Report - cj.dotomi.com/2e106cy65O/y49/NOVPTNNT/NMMSRMMVR/M/M/M?g=yKHB=7JJFI%25Ta%25Sf%25Sf8F5I.8E%25Sf8F5I%25Sf105O1484EIX88U1NJI6DPLG9MAD4O7JDUV1BCA85OWSOOS1JE5W4LOM8KGU%25SfKF30J4IR.7JCB<<7JJFI://MMM.93EGE2O.2EC/2B82A-RQQWVQQZV-RSZTXRRX<<g<7JJF://MMM.58E0IB8.2EC<<R<R<Q<Q<

Report Overview

Submitted URL
cj.dotomi.com/2e106cy65O/y49/NOVPTNNT/NMMSRMMVR/M/M/M?g=yKHB=7JJFI%25Ta%25Sf%25Sf8F5I.8E%25Sf8F5I%25Sf105O1484EIX88U1NJI6DPLG9MAD4O7JDUV1BCA85OWSOOS1JE5W4LOM8KGU%25SfKF30J4IR.7JCB<<7JJFI://MMM.93EGE2O.2EC/2B82A-RQQWVQQZV-RSZTXRRX<<g<7JJF://MMM.58E0IB8.2EC<<R<R<Q<Q<
IP
89.207.16.75
ASN
#41041 Conversant LLC
Submitted
2023-06-01 09:47:51
Access
public
Website Title
Final URL
Tags
suspicious
urlquery detections
Suspicious - JavaScript obfusction

Detections

urlquery
5
Network Intrusion Detection
3
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-06-01	424 B	31 kB	216.58.207.234
t1.gstatic.com	unknown	2008-02-11	2013-05-07	2023-06-01	2.0 kB	15 kB	142.250.74.68
ipfs.io	41400	2014-05-16	2015-09-09	2023-05-31	759 B	627 kB	209.94.90.1
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2023-05-31	432 B	52 kB	104.18.10.207
www.emjcd.com	13026	2004-04-06	2012-05-22	2023-05-31	885 B	1.9 kB	89.207.16.75
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-05-31	911 B	14 kB	104.17.25.14
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-31	1.7 kB	3.5 kB	142.250.74.3
www.w3schools.com	17487	2000-03-21	2014-02-05	2023-06-01	414 B	5.8 kB	192.229.133.221
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2023-05-31	451 B	50 kB	104.18.10.207
ocsp.globalsign.com	2075	1999-04-19	2012-07-20	2023-05-31	698 B	3.8 kB	104.18.21.226
cj.dotomi.com	13192	2000-08-07	2014-02-07	2023-05-31	743 B	2.2 kB	89.207.16.75
code.jquery.com	634	2005-12-10	2012-05-21	2023-05-31	430 B	24 kB	69.16.175.42

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-01 09:47:33	medium	Client IP	Internal IP	ET INFO Peer-to-Peer File Sharing Service Domain in DNS Lookup (ipfs .io)
2023-06-01 09:47:33	medium	Client IP	Internal IP	ET INFO Peer-to-Peer File Sharing Service Domain in DNS Lookup (ipfs .io)
2023-06-01 09:47:33	medium	Client IP	209.94.90.1	ET INFO Observed Peer-to-Peer File Sharing Service Domain (ipfs .io in TLS SNI)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-26
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 11:58:50 Times Seen137101 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 11:58:50 Times Seen384644 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-04-26
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 11:58:50 Times Seen244643 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	unknown	123 B	2023-05-30	2023-12-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 23:34:20 Last Seen2023-12-13 12:19:40 Times Seen6 Hash bbb2ec208516fad9748f033a65041a27 e28ddc84325feb076146fa4584fca8bc15e34a56 ede7054fde1e08d91c43055c5011c1a8b8243948f6060ab62ef282601f91a2fc Loading...

	unknown	209 kB	2023-06-01	2023-12-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash 6f2e718c4a4010509fa26616d1537119 0f1978ea422a1bccf444471e068ad7ecf9f50a6d eb4fe80de58c55e67047b57aebdbb8fbea9cd02e04f40c6a27779b070d02438a Loading...

	unknown	70 kB	2023-06-01	2023-12-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash 11e5976c9bb7d775fccd2fc354283228 158ffae70a21af7b502db6edc0690076f03e8435 8df1841eea504b4c1bd96f9786e59672c9ca3008f80cd272939482e2befccd1f Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	19 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 11:58:50 Times Seen111795 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117	626 kB	2023-06-01	2023-12-13
Pretty URL ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117 IP 209.94.90.1 ASN #40680 PROTOCOL Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash f8984693104ecc127e22076f1fac3b8b d27af174ede4d076ec5b034ece1961d12f73550c ec6f6064b19efa374ccead79e4baecd54d7da92be6595e0485afa3f46a17a6fe Loading...

	code.jquery.com/jquery-3.2.1.slim.min.js	70 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-04-26 11:58:50 Times Seen106445 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	unknown	2.7 kB	2023-06-01	2023-12-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash 1fd93df09746db5992294690991c2692 c60848c57cc678cba06f1a9b74fd42e69ff70d6b bc4f8d94a27eae1d2de9945f135664c51e3c39c21740e7ddbdeec866b6decf8f Loading...

		Size	First Seen	Last Seen
	#1 Write - e3e8e18c2141ffcc6235986a3c97dea9	209 kB	2023-06-01	2023-12-13
Pretty Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash e3e8e18c2141ffcc6235986a3c97dea9 dcaffa4d67075b172065656ffb05c983de745226 713cbc091dd64be8c8a0c284e5a3b61440bba7ccac5961f4ef8bf7843fd28924 Loading...

	#2 Write - 5157573d7cb70496841438f542666ead	70 kB	2023-06-01	2023-12-13
Pretty Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash 5157573d7cb70496841438f542666ead ae11f050967c8c08f11a6972895dfb007f9105dd b688c663e036720e581accb52e6166d944f298fa66bc6db416924f2cbdf59eed Loading...

	#3 Write - e307501ac4701ce9fa1acb0123a8ecb1	33 kB	2023-06-01	2023-12-13
Pretty Observations First Seen2023-06-01 11:47:52 Last Seen2023-12-13 12:19:40 Times Seen2 Hash e307501ac4701ce9fa1acb0123a8ecb1 79055189ce9d06c56960c7cdd08a5c7d5630be49 f6eca346307633c3f4af062ad33c0b083c78cb6b7d7456cf152b4f48811eca9c Loading...

HTTP Transactions (21)

URL IP Response Size

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

1.4 kB

URL
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
1c4961c8635719024dca0a5c40d0ac81
c638128861f9da52c0dfefd3a85c50a3245aa6ad
3fc250cb6c4d42286b922fa48a91155ece97d31f0e7c525dce3cca0b2a7b2a9a

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Jun 2023 09:47:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Jun 2023 09:02:14 GMT
ETag: "c638128861f9da52c0dfefd3a85c50a3245aa6ad"
Last-Modified: Thu, 01 Jun 2023 09:02:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 514
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d06892d0b6fb51e-OSL

cj.dotomi.com/2e106cy65O/y49/NOVPTNNT/NMMSRMMVR/M/M/M?g=yKHB=7JJFI%25Ta%25Sf%25Sf8F5I.8E%25Sf8F5I%25Sf105O1484EIX88U1NJI6DPLG9MAD4O7JDUV1BCA85OWSOOS1JE5W4LOM8KGU%25SfKF30J4IR.7JCB%3C%3C7JJFI://MMM.93EGE2O.2EC/2B82A-RQQWVQQZV-RSZTXRRX%3C%3Cg%3C7JJF://MMM.58E0IB8.2EC%3C%3CR%3CR%3CQ%3CQ%3C

89.207.16.75

302 Found

1.0 kB

URL User Request GET HTTP/1.1
cj.dotomi.com/2e106cy65O/y49/NOVPTNNT/NMMSRMMVR/M/M/M?g=yKHB=7JJFI%25Ta%25Sf%25Sf8F5I.8E%25Sf8F5I%25Sf105O1484EIX88U1NJI6DPLG9MAD4O7JDUV1BCA85OWSOOS1JE5W4LOM8KGU%25SfKF30J4IR.7JCB%3C%3C7JJFI://MMM.93EGE2O.2EC/2B82A-RQQWVQQZV-RSZTXRRX%3C%3Cg%3C7JJF://MMM.58E0IB8.2EC%3C%3CR%3CR%3CQ%3CQ%3C
IP
89.207.16.75:443
ASN
#41041 Conversant LLC

Certificate
IssuerGlobalSign nv-sa
Subjectwww.qksrv.net
Fingerprint82:C1:7F:DC:0E:0D:FE:1C:11:82:E4:2F:25:21:EA:14:BE:10:5E:39
ValidityWed, 08 Feb 2023 16:06:02 GMT - Sun, 24 Sep 2023 16:31:05 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (506)
Size
1.0 kB (1017 bytes)
Hash
528727944ef34348682482bcbcafe1d5
ef27cdb924b4b5047a96df2e924e031a625db700
90da5f7cbb5524eca159e86367d8ab3446daf81e64e840b31f17e13de003bfc2

HTTP Headers

GET /2e106cy65O/y49/NOVPTNNT/NMMSRMMVR/M/M/M?g=yKHB=7JJFI%25Ta%25Sf%25Sf8F5I.8E%25Sf8F5I%25Sf105O1484EIX88U1NJI6DPLG9MAD4O7JDUV1BCA85OWSOOS1JE5W4LOM8KGU%25SfKF30J4IR.7JCB%3C%3C7JJFI://MMM.93EGE2O.2EC/2B82A-RQQWVQQZV-RSZTXRRX%3C%3Cg%3C7JJF://MMM.58E0IB8.2EC%3C%3CR%3CR%3CQ%3CQ%3C HTTP/1.1
Host: cj.dotomi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Resin/4.0.66
P3P: policyref="/w3c/p3p-d.xml", CP="NOI DSP NID OUR STP"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 01 Jun 2023 09:47:33 GMT
Set-Cookie: CJSession=59ac5022-ac98-4bac-b528-57029afffcd1; Max-Age=-1; Domain=.dotomi.com; Path=/; Secure; SameSite=None
cjae=JnRBK0WkD23G; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
DotomiUser=400405215330112444$0$1; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
SESS=cjo!wt40-vfp07hu-4-vfp07hu; Max-Age=-1; Domain=.dotomi.com; Path=/; Secure; SameSite=None
Location: https://www.emjcd.com/o9105tenm6/elq/34B59339/3228722B7/2/622627437552334666:LpTDM2YmF45I/76hgc45h228333ggA2cd3ed22c3AdAhB?j=hHE8%3D4GGCF%25QX%25Pc%25Pc5C2F.5B%25Pc5C2F%25Pcyx2Ly151BFU55RyKGF3AMID6J7A1L4GARSy89752LTPLLPyGB2T1ILJ5HDR%25PcHC0xG1FO.4G98%3c>z6B!JGRN-I2CNU4H-R-I2CNU4H%3c4GGCF%3A%2F%2FJJJ.60BDBzL.zB9%2Fz85z7-ONNTSNNWS-OPWQUOOU%3c%3cd%3c4GGC%3A%2F%2FJJJ.25BxF85.zB9%3cSWxzSNPP-xzWV-Ryxz-ySPV-SUNPWx222z0O%3cO%3cO%3cN%3cN%3c
Content-Type: text/html; charset=UTF-8
Content-Length: 1017
Date: Thu, 01 Jun 2023 09:47:33 GMT
X-VC-HTTPS: On

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

1.4 kB

URL
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
1c4961c8635719024dca0a5c40d0ac81
c638128861f9da52c0dfefd3a85c50a3245aa6ad
3fc250cb6c4d42286b922fa48a91155ece97d31f0e7c525dce3cca0b2a7b2a9a

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Jun 2023 09:47:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Jun 2023 09:02:14 GMT
ETag: "c638128861f9da52c0dfefd3a85c50a3245aa6ad"
Last-Modified: Thu, 01 Jun 2023 09:02:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 514
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d06892e8d02b51e-OSL

www.emjcd.com/o9105tenm6/elq/34B59339/3228722B7/2/622627437552334666:LpTDM2YmF45I/76hgc45h228333ggA2cd3ed22c3AdAhB?j=hHE8%3D4GGCF%25QX%25Pc%25Pc5C2F.5B%25Pc5C2F%25Pcyx2Ly151BFU55RyKGF3AMID6J7A1L4GARSy89752LTPLLPyGB2T1ILJ5HDR%25PcHC0xG1FO.4G98%3c%3Ez6B!JGRN-I2CNU4H-R-I2CNU4H%3c4GGCF%3A%2F%2FJJJ.60BDBzL.zB9%2Fz85z7-ONNTSNNWS-OPWQUOOU%3c%3cd%3c4GGC%3A%2F%2FJJJ.25BxF85.zB9%3cSWxzSNPP-xzWV-Ryxz-ySPV-SUNPWx222z0O%3cO%3cO%3cN%3cN%3c

89.207.16.75

302 Found

777 B

URL User Request GET HTTP/1.1
www.emjcd.com/o9105tenm6/elq/34B59339/3228722B7/2/622627437552334666:LpTDM2YmF45I/76hgc45h228333ggA2cd3ed22c3AdAhB?j=hHE8%3D4GGCF%25QX%25Pc%25Pc5C2F.5B%25Pc5C2F%25Pcyx2Ly151BFU55RyKGF3AMID6J7A1L4GARSy89752LTPLLPyGB2T1ILJ5HDR%25PcHC0xG1FO.4G98%3c%3Ez6B!JGRN-I2CNU4H-R-I2CNU4H%3c4GGCF%3A%2F%2FJJJ.60BDBzL.zB9%2Fz85z7-ONNTSNNWS-OPWQUOOU%3c%3cd%3c4GGC%3A%2F%2FJJJ.25BxF85.zB9%3cSWxzSNPP-xzWV-Ryxz-ySPV-SUNPWx222z0O%3cO%3cO%3cN%3cN%3c
IP
89.207.16.75:443
ASN
#41041 Conversant LLC

Certificate
IssuerGlobalSign nv-sa
Subjectwww.qksrv.net
Fingerprint82:C1:7F:DC:0E:0D:FE:1C:11:82:E4:2F:25:21:EA:14:BE:10:5E:39
ValidityWed, 08 Feb 2023 16:06:02 GMT - Sun, 24 Sep 2023 16:31:05 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (386)
Size
777 B (777 bytes)
Hash
9834fdab780cba9f4bb3ba03b28fb664
08ad745a6f07a43e18923d69ccb26290fd5f72fc
7daae14cde90f5c12c69d8623339c7782221c574535e80e6942b4caa531822f4

HTTP Headers

GET /o9105tenm6/elq/34B59339/3228722B7/2/622627437552334666:LpTDM2YmF45I/76hgc45h228333ggA2cd3ed22c3AdAhB?j=hHE8%3D4GGCF%25QX%25Pc%25Pc5C2F.5B%25Pc5C2F%25Pcyx2Ly151BFU55RyKGF3AMID6J7A1L4GARSy89752LTPLLPyGB2T1ILJ5HDR%25PcHC0xG1FO.4G98%3c%3Ez6B!JGRN-I2CNU4H-R-I2CNU4H%3c4GGCF%3A%2F%2FJJJ.60BDBzL.zB9%2Fz85z7-ONNTSNNWS-OPWQUOOU%3c%3cd%3c4GGC%3A%2F%2FJJJ.25BxF85.zB9%3cSWxzSNPP-xzWV-Ryxz-ySPV-SUNPWx222z0O%3cO%3cO%3cN%3cN%3c HTTP/1.1
Host: www.emjcd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Resin/4.0.66
Set-Cookie: S=400405215330112444:JnRBK0WkD23G; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
SESS=cjo!wt40-vfp07hu-4-vfp07hu; Max-Age=-1; Domain=.emjcd.com; Path=/; Secure; SameSite=None
CJSession=59ac5022-ac98-4bac-b528-57029afffcd1; Max-Age=-1; Domain=.emjcd.com; Path=/; Secure; SameSite=None
S=400405215330112444:JnRBK0WkD23G; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 01 Jun 2023 09:47:33 GMT
Location: https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Content-Type: text/html; charset=UTF-8
Content-Length: 777
Date: Thu, 01 Jun 2023 09:47:33 GMT
X-VC-HTTPS: On

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.25.14

200 OK

6.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ipfs.io
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 09:47:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2992750
expires: Tue, 21 May 2024 09:47:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCucjeHAozPL1NFPqrZGk%2Fnyp496uRpnf4reRLe%2BCiXAz7gLycw%2BobkrbILfOMsyUPCIw5gW%2BKLDFyez0JaCtxl55XewMi89lb9GFNaH4rHKYdyOIpfsAeKxcStg0VQqOz7BOqIz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d068935cb7db4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.25.14

200 OK

5.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 09:47:34 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 578019
expires: Tue, 21 May 2024 09:47:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGFdm6rUF8Uckp7mMjjpMg%2BQswfsSHA99icIeZ%2Bg7mzd2iBG0liwKSGn8nRsPy9JbSGlnQcYA3LORSg95HxURt7pDspCy2wZMQc5qZFmGCK9W2yN2k6QN4u8bd5aQ9yTE0YdVWXw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d068935bd8b1c16-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

69.16.175.42

200 OK

24 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
69.16.175.42:443
ASN
#20446 STACKPATH-CDN

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32012)
Size
24 kB (23856 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ipfs.io
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 09:47:34 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1685612854.dop218.sk1.t,1685612854.cds225.sk1.hn,1685612854.cds235.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 09:47:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.w3schools.com/w3css/4/w3.css

192.229.133.221

200 OK

5.3 kB

URL GET HTTP/2
www.w3schools.com/w3css/4/w3.css
IP
192.229.133.221:443
ASN
#15133 EDGECAST

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerDigiCert Inc
Subject*.w3schools.com
FingerprintC1:D8:A1:39:6A:5E:03:D0:6B:53:1B:C0:E7:E0:84:EB:D2:44:AE:A2
ValiditySun, 05 Mar 2023 00:00:00 GMT - Thu, 04 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text
Size
5.3 kB (5250 bytes)
Hash
ba0537e9574725096af97c27d7e54f76
bd46b47d74d344f435b5805114559d45979762d5
4a7611bc677873a0f87fe21727bc3a2a43f57a5ded3b10ce33a0f371a2e6030f

HTTP Headers

GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 3464
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Thu, 01 Jun 2023 09:47:34 GMT
etag: "07ecd35ba93d91:0"
last-modified: Wed, 31 May 2023 12:19:56 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5250
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

216.58.207.234

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:16:38 GMT
expires: Thu, 30 May 2024 00:16:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 120656
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 09:47:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 09:47:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64

142.250.74.68

2.8 kB

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64
IP
142.250.74.68:0
ASN
#15169 GOOGLE

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
2.8 kB (2844 bytes)
Hash
5a551b231c2341f82f5ab6b33cfaee25
3a3a6763ec02d74925f96414eb30d510104b831c
0e1a742676fa7ac374baefafab4468a89074da26d87776a6641ce67959168166

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://aegistax.com/wp-content/uploads/2020/12/logowht_icon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 2844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 May 2023 12:26:46 GMT
expires: Mon, 05 Jun 2023 12:26:46 GMT
cache-control: public, max-age=604800
last-modified: Wed, 17 Feb 2021 13:06:24 GMT
content-type: image/png
age: 249648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 09:47:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64

142.250.74.68

2.8 kB

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64
IP
142.250.74.68:0
ASN
#15169 GOOGLE

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
2.8 kB (2844 bytes)
Hash
5a551b231c2341f82f5ab6b33cfaee25
3a3a6763ec02d74925f96414eb30d510104b831c
0e1a742676fa7ac374baefafab4468a89074da26d87776a6641ce67959168166

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://aegistax.com/wp-content/uploads/2020/12/logowht_icon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 2844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 May 2023 12:26:46 GMT
expires: Mon, 05 Jun 2023 12:26:46 GMT
cache-control: public, max-age=604800
last-modified: Wed, 17 Feb 2021 13:06:24 GMT
content-type: image/png
age: 249649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 09:47:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64

142.250.74.68

200 OK

2.8 kB

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
2.8 kB (2844 bytes)
Hash
5a551b231c2341f82f5ab6b33cfaee25
3a3a6763ec02d74925f96414eb30d510104b831c
0e1a742676fa7ac374baefafab4468a89074da26d87776a6641ce67959168166

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://aegistax.com/wp-content/uploads/2020/12/logowht_icon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 2844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 May 2023 12:26:46 GMT
expires: Mon, 05 Jun 2023 12:26:46 GMT
cache-control: public, max-age=604800
last-modified: Wed, 17 Feb 2021 13:06:24 GMT
content-type: image/png
age: 249648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117

209.94.90.1

200 OK

626 kB

URL User Request GET HTTP/2
ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Certificate
IssuerLet's Encrypt
Subject*.i.ipfs.io
FingerprintDF:57:ED:7D:45:D6:8D:9D:25:3C:13:85:2E:51:0D:AD:64:B8:E5:84
ValidityMon, 27 Mar 2023 17:15:30 GMT - Sun, 25 Jun 2023 17:15:29 GMT

File type
HTML document text\012- exported SGML document, ASCII text, with very long lines (65497), with CRLF line terminators
Size
626 kB (626260 bytes)
Hash
be0f703cc13cb674b28cc4542712f9b9
5a46ef4625c980af3070545a002c672f1fb01dbe
d6ea2194a77fd1dcd0c1c15e771e34671e31a6f55067cbcd4fe73eede0a72690

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - JavaScript obfusction

HTTP Headers

GET /ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117 HTTP/1.1
Host: ipfs.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Thu, 01 Jun 2023 09:47:34 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=29030400, immutable
etag: W/"bafkreigw5iqzjj372honbqoblz3r4ndhdyy2n5kqm7f42t7hh3w6bjzgsa"
x-ipfs-gateway-host: ipfs-bank2-fr2
x-ipfs-path: /ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html
x-ipfs-roots: bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4,bafkreigw5iqzjj372honbqoblz3r4ndhdyy2n5kqm7f42t7hh3w6bjzgsa
x-ipfs-pop: ipfs-bank2-fr2
timing-allow-origin: *
x-ipfs-datasize: 626260
access-control-allow-origin: *
access-control-allow-methods: GET, GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank1-fr2
x-bfid: 810371dadc89db1e5df9110ed4bebbba
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-proxy-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

49 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (48664)
Size
49 kB (48944 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ipfs.io
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 09:47:34 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 03/10/2022 17:24:53
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 860
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: ef892ff5c9dc085ec0475b37e1c16524
cdn-cache: HIT
cf-cache-status: HIT
age: 3905123
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d068935de15fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 09:47:34 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 28656702
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d068935df4cfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64

142.250.74.68

200 OK

2.8 kB

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://ipfs.io/ipfs/bafybeieos7ii4bxtsgnzvqjwkneyhtn45blmkify62yy2btof6evywiuq4/updates1.html?aid=811995&label=affnetcj-12937117_pub-5363453_site-100650095_pname-Auckland+Hotels_clkid-_cjevent-54fea23f006111ee80ab1cb00a18b8f9&utm_source=affnetcj&utm_medium=bannerindex&utm_campaign=gb&utm_term=index-12937117
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
2.8 kB (2844 bytes)
Hash
5a551b231c2341f82f5ab6b33cfaee25
3a3a6763ec02d74925f96414eb30d510104b831c
0e1a742676fa7ac374baefafab4468a89074da26d87776a6641ce67959168166

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://aegistax.com&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://aegistax.com/wp-content/uploads/2020/12/logowht_icon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 2844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 May 2023 12:26:46 GMT
expires: Mon, 05 Jun 2023 12:26:46 GMT
cache-control: public, max-age=604800
last-modified: Wed, 17 Feb 2021 13:06:24 GMT
content-type: image/png
age: 249649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash