%2Ftcg%2BOehD9U%2FI6lJi%2BsPn0EIpPkPS%2BvyrdVmbSt9%2Fv5ZpmxqIvDj5MthJTJOgt0th6iJODeTeMmxLy5RmY5GCuAKa%2FVykAU1Pi%2FRKAJQdzmmD9%2FedMmYZMwMQrKPoTSD2BohNwcx9KPCMAF1i9jaT3cNXYgm4%2FR2mFTknt77%2Bgiimp%2FXYOSe%2FJFa0G9TtG55kyicMgLqEGE6juBGl%2BhGzoQRVH4NmnUIIg6ZVQopypVmoCFU%2Bg5QjUecirpzzksYc89dATJ3UaRrHvd2IWt1pLbc55q8V5uHRRhKLVXop95LyiNUKWjsD1CNzuILU72FIj2PxHuM0STnhw2ZR4H%2BygL0oUkqBwBAUlKBRBkREU%2FXJfaNd05UOhXc6CeWzOY6scm6y7S%2FdN1pUJ2U1PyWvVPLxX%2F7mOLXlSb7FIdpoy6kQdHoQR67TC%2BGKbRs1mKEPWlHCqhHJnZlKHakreuCWQqil58cavYPQITh%2BBq7OgeQBajDtNH3Rz3F7yMUweFa17tMFND8KUSLMasm1vV5%2BS87OdBI8uQ%2FLjy58Nf7%2F25Nwn4LZEakvcUz8RdPWD8bopyN66KRw5vJ1mqqeGtNrXnYxm8uy3N%2BR2YaxYuepG37zLK6BKH9%2BVLrtJE6GSriPfXVFCSLtsLJfkhxW3Idla7jav5DbJ05tr7y2v9FIrnVMmmYCqZx%2Ftg6speenjn2eXeH6ooewENi%2FRy4%2FJ3KDMEXi6A5cu2DtDYPWih6VnUeTl2DbZ4lMrAi0XNWUl3H9qtsh33QN0bQ00uz%2B7v74t0dclqB7B5S%2BPs9QeX376VWVfg%2BnamGlb22Pa6i%2Bq0V6v3PpsyJVbgVMndRnGfiz9pmRxxOIO9UUUtyNGo0B2WEgDZG7K%2F%2Fjz8F8AAAD%2F%2FwEAAP%2F%2FU3W0FnAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 574d666244a3633a95ba8b26bd3c22d7
Strict-Transport-Security: max-age=0; includeSubdomains
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLaRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2gdS4Ynzfsx3zt833vv8538hPjI6fHqbTNUWtMLYcOvv7muEmEKV1%2B5Vw%2F8hn%2Bpvq6Si%2B1L9UHlbP%2BdwA8b%2Flv165JvmgtNP%2FD9wA%2Fq15SVsRlcmKFQ6ZMoaER%2Bo91sBGEbA%2Fv%2F2uUeHPUg%2BifkdSgxfWHj2QEUnyDpfX9Vus3MpG%2B%2F38s1zYxFX%2Bx%2FmGwmpkjQW6Sx9RAn%2B%2FNuGDcl5MszMMn%2BXAFMf7dSAKamxPslAEv25zTB%2BnunTJmGTMDEKyj6E0g9gaITcPMASjwnABdYuYOk92jF2IJunaK0Qqek9vdfUMWU1H47h6T39IpWg%2Fpdo%2FNMmcRhEJdQgwlUd4I0P0Q29KCKQ%2FDsUyhBkPRKKFHOVCs1gYon0HIE6jzk1VMe8thDnnroieM6DaPY9zsxi1utpTbnvNXiPFy6KELRai%2FFPnJe0RohS0fgegRut5HabWyqEWz%2BI9xGCSc8uGxKvA%2B20RclCklQOIKCEhSKoMgIin65J7RruvKR0C5nwTw257FVjk3W3aF7JuvKhOykJ%2BS1ah7eq%2F%2FcwKY8rrdYJDtNGXWiDg%2FCiHVaYXyxTaNmM5Qha0o4VUK5MzOpQzUlb9wWSNWUvHjzVzB6CKcPwdVZ0DwALcadpg%2B6MW4v%2BRgmj4vWfdrgpgdhSqRZDdmWt6NPyPnZToLHy5D86PJnw9%2BvPz33CbgtkdoS99VPBF39cLxmCrK7ZgpHDu6kmeqpIa32dTejmTz77U25VRgrlq%2B60Tfv8gqo0if3pMtu0USopOvId1eUENJeM5ZL8sOyW5dsNXcbV3Kb5Omt1feuLfdSK51TJpmAqucf7YGrKXnp459nl3h%2B2IeyE9i8RC8%2FInODMofg6TZcumDvDIHVix6W1lDk5dg22eJTKwItFzVlJdx%2FarbId9xDdG0NNHswu7%2B%2BLdHXJageweUvj7PUHl1%2B9lVlX4Pp2phpW9tl2uovqtHeqNxa5S6fTtqp47oMYz%2BWflOyOGJxh%2FoiitsRo1EgOyykATI35X%2F8efAvAAAA%2F%2F8BAAD%2F%2F4d%2BeCBwBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLaRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2gdS4Ynzfsx3zt833vv8538hPjI6fHqbTNUWtMLYcOvv7muEmEKV1%2B5Vw%2F8hn%2Bpvq6Si%2B1L9UHlbP%2BdwA8b%2Flv165JvmgtNP%2FD9wA%2Fq15SVsRlcmKFQ6ZMoaER%2Bo91sBGEbA%2Fv%2F2uUeHPUg%2BifkdSgxfWHj2QEUnyDpfX9Vus3MpG%2B%2F38s1zYxFX%2Bx%2FmGwmpkjQW6Sx9RAn%2B%2FNuGDcl5MszMMn%2BXAFMf7dSAKamxPslAEv25zTB%2BnunTJmGTMDEKyj6E0g9gaITcPMASjwnABdYuYOk92jF2IJunaK0Qqek9vdfUMWU1H47h6T39IpWg%2Fpdo%2FNMmcRhEJdQgwlUd4I0P0Q29KCKQ%2FDsUyhBkPRKKFHOVCs1gYon0HIE6jzk1VMe8thDnnroieM6DaPY9zsxi1utpTbnvNXiPFy6KELRai%2FFPnJe0RohS0fgegRut5HabWyqEWz%2BI9xGCSc8uGxKvA%2B20RclCklQOIKCEhSKoMgIin65J7RruvKR0C5nwTw257FVjk3W3aF7JuvKhOykJ%2BS1ah7eq%2F%2FcwKY8rrdYJDtNGXWiDg%2FCiHVaYXyxTaNmM5Qha0o4VUK5MzOpQzUlb9wWSNWUvHjzVzB6CKcPwdVZ0DwALcadpg%2B6MW4v%2BRgmj4vWfdrgpgdhSqRZDdmWt6NPyPnZToLHy5D86PJnw9%2BvPz33CbgtkdoS99VPBF39cLxmCrK7ZgpHDu6kmeqpIa32dTejmTz77U25VRgrlq%2B60Tfv8gqo0if3pMtu0USopOvId1eUENJeM5ZL8sOyW5dsNXcbV3Kb5Omt1feuLfdSK51TJpmAqucf7YGrKXnp459nl3h%2B2IeyE9i8RC8%2FInODMofg6TZcumDvDIHVix6W1lDk5dg22eJTKwItFzVlJdx%2FarbId9xDdG0NNHswu7%2B%2BLdHXJageweUvj7PUHl1%2B9lVlX4Pp2phpW9tl2uovqtHeqNxa5S6fTtqp47oMYz%2BWflOyOGJxh%2FoiitsRo1EgOyykATI35X%2F8efAvAAAA%2F%2F8BAAD%2F%2F4d%2BeCBwBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLaRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2gdS4Ynzfsx3zt833vv8538hPjI6fHqbTNUWtMLYcOvv7muEmEKV1%2B5Vw%2F8hn%2Bpvq6Si%2B1L9UHlbP%2BdwA8b%2Flv165JvmgtNP%2FD9wA%2Fq15SVsRlcmKFQ6ZMoaER%2Bo91sBGEbA%2Fv%2F2uUeHPUg%2BifkdSgxfWHj2QEUnyDpfX9Vus3MpG%2B%2F38s1zYxFX%2Bx%2FmGwmpkjQW6Sx9RAn%2B%2FNuGDcl5MszMMn%2BXAFMf7dSAKamxPslAEv25zTB%2BnunTJmGTMDEKyj6E0g9gaITcPMASjwnABdYuYOk92jF2IJunaK0Qqek9vdfUMWU1H47h6T39IpWg%2Fpdo%2FNMmcRhEJdQgwlUd4I0P0Q29KCKQ%2FDsUyhBkPRKKFHOVCs1gYon0HIE6jzk1VMe8thDnnroieM6DaPY9zsxi1utpTbnvNXiPFy6KELRai%2FFPnJe0RohS0fgegRut5HabWyqEWz%2BI9xGCSc8uGxKvA%2B20RclCklQOIKCEhSKoMgIin65J7RruvKR0C5nwTw257FVjk3W3aF7JuvKhOykJ%2BS1ah7eq%2F%2FcwKY8rrdYJDtNGXWiDg%2FCiHVaYXyxTaNmM5Qha0o4VUK5MzOpQzUlb9wWSNWUvHjzVzB6CKcPwdVZ0DwALcadpg%2B6MW4v%2BRgmj4vWfdrgpgdhSqRZDdmWt6NPyPnZToLHy5D86PJnw9%2BvPz33CbgtkdoS99VPBF39cLxmCrK7ZgpHDu6kmeqpIa32dTejmTz77U25VRgrlq%2B60Tfv8gqo0if3pMtu0USopOvId1eUENJeM5ZL8sOyW5dsNXcbV3Kb5Omt1feuLfdSK51TJpmAqucf7YGrKXnp459nl3h%2B2IeyE9i8RC8%2FInODMofg6TZcumDvDIHVix6W1lDk5dg22eJTKwItFzVlJdx%2FarbId9xDdG0NNHswu7%2B%2BLdHXJageweUvj7PUHl1%2B9lVlX4Pp2phpW9tl2uovqtHeqNxa5S6fTtqp47oMYz%2BWflOyOGJxh%2FoiitsRo1EgOyykATI35X%2F8efAvAAAA%2F%2F8BAAD%2F%2F4d%2BeCBwBAAA HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 276d0ae55627b45ae38d8974e34d5919
Strict-Transport-Security: max-age=0; includeSubdomains
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9d2bdNDRShpo7ZpSItyQ5qdmXWmmd1ZZvaHYy4RRahHHzgAp83npClQVeQPQEIOlyoSUn1BESISXDkicQWtY8nwpHk%2F5nuH73vvfb6bnRIXGT1Zu62HUil6qd1w629uyJjrwtZX79U9t%2BFeqW%2FI%2BHLrSn1QOZO%2F47nthvtW%2FbpgW%2FqS73qu67lefVkaEerBpRkKmTzpeY2e22j5Da%2FdwsD8v7aZA0sd8PyUvA7Jpy9sPjuEZBPE0ffXhN1KdfL2%2B1GmaKoNcn7wYbwV6yJGtEhD4yCMD%2Bbd0HZKyJfnoOODuQLofK9SgEBOifOLhyA%2BmNNEkO%2BfMQ0URIyAv4Iin0CoCSSdgOkHkPw5ARjH6h3E0aNVbQq6fYbSCp2S2t9%2FQRZTUvvtAuLo6ZKSg%2FpdrbJU6thiEJaQgwlkf4IkO0I6dCCLI7D0U0hOEEclJC9nqqWcQIYTKDECtQ6y6kkHWeggSxxE%2FKRO273QdTthEDab3RZjrNlkrN29zNu82eqGLjJW0RohTUZgagRmdpCYHWzJEUz2I%2BxmCcsd2HRKnA92kPMShSAoLEFBCQpJUKQERV7uc2V9Wz7iymaBN4%2F%2BPDbLsU77u3Rfp30Rk93klLxWzcN59Z8b2BIn9WbQEx1f9Dq9DvPavaDTbIeXW7Tn%2B23RDnwBK0tIe24mdSin5I3bHImckhdv%2FoqAHsGqIzB5HjTzQItxx3dBN8etroth%2FLho3qcNpiNwXSJJa0i3nV11Si7OduI9XoFgx1c%2FG%2F5%2B%2FemFT8BMicSUuC9%2FIuirh%2BN1XZC9dV1YcngnSWUkh7Ta192UpuL8tzfFdqENX7lmR9%2B8yyqgSp%2FcEza9RWMu474l3y1JzoVZ1oYJ8sOK3RDBWmY3lzITZ8mttfeWV6LECGuljieg8vlH%2B2BySl76%2BOfZJV4c5pBmApOViLJjMjdIfQSW7MAmC%2FZWExi16AmSGoqsHBs%2FWHwqSaDEoqZBCfufOljku%2FYh%2BqYGmj6Y3V9uSuSqBFUj2OzlcZqY46vPvqrsawSqNg6Uqe0FyqgvqtHeqNx65a6eTdrKk3rba4lu0O0wzgPBuNfxm92m6%2Fqctzo94fWQ2in748%2FDfwEAAP%2F%2FAQAA%2F%2F%2BTdvbGcAQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9d2bdNDRShpo7ZpSItyQ5qdmXWmmd1ZZvaHYy4RRahHHzgAp83npClQVeQPQEIOlyoSUn1BESISXDkicQWtY8nwpHk%2F5nuH73vvfb6bnRIXGT1Zu62HUil6qd1w629uyJjrwtZX79U9t%2BFeqW%2FI%2BHLrSn1QOZO%2F47nthvtW%2FbpgW%2FqS73qu67lefVkaEerBpRkKmTzpeY2e22j5Da%2FdwsD8v7aZA0sd8PyUvA7Jpy9sPjuEZBPE0ffXhN1KdfL2%2B1GmaKoNcn7wYbwV6yJGtEhD4yCMD%2Bbd0HZKyJfnoOODuQLofK9SgEBOifOLhyA%2BmNNEkO%2BfMQ0URIyAv4Iin0CoCSSdgOkHkPw5ARjH6h3E0aNVbQq6fYbSCp2S2t9%2FQRZTUvvtAuLo6ZKSg%2FpdrbJU6thiEJaQgwlkf4IkO0I6dCCLI7D0U0hOEEclJC9nqqWcQIYTKDECtQ6y6kkHWeggSxxE%2FKRO273QdTthEDab3RZjrNlkrN29zNu82eqGLjJW0RohTUZgagRmdpCYHWzJEUz2I%2BxmCcsd2HRKnA92kPMShSAoLEFBCQpJUKQERV7uc2V9Wz7iymaBN4%2F%2BPDbLsU77u3Rfp30Rk93klLxWzcN59Z8b2BIn9WbQEx1f9Dq9DvPavaDTbIeXW7Tn%2B23RDnwBK0tIe24mdSin5I3bHImckhdv%2FoqAHsGqIzB5HjTzQItxx3dBN8etroth%2FLho3qcNpiNwXSJJa0i3nV11Si7OduI9XoFgx1c%2FG%2F5%2B%2FemFT8BMicSUuC9%2FIuirh%2BN1XZC9dV1YcngnSWUkh7Ta192UpuL8tzfFdqENX7lmR9%2B8yyqgSp%2FcEza9RWMu474l3y1JzoVZ1oYJ8sOK3RDBWmY3lzITZ8mttfeWV6LECGuljieg8vlH%2B2BySl76%2BOfZJV4c5pBmApOViLJjMjdIfQSW7MAmC%2FZWExi16AmSGoqsHBs%2FWHwqSaDEoqZBCfufOljku%2FYh%2BqYGmj6Y3V9uSuSqBFUj2OzlcZqY46vPvqrsawSqNg6Uqe0FyqgvqtHeqNx65a6eTdrKk3rba4lu0O0wzgPBuNfxm92m6%2Fqctzo94fWQ2in748%2FDfwEAAP%2F%2FAQAA%2F%2F%2BTdvbGcAQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9d2bdNDRShpo7ZpSItyQ5qdmXWmmd1ZZvaHYy4RRahHHzgAp83npClQVeQPQEIOlyoSUn1BESISXDkicQWtY8nwpHk%2F5nuH73vvfb6bnRIXGT1Zu62HUil6qd1w629uyJjrwtZX79U9t%2BFeqW%2FI%2BHLrSn1QOZO%2F47nthvtW%2FbpgW%2FqS73qu67lefVkaEerBpRkKmTzpeY2e22j5Da%2FdwsD8v7aZA0sd8PyUvA7Jpy9sPjuEZBPE0ffXhN1KdfL2%2B1GmaKoNcn7wYbwV6yJGtEhD4yCMD%2Bbd0HZKyJfnoOODuQLofK9SgEBOifOLhyA%2BmNNEkO%2BfMQ0URIyAv4Iin0CoCSSdgOkHkPw5ARjH6h3E0aNVbQq6fYbSCp2S2t9%2FQRZTUvvtAuLo6ZKSg%2FpdrbJU6thiEJaQgwlkf4IkO0I6dCCLI7D0U0hOEEclJC9nqqWcQIYTKDECtQ6y6kkHWeggSxxE%2FKRO273QdTthEDab3RZjrNlkrN29zNu82eqGLjJW0RohTUZgagRmdpCYHWzJEUz2I%2BxmCcsd2HRKnA92kPMShSAoLEFBCQpJUKQERV7uc2V9Wz7iymaBN4%2F%2BPDbLsU77u3Rfp30Rk93klLxWzcN59Z8b2BIn9WbQEx1f9Dq9DvPavaDTbIeXW7Tn%2B23RDnwBK0tIe24mdSin5I3bHImckhdv%2FoqAHsGqIzB5HjTzQItxx3dBN8etroth%2FLho3qcNpiNwXSJJa0i3nV11Si7OduI9XoFgx1c%2FG%2F5%2B%2FemFT8BMicSUuC9%2FIuirh%2BN1XZC9dV1YcngnSWUkh7Ta192UpuL8tzfFdqENX7lmR9%2B8yyqgSp%2FcEza9RWMu474l3y1JzoVZ1oYJ8sOK3RDBWmY3lzITZ8mttfeWV6LECGuljieg8vlH%2B2BySl76%2BOfZJV4c5pBmApOViLJjMjdIfQSW7MAmC%2FZWExi16AmSGoqsHBs%2FWHwqSaDEoqZBCfufOljku%2FYh%2BqYGmj6Y3V9uSuSqBFUj2OzlcZqY46vPvqrsawSqNg6Uqe0FyqgvqtHeqNx65a6eTdrKk3rba4lu0O0wzgPBuNfxm92m6%2Fqctzo94fWQ2in748%2FDfwEAAP%2F%2FAQAA%2F%2F%2BTdvbGcAQAAA%3D%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a73ee45331a5628ddfb52a1784c4021
Strict-Transport-Security: max-age=0; includeSubdomains
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiI%2FAAk5XKpISPUFRYhIcOWIxBW0riXDSPu99%2FZ7h%2B97732%2Bl58RFzk9Xb%2Blh1IpeilouPU3N2XCdWHra3frnttwr9Q3ZXK5daU%2BqMD03%2FHcoOG%2BVb8m2La%2B5Lue63quV1%2BRRkR6cGnGQqaPu16j6zZafsMLWhiY%2F9c2d2CpA94%2FI69D8ukLW0%2BPINkESfz9VWG3M52%2B%2FX6cK5ppgz4%2F%2FDDZTnSRIF6kkXEQJYfzbmg7JeTLc9DJ4dwBdH%2B%2FcoBQTonzi4cwOZzLRNg%2FeK40VBAJQv4Kiv4EQk0g6QRM34fkzwjAONZuI4kfrmlT0J3nLK3YKan9%2FRdkMSW13y4giZ8sKzmo39Eqz6ROLAZRCTmYQPYmSPNjZEMHsjgGyz6F5ARJXELycuZayglkNIESI1DrIK8%2B6SCPHOSpg5if1mnQjVy3HYVRs9lpMcaaTcaCzmUe8GarE7nIWSVrhCwdgakRmNlFanaxLUcw%2BY%2BwWyUsd2CzKXE%2B2EWflygEQWEJCkpQSIIiIyj65QFX1rflQ65sHnrz6M9jsxzrrLdHD3TWEwnZS8%2FIa9U8nFf%2FuY5tcVpvhl3R9kW33W0zL%2BiG7WYQXW7Rru8HIgh9AStLSHtuZnUop%2BSNWxypnJIXb%2FyKkB7DqmMweR4090CLcdt3QbfGrY6LYfKoaN6jDaZjcF0izWrIdpw9dUYuznbiPboOwU6WPhv%2Bfu3JhU%2FATInUlLgnfyLoqQfjDV2Q%2FQ1dWHJ0O81kLIe02tedjGbi%2FLc3xE6hDV%2B9akffvMsqokof3xU2u0kTLpOeJd8tS86FWdGGCfLDqt0U4Xput5Zzk%2BTpzfX3Vlbj1AhrpU4moPLZRwdgckpe%2Bvjn2SVeHOaQZgKTl4jzEzJ%2FkPoYLN2FTRfqrSYwatETpg6KvBwbP1z8VJJAiUVNwxL2P3W4yPfsA%2FRMDTS7P7u%2FvinRVyWoGsHmL4%2Bz1JwsPf2qel8jVLVxqExtP1RGfTEbbQUbFSxVsAorT%2BuB1xKdsNNmnIeCca%2FtNztN1%2FU5b7W7wusis1P2x59H%2FwIAAP%2F%2FAQAA%2F%2F8biBJqcAQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiI%2FAAk5XKpISPUFRYhIcOWIxBW0riXDSPu99%2FZ7h%2B97732%2Bl58RFzk9Xb%2Blh1IpeilouPU3N2XCdWHra3frnttwr9Q3ZXK5daU%2BqMD03%2FHcoOG%2BVb8m2La%2B5Lue63quV1%2BRRkR6cGnGQqaPu16j6zZafsMLWhiY%2F9c2d2CpA94%2FI69D8ukLW0%2BPINkESfz9VWG3M52%2B%2FX6cK5ppgz4%2F%2FDDZTnSRIF6kkXEQJYfzbmg7JeTLc9DJ4dwBdH%2B%2FcoBQTonzi4cwOZzLRNg%2FeK40VBAJQv4Kiv4EQk0g6QRM34fkzwjAONZuI4kfrmlT0J3nLK3YKan9%2FRdkMSW13y4giZ8sKzmo39Eqz6ROLAZRCTmYQPYmSPNjZEMHsjgGyz6F5ARJXELycuZayglkNIESI1DrIK8%2B6SCPHOSpg5if1mnQjVy3HYVRs9lpMcaaTcaCzmUe8GarE7nIWSVrhCwdgakRmNlFanaxLUcw%2BY%2BwWyUsd2CzKXE%2B2EWflygEQWEJCkpQSIIiIyj65QFX1rflQ65sHnrz6M9jsxzrrLdHD3TWEwnZS8%2FIa9U8nFf%2FuY5tcVpvhl3R9kW33W0zL%2BiG7WYQXW7Rru8HIgh9AStLSHtuZnUop%2BSNWxypnJIXb%2FyKkB7DqmMweR4090CLcdt3QbfGrY6LYfKoaN6jDaZjcF0izWrIdpw9dUYuznbiPboOwU6WPhv%2Bfu3JhU%2FATInUlLgnfyLoqQfjDV2Q%2FQ1dWHJ0O81kLIe02tedjGbi%2FLc3xE6hDV%2B9akffvMsqokof3xU2u0kTLpOeJd8tS86FWdGGCfLDqt0U4Xput5Zzk%2BTpzfX3Vlbj1AhrpU4moPLZRwdgckpe%2Bvjn2SVeHOaQZgKTl4jzEzJ%2FkPoYLN2FTRfqrSYwatETpg6KvBwbP1z8VJJAiUVNwxL2P3W4yPfsA%2FRMDTS7P7u%2FvinRVyWoGsHmL4%2Bz1JwsPf2qel8jVLVxqExtP1RGfTEbbQUbFSxVsAorT%2BuB1xKdsNNmnIeCca%2FtNztN1%2FU5b7W7wusis1P2x59H%2FwIAAP%2F%2FAQAA%2F%2F8biBJqcAQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiI%2FAAk5XKpISPUFRYhIcOWIxBW0riXDSPu99%2FZ7h%2B97732%2Bl58RFzk9Xb%2Blh1IpeilouPU3N2XCdWHra3frnttwr9Q3ZXK5daU%2BqMD03%2FHcoOG%2BVb8m2La%2B5Lue63quV1%2BRRkR6cGnGQqaPu16j6zZafsMLWhiY%2F9c2d2CpA94%2FI69D8ukLW0%2BPINkESfz9VWG3M52%2B%2FX6cK5ppgz4%2F%2FDDZTnSRIF6kkXEQJYfzbmg7JeTLc9DJ4dwBdH%2B%2FcoBQTonzi4cwOZzLRNg%2FeK40VBAJQv4Kiv4EQk0g6QRM34fkzwjAONZuI4kfrmlT0J3nLK3YKan9%2FRdkMSW13y4giZ8sKzmo39Eqz6ROLAZRCTmYQPYmSPNjZEMHsjgGyz6F5ARJXELycuZayglkNIESI1DrIK8%2B6SCPHOSpg5if1mnQjVy3HYVRs9lpMcaaTcaCzmUe8GarE7nIWSVrhCwdgakRmNlFanaxLUcw%2BY%2BwWyUsd2CzKXE%2B2EWflygEQWEJCkpQSIIiIyj65QFX1rflQ65sHnrz6M9jsxzrrLdHD3TWEwnZS8%2FIa9U8nFf%2FuY5tcVpvhl3R9kW33W0zL%2BiG7WYQXW7Rru8HIgh9AStLSHtuZnUop%2BSNWxypnJIXb%2FyKkB7DqmMweR4090CLcdt3QbfGrY6LYfKoaN6jDaZjcF0izWrIdpw9dUYuznbiPboOwU6WPhv%2Bfu3JhU%2FATInUlLgnfyLoqQfjDV2Q%2FQ1dWHJ0O81kLIe02tedjGbi%2FLc3xE6hDV%2B9akffvMsqokof3xU2u0kTLpOeJd8tS86FWdGGCfLDqt0U4Xput5Zzk%2BTpzfX3Vlbj1AhrpU4moPLZRwdgckpe%2Bvjn2SVeHOaQZgKTl4jzEzJ%2FkPoYLN2FTRfqrSYwatETpg6KvBwbP1z8VJJAiUVNwxL2P3W4yPfsA%2FRMDTS7P7u%2FvinRVyWoGsHmL4%2Bz1JwsPf2qel8jVLVxqExtP1RGfTEbbQUbFSxVsAorT%2BuB1xKdsNNmnIeCca%2FtNztN1%2FU5b7W7wusis1P2x59H%2FwIAAP%2F%2FAQAA%2F%2F8biBJqcAQAAA%3D%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89ddb39754f1dff3bf1db88acfb66308
Strict-Transport-Security: max-age=0; includeSubdomains
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeTQ1CcAHUS0%2F4CBJydtd2bNNDRChpo7ZpSItyQ5qdmXWmmd1ZZna9jjkQUYR69IEDcNp8TpoCVUX%2BACTkcKlyqoWEIkQkuHJE4gpa15Lpk%2Bb9mO8dvu%2B998V%2Bdk5cZPRs46YeSKXoYrPmVt%2FckjHXua2u36l6bs29XN2S8VLjcrVfOtN7x3ObNfet6lXBdvSi73qu67ledVUaEer%2B4hSFTB51vFrHrTX8mtdsoG%2Ber23mwFIHvHdOXofkkxe2nxxDsjHi6Icrwu6kOnn7%2FShTNNUGPX70YbwT6zxGNE9D4yCMj2bd0HZCyFcL0PHRTAF076BUgEBOiPOrhyA%2BmtFE0Dt8xjRQEDEC%2Fgry3hhCjSHpGEzfg%2BRPCcA41m8hjh6sa5PT3WcoLdEJqfzzN2Q%2BIZXfLyKOHq8o2a%2Fe1ipLpY4t%2BmEB2R9DdsdIshOkAwcyPwFLP4PkBHFUQPJiqlrKMWQ4hhJDUOsgK590kIUOssRBxM%2BqtNkJXbcVBmG93m4wxup1xprtJd7k9UY7dJGxktYQaTIEU0Mws4fE7GFHDmGyn2C3C1juwKYT4nywhx4vkAuC3BLklCCXBHlKkPeKQ66sb4sHXNks8GbRn8V6MdJpd58e6rQrYrKfnJPXynk4r%2F57DTvirFoPOqLli06r02JesxO06s1wqUE7vt8UzcAXsLKAtAtTqQM5IW%2Fc5EjkhLx4%2FTcE9ARWnYDJC6CZB5qPWr4Luj1qtF0M4od5%2FS6tMR2B6wJJWkG66%2Byrc3JpuhPv4SYEO13%2BfPDH1ccXPwEzBRJT4K78maCr7o82dU4ONnVuyfGtJJWRHNByX7dTmooL310Xu7k2fO2KHX77LiuBMn10R9j0Bo25jLuWfL8iORdmVRsmyI9rdksEG5ndXslMnCU3Nt5bXYsSI6yVOh6DyqcfHYLJCXnp41%2Bml3hp8CmkGcNkBaLslMwMUp%2BAJXuwyZy91QRGzXuCZAF5VoyMH8w%2FlSRQYl7ToID9Xx3M8317H11TAU3vTe%2BvZwr0VAGqhrDZy6M0MafLT74u7RsEqjIKlKkcBMqoL8vRXpvOt3TLpVuDlWfVptcQ7aDdYpwHgnGv5dfbddf1OW%2B0OsLrILUT9udfx%2F8BAAD%2F%2FwEAAP%2F%2FYlVXFHAEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeTQ1CcAHUS0%2F4CBJydtd2bNNDRChpo7ZpSItyQ5qdmXWmmd1ZZna9jjkQUYR69IEDcNp8TpoCVUX%2BACTkcKlyqoWEIkQkuHJE4gpa15Lpk%2Bb9mO8dvu%2B998V%2Bdk5cZPRs46YeSKXoYrPmVt%2FckjHXua2u36l6bs29XN2S8VLjcrVfOtN7x3ObNfet6lXBdvSi73qu67ledVUaEer%2B4hSFTB51vFrHrTX8mtdsoG%2Ber23mwFIHvHdOXofkkxe2nxxDsjHi6Icrwu6kOnn7%2FShTNNUGPX70YbwT6zxGNE9D4yCMj2bd0HZCyFcL0PHRTAF076BUgEBOiPOrhyA%2BmtFE0Dt8xjRQEDEC%2Fgry3hhCjSHpGEzfg%2BRPCcA41m8hjh6sa5PT3WcoLdEJqfzzN2Q%2BIZXfLyKOHq8o2a%2Fe1ipLpY4t%2BmEB2R9DdsdIshOkAwcyPwFLP4PkBHFUQPJiqlrKMWQ4hhJDUOsgK590kIUOssRBxM%2BqtNkJXbcVBmG93m4wxup1xprtJd7k9UY7dJGxktYQaTIEU0Mws4fE7GFHDmGyn2C3C1juwKYT4nywhx4vkAuC3BLklCCXBHlKkPeKQ66sb4sHXNks8GbRn8V6MdJpd58e6rQrYrKfnJPXynk4r%2F57DTvirFoPOqLli06r02JesxO06s1wqUE7vt8UzcAXsLKAtAtTqQM5IW%2Fc5EjkhLx4%2FTcE9ARWnYDJC6CZB5qPWr4Luj1qtF0M4od5%2FS6tMR2B6wJJWkG66%2Byrc3JpuhPv4SYEO13%2BfPDH1ccXPwEzBRJT4K78maCr7o82dU4ONnVuyfGtJJWRHNByX7dTmooL310Xu7k2fO2KHX77LiuBMn10R9j0Bo25jLuWfL8iORdmVRsmyI9rdksEG5ndXslMnCU3Nt5bXYsSI6yVOh6DyqcfHYLJCXnp41%2Bml3hp8CmkGcNkBaLslMwMUp%2BAJXuwyZy91QRGzXuCZAF5VoyMH8w%2FlSRQYl7ToID9Xx3M8317H11TAU3vTe%2BvZwr0VAGqhrDZy6M0MafLT74u7RsEqjIKlKkcBMqoL8vRXpvOt3TLpVuDlWfVptcQ7aDdYpwHgnGv5dfbddf1OW%2B0OsLrILUT9udfx%2F8BAAD%2F%2FwEAAP%2F%2FYlVXFHAEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeTQ1CcAHUS0%2F4CBJydtd2bNNDRChpo7ZpSItyQ5qdmXWmmd1ZZna9jjkQUYR69IEDcNp8TpoCVUX%2BACTkcKlyqoWEIkQkuHJE4gpa15Lpk%2Bb9mO8dvu%2B998V%2Bdk5cZPRs46YeSKXoYrPmVt%2FckjHXua2u36l6bs29XN2S8VLjcrVfOtN7x3ObNfet6lXBdvSi73qu67ledVUaEer%2B4hSFTB51vFrHrTX8mtdsoG%2Ber23mwFIHvHdOXofkkxe2nxxDsjHi6Icrwu6kOnn7%2FShTNNUGPX70YbwT6zxGNE9D4yCMj2bd0HZCyFcL0PHRTAF076BUgEBOiPOrhyA%2BmtFE0Dt8xjRQEDEC%2Fgry3hhCjSHpGEzfg%2BRPCcA41m8hjh6sa5PT3WcoLdEJqfzzN2Q%2BIZXfLyKOHq8o2a%2Fe1ipLpY4t%2BmEB2R9DdsdIshOkAwcyPwFLP4PkBHFUQPJiqlrKMWQ4hhJDUOsgK590kIUOssRBxM%2BqtNkJXbcVBmG93m4wxup1xprtJd7k9UY7dJGxktYQaTIEU0Mws4fE7GFHDmGyn2C3C1juwKYT4nywhx4vkAuC3BLklCCXBHlKkPeKQ66sb4sHXNks8GbRn8V6MdJpd58e6rQrYrKfnJPXynk4r%2F57DTvirFoPOqLli06r02JesxO06s1wqUE7vt8UzcAXsLKAtAtTqQM5IW%2Fc5EjkhLx4%2FTcE9ARWnYDJC6CZB5qPWr4Luj1qtF0M4od5%2FS6tMR2B6wJJWkG66%2Byrc3JpuhPv4SYEO13%2BfPDH1ccXPwEzBRJT4K78maCr7o82dU4ONnVuyfGtJJWRHNByX7dTmooL310Xu7k2fO2KHX77LiuBMn10R9j0Bo25jLuWfL8iORdmVRsmyI9rdksEG5ndXslMnCU3Nt5bXYsSI6yVOh6DyqcfHYLJCXnp41%2Bml3hp8CmkGcNkBaLslMwMUp%2BAJXuwyZy91QRGzXuCZAF5VoyMH8w%2FlSRQYl7ToID9Xx3M8317H11TAU3vTe%2BvZwr0VAGqhrDZy6M0MafLT74u7RsEqjIKlKkcBMqoL8vRXpvOt3TLpVuDlWfVptcQ7aDdYpwHgnGv5dfbddf1OW%2B0OsLrILUT9udfx%2F8BAAD%2F%2FwEAAP%2F%2FYlVXFHAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a56d0ecb28898f858f1528624480a54
Strict-Transport-Security: max-age=0; includeSubdomains
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiJ%2FABJyuJSc6guKEJHgyhGJK2hdS4Ynzfsx3zt833vv8738jLjI6en6LT2UStFLQcOtv7kpE64LW1%2B7W%2FfchnulvimTy60r9UHlTP8dzw0a7lv1a4Jt60u%2B67mu53r1FWlEpAeXZihk%2BrjrNbpuo%2BU3vKCFgfl%2FbXMHljrg%2FTPyOiSfvrD19AiSTZDE318VdjvT6dvvx7mimTbo88MPk%2B1EFwniRRoZB1FyOO%2BGtlNCvjwHnRzOFUD39ysFCOWUOL94CJPDOU2E%2FYPnTEMFkSDkr6DoTyDUBJJOwPR9SP6MAIxj7TaS%2BOGaNgXdeY7SCp2S2t9%2FQRZTUvvtApL4ybKSg%2FodrfJM6sRiEJWQgwlkb4I0P0Y2dCCLY7DsU0hOkMQlJC9nqqWcQEYTKDECtQ7y6kkHeeQgTx3E%2FLROg27kuu0ojJrNTosx1mwyFnQu84A3W53IRc4qWiNk6QhMjcDMLlKzi205gsl%2FhN0qYbkDm02J88Eu%2BrxEIQgKS1BQgkISFBlB0S8PuLK%2BLR9yZfPQm0d%2FHpvlWGe9PXqgs55IyF56Rl6r5uG8%2Bs91bIvTejPsirYvuu1um3lBN2w3g%2Bhyi3Z9PxBB6AtYWULaczOpQzklb9ziSOWUvHjjV4T0GFYdg8nzoLkHWozbvgu6NW51XAyTR0XzHm0wHYPrEmlWQ7bj7KkzcnG2E%2B%2FREgQ7Wfps%2BPu1Jxc%2BATMlUlPinvyJoKcejDd0QfY3dGHJ0e00k7Ec0mpfdzKaifPf3hA7hTZ89aodffMuq4AqfXxX2OwmTbhMepZ8tyw5F2ZFGybID6t2U4Trud1azk2SpzfX31tZjVMjrJU6mYDKZx8dgMkpeenjn2eXeHGoIM0EJi8R5ydkbpD6GCzdhU0X7K0mMGrRE6bnUeTl2Pjh4lNJAiUWNQ1L2P%2FU4SLfsw%2FQMzXQ7P7s%2FvqmRF%2BVoGoEm788zlJzsvT0q8q%2BRqhq41CZ2n6ojPqiGu31ym3Mhly5VVh5Wg%2B8luiEnTbjPBSMe22%2F2Wm6rs95q90VXheZnbI%2F%2Fjz6FwAA%2F%2F8BAAD%2F%2F0d9OvBwBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiJ%2FABJyuJSc6guKEJHgyhGJK2hdS4Ynzfsx3zt833vv8738jLjI6en6LT2UStFLQcOtv7kpE64LW1%2B7W%2FfchnulvimTy60r9UHlTP8dzw0a7lv1a4Jt60u%2B67mu53r1FWlEpAeXZihk%2BrjrNbpuo%2BU3vKCFgfl%2FbXMHljrg%2FTPyOiSfvrD19AiSTZDE318VdjvT6dvvx7mimTbo88MPk%2B1EFwniRRoZB1FyOO%2BGtlNCvjwHnRzOFUD39ysFCOWUOL94CJPDOU2E%2FYPnTEMFkSDkr6DoTyDUBJJOwPR9SP6MAIxj7TaS%2BOGaNgXdeY7SCp2S2t9%2FQRZTUvvtApL4ybKSg%2FodrfJM6sRiEJWQgwlkb4I0P0Y2dCCLY7DsU0hOkMQlJC9nqqWcQEYTKDECtQ7y6kkHeeQgTx3E%2FLROg27kuu0ojJrNTosx1mwyFnQu84A3W53IRc4qWiNk6QhMjcDMLlKzi205gsl%2FhN0qYbkDm02J88Eu%2BrxEIQgKS1BQgkISFBlB0S8PuLK%2BLR9yZfPQm0d%2FHpvlWGe9PXqgs55IyF56Rl6r5uG8%2Bs91bIvTejPsirYvuu1um3lBN2w3g%2Bhyi3Z9PxBB6AtYWULaczOpQzklb9ziSOWUvHjjV4T0GFYdg8nzoLkHWozbvgu6NW51XAyTR0XzHm0wHYPrEmlWQ7bj7KkzcnG2E%2B%2FREgQ7Wfps%2BPu1Jxc%2BATMlUlPinvyJoKcejDd0QfY3dGHJ0e00k7Ec0mpfdzKaifPf3hA7hTZ89aodffMuq4AqfXxX2OwmTbhMepZ8tyw5F2ZFGybID6t2U4Trud1azk2SpzfX31tZjVMjrJU6mYDKZx8dgMkpeenjn2eXeHGoIM0EJi8R5ydkbpD6GCzdhU0X7K0mMGrRE6bnUeTl2Pjh4lNJAiUWNQ1L2P%2FU4SLfsw%2FQMzXQ7P7s%2FvqmRF%2BVoGoEm788zlJzsvT0q8q%2BRqhq41CZ2n6ojPqiGu31ym3Mhly5VVh5Wg%2B8luiEnTbjPBSMe22%2F2Wm6rs95q90VXheZnbI%2F%2Fjz6FwAA%2F%2F8BAAD%2F%2F0d9OvBwBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiJ%2FABJyuJSc6guKEJHgyhGJK2hdS4Ynzfsx3zt833vv8738jLjI6en6LT2UStFLQcOtv7kpE64LW1%2B7W%2FfchnulvimTy60r9UHlTP8dzw0a7lv1a4Jt60u%2B67mu53r1FWlEpAeXZihk%2BrjrNbpuo%2BU3vKCFgfl%2FbXMHljrg%2FTPyOiSfvrD19AiSTZDE318VdjvT6dvvx7mimTbo88MPk%2B1EFwniRRoZB1FyOO%2BGtlNCvjwHnRzOFUD39ysFCOWUOL94CJPDOU2E%2FYPnTEMFkSDkr6DoTyDUBJJOwPR9SP6MAIxj7TaS%2BOGaNgXdeY7SCp2S2t9%2FQRZTUvvtApL4ybKSg%2FodrfJM6sRiEJWQgwlkb4I0P0Y2dCCLY7DsU0hOkMQlJC9nqqWcQEYTKDECtQ7y6kkHeeQgTx3E%2FLROg27kuu0ojJrNTosx1mwyFnQu84A3W53IRc4qWiNk6QhMjcDMLlKzi205gsl%2FhN0qYbkDm02J88Eu%2BrxEIQgKS1BQgkISFBlB0S8PuLK%2BLR9yZfPQm0d%2FHpvlWGe9PXqgs55IyF56Rl6r5uG8%2Bs91bIvTejPsirYvuu1um3lBN2w3g%2Bhyi3Z9PxBB6AtYWULaczOpQzklb9ziSOWUvHjjV4T0GFYdg8nzoLkHWozbvgu6NW51XAyTR0XzHm0wHYPrEmlWQ7bj7KkzcnG2E%2B%2FREgQ7Wfps%2BPu1Jxc%2BATMlUlPinvyJoKcejDd0QfY3dGHJ0e00k7Ec0mpfdzKaifPf3hA7hTZ89aodffMuq4AqfXxX2OwmTbhMepZ8tyw5F2ZFGybID6t2U4Trud1azk2SpzfX31tZjVMjrJU6mYDKZx8dgMkpeenjn2eXeHGoIM0EJi8R5ydkbpD6GCzdhU0X7K0mMGrRE6bnUeTl2Pjh4lNJAiUWNQ1L2P%2FU4SLfsw%2FQMzXQ7P7s%2FvqmRF%2BVoGoEm788zlJzsvT0q8q%2BRqhq41CZ2n6ojPqiGu31ym3Mhly5VVh5Wg%2B8luiEnTbjPBSMe22%2F2Wm6rs95q90VXheZnbI%2F%2Fjz6FwAA%2F%2F8BAAD%2F%2F0d9OvBwBAAA HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed518f4f9ba7a61343b571ccb5387361
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
indignationmapprohibited.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMbPf09M6MOQTXdSXsbhJ2VwIehPd38jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13k5xQgIU9Hj1utnSSUIvxLXAf3FNp8KUzl%2B%2B5YdBLVjw13R6sbHg9yeP7b0SBnEteMl%2FQ%2FINc6EehEEQBqF%2FRVupTP%2FClEJnD9phrR3UGvVaGDfQt%2F%2FNXeHBUQ%2Bid0KehBbj%2F61%2FdwDNR0i7n1%2BWbiM32cuvd4uE5saiJ%2FbfTDdSU6bonoXKelDp%2Fqwaxo0J%2BegcTLo%2FmwCmtzuZAEyPifdDCJbuz9oE6%2B2ddsoSyBRMPIayN4JMRtB0BG7uQIuHBOACyytIu%2FeWjS3p5imlEzomc3%2F%2FBV2OydzPTyHtfnYp0X3%2FpkmKXJvUoa8q6P4IujNCVhwi3%2FKgy0Pw%2FF1oQZB2K2hx%2FEKLtpWK43A%2BkkrNN1qRmG9zRedVq8lDKlVcj%2BpTabQeQasREjkAdedQOA%2BF9lAoD0XmoSuOfRq3VRA0FVNR1GpwzqOI87h1UcQiarRUgIJPeh8gzwbgyQDcbiOz29jQA9jiG7j1Ck54cDlBT1QoJUHpCEpKUGqCMicoe9WeSFzdVfdE4goWznx95qNqaPLODt0zeUemZCc7IU9MBPMe%2F2cBG%2FLYD1krYi3JRNygbUZDJdjFSMX1pmIN1Wy24HQF7c6BOg9bekyevy6Q6TH5%2F9UfweghXHIIrs%2BDFs%2BBlsNmPQBdHzZaAbbSj8voNq1x04UwFbJ8Dvmmt5OckGemS1v48HdIfrT469KXb8eL74DbCpmtcFt%2FS9BJ7g5vmJLs3jClIwcrWa67eotOFnozp7mc%2B%2BSq3CyNFUuX3eD%2Bq3wCJuGDW9Ll12gqdNpx5NNLWghprxjLJflqya1Jtlq49UuFTYvs2uprV5a6mZXOaZOOQPVDex9cj8mjPz07PVX%2Fkaeh7Qi2qNAtjsjMoM0heLYNlx0tfvH%2Byi8L4i04Q2CTsxqWeSiLamjr7Owz0QSJPMspq%2BDkmQRMHn395ynbcXfRsR5ofmd6oD1boZdUoMkArjg%2FzDN7tPh9NDWwxBuyxHq7LLHJB6fSOn3sy1gFSgZ1yVSbqSYNRFs12oy2Q9lkMQ2RuzH%2F7Y%2BDfwEAAP%2F%2FAQAA%2F%2F%2BoLmv8ggQAAA%3D%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 indignationmapprohibited.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMbPf09M6MOQTXdSXsbhJ2VwIehPd38jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13k5xQgIU9Hj1utnSSUIvxLXAf3FNp8KUzl%2B%2B5YdBLVjw13R6sbHg9yeP7b0SBnEteMl%2FQ%2FINc6EehEEQBqF%2FRVupTP%2FClEJnD9phrR3UGvVaGDfQt%2F%2FNXeHBUQ%2Bid0KehBbj%2F61%2FdwDNR0i7n1%2BWbiM32cuvd4uE5saiJ%2FbfTDdSU6bonoXKelDp%2Fqwaxo0J%2BegcTLo%2FmwCmtzuZAEyPifdDCJbuz9oE6%2B2ddsoSyBRMPIayN4JMRtB0BG7uQIuHBOACyytIu%2FeWjS3p5imlEzomc3%2F%2FBV2OydzPTyHtfnYp0X3%2FpkmKXJvUoa8q6P4IujNCVhwi3%2FKgy0Pw%2FF1oQZB2K2hx%2FEKLtpWK43A%2BkkrNN1qRmG9zRedVq8lDKlVcj%2BpTabQeQasREjkAdedQOA%2BF9lAoD0XmoSuOfRq3VRA0FVNR1GpwzqOI87h1UcQiarRUgIJPeh8gzwbgyQDcbiOz29jQA9jiG7j1Ck54cDlBT1QoJUHpCEpKUGqCMicoe9WeSFzdVfdE4goWznx95qNqaPLODt0zeUemZCc7IU9MBPMe%2F2cBG%2FLYD1krYi3JRNygbUZDJdjFSMX1pmIN1Wy24HQF7c6BOg9bekyevy6Q6TH5%2F9UfweghXHIIrs%2BDFs%2BBlsNmPQBdHzZaAbbSj8voNq1x04UwFbJ8Dvmmt5OckGemS1v48HdIfrT469KXb8eL74DbCpmtcFt%2FS9BJ7g5vmJLs3jClIwcrWa67eotOFnozp7mc%2B%2BSq3CyNFUuX3eD%2Bq3wCJuGDW9Ll12gqdNpx5NNLWghprxjLJflqya1Jtlq49UuFTYvs2uprV5a6mZXOaZOOQPVDex9cj8mjPz07PVX%2Fkaeh7Qi2qNAtjsjMoM0heLYNlx0tfvH%2Byi8L4i04Q2CTsxqWeSiLamjr7Owz0QSJPMspq%2BDkmQRMHn395ynbcXfRsR5ofmd6oD1boZdUoMkArjg%2FzDN7tPh9NDWwxBuyxHq7LLHJB6fSOn3sy1gFSgZ1yVSbqSYNRFs12oy2Q9lkMQ2RuzH%2F7Y%2BDfwEAAP%2F%2FAQAA%2F%2F%2BoLmv8ggQAAA%3D%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMbPf09M6MOQTXdSXsbhJ2VwIehPd38jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13k5xQgIU9Hj1utnSSUIvxLXAf3FNp8KUzl%2B%2B5YdBLVjw13R6sbHg9yeP7b0SBnEteMl%2FQ%2FINc6EehEEQBqF%2FRVupTP%2FClEJnD9phrR3UGvVaGDfQt%2F%2FNXeHBUQ%2Bid0KehBbj%2F61%2FdwDNR0i7n1%2BWbiM32cuvd4uE5saiJ%2FbfTDdSU6bonoXKelDp%2Fqwaxo0J%2BegcTLo%2FmwCmtzuZAEyPifdDCJbuz9oE6%2B2ddsoSyBRMPIayN4JMRtB0BG7uQIuHBOACyytIu%2FeWjS3p5imlEzomc3%2F%2FBV2OydzPTyHtfnYp0X3%2FpkmKXJvUoa8q6P4IujNCVhwi3%2FKgy0Pw%2FF1oQZB2K2hx%2FEKLtpWK43A%2BkkrNN1qRmG9zRedVq8lDKlVcj%2BpTabQeQasREjkAdedQOA%2BF9lAoD0XmoSuOfRq3VRA0FVNR1GpwzqOI87h1UcQiarRUgIJPeh8gzwbgyQDcbiOz29jQA9jiG7j1Ck54cDlBT1QoJUHpCEpKUGqCMicoe9WeSFzdVfdE4goWznx95qNqaPLODt0zeUemZCc7IU9MBPMe%2F2cBG%2FLYD1krYi3JRNygbUZDJdjFSMX1pmIN1Wy24HQF7c6BOg9bekyevy6Q6TH5%2F9UfweghXHIIrs%2BDFs%2BBlsNmPQBdHzZaAbbSj8voNq1x04UwFbJ8Dvmmt5OckGemS1v48HdIfrT469KXb8eL74DbCpmtcFt%2FS9BJ7g5vmJLs3jClIwcrWa67eotOFnozp7mc%2B%2BSq3CyNFUuX3eD%2Bq3wCJuGDW9Ll12gqdNpx5NNLWghprxjLJflqya1Jtlq49UuFTYvs2uprV5a6mZXOaZOOQPVDex9cj8mjPz07PVX%2Fkaeh7Qi2qNAtjsjMoM0heLYNlx0tfvH%2Byi8L4i04Q2CTsxqWeSiLamjr7Owz0QSJPMspq%2BDkmQRMHn395ynbcXfRsR5ofmd6oD1boZdUoMkArjg%2FzDN7tPh9NDWwxBuyxHq7LLHJB6fSOn3sy1gFSgZ1yVSbqSYNRFs12oy2Q9lkMQ2RuzH%2F7Y%2BDfwEAAP%2F%2FAQAA%2F%2F%2BoLmv8ggQAAA%3D%3D HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891131; uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffa614c1b76176bbf3b5a4f5c3812c14
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b317d1ec3f151d7348a57c62f689a6ef
1fe7df7bc019e321f82943119fae230b0126258d
8fc767ad26c25f2f3b37af2517babae85f1a274b54cca3db1df4c80e939fd50f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FC767AD26C25F2F3B37AF2517BABAE85F1A274B54CCA3DB1DF4C80E939FD50F"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1107
Expires: Wed, 08 Feb 2023 00:42:45 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9157
Expires: Wed, 08 Feb 2023 02:56:55 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
172.64.166.9200 OK 591 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP 172.64.166.9:0
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: image/png
content-length: 591
last-modified: Tue, 21 Sep 2021 12:03:43 GMT
etag: "6149ca1f-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5598069
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxV%2Fzu%2BOzl5%2F9i3ddJDtVHox8NrwcDla4s%2B%2FgVnLfLEFaznQt%2BR%2BJ2V6enua%2B%2BjAVievWbQLCv9Kr92L85o2b0pX1lP0DBCl55rQqJdjC8C00bcYzD%2F3zXLuteQzVVJ7aCjoflqWgjYw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038ba9ddf23db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png
45.133.44.9200 OK 74 kB URL HTTP/2 cdn.cloudimagesb.com/si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 7745eafaf9d9341680983b7119a94c16
4a85313147bf037da8082ae012d69a15ee88c0a6
a4abad4524a2df3f925df666a99925cd36cd19487a53427ba05771fca458caf9
GET /si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: image/png
content-length: 74291
server: nginx/1.17.6
last-modified: Wed, 04 Jan 2023 23:03:54 GMT
etag: "63b605da-12233"
expires: Fri, 10 Feb 2023 00:24:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9157
Expires: Wed, 08 Feb 2023 02:56:55 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 28722a81dd6194f41bee4e8714bd4af3
181ca47fb7d681257ceae92c3af80ed0f8798088
13d9f4e4a5e2ea847b2593614f3c1cda45bfe22913b3f76dcbefddb50c94b532
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13D9F4E4A5E2EA847B2593614F3C1CDA45BFE22913B3F76DCBEFDDB50C94B532"
Last-Modified: Sun, 05 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2898
Expires: Wed, 08 Feb 2023 01:12:36 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 13:09:06 GMT
expires: Wed, 07 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 40512
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 181338
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
indignationmapprohibited.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMpHt6OtNjDsG4RsLuJmF3JeBBeP968jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13l5xRjwU9HT9ut5RSULnwprnvrihUqFL667ecn2v5i24Gyqdbyy4vfFjuq%2F4XljzXnLfkHxLz9U93%2FN8z3eXlZGx7s1NKFT2oOXXWl6tUa%2F5YQM989%2FcFg4sdSC6Z%2BRJKDH63%2BZ3R1B8iLTz%2BRVpt3Kdvfx6p0horg264vDNdCvVZYrORRgbB3F6OK2GtiNCProEnR5OJ4Du7o8nAFMj4vzgg6WH0zbBugfnnbIEMgUTj6HsDiGTIRQdgus7UOIhAbjA6hrSzr1VbUq6fU7pmI7IzN9%2FQZUjMvPzU0g7ny0lqufe1EmRK51a9OIKqjeEag%2BRFcfIdxyo8hg8fxdKEKSdCkqcvhDRVhyHoT8byDiebUSBmG3xmM7GUZP7VMZhPahPpFFqCBUPkcg%2BqL2EwjoolIMidlBkDjri1KVhK%2Fa8ZsziIIganPMg4DyM5kUogkYUeyj4uPc%2B8qwPnvTBzS4ys4st1YcpvoHdrGCFA5sTdEWFUhKUlqCkBKUiKHOCslsdiMTWbXVPJLZg%2FtTXpz6oBjpv79EDnbdlSvayM%2FLEWDDn8X8WsCVPXZ9FAYskE2GDthj1Y8HmgzisN2PWiJvNCFZVUPYSqHWwo0bk%2BesCmRqR%2F1%2F9EYwewybH4OoyaPEcaDlo1j3QzUEj8rCTflwGt2mN6w6ErpDlM8i3nb3kjDwzWdrCh79D8pPFX1e%2BfDtcfAfcVMhMhdvqW4J2cndwQ5dk%2F4YuLTlay3LVUTt0vNCbOc3lzCdX5XapjVi5Yvv3X%2BVjMA4f3JI2v0ZTodK2JZ8uKSGkWdaGS%2FLVit2QbL2wm0uFSYvs2vpryyudzEhrlU6HoOqhuQ%2BuRuTRn56dnKr7yNNQZghTVOgUJ2RqUPoYPNuFzU4Wv3h%2F7ZcF8RasJjDJRQ3LHJRFNTB1dvGZKIJEXuSUVbDyQgImT77%2B85zt2btoGwc0vzM50K6p0E0q0KQPW1we5Jk5Wfw%2BmBhY4gxYYpx9lpjkg3NprTp1Q78hIxY1uRBMcuE360EUeF5diEazJf0Wcjviv%2F1x9C8AAAD%2F%2FwEAAP%2F%2FvCblGoIEAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 indignationmapprohibited.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMpHt6OtNjDsG4RsLuJmF3JeBBeP968jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13l5xRjwU9HT9ut5RSULnwprnvrihUqFL667ecn2v5i24Gyqdbyy4vfFjuq%2F4XljzXnLfkHxLz9U93%2FN8z3eXlZGx7s1NKFT2oOXXWl6tUa%2F5YQM989%2FcFg4sdSC6Z%2BRJKDH63%2BZ3R1B8iLTz%2BRVpt3Kdvfx6p0horg264vDNdCvVZYrORRgbB3F6OK2GtiNCProEnR5OJ4Du7o8nAFMj4vzgg6WH0zbBugfnnbIEMgUTj6HsDiGTIRQdgus7UOIhAbjA6hrSzr1VbUq6fU7pmI7IzN9%2FQZUjMvPzU0g7ny0lqufe1EmRK51a9OIKqjeEag%2BRFcfIdxyo8hg8fxdKEKSdCkqcvhDRVhyHoT8byDiebUSBmG3xmM7GUZP7VMZhPahPpFFqCBUPkcg%2BqL2EwjoolIMidlBkDjri1KVhK%2Fa8ZsziIIganPMg4DyM5kUogkYUeyj4uPc%2B8qwPnvTBzS4ys4st1YcpvoHdrGCFA5sTdEWFUhKUlqCkBKUiKHOCslsdiMTWbXVPJLZg%2FtTXpz6oBjpv79EDnbdlSvayM%2FLEWDDn8X8WsCVPXZ9FAYskE2GDthj1Y8HmgzisN2PWiJvNCFZVUPYSqHWwo0bk%2BesCmRqR%2F1%2F9EYwewybH4OoyaPEcaDlo1j3QzUEj8rCTflwGt2mN6w6ErpDlM8i3nb3kjDwzWdrCh79D8pPFX1e%2BfDtcfAfcVMhMhdvqW4J2cndwQ5dk%2F4YuLTlay3LVUTt0vNCbOc3lzCdX5XapjVi5Yvv3X%2BVjMA4f3JI2v0ZTodK2JZ8uKSGkWdaGS%2FLVit2QbL2wm0uFSYvs2vpryyudzEhrlU6HoOqhuQ%2BuRuTRn56dnKr7yNNQZghTVOgUJ2RqUPoYPNuFzU4Wv3h%2F7ZcF8RasJjDJRQ3LHJRFNTB1dvGZKIJEXuSUVbDyQgImT77%2B85zt2btoGwc0vzM50K6p0E0q0KQPW1we5Jk5Wfw%2BmBhY4gxYYpx9lpjkg3NprTp1Q78hIxY1uRBMcuE360EUeF5diEazJf0Wcjviv%2F1x9C8AAAD%2F%2FwEAAP%2F%2FvCblGoIEAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMpHt6OtNjDsG4RsLuJmF3JeBBeP968jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13l5xRjwU9HT9ut5RSULnwprnvrihUqFL667ecn2v5i24Gyqdbyy4vfFjuq%2F4XljzXnLfkHxLz9U93%2FN8z3eXlZGx7s1NKFT2oOXXWl6tUa%2F5YQM989%2FcFg4sdSC6Z%2BRJKDH63%2BZ3R1B8iLTz%2BRVpt3Kdvfx6p0horg264vDNdCvVZYrORRgbB3F6OK2GtiNCProEnR5OJ4Du7o8nAFMj4vzgg6WH0zbBugfnnbIEMgUTj6HsDiGTIRQdgus7UOIhAbjA6hrSzr1VbUq6fU7pmI7IzN9%2FQZUjMvPzU0g7ny0lqufe1EmRK51a9OIKqjeEag%2BRFcfIdxyo8hg8fxdKEKSdCkqcvhDRVhyHoT8byDiebUSBmG3xmM7GUZP7VMZhPahPpFFqCBUPkcg%2BqL2EwjoolIMidlBkDjri1KVhK%2Fa8ZsziIIganPMg4DyM5kUogkYUeyj4uPc%2B8qwPnvTBzS4ys4st1YcpvoHdrGCFA5sTdEWFUhKUlqCkBKUiKHOCslsdiMTWbXVPJLZg%2FtTXpz6oBjpv79EDnbdlSvayM%2FLEWDDn8X8WsCVPXZ9FAYskE2GDthj1Y8HmgzisN2PWiJvNCFZVUPYSqHWwo0bk%2BesCmRqR%2F1%2F9EYwewybH4OoyaPEcaDlo1j3QzUEj8rCTflwGt2mN6w6ErpDlM8i3nb3kjDwzWdrCh79D8pPFX1e%2BfDtcfAfcVMhMhdvqW4J2cndwQ5dk%2F4YuLTlay3LVUTt0vNCbOc3lzCdX5XapjVi5Yvv3X%2BVjMA4f3JI2v0ZTodK2JZ8uKSGkWdaGS%2FLVit2QbL2wm0uFSYvs2vpryyudzEhrlU6HoOqhuQ%2BuRuTRn56dnKr7yNNQZghTVOgUJ2RqUPoYPNuFzU4Wv3h%2F7ZcF8RasJjDJRQ3LHJRFNTB1dvGZKIJEXuSUVbDyQgImT77%2B85zt2btoGwc0vzM50K6p0E0q0KQPW1we5Jk5Wfw%2BmBhY4gxYYpx9lpjkg3NprTp1Q78hIxY1uRBMcuE360EUeF5diEazJf0Wcjviv%2F1x9C8AAAD%2F%2FwEAAP%2F%2FvCblGoIEAAA%3D HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891131; uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62bf6454b7d740b2cedcb52d0886249a
Strict-Transport-Security: max-age=0; includeSubdomains
indignationmapprohibited.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 indignationmapprohibited.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891131; uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1b83b8ebd54a9ba1fdb63f527fb4f778&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1b83b8ebd54a9ba1fdb63f527fb4f778&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1b83b8ebd54a9ba1fdb63f527fb4f778&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ea3cb2b30b3ff96ee3cd76581e6c1b2
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f4f3037b1d2a02d7a0ea86681cc07b89&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f4f3037b1d2a02d7a0ea86681cc07b89&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f4f3037b1d2a02d7a0ea86681cc07b89&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 75c4a29306588aebe5e1dae76d9b36f9
Strict-Transport-Security: max-age=0; includeSubdomains
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 9121
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 02a231cb141e3cea995fdd37b4e9a320
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 Feb 2023 00:24:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlKdv7uZstFgoOfpoPPQwY5a9kGShGbfNuqi0HSueHeVnhiKzPHhNcQeUhfrO2zr0KmEySjcHXnbEeN9bZRkjbJpcIOffbq8RNOrMgCMpNXt93viMKf8u4ZNv5E6j4kmVau3jBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038b20b08f40b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 08 Feb 2023 01:24:18 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
c.statcounter.com/t.php?sc_project=12810755&u1=C4CD6FD8176E4FA22BE9D83661543636&java=1&security=232ef74f&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//sekigae.fun.w3ja.com/&t=sekigae.fun%20%7C%20%E3%83%AC%E3%83%83%E3%83%84%E5%B8%AD%E6%9B%BF%E3%81%88%20%7C&invisible=1&sc_rum_e_s=3700&sc_rum_e_e=3706&sc_rum_f_s=0&sc_rum_f_e=3689&get_config=true
104.20.219.77200 OK 0 B URL HTTP/2 c.statcounter.com/t.php?sc_project=12810755&u1=C4CD6FD8176E4FA22BE9D83661543636&java=1&security=232ef74f&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//sekigae.fun.w3ja.com/&t=sekigae.fun%20%7C%20%E3%83%AC%E3%83%83%E3%83%84%E5%B8%AD%E6%9B%BF%E3%81%88%20%7C&invisible=1&sc_rum_e_s=3700&sc_rum_e_e=3706&sc_rum_f_s=0&sc_rum_f_e=3689&get_config=true
IP 104.20.219.77:0
GET /t.php?sc_project=12810755&u1=C4CD6FD8176E4FA22BE9D83661543636&java=1&security=232ef74f&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//sekigae.fun.w3ja.com/&t=sekigae.fun%20%7C%20%E3%83%AC%E3%83%83%E3%83%84%E5%B8%AD%E6%9B%BF%E3%81%88%20%7C&invisible=1&sc_rum_e_s=3700&sc_rum_e_e=3706&sc_rum_f_s=0&sc_rum_f_e=3689&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc12810755.1675815858.0; SameSite=None; Secure; Expires=Monday, 07-Feb-2028 08:24:18 CST; Path=/; Domain=.statcounter.com
is_visitor_unique=1675815858392379130; SameSite=None; Secure; Expires=Friday, 07-Feb-2025 08:24:18 CST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 796038b8c8c1b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP 172.64.166.9:0
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-d31"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JL%2BVE%2F17jjZfQsR9V%2FmdzlYHeN3ZhSG2F73%2F1C5E24jXks6DrjLPr6%2BeJPRZqZBMjNeBcxKiir%2FGf%2B1Io91sgmQgJq3I6tn%2FEEHjmkI%2Bte6sK65E5tGlbFzOw%2BJC49u59%2BA251VEHgIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038ba7dc223db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP 172.64.166.9:0
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5598069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NIT5QvI1jRFnlTPHfJzDImESpd0%2FYCuybe8cgo7YIDJ%2Fxn8WkwpVQhrd1jb%2FdZXp3JuND%2B3AtSs67yTPbCEWjiWDHEyGXdfjGcgCbEG9VaQZ9QgzTB0p43dk8qtz6B5depyBH7GS4%2FJD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038baade523db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP 172.64.166.9:0
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MDPYay8O%2FcQ1U9Jd2sYzTqU9a9J3lo6bn%2FOrkEhIexYDGiizvnMOaRIsnJbeJSS5a7YhVJ8QgFAcDG0tnL4n1bmNmp9jsDQ7zKA9ItvNqZUkKIDDJBPsuV20RoxPEkCN8MhmXtT%2FJSEE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038bb0e4b23db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2