Report - sekigae.fun.w3ja.com/

Report Overview

Submitted URL
sekigae.fun.w3ja.com/
IP
212.52.0.31
ASN
#0
Submitted
2023-02-08 00:24:25
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
w3ja.com	unknown	2022-10-27T04:44:04Z	2023-02-28T07:47:10Z	360 B	47 kB	172.67.128.240
banquetunarmedgrater.com	unknown	2022-08-04T17:12:50Z	2023-03-13T05:26:56Z	379 B	327 B	192.243.59.20
cdn.cloudimagesb.com	23099	2021-02-12T17:15:41Z	2023-03-13T05:15:48Z	2.2 kB	162 kB	45.133.44.9
cdn.barscreative1.com	25648	2021-09-16T13:14:42Z	2023-03-13T08:33:41Z	459 B	386 B	45.133.44.4
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.37.106.154
iceboxlitre.com	unknown	2022-11-30T00:41:29Z	2023-03-12T02:41:59Z	14 kB	23 kB	173.233.137.60
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.4 kB	4.9 kB	142.250.74.163
pl17986764.highperformancecpmgate.com	unknown	2022-11-30T15:11:31Z	2023-02-08T23:56:54Z	422 B	21 kB	173.233.137.44
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	6.8 kB	18 kB	95.101.11.115
pl17991630.highperformancecpmgate.com	unknown	2022-11-30T15:11:31Z	2023-02-08T23:56:54Z	422 B	14 kB	192.243.61.225
friendshipmale.com	unknown	2022-10-21T14:15:25Z	2023-03-13T08:33:43Z	365 B	952 B	172.64.203.23
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.7 kB	2.8 kB	93.184.220.29
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	1.7 kB	69 kB	104.17.24.14
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700 B	1.9 kB	54.230.245.110
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	340 B	964 B	104.18.32.68
cdn.creative-bars1.com	unknown	2022-11-15T17:46:22Z	2023-03-13T05:15:48Z	1.7 kB	4.0 kB	172.64.166.9
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.3 kB	55 kB	34.120.237.76
www.statcounter.com	11621	2013-07-16T11:44:13Z	2023-03-13T08:18:23Z	378 B	15 kB	104.20.219.77
indignationmapprohibited.com	unknown	2023-02-02T17:42:30Z	2023-03-11T04:04:18Z	4.7 kB	7.5 kB	173.233.137.36
unseenreport.com	unknown	2022-03-30T16:33:17Z	2023-03-13T05:15:47Z	1.4 kB	846 B	192.243.59.20
sekigae.fun.w3ja.com	unknown	2023-01-10T13:30:21Z	2023-02-07T09:37:23Z	802 B	7.7 kB	212.52.0.31
pl17991643.highperformancecpmgate.com	unknown	2022-11-30T15:11:32Z	2023-02-08T23:56:54Z	420 B	10 kB	192.243.61.225
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	418 B	813 B	216.58.211.4
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	972 B	33 kB	142.250.74.35
c.statcounter.com	7772	2016-09-21T12:59:04Z	2023-03-13T05:35:41Z	814 B	718 B	104.20.219.77
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
simplewebanalysis.com	unknown	2022-02-25T05:06:25Z	2023-03-13T08:33:39Z	1.2 kB	1.2 kB	3.120.47.42
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-13T05:21:46Z	1.4 kB	2.9 kB	23.33.119.27
priestsuede.com	unknown	2023-02-04T02:42:07Z	2023-03-13T09:53:59Z	447 B	467 B	192.243.59.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-07	medium	sekigae.fun.w3ja.com/	Rogers Wireless
2023-02-07	medium	sekigae.fun.w3ja.com/	Rogers Wireless

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	sekigae.fun.w3ja.com/	Malware
2023-02-08	medium	sekigae.fun.w3ja.com/	Malware
2023-02-08	medium	w3ja.com/js/jquery.js	Malware
2023-02-08	medium	friendshipmale.com/sfp.js	Malware
2023-02-08	medium	cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	highperformancecpmgate.com	Sinkholed
2023-02-08	medium	highperformancecpmgate.com	Sinkholed
2023-02-08	medium	highperformancecpmgate.com	Sinkholed
2023-02-07	medium	priestsuede.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-07	medium	banquetunarmedgrater.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-07	medium	indignationmapprohibited.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-08	medium	iceboxlitre.com	Sinkholed
2023-02-07	medium	indignationmapprohibited.com	Sinkholed
2023-02-07	medium	indignationmapprohibited.com	Sinkholed
2023-02-07	medium	indignationmapprohibited.com	Sinkholed
2023-02-07	medium	unseenreport.com	Sinkholed
2023-02-07	medium	unseenreport.com	Sinkholed
2023-02-07	medium	friendshipmale.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	84 kB	2023-03-07	2024-04-18
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 172.64.166.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-18 13:53:24 Times Seen15610 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	pl17991643.highperformancecpmgate.com/3b9e72e9797c159b735f64a9225e5b2e/invoke.js	25 kB	2023-03-13	2023-03-13
Pretty URL pl17991643.highperformancecpmgate.com/3b9e72e9797c159b735f64a9225e5b2e/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:20:15 Last Seen2023-03-13 19:20:15 Times Seen1 Hash ba4ec34fdf75760bde7eac0b3bc9a580 02508b4a3bd9013edd0b782cab2801b1d951a9d3 49fd9bb36568a983e7655c29628ec81b457cb13898d541abb14f96173c11dca3 Loading...

	sekigae.fun.w3ja.com/	77 B	2023-03-13	2023-10-26
Pretty URL sekigae.fun.w3ja.com/ IP 212.52.0.31 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:50:11 Last Seen2023-10-26 08:08:10 Times Seen10 Hash 967d9c45e0761f4fc2c120b91ccfac95 3fad8e71ebcfb4ac3406f99be12a4d4ef480ff75 1aa94622dc1d3fed29875c914ae62d5f6806434524eb6c7b69b0860150d02f68 Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-18
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 22:23:49 Times Seen36947980 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	w3ja.com/js/jquery.js	132 kB	2023-03-13	2024-01-04
Pretty URL w3ja.com/js/jquery.js IP 172.67.128.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:50:11 Last Seen2024-01-04 14:47:26 Times Seen27 Hash b77ea9baa144dad737ae918bc63c78b6 e6a64cf2cf0fdad6724a162acfe19611de9632b2 37799f50f50565784658a420e803200f94debd121f3f335a7dc938e5c3961e0f Loading...

	sekigae.fun.w3ja.com/	1.1 kB	2023-03-13	2023-07-18
Pretty URL sekigae.fun.w3ja.com/ IP 212.52.0.31 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:50:11 Last Seen2023-07-18 00:56:21 Times Seen3 Hash 1b31859fbac9d4839717a1b1f2db2c2c d93254c6657e1af5c5d385f6d8f729273ebfa882 b7e27a41892c78c9850fc0791ac1632a547616dad63a5affef02707b5bf6028e Loading...

	pl17991630.highperformancecpmgate.com/1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js	37 kB	2023-03-13	2023-03-13
Pretty URL pl17991630.highperformancecpmgate.com/1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:20:15 Last Seen2023-03-13 19:20:15 Times Seen1 Hash ab5cc34a5a656b3e136df907492fe8d1 afc691c1e0581a6e0c60cb7238776d2f7ac4cba8 9f30eb10862fa32fa65fae288f100740f619b18c02ef490e3ffa2d6f80dd8973 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-04-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-18 21:02:13 Times Seen94996 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	pl17986764.highperformancecpmgate.com/f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js	60 kB	2023-03-13	2023-03-13
Pretty URL pl17986764.highperformancecpmgate.com/f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js IP 173.233.137.44 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:20:15 Last Seen2023-03-13 19:20:15 Times Seen1 Hash 16210582d2dcb718060b3a21c6c2f5e7 078a0bd2b3b8721f171882005bc031130b4bf1a4 ad22a76d49bef99f18a5b407cb333fa9579cda5891de65728e7d69081ce78d1f Loading...

	sekigae.fun.w3ja.com/	2.8 kB	2023-03-13	2024-01-04
Pretty URL sekigae.fun.w3ja.com/ IP 212.52.0.31 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:50:11 Last Seen2024-01-04 14:47:25 Times Seen13 Hash eb818c795438fd90f6a659e1e60abda6 ffbf3de3d6403ff51ee08733ade2019fb80d0d29 07b09caa464011fe13791d985f3fe59ade176026a04e415299775ce4e36b8ace Loading...

	www.statcounter.com/counter/counter.js	44 kB	2023-03-07	2024-03-30
Pretty URL www.statcounter.com/counter/counter.js IP 104.20.219.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:55 Last Seen2024-03-30 16:46:15 Times Seen13 Hash 366890db672c87ff79dd22a7534643d2 e7b0da6b49f35363f125deb595ff67ccb0dc222c 38773f599cca495f0904c3d5a9981fc081b743a8d9aa106ed17e0d9b03ae6598 Loading...

	http:blank	1.3 kB	2023-03-13	2023-03-13
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:20:15 Last Seen2023-03-13 19:59:06 Times Seen1 Hash db353ad4af2800224361586e6580cfef 8123d1f12b0108baf014f0ca455a4fe61146bc0a 0bf29934db93abea35ce8dc0d937312c38efac64976b4073f84d21eebda8d5c5 Loading...

	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js	58 kB	2023-03-07	2024-04-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-18 22:23:30 Times Seen19514 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.15.0/umd/popper.min.js	21 kB	2023-03-07	2024-04-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.15.0/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:32 Last Seen2024-04-15 16:55:53 Times Seen2801 Hash e21a6649041ef6f5f1bf43f11946621f 01bcaef811210de0ea58e55e47fbefd77be5c442 7d3b9482d4fb3b6aeaa089b08eb84381b5d3294c32c71ba320c4482bb4dbb8d5 Loading...

HTTP Transactions (96)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4072
Expires: Wed, 08 Feb 2023 01:32:06 GMT
Date: Wed, 08 Feb 2023 00:24:14 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7208
Expires: Wed, 08 Feb 2023 02:24:22 GMT
Date: Wed, 08 Feb 2023 00:24:14 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 23:36:32 GMT
content-type: application/json
age: 2862
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14888
Expires: Wed, 08 Feb 2023 04:32:22 GMT
Date: Wed, 08 Feb 2023 00:24:14 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: MzGADR2ENxyH6BUSf7tITtHJiUzjmR9tmWzTO1q66LZK9XPlttT5KmGC/IaR3P/0Ded5s4JSLriqswboJUyVEQ==
x-amz-request-id: TD2V1MYEWWZMT0Z8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 23:35:42 GMT
age: 2912
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 00:24:14 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

sekigae.fun.w3ja.com/

212.52.0.31

301 Moved Permanently

169 B

URL HTTP/1.1
sekigae.fun.w3ja.com/
IP
212.52.0.31:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
331c088c862081c21c2e74d7433d2ef2
4eeebc47e9a9692e782b9653fd58eb16ef2bc675
f165a1edcb876ac2682fd8d673b34f75297d885fa2a96c01a2f2685928783b86

Detections

Analyzer	Verdict	Alert
openphish	Rogers Wireless
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: sekigae.fun.w3ja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.23.2
Date: Wed, 08 Feb 2023 00:24:14 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://sekigae.fun.w3ja.com/

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 23:51:19 GMT
age: 1975
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4241
Expires: Wed, 08 Feb 2023 01:34:56 GMT
Date: Wed, 08 Feb 2023 00:24:15 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4f6cce12fc9d7d56c4f971d3e1795d67
f2c3542ffdcff64c13da849d6c8879f25787441f
871c28ec2e3c581f5adeedef27c04376e88dc6ca39862fef5486c594d811f648

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "871C28EC2E3C581F5ADEEDEF27C04376E88DC6CA39862FEF5486C594D811F648"
Last-Modified: Tue, 07 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 06:24:15 GMT
Date: Wed, 08 Feb 2023 00:24:15 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4f6cce12fc9d7d56c4f971d3e1795d67
f2c3542ffdcff64c13da849d6c8879f25787441f
871c28ec2e3c581f5adeedef27c04376e88dc6ca39862fef5486c594d811f648

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "871C28EC2E3C581F5ADEEDEF27C04376E88DC6CA39862FEF5486C594D811F648"
Last-Modified: Tue, 07 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 08 Feb 2023 06:24:15 GMT
Date: Wed, 08 Feb 2023 00:24:15 GMT
Connection: keep-alive

push.services.mozilla.com/

52.37.106.154

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.37.106.154:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SaRUbrdUukbnA9WTL/ZUZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5dnewxMQK1xct2Ouo1W1U/YzNJA=

sekigae.fun.w3ja.com/

212.52.0.31

200 OK

7.1 kB

URL HTTP/1.1
sekigae.fun.w3ja.com/
IP
212.52.0.31:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (464), with CRLF, LF line terminators
Size
7.1 kB (7114 bytes)
Hash
163c70792cd01ce48e5d3cbdcd0b013c
a2a98ab3125a69ac08e6d73bf5d8d7aa42c1e37e
82dcda13901ae999bb531ddbdfd667baf2a5653a272f903151c2124e11c46373

Detections

Analyzer	Verdict	Alert
openphish	Rogers Wireless
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: sekigae.fun.w3ja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx/1.23.2
Date: Wed, 08 Feb 2023 00:24:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.20
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4105
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:15:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5300
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 22:55:55 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2908
Cache-Control: max-age=161359
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 21:13:34 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3483
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:26:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css

104.17.24.14

200 OK

17 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65324)
Size
17 kB (17210 bytes)
Hash
2220bb5ed14b4dfe40394499d6baf7c7
0ba7f85e9090ad666586e3222e87fdb499645876
bb4b9b4472f13a89d27a0d028e706575a9a623754d7277d47defcdb2e5e6cd98

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: text/css; charset=utf-8
content-length: 17210
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-2606e"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5382515
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7bw%2FsFGRY8E80De2glEoEanX1ZT2Ld62bwx%2B%2BbZeEofmqIvYmaFpVaOcwOllFyHB9v1pdZcJb1Gy6U%2BEDag%2BdLmTqN0ty%2BtvyafFQSKckRhEKZQR%2FYX2YWJqgnXD1eByi8%2FcoA8v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5f90b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js

104.17.24.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (57791)
Size
14 kB (13537 bytes)
Hash
f7ec1f608a6644d182a2aef3308d3fc1
504609ff13eb3af8a2364b6753f73bc3ad3b4e1b
398376b9590200f385c71475b834492c281ce9cd34bc137a57f087e7a65bd7fb

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 13537
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-e2d8"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 26709852
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBPUQcaRmauzU%2FlopQhB793vBpg%2Fz1GtIxW48jAdfL3lG24d%2BXa84sQ56vIfMADA9UMhinE6aaHi3URAR6dglg3u2EoBvz7pX62fDJHDaPlvMvkFmZjArpJv%2F3Q1Gr2FlKXx6UOV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5bc3fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/1.15.0/umd/popper.min.js

104.17.24.14

200 OK

6.7 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.15.0/umd/popper.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20989)
Size
6.7 kB (6680 bytes)
Hash
12823d3177e37701ecf67f10fe002251
d9a4c13eb4557008f46b063948f2997a55c498e8
a58e2e99f9569a968e240697a5ef755e73a677746f4fc5ba11cfea02260f13cd

HTTP Headers

GET /ajax/libs/popper.js/1.15.0/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 6680
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-52aa"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11479542
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5yufMaaw%2F060KBoe2aM3Cyzzl1Un6BsURo2zxv9WYF2dD4tBJuOQG3E9GBxsy2QsnmqBviupGK5EyHjd%2B60MZMOCTIeRztJJUiXpa9gLY9AIxrU%2BsLOsb3VsW6u%2F%2BFzo6CT8PAq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5bc5fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
638a4990025383a0f83ebf29bdb84a68
153e8818dc42f598e47fde8cf398f1447649a4d0
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1548439
expires: Mon, 29 Jan 2024 00:24:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cVbc%2B9QAgiw9WTze6fNu8Lt%2BweJiVU8pftOeeamqNCzzBBbj42oFzOrPwc6rHJzcCHLYQRkdg66na5yuFU85Boiq9m%2BLgJXZmWCwJxSStVckNNm1xMau1i4FxcPH0dPVXUoAonk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796038ab5bc4fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4105
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:15:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
537e2e9cd7d39540ab7473e453fdf876
53841e9819f5010d4fab2314792111b1a9c49738
0c4ad47c1bcf6a020c834e708cf7e53c94915e84930305f1a2d7155e48e95ab0

HTTP Headers

POST /s/gts1p5/jLQWPPuTvEw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/jLQWPPuTvEw
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
537e2e9cd7d39540ab7473e453fdf876
53841e9819f5010d4fab2314792111b1a9c49738
0c4ad47c1bcf6a020c834e708cf7e53c94915e84930305f1a2d7155e48e95ab0

HTTP Headers

POST /s/gts1p5/jLQWPPuTvEw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10928
Expires: Wed, 08 Feb 2023 03:26:24 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10928
Expires: Wed, 08 Feb 2023 03:26:24 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10928
Expires: Wed, 08 Feb 2023 03:26:24 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13160 bytes)
Hash
003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 81DTnHIh40lNEi6l5hC87Vo9R8k4w79Fr71zibyvGP0iJm4kmhWITA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:45:27 GMT
age: 59929
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

w3ja.com/js/jquery.js

172.67.128.240

200 OK

46 kB

URL HTTP/2
w3ja.com/js/jquery.js
IP
172.67.128.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1300)
Size
46 kB (46415 bytes)
Hash
d11cce06d2d4c318a8a24ee962ad8c9b
6d61b93a1a08c7df836c668b7ebd064b0b8c6f4e
5802b0b281856227ea28471a726170c1ca1d1ef4e029d9ab3669af8bf5203fd9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: w3ja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: application/x-javascript
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6355e63f-201e6"
expires: Wed, 08 Feb 2023 02:58:00 GMT
last-modified: Mon, 24 Oct 2022 01:11:27 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 33976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kAkN1DUelyQHPQsrPGeSWD5sjugVU5LUzhFNg8f0lsCoHXaAYWgmPB%2FO8Xz0cUizSj0QuIk6XhmBzJ4Y3WJm8ep3myhUq4uRSfiuejZY0K4TjzB65ggFanFVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796038ac8cce1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8122ba3b-f49a-49fa-acfb-88990087de42.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6177 bytes)
Hash
25fb37d8b072e47aae74933481fb9418
b073d213a6a7939efed7ee5ef62a5548e00082bc
59a9c61013b3a4faab6f1c578f45bb87397d2f9e7975ae58e53e2c4e4a791da2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8122ba3b-f49a-49fa-acfb-88990087de42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6177
x-amzn-requestid: 729ae67c-5468-42a6-ba16-2a6a55db001d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f-tUbE7EoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e28f4f-7f1fa6e162899c495e44e643;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 17:50:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xTJKf69wk7qWWhBYf-qO61jOY2jXIC4FNdt4Mxt2dLDmLm5U9OocVQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 18:24:36 GMT
etag: "b073d213a6a7939efed7ee5ef62a5548e00082bc"
content-type: image/jpeg
age: 21580
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4269 bytes)
Hash
33b061f03be149fea0df63b42a8ec226
e5e491c6ef8b6234450a34ee5df28b9a58a8ad43
a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0hu3nATq26ngjS5942rJgt7AcT4wjG0mFfNrtsajSN2PpdAOYhTjFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:42 GMT
age: 9634
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10058 bytes)
Hash
a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qYXu_I4vL00EOopA1nQcxCTMKf4nObKFk9XQozhw6FezKsfTDem3Mw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:35 GMT
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
age: 8261
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6679 bytes)
Hash
4bb0e725719ac378134b01b6473a6581
a8a1780c88e8ae219048bed28ecfbd8019d9af35
187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 07:41:46 GMT
age: 60150
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8840
Expires: Wed, 08 Feb 2023 02:51:36 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6889
Expires: Wed, 08 Feb 2023 02:19:05 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6834
Expires: Wed, 08 Feb 2023 02:18:10 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

pl17991643.highperformancecpmgate.com/3b9e72e9797c159b735f64a9225e5b2e/invoke.js

192.243.61.225

200 OK

9.3 kB

URL HTTP/1.1
pl17991643.highperformancecpmgate.com/3b9e72e9797c159b735f64a9225e5b2e/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (25062), with no line terminators
Size
9.3 kB (9276 bytes)
Hash
321d61cede7fd820655292a2fd5e99ff
779ab56fd58cdb396e6833e89de466f7531a7f65
a299900695ec56dc8657d94d566a0e1dc9a41dcd6b533354ed7a56ba24ff6c65

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /3b9e72e9797c159b735f64a9225e5b2e/invoke.js HTTP/1.1
Host: pl17991643.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6668b8464ab88efaef8c2c9ecba8be7b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl17986764.highperformancecpmgate.com/f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js

173.233.137.44

200 OK

21 kB

URL HTTP/1.1
pl17986764.highperformancecpmgate.com/f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (60130), with no line terminators
Size
21 kB (20698 bytes)
Hash
2fc3ce7442c62f8f297b737757655b96
11f79a7fb9004c93370e04c85aca1a5a648dc7fe
f55c5a236ed735ac8040cf5bc298773fa6fc014bb0bd579d4d1f3549bec6eb0f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f4/f3/03/f4f3037b1d2a02d7a0ea86681cc07b89.js HTTP/1.1
Host: pl17986764.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eb537886bf7432eb55e9d25fdc57e29e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl17991630.highperformancecpmgate.com/1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js

192.243.61.225

200 OK

13 kB

URL HTTP/1.1
pl17991630.highperformancecpmgate.com/1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37155), with no line terminators
Size
13 kB (13425 bytes)
Hash
d80e427a5c709b15f0b9c8a0fe21b5ea
c46fc0d1e71ba22d8054f5df1310b729ba75e798
25fb6d6233503dcf3d1d510ceb8110d85faa7fe4fc332592b604307bab147455

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1b/83/b8/1b83b8ebd54a9ba1fdb63f527fb4f778.js HTTP/1.1
Host: pl17991630.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f416dc282577c14d7376461e2feb3bf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
162cf16c04c5e61dc5ded18807e1686d
82297027d3933d4324dbdcfadc09521c66d9e6b1
b2d018f4c0c6f21ef882829859ba49af6ccf5cc15f9cf3d13407905f301a0759

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 00:24:16 GMT
Last-Modified: Tue, 07 Feb 2023 23:45:52 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qUJvZXeXV9apDosi2R7bD3rbvktjjGQRB3VL4nsACClEF_yK-a9o7Q==
Age: 2305

simplewebanalysis.com/stats

3.120.47.42

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.120.47.42:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
8eb7e0c18c11137480c5ca36787126ef
4a84702650330d95872fdb1d03bb20ede2f48d76
6b1036d7e8d587ef95a153e9d9b84dbf8f29ebba44d7577fbb584dac2cb6b28f

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
set-cookie: uid_id2=934a3c62-4d46-46e5-a5f1-3e7c7e5de7d5:2:1; expires=Sat, 05 Feb 2033 00:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
162cf16c04c5e61dc5ded18807e1686d
82297027d3933d4324dbdcfadc09521c66d9e6b1
b2d018f4c0c6f21ef882829859ba49af6ccf5cc15f9cf3d13407905f301a0759

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135296
Date: Wed, 08 Feb 2023 00:24:16 GMT
Etag: "63e25293-1d7"
Expires: Thu, 09 Feb 2023 13:59:12 GMT
Last-Modified: Tue, 07 Feb 2023 13:30:59 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Jz6fuwZDSgdSr1e36XUUkbIXHGGkhhGR5EwquPO3mjVrESo9JASoVg==
Age: 1693

e1.o.lencr.org/

23.33.119.27

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
c41c722798f0e3638024f21a5a7a8d83
db3ccc45ee1b163a36affe20ac87fa33c5fd6146
2c47b9c17f99c9852ece1fdf54f4c6dc7b97fc61c663126a5136162560cfb399

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2C47B9C17F99C9852ECE1FDF54F4C6DC7B97FC61C663126A5136162560CFB399"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5486
Expires: Wed, 08 Feb 2023 01:55:42 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

simplewebanalysis.com/stats

3.120.47.42

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.120.47.42:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
e68b402e239ac7335be59297a132a624
f0b848d2356f7be9756f1b857ddc781a951af35c
65404b7e99eb29f11cca62815575ec83a6b2c6b67517080e779c6ef4c697962e

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
set-cookie: uid_id2=3b335ab7-5410-4ce1-83a6-38a8a8e47ed6:2:1; expires=Sat, 05 Feb 2033 00:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

3.120.47.42

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.120.47.42:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
021ee1ac5232d9cf0695e1b73092979a
359907469ba4eab4973f7ca180a7ddff23049f0d
5e08cc676ef7645ac2af1fc50429210a0e41dcd05f6ab7ab62c7ce2c440c3745

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
set-cookie: uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; expires=Sat, 05 Feb 2033 00:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c427f0a40e9a37185a90f0cb32c47dca
d6d6eb862f7ad162b809aec3e278157dea68f530
8e80aa6b23166b468ad5da901087251dfe3def8a81adecbdc2d9908da74678d6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E80AA6B23166B468AD5DA901087251DFE3DEF8A81ADECBDC2D9908DA74678D6"
Last-Modified: Mon, 06 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7599
Expires: Wed, 08 Feb 2023 02:30:55 GMT
Date: Wed, 08 Feb 2023 00:24:16 GMT
Connection: keep-alive

priestsuede.com/pixel/purst?dl=0&th=0&sc=0&rs=2620&rd=2620&fd=958&bv=22.10.v.9&tmpl=70

192.243.59.20

200 OK

0 B

URL HTTP/1.1
priestsuede.com/pixel/purst?dl=0&th=0&sc=0&rs=2620&rd=2620&fd=958&bv=22.10.v.9&tmpl=70
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2620&rd=2620&fd=958&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: priestsuede.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ffbbcf667390418f2cbb808a726b9342
590778522d88baa02439cc5204d9a62a4751f7bb
e0f5a131b37d57d4165866a387a7d613406770013f5566b0f5443e6dfc47acde

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0F5A131B37D57D4165866A387A7D613406770013F5566B0F5443E6DFC47ACDE"
Last-Modified: Sun, 05 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5522
Expires: Wed, 08 Feb 2023 01:56:19 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
c41c722798f0e3638024f21a5a7a8d83
db3ccc45ee1b163a36affe20ac87fa33c5fd6146
2c47b9c17f99c9852ece1fdf54f4c6dc7b97fc61c663126a5136162560cfb399

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2C47B9C17F99C9852ECE1FDF54F4C6DC7B97FC61C663126A5136162560CFB399"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5485
Expires: Wed, 08 Feb 2023 01:55:42 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd323d791dcb256ff08d90c5001ccada
380b8b726dfbe5ca828512ce4f73ea2d3cb2ed9a
d9d54aad7f3a2eebbef4ae07fce2c11f4f750d8faf6613e5b5ec7540b4d478b7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D9D54AAD7F3A2EEBBEF4AE07FCE2C11F4F750D8FAF6613E5B5EC7540B4D478B7"
Last-Modified: Tue, 07 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1913
Expires: Wed, 08 Feb 2023 00:56:10 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
20c9ebcf0c6fd584f93b39650cdf4f64
269ce37f5fd5c65f9c7ab87c7d42ab172f726d48
87c17eb5a87932c6dce03fccbaa0c0f80cdcf4c09653bd4f11a445404f15b068

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C17EB5A87932C6DCE03FCCBAA0C0F80CDCF4C09653BD4F11A445404F15B068"
Last-Modified: Tue, 07 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7579
Expires: Wed, 08 Feb 2023 02:30:36 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

iceboxlitre.com/ntv.json?key=3b9e72e9797c159b735f64a9225e5b2e&vstc=4

173.233.137.60

200 OK

17 kB

URL HTTP/1.1
iceboxlitre.com/ntv.json?key=3b9e72e9797c159b735f64a9225e5b2e&vstc=4
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (17000), with no line terminators
Size
17 kB (17002 bytes)
Hash
85c4301e11ca114ae9c099ae222b41e1
b5fb7b6648d95b028bfe3cafbb7da41f5f307f56
f8b0fe25a4e3ce1c4912cf5f629d7aee8fbd03a0cf2da752095f3fcf9f19e401

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ntv.json?key=3b9e72e9797c159b735f64a9225e5b2e&vstc=4 HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: application/json
Content-Length: 17002
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sekigae.fun.w3ja.com
Access-Control-Allow-Origin: https://sekigae.fun.w3ja.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17891144; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv49=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs49=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
nlec3b9e72e9797c159b735f64a9225e5b2e=[3254344,3254354,3254335,3254345]; expires=Wed, 08 Feb 2023 00:24:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 44d47e35d8eaf15050a88cfa7c60cf04
Strict-Transport-Security: max-age=0; includeSubdomains

www.google.com/s2/favicons?domain_url=https://sekigae.fun

216.58.211.4

301 Moved Permanently

332 B

URL HTTP/2
www.google.com/s2/favicons?domain_url=https://sekigae.fun
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
332 B (332 bytes)
Hash
714ac3d1dc1e67b4e56d7a12f69abf62
46686e165dc9ba9d0b18f7b4f713ab67f79d84f8
cc37f8ea173c6821e71df33c802d2386395f94d51b9a0e282144f76beac78732

HTTP Headers

GET /s2/favicons?domain_url=https://sekigae.fun HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://sekigae.fun&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 00:24:17 GMT
expires: Wed, 08 Feb 2023 00:54:17 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 332
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
61d478faa89367a80894816ec3477057
a1adece785b4023969912ff69f3f44ca23474838
e4cdcf23a08cd9db8874059179d4f83e5763ddbc45ee07a8ea53641d4bb75f5c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:34:04 GMT
Expires: Tue, 14 Feb 2023 06:34:03 GMT
Etag: "a1adece785b4023969912ff69f3f44ca23474838"
Cache-Control: max-age=539985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796038b65eb2b503-OSL

banquetunarmedgrater.com/advertisers.js

192.243.59.20

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 034bcbbc94402cf0b3d9f0e1f7d05add
Strict-Transport-Security: max-age=0; includeSubdomains

www.statcounter.com/counter/counter.js

104.20.219.77

200 OK

15 kB

URL HTTP/2
www.statcounter.com/counter/counter.js
IP
104.20.219.77:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (43632), with no line terminators
Size
15 kB (14976 bytes)
Hash
0b14cd5eb84ba7460f84810d532eba11
e8905bc7cd1d0429e729273c9456190b34907151
0ce0a345de02f867b146fa07999105cbec875fa3d3ef4ff217eb4db27305aa65

HTTP Headers

GET /counter/counter.js HTTP/1.1
Host: www.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 11:47:55 GMT
etag: W/"63e23a6b-aa70"
expires: Wed, 08 Feb 2023 10:53:07 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 5470
server: cloudflare
cf-ray: 796038b6af71b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2

iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2hdS4aR9nvv7fcO3%2Ffe%2B3w3PyU%2BcnqydssMldb0Qtjw629uqESYwtVX79YDv%2BFfqm%2Bo5GL7Un1Qge2%2FE%2Fhhw3%2Brfk3yLXOh6Qe%2BH%2FhBfVlZGZvBhRkLlT6OgkbkN9rNRhC2MbD%2Fr13uwVEPon9KXocS0xc2nx5C8QmS3vdXpdvKTPr2%2B71c08xY9MXBh8lWYooEvUUaWw9xcjDvhnFTQr48A5MczB3A9PcqB2BqSrxfArDkYC4TrL%2F%2FXCnTkAmYeAVFfwKpJ1B0Am7uQ4lnBOACq7eR9B6uGlvQ7ecsrdgpqf39F1QxJbXfziHpPbmi1aB%2Bx%2Bg8UyZxGMQl1GAC1Z0gzY%2BQDT2o4gg8%2BxRKECS9EkqUM9dKTaDiCbQcgToPefUpD3nsIU899MRJnYZR7PudmMWt1lKbc95qcR4uXRShaLWXYh85r2SNkKUjcD0CtztI7Q621Ag2%2FxFus4QTHlw2Jd4HO%2BiLEoUkKBxBQQkKRVBkBEW%2F3BfaNV35UGiXs2Aem%2FPYKscm6%2B7SfZN1ZUJ201PyWjUP79V%2FrmNLntRbLJKdpow6UYcHYcQ6rTC%2B2KZRsxnKkDUlnCqh3JmZ1aGakjduCaRqSl688SsYPYLTR%2BDqLGgegBbjTtMH3Ry3l3wMk0dF6x5tcNODMCXSrIZs29vVp%2BT8bCfBo%2BuQ%2FPjyZ8Pfrz059wm4LZHaEvfUTwRd%2FWC8bgqyt24KRw5vp5nqqSGt9nUno5k8%2B%2B0NuV0YK1auutE37%2FKKqNLHd6XLbtJEqKTryHdXlBDSLhvLJflhxW1Itpa7zSu5TfL05tp7yyu91ErnlEkmoOrZR%2Fvgakpe%2Bvjn2SWeH%2BZQdgKbl%2Bjlx2T%2BoMwReLoDly7UO0Ng9aKHpR6KvBzbJlv81IpAy0VNWQn3n5ot8l33AF1bA83uz%2B6vb0v0dQmqR3D5y%2BMstceXn35Vva%2FBdG3MtK3tMW31F7PRVrBeweUKVuDUSV2GsR9LvylZHLG4Q30Rxe2I0SiQHRbSAJmb8j%2F%2BPPwXAAD%2F%2FwEAAP%2F%2FD4CcjHAEAAA%3D

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2hdS4aR9nvv7fcO3%2Ffe%2B3w3PyU%2BcnqydssMldb0Qtjw629uqESYwtVX79YDv%2BFfqm%2Bo5GL7Un1Qge2%2FE%2Fhhw3%2Brfk3yLXOh6Qe%2BH%2FhBfVlZGZvBhRkLlT6OgkbkN9rNRhC2MbD%2Fr13uwVEPon9KXocS0xc2nx5C8QmS3vdXpdvKTPr2%2B71c08xY9MXBh8lWYooEvUUaWw9xcjDvhnFTQr48A5MczB3A9PcqB2BqSrxfArDkYC4TrL%2F%2FXCnTkAmYeAVFfwKpJ1B0Am7uQ4lnBOACq7eR9B6uGlvQ7ecsrdgpqf39F1QxJbXfziHpPbmi1aB%2Bx%2Bg8UyZxGMQl1GAC1Z0gzY%2BQDT2o4gg8%2BxRKECS9EkqUM9dKTaDiCbQcgToPefUpD3nsIU899MRJnYZR7PudmMWt1lKbc95qcR4uXRShaLWXYh85r2SNkKUjcD0CtztI7Q621Ag2%2FxFus4QTHlw2Jd4HO%2BiLEoUkKBxBQQkKRVBkBEW%2F3BfaNV35UGiXs2Aem%2FPYKscm6%2B7SfZN1ZUJ201PyWjUP79V%2FrmNLntRbLJKdpow6UYcHYcQ6rTC%2B2KZRsxnKkDUlnCqh3JmZ1aGakjduCaRqSl688SsYPYLTR%2BDqLGgegBbjTtMH3Ry3l3wMk0dF6x5tcNODMCXSrIZs29vVp%2BT8bCfBo%2BuQ%2FPjyZ8Pfrz059wm4LZHaEvfUTwRd%2FWC8bgqyt24KRw5vp5nqqSGt9nUno5k8%2B%2B0NuV0YK1auutE37%2FKKqNLHd6XLbtJEqKTryHdXlBDSLhvLJflhxW1Itpa7zSu5TfL05tp7yyu91ErnlEkmoOrZR%2Fvgakpe%2Bvjn2SWeH%2BZQdgKbl%2Bjlx2T%2BoMwReLoDly7UO0Ng9aKHpR6KvBzbJlv81IpAy0VNWQn3n5ot8l33AF1bA83uz%2B6vb0v0dQmqR3D5y%2BMstceXn35Vva%2FBdG3MtK3tMW31F7PRVrBeweUKVuDUSV2GsR9LvylZHLG4Q30Rxe2I0SiQHRbSAJmb8j%2F%2BPPwXAAD%2F%2FwEAAP%2F%2FD4CcjHAEAAA%3D
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2hdS4aR9nvv7fcO3%2Ffe%2B3w3PyU%2BcnqydssMldb0Qtjw629uqESYwtVX79YDv%2BFfqm%2Bo5GL7Un1Qge2%2FE%2Fhhw3%2Brfk3yLXOh6Qe%2BH%2FhBfVlZGZvBhRkLlT6OgkbkN9rNRhC2MbD%2Fr13uwVEPon9KXocS0xc2nx5C8QmS3vdXpdvKTPr2%2B71c08xY9MXBh8lWYooEvUUaWw9xcjDvhnFTQr48A5MczB3A9PcqB2BqSrxfArDkYC4TrL%2F%2FXCnTkAmYeAVFfwKpJ1B0Am7uQ4lnBOACq7eR9B6uGlvQ7ecsrdgpqf39F1QxJbXfziHpPbmi1aB%2Bx%2Bg8UyZxGMQl1GAC1Z0gzY%2BQDT2o4gg8%2BxRKECS9EkqUM9dKTaDiCbQcgToPefUpD3nsIU899MRJnYZR7PudmMWt1lKbc95qcR4uXRShaLWXYh85r2SNkKUjcD0CtztI7Q621Ag2%2FxFus4QTHlw2Jd4HO%2BiLEoUkKBxBQQkKRVBkBEW%2F3BfaNV35UGiXs2Aem%2FPYKscm6%2B7SfZN1ZUJ201PyWjUP79V%2FrmNLntRbLJKdpow6UYcHYcQ6rTC%2B2KZRsxnKkDUlnCqh3JmZ1aGakjduCaRqSl688SsYPYLTR%2BDqLGgegBbjTtMH3Ry3l3wMk0dF6x5tcNODMCXSrIZs29vVp%2BT8bCfBo%2BuQ%2FPjyZ8Pfrz059wm4LZHaEvfUTwRd%2FWC8bgqyt24KRw5vp5nqqSGt9nUno5k8%2B%2B0NuV0YK1auutE37%2FKKqNLHd6XLbtJEqKTryHdXlBDSLhvLJflhxW1Itpa7zSu5TfL05tp7yyu91ErnlEkmoOrZR%2Fvgakpe%2Bvjn2SWeH%2BZQdgKbl%2Bjlx2T%2BoMwReLoDly7UO0Ng9aKHpR6KvBzbJlv81IpAy0VNWQn3n5ot8l33AF1bA83uz%2B6vb0v0dQmqR3D5y%2BMstceXn35Vva%2FBdG3MtK3tMW31F7PRVrBeweUKVuDUSV2GsR9LvylZHLG4Q30Rxe2I0SiQHRbSAJmb8j%2F%2BPPwXAAD%2F%2FwEAAP%2F%2FD4CcjHAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c62ad2dea0f12b9dcb1761ab3cafd4df
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9c5cd500f3412d0bb91099f1046874e6
8e2a5b67289ca10a9b5a7f1dcc200d4ee1a748e9
af33d47f4cac0f71eedcdc9ea9f1bf5b71b4b2b8284c5e8a7a73f2aba2373d8c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF33D47F4CAC0F71EEDCDC9EA9F1BF5B71B4B2B8284C5E8A7A73F2ABA2373D8C"
Last-Modified: Sun, 05 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18484
Expires: Wed, 08 Feb 2023 05:32:21 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9c5cd500f3412d0bb91099f1046874e6
8e2a5b67289ca10a9b5a7f1dcc200d4ee1a748e9
af33d47f4cac0f71eedcdc9ea9f1bf5b71b4b2b8284c5e8a7a73f2aba2373d8c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF33D47F4CAC0F71EEDCDC9EA9F1BF5B71B4B2B8284C5E8A7A73F2ABA2373D8C"
Last-Modified: Sun, 05 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18484
Expires: Wed, 08 Feb 2023 05:32:21 GMT
Date: Wed, 08 Feb 2023 00:24:17 GMT
Connection: keep-alive

cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg

45.133.44.9

200 OK

19 kB

URL HTTP/2
cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
19 kB (18886 bytes)
Hash
e3f84420ce3bd43532e3ddb8b22a465e
3d7ad384f893e1dbcd8d3bfb260bfc8c4848138a
428d48c9b4e20910da3a15d23ca23eee970be4c013a4cbf5f66355537a8ddd10

HTTP Headers

GET /si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 18886
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:15:36 GMT
etag: "621ba3a8-49c6"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/c8/d2/75/c8d2755494a79da6a1198b4e843c465e/1645978536.jpg

45.133.44.9

200 OK

21 kB

URL HTTP/2
cdn.cloudimagesb.com/si/c8/d2/75/c8d2755494a79da6a1198b4e843c465e/1645978536.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
21 kB (21046 bytes)
Hash
e76141a73e3867caa30e71f21f24f019
7664dbf096108e45ad2d376514565d1a859bd169
98acf73ddbba7ea1c25ae6edf6ab6817ef442cf1c2343909083b2601ea8b62ca

HTTP Headers

GET /si/c8/d2/75/c8d2755494a79da6a1198b4e843c465e/1645978536.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 21046
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:15:46 GMT
etag: "621ba3b2-5236"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzW8b1Rd90%2Fr3E4INoG66wkuQkDtje%2BoMXVSUkjZqm4a0KDuk9zXOa57nDe%2FNeByzIKIIdekFC2A1OU6aAlVF%2FgAk5LCpsqqFhCJEJNiyRGILGteS4UrvfrxzF%2Bfcez%2FbzU%2BJj5yerN0yQ6U1vRA2%2FPrrGyoRpnD11bv1wG%2F4l%2BobKrnYvlQfVM723wr8sOG%2FUb8m%2BZa50PQD3w%2F8oL6srIzN4MIMhUofR0Ej8hvtZiMI2xjY%2F9Yu9%2BCoB9E%2FJa9Cien%2FNp8eQvEJkt53V6Xbykz65ru9XNPMWPTFwfvJVmKKBL1FGlsPcXIw74ZxU0K%2BOAOTHMwVwPT3KgVgakq8nwOw5GBOE6y%2F%2F5wp05AJmHgJRX8CqSdQdAJu7kOJZwTgAqu3kfQerhpb0O3nKK3QKan99SdUMSW1X88h6T25otWgfsfoPFMmcRjEJdRgAtWdIM2PkA09qOIIPPsEShAkvRJKlDPVSk2g4gm0HIE6D3n1lIc89pCnHnripE7DKPb9TsziVmupzTlvtTgPly6KULTaS7GPnFe0RsjSEbgegdsdpHYHW2oEm%2F8At1nCCQ8umxLvvR30RYlCEhSOoKAEhSIoMoKiX%2B4L7ZqufCi0y1kwj815bJVjk3V36b7JujIhu%2BkpeaWah%2Ffy39exJU%2FqLRbJTlNGnajDgzBinVYYX2zTqNkMZciaEk6VUO7MTOpQTclrtwRSNSX%2Fv%2FELGD2C00fg6ixoHoAW407TB90ct5d8DJNHResebXDTgzAl0qyGbNvb1afk%2FGwnwaN1SH58%2BdPhb9eenPsI3JZIbYl76keCrn4wXjcF2Vs3hSOHt9NM9dSQVvu6k9FMnv3mhtwujBUrV93o67d5BVTp47vSZTdpIlTSdeTbK0oIaZeN5ZJ8v%2BI2JFvL3eaV3CZ5enPtneWVXmqlc8okE1D17IN9cDUlL3z40%2BwSzw8%2FhrIT2LxELz8mc4MyR%2BDpDly6YO8MgdWLHpaeQZGXY9tki0%2BtCLRc1JSVcP%2Bq2SLfdQ%2FQtTXQ7P7s%2Fvq2RF%2BXoHoEl784zlJ7fPnpl5V9BaZrY6ZtbY9pqz%2BvRnt9Nt%2FKXa7cCpw6qcsw9mPpNyWLIxZ3qC%2BiuB0xGgWyw0IaIHNT%2Fvsfh%2F8AAAD%2F%2FwEAAP%2F%2Fdl3Z8nAEAAA%3D

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzW8b1Rd90%2Fr3E4INoG66wkuQkDtje%2BoMXVSUkjZqm4a0KDuk9zXOa57nDe%2FNeByzIKIIdekFC2A1OU6aAlVF%2FgAk5LCpsqqFhCJEJNiyRGILGteS4UrvfrxzF%2Bfcez%2FbzU%2BJj5yerN0yQ6U1vRA2%2FPrrGyoRpnD11bv1wG%2F4l%2BobKrnYvlQfVM723wr8sOG%2FUb8m%2BZa50PQD3w%2F8oL6srIzN4MIMhUofR0Ej8hvtZiMI2xjY%2F9Yu9%2BCoB9E%2FJa9Cien%2FNp8eQvEJkt53V6Xbykz65ru9XNPMWPTFwfvJVmKKBL1FGlsPcXIw74ZxU0K%2BOAOTHMwVwPT3KgVgakq8nwOw5GBOE6y%2F%2F5wp05AJmHgJRX8CqSdQdAJu7kOJZwTgAqu3kfQerhpb0O3nKK3QKan99SdUMSW1X88h6T25otWgfsfoPFMmcRjEJdRgAtWdIM2PkA09qOIIPPsEShAkvRJKlDPVSk2g4gm0HIE6D3n1lIc89pCnHnripE7DKPb9TsziVmupzTlvtTgPly6KULTaS7GPnFe0RsjSEbgegdsdpHYHW2oEm%2F8At1nCCQ8umxLvvR30RYlCEhSOoKAEhSIoMoKiX%2B4L7ZqufCi0y1kwj815bJVjk3V36b7JujIhu%2BkpeaWah%2Ffy39exJU%2FqLRbJTlNGnajDgzBinVYYX2zTqNkMZciaEk6VUO7MTOpQTclrtwRSNSX%2Fv%2FELGD2C00fg6ixoHoAW407TB90ct5d8DJNHResebXDTgzAl0qyGbNvb1afk%2FGwnwaN1SH58%2BdPhb9eenPsI3JZIbYl76keCrn4wXjcF2Vs3hSOHt9NM9dSQVvu6k9FMnv3mhtwujBUrV93o67d5BVTp47vSZTdpIlTSdeTbK0oIaZeN5ZJ8v%2BI2JFvL3eaV3CZ5enPtneWVXmqlc8okE1D17IN9cDUlL3z40%2BwSzw8%2FhrIT2LxELz8mc4MyR%2BDpDly6YO8MgdWLHpaeQZGXY9tki0%2BtCLRc1JSVcP%2Bq2SLfdQ%2FQtTXQ7P7s%2Fvq2RF%2BXoHoEl784zlJ7fPnpl5V9BaZrY6ZtbY9pqz%2BvRnt9Nt%2FKXa7cCpw6qcsw9mPpNyWLIxZ3qC%2BiuB0xGgWyw0IaIHNT%2Fvsfh%2F8AAAD%2F%2FwEAAP%2F%2Fdl3Z8nAEAAA%3D
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzW8b1Rd90%2Fr3E4INoG66wkuQkDtje%2BoMXVSUkjZqm4a0KDuk9zXOa57nDe%2FNeByzIKIIdekFC2A1OU6aAlVF%2FgAk5LCpsqqFhCJEJNiyRGILGteS4UrvfrxzF%2Bfcez%2FbzU%2BJj5yerN0yQ6U1vRA2%2FPrrGyoRpnD11bv1wG%2F4l%2BobKrnYvlQfVM723wr8sOG%2FUb8m%2BZa50PQD3w%2F8oL6srIzN4MIMhUofR0Ej8hvtZiMI2xjY%2F9Yu9%2BCoB9E%2FJa9Cien%2FNp8eQvEJkt53V6Xbykz65ru9XNPMWPTFwfvJVmKKBL1FGlsPcXIw74ZxU0K%2BOAOTHMwVwPT3KgVgakq8nwOw5GBOE6y%2F%2F5wp05AJmHgJRX8CqSdQdAJu7kOJZwTgAqu3kfQerhpb0O3nKK3QKan99SdUMSW1X88h6T25otWgfsfoPFMmcRjEJdRgAtWdIM2PkA09qOIIPPsEShAkvRJKlDPVSk2g4gm0HIE6D3n1lIc89pCnHnripE7DKPb9TsziVmupzTlvtTgPly6KULTaS7GPnFe0RsjSEbgegdsdpHYHW2oEm%2F8At1nCCQ8umxLvvR30RYlCEhSOoKAEhSIoMoKiX%2B4L7ZqufCi0y1kwj815bJVjk3V36b7JujIhu%2BkpeaWah%2Ffy39exJU%2FqLRbJTlNGnajDgzBinVYYX2zTqNkMZciaEk6VUO7MTOpQTclrtwRSNSX%2Fv%2FELGD2C00fg6ixoHoAW407TB90ct5d8DJNHResebXDTgzAl0qyGbNvb1afk%2FGwnwaN1SH58%2BdPhb9eenPsI3JZIbYl76keCrn4wXjcF2Vs3hSOHt9NM9dSQVvu6k9FMnv3mhtwujBUrV93o67d5BVTp47vSZTdpIlTSdeTbK0oIaZeN5ZJ8v%2BI2JFvL3eaV3CZ5enPtneWVXmqlc8okE1D17IN9cDUlL3z40%2BwSzw8%2FhrIT2LxELz8mc4MyR%2BDpDly6YO8MgdWLHpaeQZGXY9tki0%2BtCLRc1JSVcP%2Bq2SLfdQ%2FQtTXQ7P7s%2Fvq2RF%2BXoHoEl784zlJ7fPnpl5V9BaZrY6ZtbY9pqz%2BvRnt9Nt%2FKXa7cCpw6qcsw9mPpNyWLIxZ3qC%2BiuB0xGgWyw0IaIHNT%2Fvsfh%2F8AAAD%2F%2FwEAAP%2F%2Fdl3Z8nAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4afbfd0d7cd8be66910b05dde59946a0
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg

45.133.44.9

200 OK

22 kB

URL HTTP/2
cdn.cloudimagesb.com/si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
22 kB (21546 bytes)
Hash
dea5f1ea2c9a47f7f4d05c62e70a2527
b88486270a197dd93dfc0ec3d6609c35dda8f928
638a55cc2116fa90536d6c306d288d9400921d7b3338ec9ff374eabc218f8b9c

HTTP Headers

GET /si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 21546
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:18:35 GMT
etag: "621ba45b-542a"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg

45.133.44.9

200 OK

25 kB

URL HTTP/2
cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
25 kB (25012 bytes)
Hash
f1a49a7d784361bbce9f7ed99c6fc6ec
bb1a5732dc954a89c85089d16d71a00ade1fe682
deb5daa6fcbf7a78b9361e5ac56f09b27986953f03977adbaf32d04a93996bdd

HTTP Headers

GET /si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: image/jpeg
content-length: 25012
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:14:05 GMT
etag: "621ba34d-61b4"
expires: Fri, 10 Feb 2023 00:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

indignationmapprohibited.com/sbar.json?key=1b83b8ebd54a9ba1fdb63f527fb4f778&uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232%3A2%3A1

173.233.137.36

200 OK

4.4 kB

URL HTTP/1.1
indignationmapprohibited.com/sbar.json?key=1b83b8ebd54a9ba1fdb63f527fb4f778&uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232%3A2%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (6249), with no line terminators
Size
4.4 kB (4376 bytes)
Hash
c4a4e966db918a49c331e3cc4bc87928
fba1b32882eb76d21adfdb66d967e708992e99a3
294cbe196d0aad3d60776873c42725addf9ab5b4fcb7546b8d58f883d339626d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=1b83b8ebd54a9ba1fdb63f527fb4f778&uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232%3A2%3A1 HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sekigae.fun.w3ja.com
Access-Control-Allow-Origin: https://sekigae.fun.w3ja.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17891131; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; expires=Wed, 15 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 Feb 2023 00:24:17 GMT; secure; SameSite=None
slec1b83b8ebd54a9ba1fdb63f527fb4f778=[3905509]; expires=Wed, 08 Feb 2023 00:24:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5c03e725aa8591ecc9d6b642c9d4f3ae
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4lJzqC4oQkeDKEYkraF1LhifN%2BzHfO3zfe%2B%2Fz3fyU%2BMjpydotM1Ra0wthw6%2B%2FuaESYQpXX71bD%2FyGf6m%2BoZKL7Uv1QeVs%2F53ADxv%2BW%2FVrkm%2BZC00%2F8P3AD%2BrLysrYDC7MUKj0cRQ0Ir%2FRbjaCsI2B%2FX%2Ftcg%2BOehD9U%2FI6lJi%2BsPn0EIpPkPS%2BvyrdVmbSt9%2Fv5ZpmxqIvDj5MthJTJOgt0th6iJODeTeMmxLy5RmY5GCuAKa%2FVykAU1Pi%2FRKAJQdzmmD9%2FedMmYZMwMQrKPoTSD2BohNwcx9KPCMAF1i9jaT3cNXYgm4%2FR2mFTknt77%2Bgiimp%2FXYOSe%2FJFa0G9TtG55kyicMgLqEGE6juBGl%2BhGzoQRVH4NmnUIIg6ZVQopypVmoCFU%2Bg5QjUecirpzzksYc89dATJ3UaRrHvd2IWt1pLbc55q8V5uHRRhKLVXop95LyiNUKWjsD1CNzuILU72FIj2PxHuM0STnhw2ZR4H%2BygL0oUkqBwBAUlKBRBkREU%2FXJfaNd05UOhXc6CeWzOY6scm6y7S%2FdN1pUJ2U1PyWvVPLxX%2F7mOLXlSb7FIdpoy6kQdHoQR67TC%2BGKbRs1mKEPWlHCqhHJnZlKHakreuCWQqil58cavYPQITh%2BBq7OgeQBajDtNH3Rz3F7yMUweFa17tMFND8KUSLMasm1vV5%2BS87OdBI8uQ%2FLjy58Nf7%2F25Nwn4LZEakvcUz8RdPWD8bopyN66KRw5vJ1mqqeGtNrXnYxm8uy3N%2BR2YaxYuepG37zLK6BKH9%2BVLrtJE6GSriPfXVFCSLtsLJfkhxW3Idla7jav5DbJ05tr7y2v9FIrnVMmmYCqZx%2Ftg6speenjn2eXeH6ooewENi%2FRy4%2FJ3KDMEXi6A5cu2DtDYPWih6VnUeTl2DbZ4lMrAi0XNWUl3H9qtsh33QN0bQ00uz%2B7v74t0dclqB7B5S%2BPs9QeX376VWVfg%2BnamGlb22Pa6i%2Bq0V6v3PpsyJVbgVMndRnGfiz9pmRxxOIO9UUUtyNGo0B2WEgDZG7K%2F%2Fjz8F8AAAD%2F%2FwEAAP%2F%2FU3W0FnAEAAA%3D

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4lJzqC4oQkeDKEYkraF1LhifN%2BzHfO3zfe%2B%2Fz3fyU%2BMjpydotM1Ra0wthw6%2B%2FuaESYQpXX71bD%2FyGf6m%2BoZKL7Uv1QeVs%2F53ADxv%2BW%2FVrkm%2BZC00%2F8P3AD%2BrLysrYDC7MUKj0cRQ0Ir%2FRbjaCsI2B%2FX%2Ftcg%2BOehD9U%2FI6lJi%2BsPn0EIpPkPS%2BvyrdVmbSt9%2Fv5ZpmxqIvDj5MthJTJOgt0th6iJODeTeMmxLy5RmY5GCuAKa%2FVykAU1Pi%2FRKAJQdzmmD9%2FedMmYZMwMQrKPoTSD2BohNwcx9KPCMAF1i9jaT3cNXYgm4%2FR2mFTknt77%2Bgiimp%2FXYOSe%2FJFa0G9TtG55kyicMgLqEGE6juBGl%2BhGzoQRVH4NmnUIIg6ZVQopypVmoCFU%2Bg5QjUecirpzzksYc89dATJ3UaRrHvd2IWt1pLbc55q8V5uHRRhKLVXop95LyiNUKWjsD1CNzuILU72FIj2PxHuM0STnhw2ZR4H%2BygL0oUkqBwBAUlKBRBkREU%2FXJfaNd05UOhXc6CeWzOY6scm6y7S%2FdN1pUJ2U1PyWvVPLxX%2F7mOLXlSb7FIdpoy6kQdHoQR67TC%2BGKbRs1mKEPWlHCqhHJnZlKHakreuCWQqil58cavYPQITh%2BBq7OgeQBajDtNH3Rz3F7yMUweFa17tMFND8KUSLMasm1vV5%2BS87OdBI8uQ%2FLjy58Nf7%2F25Nwn4LZEakvcUz8RdPWD8bopyN66KRw5vJ1mqqeGtNrXnYxm8uy3N%2BR2YaxYuepG37zLK6BKH9%2BVLrtJE6GSriPfXVFCSLtsLJfkhxW3Idla7jav5DbJ05tr7y2v9FIrnVMmmYCqZx%2Ftg6speenjn2eXeH6ooewENi%2FRy4%2FJ3KDMEXi6A5cu2DtDYPWih6VnUeTl2DbZ4lMrAi0XNWUl3H9qtsh33QN0bQ00uz%2B7v74t0dclqB7B5S%2BPs9QeX376VWVfg%2BnamGlb22Pa6i%2Bq0V6v3PpsyJVbgVMndRnGfiz9pmRxxOIO9UUUtyNGo0B2WEgDZG7K%2F%2Fjz8F8AAAD%2F%2FwEAAP%2F%2FU3W0FnAEAAA%3D
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLSRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4lJzqC4oQkeDKEYkraF1LhifN%2BzHfO3zfe%2B%2Fz3fyU%2BMjpydotM1Ra0wthw6%2B%2FuaESYQpXX71bD%2FyGf6m%2BoZKL7Uv1QeVs%2F53ADxv%2BW%2FVrkm%2BZC00%2F8P3AD%2BrLysrYDC7MUKj0cRQ0Ir%2FRbjaCsI2B%2FX%2Ftcg%2BOehD9U%2FI6lJi%2BsPn0EIpPkPS%2BvyrdVmbSt9%2Fv5ZpmxqIvDj5MthJTJOgt0th6iJODeTeMmxLy5RmY5GCuAKa%2FVykAU1Pi%2FRKAJQdzmmD9%2FedMmYZMwMQrKPoTSD2BohNwcx9KPCMAF1i9jaT3cNXYgm4%2FR2mFTknt77%2Bgiimp%2FXYOSe%2FJFa0G9TtG55kyicMgLqEGE6juBGl%2BhGzoQRVH4NmnUIIg6ZVQopypVmoCFU%2Bg5QjUecirpzzksYc89dATJ3UaRrHvd2IWt1pLbc55q8V5uHRRhKLVXop95LyiNUKWjsD1CNzuILU72FIj2PxHuM0STnhw2ZR4H%2BygL0oUkqBwBAUlKBRBkREU%2FXJfaNd05UOhXc6CeWzOY6scm6y7S%2FdN1pUJ2U1PyWvVPLxX%2F7mOLXlSb7FIdpoy6kQdHoQR67TC%2BGKbRs1mKEPWlHCqhHJnZlKHakreuCWQqil58cavYPQITh%2BBq7OgeQBajDtNH3Rz3F7yMUweFa17tMFND8KUSLMasm1vV5%2BS87OdBI8uQ%2FLjy58Nf7%2F25Nwn4LZEakvcUz8RdPWD8bopyN66KRw5vJ1mqqeGtNrXnYxm8uy3N%2BR2YaxYuepG37zLK6BKH9%2BVLrtJE6GSriPfXVFCSLtsLJfkhxW3Idla7jav5DbJ05tr7y2v9FIrnVMmmYCqZx%2Ftg6speenjn2eXeH6ooewENi%2FRy4%2FJ3KDMEXi6A5cu2DtDYPWih6VnUeTl2DbZ4lMrAi0XNWUl3H9qtsh33QN0bQ00uz%2B7v74t0dclqB7B5S%2BPs9QeX376VWVfg%2BnamGlb22Pa6i%2Bq0V6v3PpsyJVbgVMndRnGfiz9pmRxxOIO9UUUtyNGo0B2WEgDZG7K%2F%2Fjz8F8AAAD%2F%2FwEAAP%2F%2FU3W0FnAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 574d666244a3633a95ba8b26bd3c22d7
Strict-Transport-Security: max-age=0; includeSubdomains

iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLaRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2gdS4Ynzfsx3zt833vv8538hPjI6fHqbTNUWtMLYcOvv7muEmEKV1%2B5Vw%2F8hn%2Bpvq6Si%2B1L9UHlbP%2BdwA8b%2Flv165JvmgtNP%2FD9wA%2Fq15SVsRlcmKFQ6ZMoaER%2Bo91sBGEbA%2Fv%2F2uUeHPUg%2BifkdSgxfWHj2QEUnyDpfX9Vus3MpG%2B%2F38s1zYxFX%2Bx%2FmGwmpkjQW6Sx9RAn%2B%2FNuGDcl5MszMMn%2BXAFMf7dSAKamxPslAEv25zTB%2BnunTJmGTMDEKyj6E0g9gaITcPMASjwnABdYuYOk92jF2IJunaK0Qqek9vdfUMWU1H47h6T39IpWg%2Fpdo%2FNMmcRhEJdQgwlUd4I0P0Q29KCKQ%2FDsUyhBkPRKKFHOVCs1gYon0HIE6jzk1VMe8thDnnroieM6DaPY9zsxi1utpTbnvNXiPFy6KELRai%2FFPnJe0RohS0fgegRut5HabWyqEWz%2BI9xGCSc8uGxKvA%2B20RclCklQOIKCEhSKoMgIin65J7RruvKR0C5nwTw257FVjk3W3aF7JuvKhOykJ%2BS1ah7eq%2F%2FcwKY8rrdYJDtNGXWiDg%2FCiHVaYXyxTaNmM5Qha0o4VUK5MzOpQzUlb9wWSNWUvHjzVzB6CKcPwdVZ0DwALcadpg%2B6MW4v%2BRgmj4vWfdrgpgdhSqRZDdmWt6NPyPnZToLHy5D86PJnw9%2BvPz33CbgtkdoS99VPBF39cLxmCrK7ZgpHDu6kmeqpIa32dTejmTz77U25VRgrlq%2B60Tfv8gqo0if3pMtu0USopOvId1eUENJeM5ZL8sOyW5dsNXcbV3Kb5Omt1feuLfdSK51TJpmAqucf7YGrKXnp459nl3h%2B2IeyE9i8RC8%2FInODMofg6TZcumDvDIHVix6W1lDk5dg22eJTKwItFzVlJdx%2FarbId9xDdG0NNHswu7%2B%2BLdHXJageweUvj7PUHl1%2B9lVlX4Pp2phpW9tl2uovqtHeqNxa5S6fTtqp47oMYz%2BWflOyOGJxh%2FoiitsRo1EgOyykATI35X%2F8efAvAAAA%2F%2F8BAAD%2F%2F4d%2BeCBwBAAA

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLaRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2gdS4Ynzfsx3zt833vv8538hPjI6fHqbTNUWtMLYcOvv7muEmEKV1%2B5Vw%2F8hn%2Bpvq6Si%2B1L9UHlbP%2BdwA8b%2Flv165JvmgtNP%2FD9wA%2Fq15SVsRlcmKFQ6ZMoaER%2Bo91sBGEbA%2Fv%2F2uUeHPUg%2BifkdSgxfWHj2QEUnyDpfX9Vus3MpG%2B%2F38s1zYxFX%2Bx%2FmGwmpkjQW6Sx9RAn%2B%2FNuGDcl5MszMMn%2BXAFMf7dSAKamxPslAEv25zTB%2BnunTJmGTMDEKyj6E0g9gaITcPMASjwnABdYuYOk92jF2IJunaK0Qqek9vdfUMWU1H47h6T39IpWg%2Fpdo%2FNMmcRhEJdQgwlUd4I0P0Q29KCKQ%2FDsUyhBkPRKKFHOVCs1gYon0HIE6jzk1VMe8thDnnroieM6DaPY9zsxi1utpTbnvNXiPFy6KELRai%2FFPnJe0RohS0fgegRut5HabWyqEWz%2BI9xGCSc8uGxKvA%2B20RclCklQOIKCEhSKoMgIin65J7RruvKR0C5nwTw257FVjk3W3aF7JuvKhOykJ%2BS1ah7eq%2F%2FcwKY8rrdYJDtNGXWiDg%2FCiHVaYXyxTaNmM5Qha0o4VUK5MzOpQzUlb9wWSNWUvHjzVzB6CKcPwdVZ0DwALcadpg%2B6MW4v%2BRgmj4vWfdrgpgdhSqRZDdmWt6NPyPnZToLHy5D86PJnw9%2BvPz33CbgtkdoS99VPBF39cLxmCrK7ZgpHDu6kmeqpIa32dTejmTz77U25VRgrlq%2B60Tfv8gqo0if3pMtu0USopOvId1eUENJeM5ZL8sOyW5dsNXcbV3Kb5Omt1feuLfdSK51TJpmAqucf7YGrKXnp459nl3h%2B2IeyE9i8RC8%2FInODMofg6TZcumDvDIHVix6W1lDk5dg22eJTKwItFzVlJdx%2FarbId9xDdG0NNHswu7%2B%2BLdHXJageweUvj7PUHl1%2B9lVlX4Pp2phpW9tl2uovqtHeqNxa5S6fTtqp47oMYz%2BWflOyOGJxh%2FoiitsRo1EgOyykATI35X%2F8efAvAAAA%2F%2F8BAAD%2F%2F4d%2BeCBwBAAA
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd21vnaWHilLaRm3TkBblhjS%2F1plmvLPM7Hodc4koQj36wAE4bT4nTYGqIn8AEnK4VJGQ6guKEJHgyhGJK2gdS4Ynzfsx3zt833vv8538hPjI6fHqbTNUWtMLYcOvv7muEmEKV1%2B5Vw%2F8hn%2Bpvq6Si%2B1L9UHlbP%2BdwA8b%2Flv165JvmgtNP%2FD9wA%2Fq15SVsRlcmKFQ6ZMoaER%2Bo91sBGEbA%2Fv%2F2uUeHPUg%2BifkdSgxfWHj2QEUnyDpfX9Vus3MpG%2B%2F38s1zYxFX%2Bx%2FmGwmpkjQW6Sx9RAn%2B%2FNuGDcl5MszMMn%2BXAFMf7dSAKamxPslAEv25zTB%2BnunTJmGTMDEKyj6E0g9gaITcPMASjwnABdYuYOk92jF2IJunaK0Qqek9vdfUMWU1H47h6T39IpWg%2Fpdo%2FNMmcRhEJdQgwlUd4I0P0Q29KCKQ%2FDsUyhBkPRKKFHOVCs1gYon0HIE6jzk1VMe8thDnnroieM6DaPY9zsxi1utpTbnvNXiPFy6KELRai%2FFPnJe0RohS0fgegRut5HabWyqEWz%2BI9xGCSc8uGxKvA%2B20RclCklQOIKCEhSKoMgIin65J7RruvKR0C5nwTw257FVjk3W3aF7JuvKhOykJ%2BS1ah7eq%2F%2FcwKY8rrdYJDtNGXWiDg%2FCiHVaYXyxTaNmM5Qha0o4VUK5MzOpQzUlb9wWSNWUvHjzVzB6CKcPwdVZ0DwALcadpg%2B6MW4v%2BRgmj4vWfdrgpgdhSqRZDdmWt6NPyPnZToLHy5D86PJnw9%2BvPz33CbgtkdoS99VPBF39cLxmCrK7ZgpHDu6kmeqpIa32dTejmTz77U25VRgrlq%2B60Tfv8gqo0if3pMtu0USopOvId1eUENJeM5ZL8sOyW5dsNXcbV3Kb5Omt1feuLfdSK51TJpmAqucf7YGrKXnp459nl3h%2B2IeyE9i8RC8%2FInODMofg6TZcumDvDIHVix6W1lDk5dg22eJTKwItFzVlJdx%2FarbId9xDdG0NNHswu7%2B%2BLdHXJageweUvj7PUHl1%2B9lVlX4Pp2phpW9tl2uovqtHeqNxa5S6fTtqp47oMYz%2BWflOyOGJxh%2FoiitsRo1EgOyykATI35X%2F8efAvAAAA%2F%2F8BAAD%2F%2F4d%2BeCBwBAAA HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 276d0ae55627b45ae38d8974e34d5919
Strict-Transport-Security: max-age=0; includeSubdomains

iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9d2bdNDRShpo7ZpSItyQ5qdmXWmmd1ZZvaHYy4RRahHHzgAp83npClQVeQPQEIOlyoSUn1BESISXDkicQWtY8nwpHk%2F5nuH73vvfb6bnRIXGT1Zu62HUil6qd1w629uyJjrwtZX79U9t%2BFeqW%2FI%2BHLrSn1QOZO%2F47nthvtW%2FbpgW%2FqS73qu67lefVkaEerBpRkKmTzpeY2e22j5Da%2FdwsD8v7aZA0sd8PyUvA7Jpy9sPjuEZBPE0ffXhN1KdfL2%2B1GmaKoNcn7wYbwV6yJGtEhD4yCMD%2Bbd0HZKyJfnoOODuQLofK9SgEBOifOLhyA%2BmNNEkO%2BfMQ0URIyAv4Iin0CoCSSdgOkHkPw5ARjH6h3E0aNVbQq6fYbSCp2S2t9%2FQRZTUvvtAuLo6ZKSg%2FpdrbJU6thiEJaQgwlkf4IkO0I6dCCLI7D0U0hOEEclJC9nqqWcQIYTKDECtQ6y6kkHWeggSxxE%2FKRO273QdTthEDab3RZjrNlkrN29zNu82eqGLjJW0RohTUZgagRmdpCYHWzJEUz2I%2BxmCcsd2HRKnA92kPMShSAoLEFBCQpJUKQERV7uc2V9Wz7iymaBN4%2F%2BPDbLsU77u3Rfp30Rk93klLxWzcN59Z8b2BIn9WbQEx1f9Dq9DvPavaDTbIeXW7Tn%2B23RDnwBK0tIe24mdSin5I3bHImckhdv%2FoqAHsGqIzB5HjTzQItxx3dBN8etroth%2FLho3qcNpiNwXSJJa0i3nV11Si7OduI9XoFgx1c%2FG%2F5%2B%2FemFT8BMicSUuC9%2FIuirh%2BN1XZC9dV1YcngnSWUkh7Ta192UpuL8tzfFdqENX7lmR9%2B8yyqgSp%2FcEza9RWMu474l3y1JzoVZ1oYJ8sOK3RDBWmY3lzITZ8mttfeWV6LECGuljieg8vlH%2B2BySl76%2BOfZJV4c5pBmApOViLJjMjdIfQSW7MAmC%2FZWExi16AmSGoqsHBs%2FWHwqSaDEoqZBCfufOljku%2FYh%2BqYGmj6Y3V9uSuSqBFUj2OzlcZqY46vPvqrsawSqNg6Uqe0FyqgvqtHeqNx65a6eTdrKk3rba4lu0O0wzgPBuNfxm92m6%2Fqctzo94fWQ2in748%2FDfwEAAP%2F%2FAQAA%2F%2F%2BTdvbGcAQAAA%3D%3D

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9d2bdNDRShpo7ZpSItyQ5qdmXWmmd1ZZvaHYy4RRahHHzgAp83npClQVeQPQEIOlyoSUn1BESISXDkicQWtY8nwpHk%2F5nuH73vvfb6bnRIXGT1Zu62HUil6qd1w629uyJjrwtZX79U9t%2BFeqW%2FI%2BHLrSn1QOZO%2F47nthvtW%2FbpgW%2FqS73qu67lefVkaEerBpRkKmTzpeY2e22j5Da%2FdwsD8v7aZA0sd8PyUvA7Jpy9sPjuEZBPE0ffXhN1KdfL2%2B1GmaKoNcn7wYbwV6yJGtEhD4yCMD%2Bbd0HZKyJfnoOODuQLofK9SgEBOifOLhyA%2BmNNEkO%2BfMQ0URIyAv4Iin0CoCSSdgOkHkPw5ARjH6h3E0aNVbQq6fYbSCp2S2t9%2FQRZTUvvtAuLo6ZKSg%2FpdrbJU6thiEJaQgwlkf4IkO0I6dCCLI7D0U0hOEEclJC9nqqWcQIYTKDECtQ6y6kkHWeggSxxE%2FKRO273QdTthEDab3RZjrNlkrN29zNu82eqGLjJW0RohTUZgagRmdpCYHWzJEUz2I%2BxmCcsd2HRKnA92kPMShSAoLEFBCQpJUKQERV7uc2V9Wz7iymaBN4%2F%2BPDbLsU77u3Rfp30Rk93klLxWzcN59Z8b2BIn9WbQEx1f9Dq9DvPavaDTbIeXW7Tn%2B23RDnwBK0tIe24mdSin5I3bHImckhdv%2FoqAHsGqIzB5HjTzQItxx3dBN8etroth%2FLho3qcNpiNwXSJJa0i3nV11Si7OduI9XoFgx1c%2FG%2F5%2B%2FemFT8BMicSUuC9%2FIuirh%2BN1XZC9dV1YcngnSWUkh7Ta192UpuL8tzfFdqENX7lmR9%2B8yyqgSp%2FcEza9RWMu474l3y1JzoVZ1oYJ8sOK3RDBWmY3lzITZ8mttfeWV6LECGuljieg8vlH%2B2BySl76%2BOfZJV4c5pBmApOViLJjMjdIfQSW7MAmC%2FZWExi16AmSGoqsHBs%2FWHwqSaDEoqZBCfufOljku%2FYh%2BqYGmj6Y3V9uSuSqBFUj2OzlcZqY46vPvqrsawSqNg6Uqe0FyqgvqtHeqNx65a6eTdrKk3rba4lu0O0wzgPBuNfxm92m6%2Fqctzo94fWQ2in748%2FDfwEAAP%2F%2FAQAA%2F%2F%2BTdvbGcAQAAA%3D%3D
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9d2bdNDRShpo7ZpSItyQ5qdmXWmmd1ZZvaHYy4RRahHHzgAp83npClQVeQPQEIOlyoSUn1BESISXDkicQWtY8nwpHk%2F5nuH73vvfb6bnRIXGT1Zu62HUil6qd1w629uyJjrwtZX79U9t%2BFeqW%2FI%2BHLrSn1QOZO%2F47nthvtW%2FbpgW%2FqS73qu67lefVkaEerBpRkKmTzpeY2e22j5Da%2FdwsD8v7aZA0sd8PyUvA7Jpy9sPjuEZBPE0ffXhN1KdfL2%2B1GmaKoNcn7wYbwV6yJGtEhD4yCMD%2Bbd0HZKyJfnoOODuQLofK9SgEBOifOLhyA%2BmNNEkO%2BfMQ0URIyAv4Iin0CoCSSdgOkHkPw5ARjH6h3E0aNVbQq6fYbSCp2S2t9%2FQRZTUvvtAuLo6ZKSg%2FpdrbJU6thiEJaQgwlkf4IkO0I6dCCLI7D0U0hOEEclJC9nqqWcQIYTKDECtQ6y6kkHWeggSxxE%2FKRO273QdTthEDab3RZjrNlkrN29zNu82eqGLjJW0RohTUZgagRmdpCYHWzJEUz2I%2BxmCcsd2HRKnA92kPMShSAoLEFBCQpJUKQERV7uc2V9Wz7iymaBN4%2F%2BPDbLsU77u3Rfp30Rk93klLxWzcN59Z8b2BIn9WbQEx1f9Dq9DvPavaDTbIeXW7Tn%2B23RDnwBK0tIe24mdSin5I3bHImckhdv%2FoqAHsGqIzB5HjTzQItxx3dBN8etroth%2FLho3qcNpiNwXSJJa0i3nV11Si7OduI9XoFgx1c%2FG%2F5%2B%2FemFT8BMicSUuC9%2FIuirh%2BN1XZC9dV1YcngnSWUkh7Ta192UpuL8tzfFdqENX7lmR9%2B8yyqgSp%2FcEza9RWMu474l3y1JzoVZ1oYJ8sOK3RDBWmY3lzITZ8mttfeWV6LECGuljieg8vlH%2B2BySl76%2BOfZJV4c5pBmApOViLJjMjdIfQSW7MAmC%2FZWExi16AmSGoqsHBs%2FWHwqSaDEoqZBCfufOljku%2FYh%2BqYGmj6Y3V9uSuSqBFUj2OzlcZqY46vPvqrsawSqNg6Uqe0FyqgvqtHeqNx65a6eTdrKk3rba4lu0O0wzgPBuNfxm92m6%2Fqctzo94fWQ2in748%2FDfwEAAP%2F%2FAQAA%2F%2F%2BTdvbGcAQAAA%3D%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a73ee45331a5628ddfb52a1784c4021
Strict-Transport-Security: max-age=0; includeSubdomains

iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiI%2FAAk5XKpISPUFRYhIcOWIxBW0riXDSPu99%2FZ7h%2B97732%2Bl58RFzk9Xb%2Blh1IpeilouPU3N2XCdWHra3frnttwr9Q3ZXK5daU%2BqMD03%2FHcoOG%2BVb8m2La%2B5Lue63quV1%2BRRkR6cGnGQqaPu16j6zZafsMLWhiY%2F9c2d2CpA94%2FI69D8ukLW0%2BPINkESfz9VWG3M52%2B%2FX6cK5ppgz4%2F%2FDDZTnSRIF6kkXEQJYfzbmg7JeTLc9DJ4dwBdH%2B%2FcoBQTonzi4cwOZzLRNg%2FeK40VBAJQv4Kiv4EQk0g6QRM34fkzwjAONZuI4kfrmlT0J3nLK3YKan9%2FRdkMSW13y4giZ8sKzmo39Eqz6ROLAZRCTmYQPYmSPNjZEMHsjgGyz6F5ARJXELycuZayglkNIESI1DrIK8%2B6SCPHOSpg5if1mnQjVy3HYVRs9lpMcaaTcaCzmUe8GarE7nIWSVrhCwdgakRmNlFanaxLUcw%2BY%2BwWyUsd2CzKXE%2B2EWflygEQWEJCkpQSIIiIyj65QFX1rflQ65sHnrz6M9jsxzrrLdHD3TWEwnZS8%2FIa9U8nFf%2FuY5tcVpvhl3R9kW33W0zL%2BiG7WYQXW7Rru8HIgh9AStLSHtuZnUop%2BSNWxypnJIXb%2FyKkB7DqmMweR4090CLcdt3QbfGrY6LYfKoaN6jDaZjcF0izWrIdpw9dUYuznbiPboOwU6WPhv%2Bfu3JhU%2FATInUlLgnfyLoqQfjDV2Q%2FQ1dWHJ0O81kLIe02tedjGbi%2FLc3xE6hDV%2B9akffvMsqokof3xU2u0kTLpOeJd8tS86FWdGGCfLDqt0U4Xput5Zzk%2BTpzfX3Vlbj1AhrpU4moPLZRwdgckpe%2Bvjn2SVeHOaQZgKTl4jzEzJ%2FkPoYLN2FTRfqrSYwatETpg6KvBwbP1z8VJJAiUVNwxL2P3W4yPfsA%2FRMDTS7P7u%2FvinRVyWoGsHmL4%2Bz1JwsPf2qel8jVLVxqExtP1RGfTEbbQUbFSxVsAorT%2BuB1xKdsNNmnIeCca%2FtNztN1%2FU5b7W7wusis1P2x59H%2FwIAAP%2F%2FAQAA%2F%2F8biBJqcAQAAA%3D%3D

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiI%2FAAk5XKpISPUFRYhIcOWIxBW0riXDSPu99%2FZ7h%2B97732%2Bl58RFzk9Xb%2Blh1IpeilouPU3N2XCdWHra3frnttwr9Q3ZXK5daU%2BqMD03%2FHcoOG%2BVb8m2La%2B5Lue63quV1%2BRRkR6cGnGQqaPu16j6zZafsMLWhiY%2F9c2d2CpA94%2FI69D8ukLW0%2BPINkESfz9VWG3M52%2B%2FX6cK5ppgz4%2F%2FDDZTnSRIF6kkXEQJYfzbmg7JeTLc9DJ4dwBdH%2B%2FcoBQTonzi4cwOZzLRNg%2FeK40VBAJQv4Kiv4EQk0g6QRM34fkzwjAONZuI4kfrmlT0J3nLK3YKan9%2FRdkMSW13y4giZ8sKzmo39Eqz6ROLAZRCTmYQPYmSPNjZEMHsjgGyz6F5ARJXELycuZayglkNIESI1DrIK8%2B6SCPHOSpg5if1mnQjVy3HYVRs9lpMcaaTcaCzmUe8GarE7nIWSVrhCwdgakRmNlFanaxLUcw%2BY%2BwWyUsd2CzKXE%2B2EWflygEQWEJCkpQSIIiIyj65QFX1rflQ65sHnrz6M9jsxzrrLdHD3TWEwnZS8%2FIa9U8nFf%2FuY5tcVpvhl3R9kW33W0zL%2BiG7WYQXW7Rru8HIgh9AStLSHtuZnUop%2BSNWxypnJIXb%2FyKkB7DqmMweR4090CLcdt3QbfGrY6LYfKoaN6jDaZjcF0izWrIdpw9dUYuznbiPboOwU6WPhv%2Bfu3JhU%2FATInUlLgnfyLoqQfjDV2Q%2FQ1dWHJ0O81kLIe02tedjGbi%2FLc3xE6hDV%2B9akffvMsqokof3xU2u0kTLpOeJd8tS86FWdGGCfLDqt0U4Xput5Zzk%2BTpzfX3Vlbj1AhrpU4moPLZRwdgckpe%2Bvjn2SVeHOaQZgKTl4jzEzJ%2FkPoYLN2FTRfqrSYwatETpg6KvBwbP1z8VJJAiUVNwxL2P3W4yPfsA%2FRMDTS7P7u%2FvinRVyWoGsHmL4%2Bz1JwsPf2qel8jVLVxqExtP1RGfTEbbQUbFSxVsAorT%2BuB1xKdsNNmnIeCca%2FtNztN1%2FU5b7W7wusis1P2x59H%2FwIAAP%2F%2FAQAA%2F%2F8biBJqcAQAAA%3D%3D
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiI%2FAAk5XKpISPUFRYhIcOWIxBW0riXDSPu99%2FZ7h%2B97732%2Bl58RFzk9Xb%2Blh1IpeilouPU3N2XCdWHra3frnttwr9Q3ZXK5daU%2BqMD03%2FHcoOG%2BVb8m2La%2B5Lue63quV1%2BRRkR6cGnGQqaPu16j6zZafsMLWhiY%2F9c2d2CpA94%2FI69D8ukLW0%2BPINkESfz9VWG3M52%2B%2FX6cK5ppgz4%2F%2FDDZTnSRIF6kkXEQJYfzbmg7JeTLc9DJ4dwBdH%2B%2FcoBQTonzi4cwOZzLRNg%2FeK40VBAJQv4Kiv4EQk0g6QRM34fkzwjAONZuI4kfrmlT0J3nLK3YKan9%2FRdkMSW13y4giZ8sKzmo39Eqz6ROLAZRCTmYQPYmSPNjZEMHsjgGyz6F5ARJXELycuZayglkNIESI1DrIK8%2B6SCPHOSpg5if1mnQjVy3HYVRs9lpMcaaTcaCzmUe8GarE7nIWSVrhCwdgakRmNlFanaxLUcw%2BY%2BwWyUsd2CzKXE%2B2EWflygEQWEJCkpQSIIiIyj65QFX1rflQ65sHnrz6M9jsxzrrLdHD3TWEwnZS8%2FIa9U8nFf%2FuY5tcVpvhl3R9kW33W0zL%2BiG7WYQXW7Rru8HIgh9AStLSHtuZnUop%2BSNWxypnJIXb%2FyKkB7DqmMweR4090CLcdt3QbfGrY6LYfKoaN6jDaZjcF0izWrIdpw9dUYuznbiPboOwU6WPhv%2Bfu3JhU%2FATInUlLgnfyLoqQfjDV2Q%2FQ1dWHJ0O81kLIe02tedjGbi%2FLc3xE6hDV%2B9akffvMsqokof3xU2u0kTLpOeJd8tS86FWdGGCfLDqt0U4Xput5Zzk%2BTpzfX3Vlbj1AhrpU4moPLZRwdgckpe%2Bvjn2SVeHOaQZgKTl4jzEzJ%2FkPoYLN2FTRfqrSYwatETpg6KvBwbP1z8VJJAiUVNwxL2P3W4yPfsA%2FRMDTS7P7u%2FvinRVyWoGsHmL4%2Bz1JwsPf2qel8jVLVxqExtP1RGfTEbbQUbFSxVsAorT%2BuB1xKdsNNmnIeCca%2FtNztN1%2FU5b7W7wusis1P2x59H%2FwIAAP%2F%2FAQAA%2F%2F8biBJqcAQAAA%3D%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89ddb39754f1dff3bf1db88acfb66308
Strict-Transport-Security: max-age=0; includeSubdomains

iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeTQ1CcAHUS0%2F4CBJydtd2bNNDRChpo7ZpSItyQ5qdmXWmmd1ZZna9jjkQUYR69IEDcNp8TpoCVUX%2BACTkcKlyqoWEIkQkuHJE4gpa15Lpk%2Bb9mO8dvu%2B998V%2Bdk5cZPRs46YeSKXoYrPmVt%2FckjHXua2u36l6bs29XN2S8VLjcrVfOtN7x3ObNfet6lXBdvSi73qu67ledVUaEer%2B4hSFTB51vFrHrTX8mtdsoG%2Ber23mwFIHvHdOXofkkxe2nxxDsjHi6Icrwu6kOnn7%2FShTNNUGPX70YbwT6zxGNE9D4yCMj2bd0HZCyFcL0PHRTAF076BUgEBOiPOrhyA%2BmtFE0Dt8xjRQEDEC%2Fgry3hhCjSHpGEzfg%2BRPCcA41m8hjh6sa5PT3WcoLdEJqfzzN2Q%2BIZXfLyKOHq8o2a%2Fe1ipLpY4t%2BmEB2R9DdsdIshOkAwcyPwFLP4PkBHFUQPJiqlrKMWQ4hhJDUOsgK590kIUOssRBxM%2BqtNkJXbcVBmG93m4wxup1xprtJd7k9UY7dJGxktYQaTIEU0Mws4fE7GFHDmGyn2C3C1juwKYT4nywhx4vkAuC3BLklCCXBHlKkPeKQ66sb4sHXNks8GbRn8V6MdJpd58e6rQrYrKfnJPXynk4r%2F57DTvirFoPOqLli06r02JesxO06s1wqUE7vt8UzcAXsLKAtAtTqQM5IW%2Fc5EjkhLx4%2FTcE9ARWnYDJC6CZB5qPWr4Luj1qtF0M4od5%2FS6tMR2B6wJJWkG66%2Byrc3JpuhPv4SYEO13%2BfPDH1ccXPwEzBRJT4K78maCr7o82dU4ONnVuyfGtJJWRHNByX7dTmooL310Xu7k2fO2KHX77LiuBMn10R9j0Bo25jLuWfL8iORdmVRsmyI9rdksEG5ndXslMnCU3Nt5bXYsSI6yVOh6DyqcfHYLJCXnp41%2Bml3hp8CmkGcNkBaLslMwMUp%2BAJXuwyZy91QRGzXuCZAF5VoyMH8w%2FlSRQYl7ToID9Xx3M8317H11TAU3vTe%2BvZwr0VAGqhrDZy6M0MafLT74u7RsEqjIKlKkcBMqoL8vRXpvOt3TLpVuDlWfVptcQ7aDdYpwHgnGv5dfbddf1OW%2B0OsLrILUT9udfx%2F8BAAD%2F%2FwEAAP%2F%2FYlVXFHAEAAA%3D

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeTQ1CcAHUS0%2F4CBJydtd2bNNDRChpo7ZpSItyQ5qdmXWmmd1ZZna9jjkQUYR69IEDcNp8TpoCVUX%2BACTkcKlyqoWEIkQkuHJE4gpa15Lpk%2Bb9mO8dvu%2B998V%2Bdk5cZPRs46YeSKXoYrPmVt%2FckjHXua2u36l6bs29XN2S8VLjcrVfOtN7x3ObNfet6lXBdvSi73qu67ledVUaEer%2B4hSFTB51vFrHrTX8mtdsoG%2Ber23mwFIHvHdOXofkkxe2nxxDsjHi6Icrwu6kOnn7%2FShTNNUGPX70YbwT6zxGNE9D4yCMj2bd0HZCyFcL0PHRTAF076BUgEBOiPOrhyA%2BmtFE0Dt8xjRQEDEC%2Fgry3hhCjSHpGEzfg%2BRPCcA41m8hjh6sa5PT3WcoLdEJqfzzN2Q%2BIZXfLyKOHq8o2a%2Fe1ipLpY4t%2BmEB2R9DdsdIshOkAwcyPwFLP4PkBHFUQPJiqlrKMWQ4hhJDUOsgK590kIUOssRBxM%2BqtNkJXbcVBmG93m4wxup1xprtJd7k9UY7dJGxktYQaTIEU0Mws4fE7GFHDmGyn2C3C1juwKYT4nywhx4vkAuC3BLklCCXBHlKkPeKQ66sb4sHXNks8GbRn8V6MdJpd58e6rQrYrKfnJPXynk4r%2F57DTvirFoPOqLli06r02JesxO06s1wqUE7vt8UzcAXsLKAtAtTqQM5IW%2Fc5EjkhLx4%2FTcE9ARWnYDJC6CZB5qPWr4Luj1qtF0M4od5%2FS6tMR2B6wJJWkG66%2Byrc3JpuhPv4SYEO13%2BfPDH1ccXPwEzBRJT4K78maCr7o82dU4ONnVuyfGtJJWRHNByX7dTmooL310Xu7k2fO2KHX77LiuBMn10R9j0Bo25jLuWfL8iORdmVRsmyI9rdksEG5ndXslMnCU3Nt5bXYsSI6yVOh6DyqcfHYLJCXnp41%2Bml3hp8CmkGcNkBaLslMwMUp%2BAJXuwyZy91QRGzXuCZAF5VoyMH8w%2FlSRQYl7ToID9Xx3M8317H11TAU3vTe%2BvZwr0VAGqhrDZy6M0MafLT74u7RsEqjIKlKkcBMqoL8vRXpvOt3TLpVuDlWfVptcQ7aDdYpwHgnGv5dfbddf1OW%2B0OsLrILUT9udfx%2F8BAAD%2F%2FwEAAP%2F%2FYlVXFHAEAAA%3D
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeTQ1CcAHUS0%2F4CBJydtd2bNNDRChpo7ZpSItyQ5qdmXWmmd1ZZna9jjkQUYR69IEDcNp8TpoCVUX%2BACTkcKlyqoWEIkQkuHJE4gpa15Lpk%2Bb9mO8dvu%2B998V%2Bdk5cZPRs46YeSKXoYrPmVt%2FckjHXua2u36l6bs29XN2S8VLjcrVfOtN7x3ObNfet6lXBdvSi73qu67ledVUaEer%2B4hSFTB51vFrHrTX8mtdsoG%2Ber23mwFIHvHdOXofkkxe2nxxDsjHi6Icrwu6kOnn7%2FShTNNUGPX70YbwT6zxGNE9D4yCMj2bd0HZCyFcL0PHRTAF076BUgEBOiPOrhyA%2BmtFE0Dt8xjRQEDEC%2Fgry3hhCjSHpGEzfg%2BRPCcA41m8hjh6sa5PT3WcoLdEJqfzzN2Q%2BIZXfLyKOHq8o2a%2Fe1ipLpY4t%2BmEB2R9DdsdIshOkAwcyPwFLP4PkBHFUQPJiqlrKMWQ4hhJDUOsgK590kIUOssRBxM%2BqtNkJXbcVBmG93m4wxup1xprtJd7k9UY7dJGxktYQaTIEU0Mws4fE7GFHDmGyn2C3C1juwKYT4nywhx4vkAuC3BLklCCXBHlKkPeKQ66sb4sHXNks8GbRn8V6MdJpd58e6rQrYrKfnJPXynk4r%2F57DTvirFoPOqLli06r02JesxO06s1wqUE7vt8UzcAXsLKAtAtTqQM5IW%2Fc5EjkhLx4%2FTcE9ARWnYDJC6CZB5qPWr4Luj1qtF0M4od5%2FS6tMR2B6wJJWkG66%2Byrc3JpuhPv4SYEO13%2BfPDH1ccXPwEzBRJT4K78maCr7o82dU4ONnVuyfGtJJWRHNByX7dTmooL310Xu7k2fO2KHX77LiuBMn10R9j0Bo25jLuWfL8iORdmVRsmyI9rdksEG5ndXslMnCU3Nt5bXYsSI6yVOh6DyqcfHYLJCXnp41%2Bml3hp8CmkGcNkBaLslMwMUp%2BAJXuwyZy91QRGzXuCZAF5VoyMH8w%2FlSRQYl7ToID9Xx3M8317H11TAU3vTe%2BvZwr0VAGqhrDZy6M0MafLT74u7RsEqjIKlKkcBMqoL8vRXpvOt3TLpVuDlWfVptcQ7aDdYpwHgnGv5dfbddf1OW%2B0OsLrILUT9udfx%2F8BAAD%2F%2FwEAAP%2F%2FYlVXFHAEAAA%3D HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a56d0ecb28898f858f1528624480a54
Strict-Transport-Security: max-age=0; includeSubdomains

iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiJ%2FABJyuJSc6guKEJHgyhGJK2hdS4Ynzfsx3zt833vv8738jLjI6en6LT2UStFLQcOtv7kpE64LW1%2B7W%2FfchnulvimTy60r9UHlTP8dzw0a7lv1a4Jt60u%2B67mu53r1FWlEpAeXZihk%2BrjrNbpuo%2BU3vKCFgfl%2FbXMHljrg%2FTPyOiSfvrD19AiSTZDE318VdjvT6dvvx7mimTbo88MPk%2B1EFwniRRoZB1FyOO%2BGtlNCvjwHnRzOFUD39ysFCOWUOL94CJPDOU2E%2FYPnTEMFkSDkr6DoTyDUBJJOwPR9SP6MAIxj7TaS%2BOGaNgXdeY7SCp2S2t9%2FQRZTUvvtApL4ybKSg%2FodrfJM6sRiEJWQgwlkb4I0P0Y2dCCLY7DsU0hOkMQlJC9nqqWcQEYTKDECtQ7y6kkHeeQgTx3E%2FLROg27kuu0ojJrNTosx1mwyFnQu84A3W53IRc4qWiNk6QhMjcDMLlKzi205gsl%2FhN0qYbkDm02J88Eu%2BrxEIQgKS1BQgkISFBlB0S8PuLK%2BLR9yZfPQm0d%2FHpvlWGe9PXqgs55IyF56Rl6r5uG8%2Bs91bIvTejPsirYvuu1um3lBN2w3g%2Bhyi3Z9PxBB6AtYWULaczOpQzklb9ziSOWUvHjjV4T0GFYdg8nzoLkHWozbvgu6NW51XAyTR0XzHm0wHYPrEmlWQ7bj7KkzcnG2E%2B%2FREgQ7Wfps%2BPu1Jxc%2BATMlUlPinvyJoKcejDd0QfY3dGHJ0e00k7Ec0mpfdzKaifPf3hA7hTZ89aodffMuq4AqfXxX2OwmTbhMepZ8tyw5F2ZFGybID6t2U4Trud1azk2SpzfX31tZjVMjrJU6mYDKZx8dgMkpeenjn2eXeHGoIM0EJi8R5ydkbpD6GCzdhU0X7K0mMGrRE6bnUeTl2Pjh4lNJAiUWNQ1L2P%2FU4SLfsw%2FQMzXQ7P7s%2FvqmRF%2BVoGoEm788zlJzsvT0q8q%2BRqhq41CZ2n6ojPqiGu31ym3Mhly5VVh5Wg%2B8luiEnTbjPBSMe22%2F2Wm6rs95q90VXheZnbI%2F%2Fjz6FwAA%2F%2F8BAAD%2F%2F0d9OvBwBAAA

173.233.137.60

200 OK

7 B

URL HTTP/1.1
iceboxlitre.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiJ%2FABJyuJSc6guKEJHgyhGJK2hdS4Ynzfsx3zt833vv8738jLjI6en6LT2UStFLQcOtv7kpE64LW1%2B7W%2FfchnulvimTy60r9UHlTP8dzw0a7lv1a4Jt60u%2B67mu53r1FWlEpAeXZihk%2BrjrNbpuo%2BU3vKCFgfl%2FbXMHljrg%2FTPyOiSfvrD19AiSTZDE318VdjvT6dvvx7mimTbo88MPk%2B1EFwniRRoZB1FyOO%2BGtlNCvjwHnRzOFUD39ysFCOWUOL94CJPDOU2E%2FYPnTEMFkSDkr6DoTyDUBJJOwPR9SP6MAIxj7TaS%2BOGaNgXdeY7SCp2S2t9%2FQRZTUvvtApL4ybKSg%2FodrfJM6sRiEJWQgwlkb4I0P0Y2dCCLY7DsU0hOkMQlJC9nqqWcQEYTKDECtQ7y6kkHeeQgTx3E%2FLROg27kuu0ojJrNTosx1mwyFnQu84A3W53IRc4qWiNk6QhMjcDMLlKzi205gsl%2FhN0qYbkDm02J88Eu%2BrxEIQgKS1BQgkISFBlB0S8PuLK%2BLR9yZfPQm0d%2FHpvlWGe9PXqgs55IyF56Rl6r5uG8%2Bs91bIvTejPsirYvuu1um3lBN2w3g%2Bhyi3Z9PxBB6AtYWULaczOpQzklb9ziSOWUvHjjV4T0GFYdg8nzoLkHWozbvgu6NW51XAyTR0XzHm0wHYPrEmlWQ7bj7KkzcnG2E%2B%2FREgQ7Wfps%2BPu1Jxc%2BATMlUlPinvyJoKcejDd0QfY3dGHJ0e00k7Ec0mpfdzKaifPf3hA7hTZ89aodffMuq4AqfXxX2OwmTbhMepZ8tyw5F2ZFGybID6t2U4Trud1azk2SpzfX31tZjVMjrJU6mYDKZx8dgMkpeenjn2eXeHGoIM0EJi8R5ydkbpD6GCzdhU0X7K0mMGrRE6bnUeTl2Pjh4lNJAiUWNQ1L2P%2FU4SLfsw%2FQMzXQ7P7s%2FvqmRF%2BVoGoEm788zlJzsvT0q8q%2BRqhq41CZ2n6ojPqiGu31ym3Mhly5VVh5Wg%2B8luiEnTbjPBSMe22%2F2Wm6rs95q90VXheZnbI%2F%2Fjz6FwAA%2F%2F8BAAD%2F%2F0d9OvBwBAAA
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebQ1CcAHUS0%2F4CBJyd9fe2qaHiFDSRm3TkBblhjQ7M%2BtMM7uzzOx6HXOJKEI9%2BsABOG0%2BJ02BqiJ%2FABJyuJSc6guKEJHgyhGJK2hdS4Ynzfsx3zt833vv8738jLjI6en6LT2UStFLQcOtv7kpE64LW1%2B7W%2FfchnulvimTy60r9UHlTP8dzw0a7lv1a4Jt60u%2B67mu53r1FWlEpAeXZihk%2BrjrNbpuo%2BU3vKCFgfl%2FbXMHljrg%2FTPyOiSfvrD19AiSTZDE318VdjvT6dvvx7mimTbo88MPk%2B1EFwniRRoZB1FyOO%2BGtlNCvjwHnRzOFUD39ysFCOWUOL94CJPDOU2E%2FYPnTEMFkSDkr6DoTyDUBJJOwPR9SP6MAIxj7TaS%2BOGaNgXdeY7SCp2S2t9%2FQRZTUvvtApL4ybKSg%2FodrfJM6sRiEJWQgwlkb4I0P0Y2dCCLY7DsU0hOkMQlJC9nqqWcQEYTKDECtQ7y6kkHeeQgTx3E%2FLROg27kuu0ojJrNTosx1mwyFnQu84A3W53IRc4qWiNk6QhMjcDMLlKzi205gsl%2FhN0qYbkDm02J88Eu%2BrxEIQgKS1BQgkISFBlB0S8PuLK%2BLR9yZfPQm0d%2FHpvlWGe9PXqgs55IyF56Rl6r5uG8%2Bs91bIvTejPsirYvuu1um3lBN2w3g%2Bhyi3Z9PxBB6AtYWULaczOpQzklb9ziSOWUvHjjV4T0GFYdg8nzoLkHWozbvgu6NW51XAyTR0XzHm0wHYPrEmlWQ7bj7KkzcnG2E%2B%2FREgQ7Wfps%2BPu1Jxc%2BATMlUlPinvyJoKcejDd0QfY3dGHJ0e00k7Ec0mpfdzKaifPf3hA7hTZ89aodffMuq4AqfXxX2OwmTbhMepZ8tyw5F2ZFGybID6t2U4Trud1azk2SpzfX31tZjVMjrJU6mYDKZx8dgMkpeenjn2eXeHGoIM0EJi8R5ydkbpD6GCzdhU0X7K0mMGrRE6bnUeTl2Pjh4lNJAiUWNQ1L2P%2FU4SLfsw%2FQMzXQ7P7s%2FvqmRF%2BVoGoEm788zlJzsvT0q8q%2BRqhq41CZ2n6ojPqiGu31ym3Mhly5VVh5Wg%2B8luiEnTbjPBSMe22%2F2Wm6rs95q90VXheZnbI%2F%2Fjz6FwAA%2F%2F8BAAD%2F%2F0d9OvBwBAAA HTTP/1.1
Host: iceboxlitre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891144; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed518f4f9ba7a61343b571ccb5387361
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

indignationmapprohibited.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMbPf09M6MOQTXdSXsbhJ2VwIehPd38jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13k5xQgIU9Hj1utnSSUIvxLXAf3FNp8KUzl%2B%2B5YdBLVjw13R6sbHg9yeP7b0SBnEteMl%2FQ%2FINc6EehEEQBqF%2FRVupTP%2FClEJnD9phrR3UGvVaGDfQt%2F%2FNXeHBUQ%2Bid0KehBbj%2F61%2FdwDNR0i7n1%2BWbiM32cuvd4uE5saiJ%2FbfTDdSU6bonoXKelDp%2Fqwaxo0J%2BegcTLo%2FmwCmtzuZAEyPifdDCJbuz9oE6%2B2ddsoSyBRMPIayN4JMRtB0BG7uQIuHBOACyytIu%2FeWjS3p5imlEzomc3%2F%2FBV2OydzPTyHtfnYp0X3%2FpkmKXJvUoa8q6P4IujNCVhwi3%2FKgy0Pw%2FF1oQZB2K2hx%2FEKLtpWK43A%2BkkrNN1qRmG9zRedVq8lDKlVcj%2BpTabQeQasREjkAdedQOA%2BF9lAoD0XmoSuOfRq3VRA0FVNR1GpwzqOI87h1UcQiarRUgIJPeh8gzwbgyQDcbiOz29jQA9jiG7j1Ck54cDlBT1QoJUHpCEpKUGqCMicoe9WeSFzdVfdE4goWznx95qNqaPLODt0zeUemZCc7IU9MBPMe%2F2cBG%2FLYD1krYi3JRNygbUZDJdjFSMX1pmIN1Wy24HQF7c6BOg9bekyevy6Q6TH5%2F9UfweghXHIIrs%2BDFs%2BBlsNmPQBdHzZaAbbSj8voNq1x04UwFbJ8Dvmmt5OckGemS1v48HdIfrT469KXb8eL74DbCpmtcFt%2FS9BJ7g5vmJLs3jClIwcrWa67eotOFnozp7mc%2B%2BSq3CyNFUuX3eD%2Bq3wCJuGDW9Ll12gqdNpx5NNLWghprxjLJflqya1Jtlq49UuFTYvs2uprV5a6mZXOaZOOQPVDex9cj8mjPz07PVX%2Fkaeh7Qi2qNAtjsjMoM0heLYNlx0tfvH%2Byi8L4i04Q2CTsxqWeSiLamjr7Owz0QSJPMspq%2BDkmQRMHn395ynbcXfRsR5ofmd6oD1boZdUoMkArjg%2FzDN7tPh9NDWwxBuyxHq7LLHJB6fSOn3sy1gFSgZ1yVSbqSYNRFs12oy2Q9lkMQ2RuzH%2F7Y%2BDfwEAAP%2F%2FAQAA%2F%2F%2BoLmv8ggQAAA%3D%3D

173.233.137.36

200 OK

7 B

URL HTTP/1.1
indignationmapprohibited.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMbPf09M6MOQTXdSXsbhJ2VwIehPd38jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13k5xQgIU9Hj1utnSSUIvxLXAf3FNp8KUzl%2B%2B5YdBLVjw13R6sbHg9yeP7b0SBnEteMl%2FQ%2FINc6EehEEQBqF%2FRVupTP%2FClEJnD9phrR3UGvVaGDfQt%2F%2FNXeHBUQ%2Bid0KehBbj%2F61%2FdwDNR0i7n1%2BWbiM32cuvd4uE5saiJ%2FbfTDdSU6bonoXKelDp%2Fqwaxo0J%2BegcTLo%2FmwCmtzuZAEyPifdDCJbuz9oE6%2B2ddsoSyBRMPIayN4JMRtB0BG7uQIuHBOACyytIu%2FeWjS3p5imlEzomc3%2F%2FBV2OydzPTyHtfnYp0X3%2FpkmKXJvUoa8q6P4IujNCVhwi3%2FKgy0Pw%2FF1oQZB2K2hx%2FEKLtpWK43A%2BkkrNN1qRmG9zRedVq8lDKlVcj%2BpTabQeQasREjkAdedQOA%2BF9lAoD0XmoSuOfRq3VRA0FVNR1GpwzqOI87h1UcQiarRUgIJPeh8gzwbgyQDcbiOz29jQA9jiG7j1Ck54cDlBT1QoJUHpCEpKUGqCMicoe9WeSFzdVfdE4goWznx95qNqaPLODt0zeUemZCc7IU9MBPMe%2F2cBG%2FLYD1krYi3JRNygbUZDJdjFSMX1pmIN1Wy24HQF7c6BOg9bekyevy6Q6TH5%2F9UfweghXHIIrs%2BDFs%2BBlsNmPQBdHzZaAbbSj8voNq1x04UwFbJ8Dvmmt5OckGemS1v48HdIfrT469KXb8eL74DbCpmtcFt%2FS9BJ7g5vmJLs3jClIwcrWa67eotOFnozp7mc%2B%2BSq3CyNFUuX3eD%2Bq3wCJuGDW9Ll12gqdNpx5NNLWghprxjLJflqya1Jtlq49UuFTYvs2uprV5a6mZXOaZOOQPVDex9cj8mjPz07PVX%2Fkaeh7Qi2qNAtjsjMoM0heLYNlx0tfvH%2Byi8L4i04Q2CTsxqWeSiLamjr7Owz0QSJPMspq%2BDkmQRMHn395ynbcXfRsR5ofmd6oD1boZdUoMkArjg%2FzDN7tPh9NDWwxBuyxHq7LLHJB6fSOn3sy1gFSgZ1yVSbqSYNRFs12oy2Q9lkMQ2RuzH%2F7Y%2BDfwEAAP%2F%2FAQAA%2F%2F%2BoLmv8ggQAAA%3D%3D
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMbPf09M6MOQTXdSXsbhJ2VwIehPd38jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13k5xQgIU9Hj1utnSSUIvxLXAf3FNp8KUzl%2B%2B5YdBLVjw13R6sbHg9yeP7b0SBnEteMl%2FQ%2FINc6EehEEQBqF%2FRVupTP%2FClEJnD9phrR3UGvVaGDfQt%2F%2FNXeHBUQ%2Bid0KehBbj%2F61%2FdwDNR0i7n1%2BWbiM32cuvd4uE5saiJ%2FbfTDdSU6bonoXKelDp%2Fqwaxo0J%2BegcTLo%2FmwCmtzuZAEyPifdDCJbuz9oE6%2B2ddsoSyBRMPIayN4JMRtB0BG7uQIuHBOACyytIu%2FeWjS3p5imlEzomc3%2F%2FBV2OydzPTyHtfnYp0X3%2FpkmKXJvUoa8q6P4IujNCVhwi3%2FKgy0Pw%2FF1oQZB2K2hx%2FEKLtpWK43A%2BkkrNN1qRmG9zRedVq8lDKlVcj%2BpTabQeQasREjkAdedQOA%2BF9lAoD0XmoSuOfRq3VRA0FVNR1GpwzqOI87h1UcQiarRUgIJPeh8gzwbgyQDcbiOz29jQA9jiG7j1Ck54cDlBT1QoJUHpCEpKUGqCMicoe9WeSFzdVfdE4goWznx95qNqaPLODt0zeUemZCc7IU9MBPMe%2F2cBG%2FLYD1krYi3JRNygbUZDJdjFSMX1pmIN1Wy24HQF7c6BOg9bekyevy6Q6TH5%2F9UfweghXHIIrs%2BDFs%2BBlsNmPQBdHzZaAbbSj8voNq1x04UwFbJ8Dvmmt5OckGemS1v48HdIfrT469KXb8eL74DbCpmtcFt%2FS9BJ7g5vmJLs3jClIwcrWa67eotOFnozp7mc%2B%2BSq3CyNFUuX3eD%2Bq3wCJuGDW9Ll12gqdNpx5NNLWghprxjLJflqya1Jtlq49UuFTYvs2uprV5a6mZXOaZOOQPVDex9cj8mjPz07PVX%2Fkaeh7Qi2qNAtjsjMoM0heLYNlx0tfvH%2Byi8L4i04Q2CTsxqWeSiLamjr7Owz0QSJPMspq%2BDkmQRMHn395ynbcXfRsR5ofmd6oD1boZdUoMkArjg%2FzDN7tPh9NDWwxBuyxHq7LLHJB6fSOn3sy1gFSgZ1yVSbqSYNRFs12oy2Q9lkMQ2RuzH%2F7Y%2BDfwEAAP%2F%2FAQAA%2F%2F%2BoLmv8ggQAAA%3D%3D HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891131; uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffa614c1b76176bbf3b5a4f5c3812c14
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b317d1ec3f151d7348a57c62f689a6ef
1fe7df7bc019e321f82943119fae230b0126258d
8fc767ad26c25f2f3b37af2517babae85f1a274b54cca3db1df4c80e939fd50f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FC767AD26C25F2F3B37AF2517BABAE85F1A274B54CCA3DB1DF4C80E939FD50F"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1107
Expires: Wed, 08 Feb 2023 00:42:45 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9157
Expires: Wed, 08 Feb 2023 02:56:55 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

172.64.166.9

200 OK

591 B

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
172.64.166.9:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: image/png
content-length: 591
last-modified: Tue, 21 Sep 2021 12:03:43 GMT
etag: "6149ca1f-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5598069
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxV%2Fzu%2BOzl5%2F9i3ddJDtVHox8NrwcDla4s%2B%2FgVnLfLEFaznQt%2BR%2BJ2V6enua%2B%2BjAVievWbQLCv9Kr92L85o2b0pX1lP0DBCl55rQqJdjC8C00bcYzD%2F3zXLuteQzVVJ7aCjoflqWgjYw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038ba9ddf23db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png

45.133.44.9

200 OK

74 kB

URL HTTP/2
cdn.cloudimagesb.com/si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
74 kB (74291 bytes)
Hash
7745eafaf9d9341680983b7119a94c16
4a85313147bf037da8082ae012d69a15ee88c0a6
a4abad4524a2df3f925df666a99925cd36cd19487a53427ba05771fca458caf9

HTTP Headers

GET /si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: image/png
content-length: 74291
server: nginx/1.17.6
last-modified: Wed, 04 Jan 2023 23:03:54 GMT
etag: "63b605da-12233"
expires: Fri, 10 Feb 2023 00:24:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9157
Expires: Wed, 08 Feb 2023 02:56:55 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
325a8a10ce2837a8c6820e30572d181c
195d6189f0f10fcb301fce3af4c27028bbcb9eaa
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 00:24:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
28722a81dd6194f41bee4e8714bd4af3
181ca47fb7d681257ceae92c3af80ed0f8798088
13d9f4e4a5e2ea847b2593614f3c1cda45bfe22913b3f76dcbefddb50c94b532

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13D9F4E4A5E2EA847B2593614F3C1CDA45BFE22913B3F76DCBEFDDB50C94B532"
Last-Modified: Sun, 05 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2898
Expires: Wed, 08 Feb 2023 01:12:36 GMT
Date: Wed, 08 Feb 2023 00:24:18 GMT
Connection: keep-alive

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 13:09:06 GMT
expires: Wed, 07 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 40512
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 181338
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

indignationmapprohibited.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMpHt6OtNjDsG4RsLuJmF3JeBBeP968jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13l5xRjwU9HT9ut5RSULnwprnvrihUqFL667ecn2v5i24Gyqdbyy4vfFjuq%2F4XljzXnLfkHxLz9U93%2FN8z3eXlZGx7s1NKFT2oOXXWl6tUa%2F5YQM989%2FcFg4sdSC6Z%2BRJKDH63%2BZ3R1B8iLTz%2BRVpt3Kdvfx6p0horg264vDNdCvVZYrORRgbB3F6OK2GtiNCProEnR5OJ4Du7o8nAFMj4vzgg6WH0zbBugfnnbIEMgUTj6HsDiGTIRQdgus7UOIhAbjA6hrSzr1VbUq6fU7pmI7IzN9%2FQZUjMvPzU0g7ny0lqufe1EmRK51a9OIKqjeEag%2BRFcfIdxyo8hg8fxdKEKSdCkqcvhDRVhyHoT8byDiebUSBmG3xmM7GUZP7VMZhPahPpFFqCBUPkcg%2BqL2EwjoolIMidlBkDjri1KVhK%2Fa8ZsziIIganPMg4DyM5kUogkYUeyj4uPc%2B8qwPnvTBzS4ys4st1YcpvoHdrGCFA5sTdEWFUhKUlqCkBKUiKHOCslsdiMTWbXVPJLZg%2FtTXpz6oBjpv79EDnbdlSvayM%2FLEWDDn8X8WsCVPXZ9FAYskE2GDthj1Y8HmgzisN2PWiJvNCFZVUPYSqHWwo0bk%2BesCmRqR%2F1%2F9EYwewybH4OoyaPEcaDlo1j3QzUEj8rCTflwGt2mN6w6ErpDlM8i3nb3kjDwzWdrCh79D8pPFX1e%2BfDtcfAfcVMhMhdvqW4J2cndwQ5dk%2F4YuLTlay3LVUTt0vNCbOc3lzCdX5XapjVi5Yvv3X%2BVjMA4f3JI2v0ZTodK2JZ8uKSGkWdaGS%2FLVit2QbL2wm0uFSYvs2vpryyudzEhrlU6HoOqhuQ%2BuRuTRn56dnKr7yNNQZghTVOgUJ2RqUPoYPNuFzU4Wv3h%2F7ZcF8RasJjDJRQ3LHJRFNTB1dvGZKIJEXuSUVbDyQgImT77%2B85zt2btoGwc0vzM50K6p0E0q0KQPW1we5Jk5Wfw%2BmBhY4gxYYpx9lpjkg3NprTp1Q78hIxY1uRBMcuE360EUeF5diEazJf0Wcjviv%2F1x9C8AAAD%2F%2FwEAAP%2F%2FvCblGoIEAAA%3D

173.233.137.36

200 OK

7 B

URL HTTP/1.1
indignationmapprohibited.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMpHt6OtNjDsG4RsLuJmF3JeBBeP968jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13l5xRjwU9HT9ut5RSULnwprnvrihUqFL667ecn2v5i24Gyqdbyy4vfFjuq%2F4XljzXnLfkHxLz9U93%2FN8z3eXlZGx7s1NKFT2oOXXWl6tUa%2F5YQM989%2FcFg4sdSC6Z%2BRJKDH63%2BZ3R1B8iLTz%2BRVpt3Kdvfx6p0horg264vDNdCvVZYrORRgbB3F6OK2GtiNCProEnR5OJ4Du7o8nAFMj4vzgg6WH0zbBugfnnbIEMgUTj6HsDiGTIRQdgus7UOIhAbjA6hrSzr1VbUq6fU7pmI7IzN9%2FQZUjMvPzU0g7ny0lqufe1EmRK51a9OIKqjeEag%2BRFcfIdxyo8hg8fxdKEKSdCkqcvhDRVhyHoT8byDiebUSBmG3xmM7GUZP7VMZhPahPpFFqCBUPkcg%2BqL2EwjoolIMidlBkDjri1KVhK%2Fa8ZsziIIganPMg4DyM5kUogkYUeyj4uPc%2B8qwPnvTBzS4ys4st1YcpvoHdrGCFA5sTdEWFUhKUlqCkBKUiKHOCslsdiMTWbXVPJLZg%2FtTXpz6oBjpv79EDnbdlSvayM%2FLEWDDn8X8WsCVPXZ9FAYskE2GDthj1Y8HmgzisN2PWiJvNCFZVUPYSqHWwo0bk%2BesCmRqR%2F1%2F9EYwewybH4OoyaPEcaDlo1j3QzUEj8rCTflwGt2mN6w6ErpDlM8i3nb3kjDwzWdrCh79D8pPFX1e%2BfDtcfAfcVMhMhdvqW4J2cndwQ5dk%2F4YuLTlay3LVUTt0vNCbOc3lzCdX5XapjVi5Yvv3X%2BVjMA4f3JI2v0ZTodK2JZ8uKSGkWdaGS%2FLVit2QbL2wm0uFSYvs2vpryyudzEhrlU6HoOqhuQ%2BuRuTRn56dnKr7yNNQZghTVOgUJ2RqUPoYPNuFzU4Wv3h%2F7ZcF8RasJjDJRQ3LHJRFNTB1dvGZKIJEXuSUVbDyQgImT77%2B85zt2btoGwc0vzM50K6p0E0q0KQPW1we5Jk5Wfw%2BmBhY4gxYYpx9lpjkg3NprTp1Q78hIxY1uRBMcuE360EUeF5diEazJf0Wcjviv%2F1x9C8AAAD%2F%2FwEAAP%2F%2FvCblGoIEAAA%3D
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SST2gk1RPHX%2B%2Fm90P0ouJBEbEPHhTMpHt6OtNjDsG4RsLuJmF3JeBBeP968jY9%2FZr3uqcnASG4IHsRxpMeO99JNq4uYk6CIMrEi%2BS040GCGkXw5EUQvCozGQjW4VXV%2B9Sh6lv13l5xRjwU9HT9ut5RSULnwprnvrihUqFL667ecn2v5i24Gyqdbyy4vfFjuq%2F4XljzXnLfkHxLz9U93%2FN8z3eXlZGx7s1NKFT2oOXXWl6tUa%2F5YQM989%2FcFg4sdSC6Z%2BRJKDH63%2BZ3R1B8iLTz%2BRVpt3Kdvfx6p0horg264vDNdCvVZYrORRgbB3F6OK2GtiNCProEnR5OJ4Du7o8nAFMj4vzgg6WH0zbBugfnnbIEMgUTj6HsDiGTIRQdgus7UOIhAbjA6hrSzr1VbUq6fU7pmI7IzN9%2FQZUjMvPzU0g7ny0lqufe1EmRK51a9OIKqjeEag%2BRFcfIdxyo8hg8fxdKEKSdCkqcvhDRVhyHoT8byDiebUSBmG3xmM7GUZP7VMZhPahPpFFqCBUPkcg%2BqL2EwjoolIMidlBkDjri1KVhK%2Fa8ZsziIIganPMg4DyM5kUogkYUeyj4uPc%2B8qwPnvTBzS4ys4st1YcpvoHdrGCFA5sTdEWFUhKUlqCkBKUiKHOCslsdiMTWbXVPJLZg%2FtTXpz6oBjpv79EDnbdlSvayM%2FLEWDDn8X8WsCVPXZ9FAYskE2GDthj1Y8HmgzisN2PWiJvNCFZVUPYSqHWwo0bk%2BesCmRqR%2F1%2F9EYwewybH4OoyaPEcaDlo1j3QzUEj8rCTflwGt2mN6w6ErpDlM8i3nb3kjDwzWdrCh79D8pPFX1e%2BfDtcfAfcVMhMhdvqW4J2cndwQ5dk%2F4YuLTlay3LVUTt0vNCbOc3lzCdX5XapjVi5Yvv3X%2BVjMA4f3JI2v0ZTodK2JZ8uKSGkWdaGS%2FLVit2QbL2wm0uFSYvs2vpryyudzEhrlU6HoOqhuQ%2BuRuTRn56dnKr7yNNQZghTVOgUJ2RqUPoYPNuFzU4Wv3h%2F7ZcF8RasJjDJRQ3LHJRFNTB1dvGZKIJEXuSUVbDyQgImT77%2B85zt2btoGwc0vzM50K6p0E0q0KQPW1we5Jk5Wfw%2BmBhY4gxYYpx9lpjkg3NprTp1Q78hIxY1uRBMcuE360EUeF5diEazJf0Wcjviv%2F1x9C8AAAD%2F%2FwEAAP%2F%2FvCblGoIEAAA%3D HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891131; uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62bf6454b7d740b2cedcb52d0886249a
Strict-Transport-Security: max-age=0; includeSubdomains

indignationmapprohibited.com/pixel/sbs?c=1

173.233.137.36

200 OK

0 B

URL HTTP/1.1
indignationmapprohibited.com/pixel/sbs?c=1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: indignationmapprohibited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Cookie: u_pl=17891131; uid_id2=8a9ff551-3eff-483d-9cfa-f87c1aef5232:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1b83b8ebd54a9ba1fdb63f527fb4f778&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0

192.243.59.20

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1b83b8ebd54a9ba1fdb63f527fb4f778&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1b83b8ebd54a9ba1fdb63f527fb4f778&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ea3cb2b30b3ff96ee3cd76581e6c1b2
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f4f3037b1d2a02d7a0ea86681cc07b89&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0

192.243.59.20

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f4f3037b1d2a02d7a0ea86681cc07b89&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8a9ff551-3eff-483d-9cfa-f87c1aef5232&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=f4f3037b1d2a02d7a0ea86681cc07b89&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 00:24:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 75c4a29306588aebe5e1dae76d9b36f9
Strict-Transport-Security: max-age=0; includeSubdomains

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8629 bytes)
Hash
02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 9121
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.203.23

200 OK

0 B

URL HTTP/2
friendshipmale.com/sfp.js
IP
172.64.203.23:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:17 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 02a231cb141e3cea995fdd37b4e9a320
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 Feb 2023 00:24:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlKdv7uZstFgoOfpoPPQwY5a9kGShGbfNuqi0HSueHeVnhiKzPHhNcQeUhfrO2zr0KmEySjcHXnbEeN9bZRkjbJpcIOffbq8RNOrMgCMpNXt93viMKf8u4ZNv5E6j4kmVau3jBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038b20b08f40b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.4

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.4:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 08 Feb 2023 01:24:18 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

c.statcounter.com/t.php?sc_project=12810755&u1=C4CD6FD8176E4FA22BE9D83661543636&java=1&security=232ef74f&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//sekigae.fun.w3ja.com/&t=sekigae.fun%20%7C%20%E3%83%AC%E3%83%83%E3%83%84%E5%B8%AD%E6%9B%BF%E3%81%88%20%7C&invisible=1&sc_rum_e_s=3700&sc_rum_e_e=3706&sc_rum_f_s=0&sc_rum_f_e=3689&get_config=true

104.20.219.77

200 OK

0 B

URL HTTP/2
c.statcounter.com/t.php?sc_project=12810755&u1=C4CD6FD8176E4FA22BE9D83661543636&java=1&security=232ef74f&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//sekigae.fun.w3ja.com/&t=sekigae.fun%20%7C%20%E3%83%AC%E3%83%83%E3%83%84%E5%B8%AD%E6%9B%BF%E3%81%88%20%7C&invisible=1&sc_rum_e_s=3700&sc_rum_e_e=3706&sc_rum_f_s=0&sc_rum_f_e=3689&get_config=true
IP
104.20.219.77:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t.php?sc_project=12810755&u1=C4CD6FD8176E4FA22BE9D83661543636&java=1&security=232ef74f&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//sekigae.fun.w3ja.com/&t=sekigae.fun%20%7C%20%E3%83%AC%E3%83%83%E3%83%84%E5%B8%AD%E6%9B%BF%E3%81%88%20%7C&invisible=1&sc_rum_e_s=3700&sc_rum_e_e=3706&sc_rum_f_s=0&sc_rum_f_e=3689&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc12810755.1675815858.0; SameSite=None; Secure; Expires=Monday, 07-Feb-2028 08:24:18 CST; Path=/; Domain=.statcounter.com
is_visitor_unique=1675815858392379130; SameSite=None; Secure; Expires=Friday, 07-Feb-2025 08:24:18 CST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://sekigae.fun.w3ja.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 796038b8c8c1b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

172.64.166.9

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
172.64.166.9:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-d31"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JL%2BVE%2F17jjZfQsR9V%2FmdzlYHeN3ZhSG2F73%2F1C5E24jXks6DrjLPr6%2BeJPRZqZBMjNeBcxKiir%2FGf%2B1Io91sgmQgJq3I6tn%2FEEHjmkI%2Bte6sK65E5tGlbFzOw%2BJC49u59%2BA251VEHgIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038ba7dc223db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

172.64.166.9

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
172.64.166.9:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5598069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NIT5QvI1jRFnlTPHfJzDImESpd0%2FYCuybe8cgo7YIDJ%2Fxn8WkwpVQhrd1jb%2FdZXp3JuND%2B3AtSs67yTPbCEWjiWDHEyGXdfjGcgCbEG9VaQZ9QgzTB0p43dk8qtz6B5depyBH7GS4%2FJD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038baade523db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

172.64.166.9

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
172.64.166.9:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sekigae.fun.w3ja.com
Connection: keep-alive
Referer: https://sekigae.fun.w3ja.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 00:24:18 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MDPYay8O%2FcQ1U9Jd2sYzTqU9a9J3lo6bn%2FOrkEhIexYDGiizvnMOaRIsnJbeJSS5a7YhVJ8QgFAcDG0tnL4n1bmNmp9jsDQ7zKA9ItvNqZUkKIDDJBPsuV20RoxPEkCN8MhmXtT%2FJSEE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796038bb0e4b23db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML