| nadie.pelisplusgo.me/ |  104.21.30.65 | 301 Moved Permanently | 0 B |
IP104.21.30.65:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: nadie.pelisplusgo.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 08 Feb 2023 19:42:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 08 Feb 2023 20:42:55 GMT
Location: https://nadie.pelisplusgo.me/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFGCZUTy5oyc6jemtDhe60fR%2BWHyL1sx%2B%2FV2TvlTFrZDu67tR%2BMIbbwRoDMYosy4mGC3ARN0lMdPo3LBplMLJD1FYoVcFq%2BbHEv38CQwACdpIJIGKU9A7vfo4JzsLvZzK98gKJSKwA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7966d9ebc816b524-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ |  23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash565c1bbc5c1c40be1988b3bf6fd9dc1a cfdba5bc597130461dd67bf6cda53183be592493 60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15498
Expires: Thu, 09 Feb 2023 00:01:13 GMT
Date: Wed, 08 Feb 2023 19:42:55 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashb7407cc102d62a5acd5e61f8a79bed36 c2f4890a62454e514962b55b7fc14228339c8e90 be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8065
Expires: Wed, 08 Feb 2023 21:57:20 GMT
Date: Wed, 08 Feb 2023 19:42:55 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashbf0c602d32b3c14606f22a86183b5e3c 6eabd8d83475eba731968abe1a05a8bfd272f160 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 19:34:13 GMT
content-type: application/json
age: 522
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashcc14b0d2f7c451f6431dc87ba54d1d60 bab8bfda6fa3e2f17125353f5147211787dc25d0 b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3824
Expires: Wed, 08 Feb 2023 20:46:39 GMT
Date: Wed, 08 Feb 2023 19:42:55 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashe76071a28ee566dababb3834f46d68ed aebb4e68c1ba2de0f90025283e8ed8470944fde0 78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7IY/UTqNfi3gZKGEMiDQ/IE6J35d1WuvyWL4REio79h984nRE3UI8IPR4c82RJ8553FzTswWrAM=
x-amz-request-id: NJ2MMNJ112W8GACS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 19:36:04 GMT
age: 411
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 19:42:55 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.2.1.min.js | 69.16.175.42 | 200 OK | 30 kB |
URL HTTP/2code.jquery.com/jquery-3.2.1.min.js IP69.16.175.42:0
File typeASCII text, with very long lines (32058) Hash148f8d3ffd9cc02048c5f4d1cc83c407 9f2b89cfd151be6a29b4d43ad64d164fb8471046 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:55 GMT
content-encoding: gzip
content-length: 30125
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675885375.dop201.sk1.t,1675885375.cds225.sk1.hn,1675885375.cds222.sk1.c
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.163 | 200 OK | 471 B |
IP142.250.74.163:0
Hash325a8a10ce2837a8c6820e30572d181c 195d6189f0f10fcb301fce3af4c27028bbcb9eaa 2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 19:42:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hash4a2793786b1ce1206b70d285bea47b94 11747c77f2ef56d889b5148834faa184be7cfc07 af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1975
Cache-Control: max-age=90906
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 19:42:55 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 20:58:01 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
|
|
| cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.js | 104.17.25.14 | 200 OK | 9.3 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.js IP104.17.25.14:0
File typeASCII text, with very long lines (42862) Hash42a2ee3da19d236df26093c57cc4cf2f 2e8d1e1f5304113684417d85b0c22f73d0773a55 a78adc4dc908508947a6f8551e0f85372655de2280bdae263a399b1068517ecf
GET /ajax/libs/slick-carousel/1.8.1/slick.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 9283
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd5-a76f"
last-modified: Mon, 04 May 2020 16:16:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6729474
expires: Mon, 29 Jan 2024 19:42:55 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=esGhA0zpmnJKK3gHVxqQR7sd2%2B3DpU0CXcvVAoQq0FMsKkO1Kt9P8DYKywwEP%2F7qqAjXayucjAYKlUSSYXa6RamfKp8npukAlGwDJgcivNMJ%2Ffv1TiZxv65AqXB%2BS6atRv4abhAr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7966d9efdb460afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hash4a2793786b1ce1206b70d285bea47b94 11747c77f2ef56d889b5148834faa184be7cfc07 af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1976
Cache-Control: max-age=90906
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 19:42:56 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 20:58:02 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.163 | 200 OK | 471 B |
IP142.250.74.163:0
Hash325a8a10ce2837a8c6820e30572d181c 195d6189f0f10fcb301fce3af4c27028bbcb9eaa 2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 19:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 19:14:52 GMT
age: 1684
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash20b6dcf1e4410ffc43ac621490d9b6b1 d619a598cf39ecdabed20bca40bd264a31444eb2 a64f21acf8c9d9d1434a719c71f22f26e3a7f32a9ed381e6e1b5529082e095f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A64F21ACF8C9D9D1434A719C71F22F26E3A7F32A9ED381E6E1B5529082E095F9"
Last-Modified: Tue, 07 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1421
Expires: Wed, 08 Feb 2023 20:06:37 GMT
Date: Wed, 08 Feb 2023 19:42:56 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 3.2 kB |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashd619e3fbc3b20daebbdacc9f4c5fc9d8 28ba8e85d2e37efd92e1c2348df8a897c66c9c4d d6c8964088f29f4ee3a0f620099742ea5c3ca707cd83d1a9b73e455d2f62eabc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6187
Expires: Wed, 08 Feb 2023 21:26:03 GMT
Date: Wed, 08 Feb 2023 19:42:56 GMT
Connection: keep-alive
|
|
| causingguard.com/1d/e2/16/1de216088e12370621eb8b1639aaf1e2.js | 192.243.59.13 | 200 OK | 21 kB |
URL HTTP/1.1causingguard.com/1d/e2/16/1de216088e12370621eb8b1639aaf1e2.js IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document, ASCII text, with very long lines (60204), with no line terminators Hash021c0b5233b96c3137aa19d73fea09f8 ebee390c8aafda80f3f93a934cec2715eaa71c50 aa74c8c62ee40fb32e7cd7e52ed2a88368a99f7572654aba40370e00b31cc928
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /1d/e2/16/1de216088e12370621eb8b1639aaf1e2.js HTTP/1.1
Host: causingguard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 19:42:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a6dede0329a0189048ce54e316b169c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.163 | 200 OK | 471 B |
IP142.250.74.163:0
Hash986afab4bad851da3c4a2b8db670c876 c58b7142ce3bebda918b77649973715dbd71b4d2 24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 19:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 | 142.250.74.67 | 200 OK | 31 kB |
URL HTTP/2fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP142.250.74.67:0
File typeWeb Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data Hashac0d2859ea5f8fd6bcb3c305c08ec184 7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7 ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 07:08:09 GMT
expires: Sat, 03 Feb 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 477287
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 | 142.250.74.67 | 200 OK | 128 kB |
URL HTTP/2fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 IP142.250.74.67:0
File typeWeb Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data Size128 kB (128352 bytes) Hash53436aca8627a49f4deaaa44dc9e3c05 0bc0c675480d94ec7e8609dda6227f88c5d08d2c 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
GET /s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 04:56:10 GMT
expires: Wed, 07 Feb 2024 04:56:10 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 25 Aug 2022 00:26:06 GMT
content-type: font/woff2
age: 139606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.163 | 200 OK | 471 B |
IP142.250.74.163:0
Hash986afab4bad851da3c4a2b8db670c876 c58b7142ce3bebda918b77649973715dbd71b4d2 24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 19:42:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| push.services.mozilla.com/ | 54.149.190.160 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.149.190.160:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FNIzB8PbFB6G26q4HbUbqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Mip+LRvDexDJmOaYuIjOHhKtTo0=
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.110 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.110:0
Hasha28222744ed7330bea9a621b935adcc1 d6c82547cae9ebf20c9e2534b2b072977d721399 14be94c7e087e140464c8d3cb8b77642c6ed07cde45992faa54d577cf26df94a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 19:42:56 GMT
Last-Modified: Wed, 08 Feb 2023 18:50:20 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: i0DbF4IleI1lhaYorBXDSBWSlpRSpLPr0hzOAs89brYxnYYlds5TzQ==
Age: 3156
|
|
| simplewebanalysis.com/stats |  35.156.167.37 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP35.156.167.37:0
File typeASCII text, with no line terminators Hash1d7b33795df3f146ee0d688c3df1f1f4 38b867063cd999b684f0a834885d3dcb23d85d8d 05af4a95535667f8b26d851e0b1b964361470cd61ddce4c2646f378cd0138778
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:56 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nadie.pelisplusgo.me
access-control-allow-credentials: true
set-cookie: uid_id2=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0:2:1; expires=Sat, 05 Feb 2033 19:42:56 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashf6d705e8002f95d392a53d1df55c549a 7351c586a15413121ec29aa736533182d85818ce b9e6075e5f8bf8d14a45546023f43f80df7ee7fee6a13c49eee758d3b6659e14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9E6075E5F8BF8D14A45546023F43F80DF7EE7FEE6A13C49EEE758D3B6659E14"
Last-Modified: Wed, 08 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5050
Expires: Wed, 08 Feb 2023 21:07:07 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashf6d705e8002f95d392a53d1df55c549a 7351c586a15413121ec29aa736533182d85818ce b9e6075e5f8bf8d14a45546023f43f80df7ee7fee6a13c49eee758d3b6659e14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9E6075E5F8BF8D14A45546023F43F80DF7EE7FEE6A13C49EEE758D3B6659E14"
Last-Modified: Wed, 08 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5050
Expires: Wed, 08 Feb 2023 21:07:07 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| competitivepopcheerleader.com/pixel/purst?dl=0&th=0&sc=0&rs=1425&rd=1425&fd=882&bv=22.10.v.9&tmpl=70 | 173.233.137.60 | 200 OK | 0 B |
URL HTTP/1.1competitivepopcheerleader.com/pixel/purst?dl=0&th=0&sc=0&rs=1425&rd=1425&fd=882&bv=22.10.v.9&tmpl=70 IP173.233.137.60:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/purst?dl=0&th=0&sc=0&rs=1425&rd=1425&fd=882&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 19:42:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| competitivepopcheerleader.com/97/b9/79/97b979f5c4591803d5d0da5ba1c90d6b.js | 173.233.137.60 | 200 OK | 13 kB |
URL HTTP/1.1competitivepopcheerleader.com/97/b9/79/97b979f5c4591803d5d0da5ba1c90d6b.js IP173.233.137.60:0
File typeASCII text, with very long lines (37128), with no line terminators Hash0270ba6dd8a7ed142423419cdd400def 82dcce2a19beeddfc90e9b9bca1870903223aec9 a127a0a9c4faca158931d981ece6f355c60d4d98b69d2532c7ad3c1fa5eed17a
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /97/b9/79/97b979f5c4591803d5d0da5ba1c90d6b.js HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 19:42:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8191d1381d88579ef9c43f188c13bd77
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| e1.o.lencr.org/ | 23.33.119.27 | 200 OK | 345 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash8012abc67903501fd07306b5cdca2014 e3f47115db6f7669bdfe4b1222e8f8aa4e3e8d4a b41a520cf782b36627a9f38adeee6796a5157db8a9a9ca45b60a0d34ee9de6c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B41A520CF782B36627A9F38ADEEE6796A5157DB8A9A9CA45B60A0D34EE9DE6C8"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9889
Expires: Wed, 08 Feb 2023 22:27:46 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashbd323d791dcb256ff08d90c5001ccada 380b8b726dfbe5ca828512ce4f73ea2d3cb2ed9a d9d54aad7f3a2eebbef4ae07fce2c11f4f750d8faf6613e5b5ec7540b4d478b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D9D54AAD7F3A2EEBBEF4AE07FCE2C11F4F750D8FAF6613E5B5EC7540B4D478B7"
Last-Modified: Tue, 07 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5443
Expires: Wed, 08 Feb 2023 21:13:40 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.33.119.27 | 200 OK | 345 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash8012abc67903501fd07306b5cdca2014 e3f47115db6f7669bdfe4b1222e8f8aa4e3e8d4a b41a520cf782b36627a9f38adeee6796a5157db8a9a9ca45b60a0d34ee9de6c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B41A520CF782B36627A9F38ADEEE6796A5157DB8A9A9CA45B60A0D34EE9DE6C8"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9889
Expires: Wed, 08 Feb 2023 22:27:46 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| banquetunarmedgrater.com/advertisers.js | 173.233.137.44 | 200 OK | 0 B |
URL HTTP/1.1banquetunarmedgrater.com/advertisers.js IP173.233.137.44:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 19:42:57 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5c1c70a7c639a94d3f591a80f2630b7
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cp.noimgs.net/static/img/_cover/f461731040882171ed33027b79c5457d.jpg | 209.145.62.49 | 200 OK | 19 kB |
URL HTTP/2cp.noimgs.net/static/img/_cover/f461731040882171ed33027b79c5457d.jpg IP209.145.62.49:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 180x270, components 3\012- data Hash7e4fb1331a4056554890d4c5030eed9f 23a2c685234b80e5545ff3ecd128e94390d18674 4026cad26553a59df92cf29e9845839db9c68073fd6ffc3d6a3b206a847072cd
GET /static/img/_cover/f461731040882171ed33027b79c5457d.jpg HTTP/1.1
Host: cp.noimgs.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 19:42:57 GMT
content-type: image/jpeg
content-length: 18641
last-modified: Wed, 11 May 2022 02:48:34 GMT
etag: "627b2402-48d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cp.noimgs.net/static/img/_capture/f461731040882171ed33027b79c5457d.jpg | 209.145.62.49 | 200 OK | 55 kB |
URL HTTP/2cp.noimgs.net/static/img/_capture/f461731040882171ed33027b79c5457d.jpg IP209.145.62.49:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 500x281, components 3\012- data Hashbf3be822b8a919a1b051d5da76625087 822601a198f0114b538f0309c5406a39ceb0fec4 c4df417183034d29c273a99d17114c7f367335250015725a0c33e815ebfacdc8
GET /static/img/_capture/f461731040882171ed33027b79c5457d.jpg HTTP/1.1
Host: cp.noimgs.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 19:42:57 GMT
content-type: image/jpeg
content-length: 54937
last-modified: Wed, 11 May 2022 02:48:38 GMT
etag: "627b2406-d699"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15428
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15428
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15428
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash1d885cfc22a04f1216c98dd64df5338a 589916a844b81fac40af88a772865b8e28dfb64e 40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15428
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 19:42:57 GMT
Connection: keep-alive
|
|
| friendshipmale.com/sfp.js | 172.64.203.23 | 200 OK | 36 kB |
URL HTTP/2friendshipmale.com/sfp.js IP172.64.203.23:0
File typeUnicode text, UTF-8 text, with very long lines (65529), with no line terminators Hash492ad9baa27f6efe990cc15d486ff1a9 c095974f1cedc3c578729cacc120b9b2ab683a0e 060c7bf18fea6cbfd51362216000f2ccd10da61d51357e1db145c1e4cef50936
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | quad9 | Sinkholed | |
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:57 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3caf3527d5f49c3dc071e99d2a15f89a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 Feb 2023 19:42:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TeD6Nbs6%2F0AAo8OnKCRfFgBOcAsajGfIkq6U8bH%2FeWeiMwawlVLNy62h%2BB449lyZZtfBw0lnj9LfAxyiKFX8MmvIbodTw6Jl0pBcVvSAsz8bgSNI69mLL%2BIvygEYKGPSt%2FyVECY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7966d9f8ba352508-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e47a0b9-4a27-4f39-8f25-f88789a2408f.jpeg | 34.120.237.76 | 200 OK | 3.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e47a0b9-4a27-4f39-8f25-f88789a2408f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash0594f78c4fdfed5dd2e0666312555f40 db903b9a3f387c1510170f8d16dd4d289f7df83f 8874083a529064657b18be58147ae7df5fe79c822c4bd2a023fdf3df7186a62e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e47a0b9-4a27-4f39-8f25-f88789a2408f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3712
x-amzn-requestid: 44c7e7bd-1a95-49b6-9b0a-f8aff3725ded
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftbOtH-lIAMF0xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dba591-2fb19c33646c3d327681e9f9;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 11:59:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ws42XiDa6w4O13v7obhNXNfA0QQIv03RG0Ze0IPrKWxxvsvUY2eCVg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:17:56 GMT
age: 77102
etag: "db903b9a3f387c1510170f8d16dd4d289f7df83f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg | 34.120.237.76 | 200 OK | 6.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4bb0e725719ac378134b01b6473a6581 a8a1780c88e8ae219048bed28ecfbd8019d9af35 187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 06:25:01 GMT
age: 47877
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg | 34.120.237.76 | 200 OK | 4.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash33b061f03be149fea0df63b42a8ec226 e5e491c6ef8b6234450a34ee5df28b9a58a8ad43 a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ViawdcUij4_pKnUmO34Oaqjmbtv19ModMaku0MWYTHDeLCR1ikzB_A==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 79255
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash18a84ae645223aba0709b5e16c0207f7 0b865e797846520ccc6fff6fb2ee38d8836bd2c0 b1e4868045f074a84e3de1d82ec3ae22f6d2a1a4131b2a40bcce7f3f5375aff7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9760
x-amzn-requestid: d5d8fdde-048f-4705-9fa4-99fd7d29d804
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f582DETSIAMFmEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a826-52a3b175584df1914260c8ae;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wUaruDuqNDIlR6CWz9G7DAofcvS7UNmtPM7C2ve-RRbp57J43rWPxQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 04:09:02 GMT
age: 56036
etag: "0b865e797846520ccc6fff6fb2ee38d8836bd2c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg | 34.120.237.76 | 200 OK | 8.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash02fde25be5ded120af759d19d8304f73 8d2a4d9ab5947113ce0737d4d4bed3e30a971026 7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GIAPTJF7sfpuubLSngEDMrowvBWW5c1xRlyVf7PQ3o6rGWdFITVioA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:15:10 GMT
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
age: 77268
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash85feb21e391bb91821b5a8502766afb7 24e1465d1e2fb2f1a12ca3d8dcea361c8de7dc39 716e1a6d1f85813b7f16564c782e87ba6b5972076923c50f7863861f62bd2122
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "716E1A6D1F85813B7F16564C782E87BA6B5972076923C50F7863861F62BD2122"
Last-Modified: Wed, 08 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18070
Expires: Thu, 09 Feb 2023 00:44:08 GMT
Date: Wed, 08 Feb 2023 19:42:58 GMT
Connection: keep-alive
|
|
| ocsp.sectigo.com/ | 104.18.32.68 | 200 OK | 472 B |
IP104.18.32.68:0
Hash52465cfb72adfadd9ddcdc40e0ec6baf 837057c1a4decf31f7a0eda4ce2294bc7b14b147 1280ea027add5e71a4646269cee9ed0329af61c557e5c3699d541cd9065c42b7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 19:42:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 17:29:17 GMT
Expires: Tue, 14 Feb 2023 17:29:16 GMT
Etag: "837057c1a4decf31f7a0eda4ce2294bc7b14b147"
Cache-Control: max-age=509777,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7966d9fcb89efab4-OSL
|
|
| widgets.amung.us/small/05/502.png | 172.67.8.141 | 200 OK | 331 B |
URL HTTP/2widgets.amung.us/small/05/502.png IP172.67.8.141:0
File typePNG image data, 80 x 15, 8-bit colormap, non-interlaced\012- data Hash60e048943cbb9e4d6eeb79e4cf0428aa 9efe837b6236d5693c1997b11ccf08b66193e2d9 ee2500922cda6726dec46144c1e99eb1a37945da25ae8810fd9895484a970020
GET /small/05/502.png HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nadie.pelisplusgo.me/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:58 GMT
content-type: image/png
content-length: 331
last-modified: Sun, 13 Jun 2010 09:48:29 GMT
etag: "4c14a96d-14b"
expires: Wed, 11 Jan 2023 21:29:47 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 2499191
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7966d9ffcecfb517-OSL
X-Firefox-Spdy: h2
|
|
| comradeglorious.com/sbar.json?key=97b979f5c4591803d5d0da5ba1c90d6b&uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0%3A2%3A1 | 192.243.59.13 | 200 OK | 4.4 kB |
URL HTTP/1.1comradeglorious.com/sbar.json?key=97b979f5c4591803d5d0da5ba1c90d6b&uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0%3A2%3A1 IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
File typeJSON data\012- , ASCII text, with very long lines (6182), with no line terminators Hash0f8719097f2fb3b7075ced616148be8c 989e9633bab95b65f52d637c87e76dde3cd70d2a aa095f04e9c6afeb20aa534a0ee828aa9127da096d3a9c5ed978dba47464151b
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /sbar.json?key=97b979f5c4591803d5d0da5ba1c90d6b&uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0%3A2%3A1 HTTP/1.1
Host: comradeglorious.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 19:42:58 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nadie.pelisplusgo.me
Access-Control-Allow-Origin: https://nadie.pelisplusgo.me
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16182512; expires=Thu, 09 Feb 2023 19:42:58 GMT; secure; SameSite=None
uid_id2=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0:2:1; expires=Wed, 15 Feb 2023 19:42:58 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 19:42:58 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 19:42:58 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 Feb 2023 19:42:58 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 Feb 2023 19:42:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2ea97b8d0b9ade50b4447b23369492d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| comradeglorious.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv48bVRd9s9mv%2BahACIkC5IICJNZ5Y3vsHVIElhAUETZREohE936N9%2BHneaP3ZjzOimJFJJQGyamgnD3ezQqIIvIHICEvDdpqTYFWgqVAQhQUSEhpaJC9lgy3mHvOnFuce979ZLc4JRQFO7n%2Brt3WxrDzUZ3WXr6tU2lLX9u8VQtpnV6o3dZpu3WhNpx93OC1kEZ1%2BkrtbSV69nyDhpSGNKxd1k4ldnh%2BrkJnD%2BOwHtN6q1EPoxaG7r%2FcFwE8CyAHp%2BQZaDn939b3j6HFBGn%2F60vK93KbvfpWvzAstw4DefBe2kttmaK%2FhIkLkKQHi2lYPyXk8xXY9GCxAexgb7YBuJ6S4McQPD1Y2AQf7J855QYqBZdPoRxMoMwEmk0g7F1oeUwAIbF5DWn%2FwaZ1JbtzprKZOiWrT%2F6CLqdk9ednkfYfbRg9rN20psi1TT2GSQU9nEB3J8iKQ%2BTbAXR5CJF%2FDC0J0n4FLU9eEixqJ7yRrKlWR6y1RLuzFjPO1liHxc120ugkis6j0XoCnUxg1AjMr6DwAQodoEgCFFmAvjypsShOKO0kPGk211tCiGZTiGi9LSPZbK0nFIWYeR8hz0YQZgThdpC5HfT0%2FePwFK74Fn6rgpcBfE4wkBVKRVB6gpIRlJqgzAnKQbUvjW%2F46oE0vuDhojcWvVmNbd7dZfs276qU7Gan5Ol5Zk%2F%2B%2BBM9dVKLOzzuxEkkWlEcrtOmjCSVLOIsFDGVbQ6vK2i%2FAuYDbOspeW6VItNTsvLTJjg7hDeHEDoAK14AK8edBgXbGrfWKbbTR5ky2mem8L5uXRfSVsjyVeR3gl1zSp6fO4l%2FI1Di6OJnn1775YL8AMJVyFyFD%2FV3BF1zb3zDlmTvhi09eXwty3Vfb7PZy97MWa7OffmOulNaJ69c8qMv3hAzYQYf3lI%2Bv8pSqdOuJ19taCmVu2ydUOSbK%2F624tcLv7VRuLTIrl5%2F8%2FKVfuaU99qmEzB9%2FP5HEHpK%2Fu9685t98ffXod0ErqjQL47IoqDtBCLbgc%2BW7r0lcGY5w7MAZVGNXYMvfxpNYNSSM17B%2F4vzJd7199B1AVh%2Bd36pA1dhYCowM4Ivzo3zzB1d%2FKE5L3ATjLlxwR43ztw%2Fi9brk5qKEpoo2lA8iXnSYVTGSSvmLA5Vh0csRO6n4te%2FN%2F4BAAD%2F%2FwEAAP%2F%2FUTWjh4sEAAA%3D | 192.243.59.13 | 200 OK | 7 B |
URL HTTP/1.1comradeglorious.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv48bVRd9s9mv%2BahACIkC5IICJNZ5Y3vsHVIElhAUETZREohE936N9%2BHneaP3ZjzOimJFJJQGyamgnD3ezQqIIvIHICEvDdpqTYFWgqVAQhQUSEhpaJC9lgy3mHvOnFuce979ZLc4JRQFO7n%2Brt3WxrDzUZ3WXr6tU2lLX9u8VQtpnV6o3dZpu3WhNpx93OC1kEZ1%2BkrtbSV69nyDhpSGNKxd1k4ldnh%2BrkJnD%2BOwHtN6q1EPoxaG7r%2FcFwE8CyAHp%2BQZaDn939b3j6HFBGn%2F60vK93KbvfpWvzAstw4DefBe2kttmaK%2FhIkLkKQHi2lYPyXk8xXY9GCxAexgb7YBuJ6S4McQPD1Y2AQf7J855QYqBZdPoRxMoMwEmk0g7F1oeUwAIbF5DWn%2FwaZ1JbtzprKZOiWrT%2F6CLqdk9ednkfYfbRg9rN20psi1TT2GSQU9nEB3J8iKQ%2BTbAXR5CJF%2FDC0J0n4FLU9eEixqJ7yRrKlWR6y1RLuzFjPO1liHxc120ugkis6j0XoCnUxg1AjMr6DwAQodoEgCFFmAvjypsShOKO0kPGk211tCiGZTiGi9LSPZbK0nFIWYeR8hz0YQZgThdpC5HfT0%2FePwFK74Fn6rgpcBfE4wkBVKRVB6gpIRlJqgzAnKQbUvjW%2F46oE0vuDhojcWvVmNbd7dZfs276qU7Gan5Ol5Zk%2F%2B%2BBM9dVKLOzzuxEkkWlEcrtOmjCSVLOIsFDGVbQ6vK2i%2FAuYDbOspeW6VItNTsvLTJjg7hDeHEDoAK14AK8edBgXbGrfWKbbTR5ky2mem8L5uXRfSVsjyVeR3gl1zSp6fO4l%2FI1Di6OJnn1775YL8AMJVyFyFD%2FV3BF1zb3zDlmTvhi09eXwty3Vfb7PZy97MWa7OffmOulNaJ69c8qMv3hAzYQYf3lI%2Bv8pSqdOuJ19taCmVu2ydUOSbK%2F624tcLv7VRuLTIrl5%2F8%2FKVfuaU99qmEzB9%2FP5HEHpK%2Fu9685t98ffXod0ErqjQL47IoqDtBCLbgc%2BW7r0lcGY5w7MAZVGNXYMvfxpNYNSSM17B%2F4vzJd7199B1AVh%2Bd36pA1dhYCowM4Ivzo3zzB1d%2FKE5L3ATjLlxwR43ztw%2Fi9brk5qKEpoo2lA8iXnSYVTGSSvmLA5Vh0csRO6n4te%2FN%2F4BAAD%2F%2FwEAAP%2F%2FUTWjh4sEAAA%3D IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSv48bVRd9s9mv%2BahACIkC5IICJNZ5Y3vsHVIElhAUETZREohE936N9%2BHneaP3ZjzOimJFJJQGyamgnD3ezQqIIvIHICEvDdpqTYFWgqVAQhQUSEhpaJC9lgy3mHvOnFuce979ZLc4JRQFO7n%2Brt3WxrDzUZ3WXr6tU2lLX9u8VQtpnV6o3dZpu3WhNpx93OC1kEZ1%2BkrtbSV69nyDhpSGNKxd1k4ldnh%2BrkJnD%2BOwHtN6q1EPoxaG7r%2FcFwE8CyAHp%2BQZaDn939b3j6HFBGn%2F60vK93KbvfpWvzAstw4DefBe2kttmaK%2FhIkLkKQHi2lYPyXk8xXY9GCxAexgb7YBuJ6S4McQPD1Y2AQf7J855QYqBZdPoRxMoMwEmk0g7F1oeUwAIbF5DWn%2FwaZ1JbtzprKZOiWrT%2F6CLqdk9ednkfYfbRg9rN20psi1TT2GSQU9nEB3J8iKQ%2BTbAXR5CJF%2FDC0J0n4FLU9eEixqJ7yRrKlWR6y1RLuzFjPO1liHxc120ugkis6j0XoCnUxg1AjMr6DwAQodoEgCFFmAvjypsShOKO0kPGk211tCiGZTiGi9LSPZbK0nFIWYeR8hz0YQZgThdpC5HfT0%2FePwFK74Fn6rgpcBfE4wkBVKRVB6gpIRlJqgzAnKQbUvjW%2F46oE0vuDhojcWvVmNbd7dZfs276qU7Gan5Ol5Zk%2F%2B%2BBM9dVKLOzzuxEkkWlEcrtOmjCSVLOIsFDGVbQ6vK2i%2FAuYDbOspeW6VItNTsvLTJjg7hDeHEDoAK14AK8edBgXbGrfWKbbTR5ky2mem8L5uXRfSVsjyVeR3gl1zSp6fO4l%2FI1Di6OJnn1775YL8AMJVyFyFD%2FV3BF1zb3zDlmTvhi09eXwty3Vfb7PZy97MWa7OffmOulNaJ69c8qMv3hAzYQYf3lI%2Bv8pSqdOuJ19taCmVu2ydUOSbK%2F624tcLv7VRuLTIrl5%2F8%2FKVfuaU99qmEzB9%2FP5HEHpK%2Fu9685t98ffXod0ErqjQL47IoqDtBCLbgc%2BW7r0lcGY5w7MAZVGNXYMvfxpNYNSSM17B%2F4vzJd7199B1AVh%2Bd36pA1dhYCowM4Ivzo3zzB1d%2FKE5L3ATjLlxwR43ztw%2Fi9brk5qKEpoo2lA8iXnSYVTGSSvmLA5Vh0csRO6n4te%2FN%2F4BAAD%2F%2FwEAAP%2F%2FUTWjh4sEAAA%3D HTTP/1.1
Host: comradeglorious.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Cookie: u_pl=16182512; uid_id2=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 19:42:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 76cbc8b23d2c342ef04ffa8ec31fd9a1
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashc81e9ec75a16f618502eb732387400da ac79f86908695a91b005a789926831ac2f8c8f4b 2730dfd25d24900e199b8eac39aed97bfb479427227cc1724aea915d91989176
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2730DFD25D24900E199B8EAC39AED97BFB479427227CC1724AEA915D91989176"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9468
Expires: Wed, 08 Feb 2023 22:20:46 GMT
Date: Wed, 08 Feb 2023 19:42:58 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.33.119.27 | 200 OK | 345 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashe52c62e29c66d8b8ced593c18dc6f97b 9fd8008871bcdbe98471cc1d49abe429f68208ec a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8852
Expires: Wed, 08 Feb 2023 22:10:31 GMT
Date: Wed, 08 Feb 2023 19:42:59 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.33.119.27 | 200 OK | 345 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashe52c62e29c66d8b8ced593c18dc6f97b 9fd8008871bcdbe98471cc1d49abe429f68208ec a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8852
Expires: Wed, 08 Feb 2023 22:10:31 GMT
Date: Wed, 08 Feb 2023 19:42:59 GMT
Connection: keep-alive
|
|
| cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png | 172.64.166.9 | 200 OK | 4.0 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png IP172.64.166.9:0
File typePNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data Hash23e9690b0e7ac26868363a6248f44467 d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395
GET /sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:59 GMT
content-type: image/png
content-length: 4022
last-modified: Wed, 17 Feb 2021 11:46:53 GMT
etag: "602d022d-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1138202
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rUAZyKdrymHOXnXodkvVe2MJjQIbYQ%2FsG1oit%2BnxaaaFhFklDVObE1gnMtCDAZYTLnhg2k7%2FCyRr%2By855ykOEv1aHKwOr1qC0I7kDVra%2BwMJIm%2B5xVEgAeuofaMzNLNI%2BKuhxzCkPKDl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7966da03287423b4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.33.119.27 | 200 OK | 345 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashe52c62e29c66d8b8ced593c18dc6f97b 9fd8008871bcdbe98471cc1d49abe429f68208ec a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8852
Expires: Wed, 08 Feb 2023 22:10:31 GMT
Date: Wed, 08 Feb 2023 19:42:59 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash7873316c03b78ff1885778bd0e51ee34 441406bbfb620c4f0da3b3553840e008655aa689 104baaf054240301dbbfc50991ec38e8879a5c49f12e8e82bf3b5b5dc5b2ee33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "104BAAF054240301DBBFC50991EC38E8879A5C49F12E8E82BF3B5B5DC5B2EE33"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7343
Expires: Wed, 08 Feb 2023 21:45:22 GMT
Date: Wed, 08 Feb 2023 19:42:59 GMT
Connection: keep-alive
|
|
| cdn.cloudimagesb.com/si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png | 45.133.44.10 | 200 OK | 33 kB |
URL HTTP/2cdn.cloudimagesb.com/si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png IP45.133.44.10:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hash2cb2500acb00f247ef19403c3a0f89e1 7c57e8b84b2bb0003810ffae7a14e24869155464 7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:59 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:28:39 GMT
etag: "636567e7-7ffb"
expires: Fri, 10 Feb 2023 19:42:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash684cc8beee740cc991cc3347d693f1a8 a48d526397f249e134e8207899ca290b50fa0bf0 96093863c0cfc887145e90af5d1fa901e74c0446447321332d783e3f59dd402d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96093863C0CFC887145E90AF5D1FA901E74C0446447321332D783E3F59DD402D"
Last-Modified: Tue, 07 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8110
Expires: Wed, 08 Feb 2023 21:58:09 GMT
Date: Wed, 08 Feb 2023 19:42:59 GMT
Connection: keep-alive
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.67 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.67:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 250859
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.67 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.67:0
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 13:09:06 GMT
expires: Wed, 07 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 110033
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=97b979f5c4591803d5d0da5ba1c90d6b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 | 192.243.61.225 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=97b979f5c4591803d5d0da5ba1c90d6b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=97b979f5c4591803d5d0da5ba1c90d6b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 19:42:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97096737b5eaf643430f6710f06b3ad5
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1de216088e12370621eb8b1639aaf1e2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 | 192.243.61.225 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1de216088e12370621eb8b1639aaf1e2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=ca56fb2f-e47c-4c67-9aba-a7a936f27fe0&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=1de216088e12370621eb8b1639aaf1e2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 19:42:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb4b26d5d8e019edff41f2fcc903d174
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html | 45.133.44.4 | 200 OK | 657 B |
URL HTTP/2cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html IP45.133.44.4:0 ASN#39572 DataWeb Global Group B.V.
Hasha8d49d5b0ca56a12a44df7664e6cec0a dfad866415c42c1d9350826a3eb2a878bbdda2ff fcf6518eb185e94dfda1f6e2fa01941aba8e08c3927da527480edc8ce2a4f37b
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:58 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 08 Feb 2023 20:42:58 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css | 172.64.166.9 | 200 OK | 4.8 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css IP172.64.166.9:0
Hash21eb7a65c17a2c22ba104a7ecbf1dc0f ea8c53be54889c7489aed04e30e3eb83af64dec9 090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:59 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:46:51 GMT
etag: W/"602d022b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QFpaf1oOL8rdw2zsn5%2F8xZYE1dEs55DpoZnVNwwX3O0V0q3dp4VNnGK5577RPaNRtm7SKkbaj1xh7lQUOBdpRHmaRM%2FNQXwvwMxbkHlIb4HrA4Efx2zb0pQzPzdoLCHV%2FF9nd6zPvjjk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7966da03184623b4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nadie.pelisplusgo.me/ | 172.67.172.53 | 200 OK | 0 B |
IP172.67.172.53:0
GET / HTTP/1.1
Host: nadie.pelisplusgo.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:55 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
allow: GET, POST, OPTIONS, PUT, DELETE
expires: Thu, 19 Nov 1981 08:52:00 GMT, -1
cache-control: no-store, no-cache, must-revalidate, private, must-revalidate
pragma: no-cache, no-cache
set-cookie: PHPSESSID=67n1sa2gr6q809gr9nfrv50f0e; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cv3PN1B5ITk656KiWDCP1W7PvMua8b1GLLqXQA6SrgxDx%2FTNmv4ddw3xpZSUPChKexyM7keikBkiI4I%2BJYqfILXF5q%2F7U43BYqXSHqaSIl%2Fql3dRoFNDkRZ%2BBWXYC1NP7pkaO6vFbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7966d9edbbd1b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/icon?family=Material+Icons|Montserrat:300,200,500,600,700&display=swap | 142.250.74.106 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/icon?family=Material+Icons|Montserrat:300,200,500,600,700&display=swap IP142.250.74.106:0
GET /icon?family=Material+Icons|Montserrat:300,200,500,600,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 19:42:55 GMT
date: Wed, 08 Feb 2023 19:42:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| whos.amung.us/swidget/pelisplusgo.png | 172.67.8.141 | 307 Temporary Redirect | 0 B |
URL HTTP/2whos.amung.us/swidget/pelisplusgo.png IP172.67.8.141:0
GET /swidget/pelisplusgo.png HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Wed, 08 Feb 2023 19:42:58 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/small/05/502.png
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7966d9feec75b517-OSL
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css | 172.64.166.9 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css IP172.64.166.9:0
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nadie.pelisplusgo.me
Connection: keep-alive
Referer: https://nadie.pelisplusgo.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 19:42:59 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 11:41:22 GMT
etag: W/"614c67e2-160c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1hi%2BjRT4%2B3SJS27AhfLS%2FnxEO1kdZojPoqzMPuqeneqcEJUrZ0NM9kI8mAqNuZHjgaTcTTGPKGKJJn%2Bc6iPIQCWKDFE6T2O%2FvfO9diykxVHsfVDQ1oSgaEilJidoDTJYMfVL3m9u73R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7966da03287623b4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|