Report - neexulro.net/-1APBO/3TYuU?rndad=^

Report Overview

Submitted URL
neexulro.net/-1APBO/3TYuU?rndad=^
IP
104.21.0.99
ASN
#13335 CLOUDFLARENET
Submitted
2023-01-28 18:57:42
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.163.1.35
hethisisath.xyz	unknown	2023-01-24T07:52:33Z	2023-02-28T02:44:11Z	2.0 kB	3.2 kB	65.9.44.118
dhthrewdownth.xyz	unknown	2023-01-23T13:24:35Z	2023-02-28T02:44:25Z	521 B	575 B	188.114.96.1
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	61 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
fbcdn2.com	115102	2017-11-29T19:25:05Z	2023-03-13T05:21:11Z	562 B	10 kB	104.16.218.20
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	570 B	93.184.220.29
cdn.ay.gy	544616	2014-01-23T13:37:06Z	2023-03-11T18:21:53Z	1.2 kB	23 kB	188.114.97.1
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-13T05:21:46Z	1.0 kB	2.2 kB	23.36.76.226
onclickgenius.com	65265	2015-05-27T15:58:12Z	2023-03-13T05:20:59Z	443 B	1.7 kB	35.190.71.96
pogothere.xyz	unknown	2022-09-04T21:11:25Z	2023-03-13T05:42:24Z	793 B	1.7 kB	172.64.106.19
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.0 kB	2.1 kB	142.250.74.131
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	377 B	42 kB	142.250.74.40
d1nmxiiewlx627.cloudfront.net	unknown	2020-12-03T08:36:04Z	2023-03-11T18:22:04Z	845 B	37 kB	54.230.245.135
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	654 B	442 B	216.239.32.36
neexulro.net	unknown	2022-07-20T11:13:27Z	2023-03-12T14:04:56Z	364 B	949 B	104.21.0.99
oaxyteek.net	unknown	2022-07-20T11:12:31Z	2023-03-13T09:06:15Z	793 B	4.7 kB	172.67.157.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-28 18:57:44	low	172.67.157.221	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-01-28 18:57:44	low	172.67.157.221	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-01-28 18:57:44	low	172.67.157.221	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	d1nmxiiewlx627.cloudfront.net/?ixmnd=709056	Malware
2023-01-28	medium	d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	pogothere.xyz	Sinkholed
2023-01-28	medium	pogothere.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-5NL9VFJ	105 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5NL9VFJ IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:01:54 Last Seen2023-03-13 10:07:59 Times Seen1 Hash f3c80c4f5dce6ab6827b7ccbeadfaeec c7c76ff59e1405142d9697fcfc2c238420961eee 873e304329a1a1fa9e036d58e96e499becfea76130fd8e7090ec56a60bfe2908 Loading...

	www.googletagmanager.com/gtag/js?id=G-GT41R23D5L&l=dataLayer&cx=c	232 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-GT41R23D5L&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:07:21 Last Seen2023-03-13 10:29:55 Times Seen1 Hash 2bfd3539fa879efd74e68fec4f843ee6 69771ce193cce14de3c418025e89a527b53177bb 76d61a2fc971704839263e90266fb00dd08b90f7e4ac3203d8b0d9036222e926 Loading...

	d1nmxiiewlx627.cloudfront.net/?ixmnd=709056	108 kB	2023-03-13	2023-03-13
Pretty URL d1nmxiiewlx627.cloudfront.net/?ixmnd=709056 IP 54.230.245.135 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:07:21 Last Seen2023-03-13 10:07:21 Times Seen1 Hash e4ca568865ed10af2de65b4c8fb5d347 77f6a86966830487a680e72c8baef52149b630b6 f3866932142b2771ea03b4fcd57546508266e33daf4110b8b547c366cca1c161 Loading...

	hethisisath.xyz/MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg	3.0 kB	2023-03-13	2023-03-13
Pretty URL hethisisath.xyz/MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg IP 65.9.44.118 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:07:21 Last Seen2023-03-13 10:07:21 Times Seen1 Hash e0edc668a259e1d7ccae3823b7c37fe1 2643597be285ef1a07683de1c65ad3e2ddabbe23 2fb220dc18c62637f7070a238f61870901f50c73355ccb8eecc6bb699128d56f Loading...

	fbcdn2.com/script/firefox.js	12 kB	2023-03-07	2023-06-18
Pretty URL fbcdn2.com/script/firefox.js IP 104.16.218.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-06-18 12:11:27 Times Seen185 Hash 1461940cfd6093640b63b931682cce4d 9f5e4ee175dbbbf6919b8e4b73224f51b0723de8 b20c2fe21ce9bbaac046f903eca490faa00d93288243574fbb4c60244d9767e8 Loading...

	d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ	595 B	2023-03-13	2023-03-13
Pretty URL d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ IP 54.230.245.135 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:07:21 Last Seen2023-03-13 10:07:21 Times Seen1 Hash e5baa7a5d0e1b69c59d790055bf3021a 69b90dee598d80a44710ab615fa29a237dc98a29 d25f6d2caa6d11996d5d282ab135d99e5a7c78c33a507a0a117455d37c53a487 Loading...

	oaxyteek.net/not-found.php	341 B	2023-03-10	2023-05-14
Pretty URL oaxyteek.net/not-found.php IP 172.67.157.221 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 07:49:27 Last Seen2023-05-14 09:10:31 Times Seen85 Hash 85fc9111b0ef7e154a67d8191eeb2ab8 cc2fc4aab1abffb44c72cd144f8435ce74531659 c62af88944f869e1f462cb666048f6e430c684e1ef43882e4486b95790e8ec62 Loading...

	fbcdn2.com/script/compatibility.js	14 kB	2023-03-07	2024-03-30
Pretty URL fbcdn2.com/script/compatibility.js IP 104.16.218.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2024-03-30 19:38:05 Times Seen474 Hash 946bb9192a14e6dad035a9ec8178f073 4ed49123d975e7d51fcc523845ef7bba4157c56e 7cb4263ccaaa637a20896180c003024db4b27f66c7fda6369bf852176003422c Loading...

	onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com	5.6 kB	2023-03-13	2023-03-13
Pretty URL onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com IP 35.190.71.96 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:07:21 Last Seen2023-03-13 10:07:21 Times Seen1 Hash 4934d76e5ef01477bf7209845c1ac6f4 8480f3ae6fd402f19c8e86ad3823496385f483a7 72e2735d4193b70d16788b95cec985ead9eb379e9f801d61a37fe4db98562d4d Loading...

	oaxyteek.net/not-found.php	6.7 kB	2023-03-07	2023-04-02
Pretty URL oaxyteek.net/not-found.php IP 172.67.157.221 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:29 Last Seen2023-04-02 21:32:51 Times Seen15 Hash 9301c0fc771dcdabf5ffc865e9b7094e 46cb435f4952bf108a7548deb9e6bfe9bea1fdae 4905e3fb942431f0a4971ec73e5f3070a8b1d8ba18452e64506a8331d5c52c5e Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11964
Expires: Sat, 28 Jan 2023 22:16:56 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive

neexulro.net/-1APBO/3TYuU?rndad=^

104.21.0.99

301 Moved Permanently

0 B

URL HTTP/1.1
neexulro.net/-1APBO/3TYuU?rndad=^
IP
104.21.0.99:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /-1APBO/3TYuU?rndad=^ HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=d6n7aoov9i2v5ltl25ljdckj8c; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: http://oaxyteek.net/-123055CJSE/-1APBO?rndad=1532635802-1674932252
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyb5t8JFM6T4iVQPnzubP5c85YYsmZzWgWmSYmUOhPOhQK%2B43rR7pOJ6CwsYVM1upqwjgouQ7HvAxVNnq3faYtUYbqC%2BGfZZcBbEs%2B0wk%2FREr6ES3Neuc%2FKsdvb6HXc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790bf44dba28b509-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14422
Expires: Sat, 28 Jan 2023 22:57:54 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 18:35:31 GMT
content-type: application/json
age: 1321
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3154
Expires: Sat, 28 Jan 2023 19:50:06 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: bFFv+1BVQ6Snet7sbQ4EoxtE7tzSiF5iL4pHh1GE4VlENSlHEO/p6tFKykuSqLhY5EzDYcnQapk=
x-amz-request-id: 0GFD5GD38D0YGTZQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 18:50:01 GMT
age: 451
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:57:32 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

oaxyteek.net/-123055CJSE/-1APBO?rndad=1532635802-1674932252

172.67.157.221

302 Found

0 B

URL HTTP/1.1
oaxyteek.net/-123055CJSE/-1APBO?rndad=1532635802-1674932252
IP
172.67.157.221:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /-123055CJSE/-1APBO?rndad=1532635802-1674932252 HTTP/1.1
Host: oaxyteek.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=r14iks39e4d458ou7ai6j91lg2; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: /not-found.php
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSqiYxbBCvDaj5D74vHqgkIc4eePVI9kym5HnfJpBbmmIhUa7TD%2FtM9%2Fs0g3z0B5yDWiN5luhMj6%2F6xy0sq9bpt6pPNecYHTQ86tgdRBsCIO%2BIBTvd4c3mTo2cwOzLU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790bf44fcbc4b500-OSL
alt-svc: h2=":443"; ma=60

oaxyteek.net/not-found.php

172.67.157.221

404 Not Found

3.2 kB

URL HTTP/1.1
oaxyteek.net/not-found.php
IP
172.67.157.221:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6710)
Size
3.2 kB (3156 bytes)
Hash
6ac395b523796e2401042d46434a3c66
79a04a140d22d8de9885664ab8087327376538e4
ac3331105691e1b3ef2e5aee51010c4a816188806c9fdb4c9fd2f227c3748da8

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /not-found.php HTTP/1.1
Host: oaxyteek.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: FLYSESSID=r14iks39e4d458ou7ai6j91lg2
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVTTGGbMa9U%2FR9YbIVwFIyliZdqzP5n8NFMFmMQxpjJWVRnv4Dn3HQ4i0GElRfz43hVImqYiMK%2Bv082sVp3PfN7fvawa9kxCLD8Q89J4p3BtWTeVCjTGY1EaSUjMQwQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790bf451ae18b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 18:41:40 GMT
age: 952
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5NL9VFJ

142.250.74.40

200 OK

41 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-5NL9VFJ
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
41 kB (40980 bytes)
Hash
fe4173fa0e91d1c909be3f3b17912a1e
bd0b3d0e21815af7d52edff6cb7afadf4feb7cee
d6e7bd61148a5b885a29f92a795c1967c7443092006bfd27f45dad604ee45fd8

HTTP Headers

GET /gtm.js?id=GTM-5NL9VFJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 18:57:32 GMT
expires: Sat, 28 Jan 2023 18:57:32 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 40980
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
9373365e5382d8135ed37acb13d23bd8
65f7057b6f24005e9175c0b4d67273bc9a2138d3
bef54e0f9d58fe31d13c93b0dee78b8e62ef24dd48c65a887133c79e2cbaf44c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=166911
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Etag: "63d5591b-116"
Expires: Mon, 30 Jan 2023 17:19:23 GMT
Last-Modified: Sat, 28 Jan 2023 17:19:23 GMT
Server: nginx
Content-Length: 278

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12813
Expires: Sat, 28 Jan 2023 22:31:05 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive

cdn.ay.gy/static/image/header_gradient.jpg

188.114.97.1

200 OK

8.9 kB

URL HTTP/2
cdn.ay.gy/static/image/header_gradient.jpg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x370, components 3\012- data
Size
8.9 kB (8872 bytes)
Hash
fb59af58265bb1390fb680a13aa401bd
bd8ea333c27936aa02250d4e5258d71c3faf5d14
31046d9e08a11c69776b85464fbb52bd99e83950b368c556a280cbad09e164b4

HTTP Headers

GET /static/image/header_gradient.jpg HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.ay.gy/static/css/static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:32 GMT
content-type: image/jpeg
content-length: 8872
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:17:00 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "22a8-5faa60e6-8ea5f64bb41938f5;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2432
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEvFs9W3sTwpXqLs8XpzJgyp%2BFR%2BsiwZEnFG632cvEz8vmAn5c7nb%2FAaYam2awzeFqBbgYY2B65S46Gr7%2Bljt25rE5%2FxPrHSMKNjEuM%2FwReEnNHrTjAQAfWt4cA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790bf454d98f0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.ay.gy/static/css/static.css

188.114.97.1

200 OK

11 kB

URL HTTP/2
cdn.ay.gy/static/css/static.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
11 kB (10902 bytes)
Hash
bdcf3c0b22d873574ea9502de5e87792
feef2d201f0b49ab3ab70ac579f4dc1794d4ef7b
cf8f518298c7dab2b3a9fea040c5312ce80f86ba02d352f557f36cb9106e368d

HTTP Headers

GET /static/css/static.css HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:32 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=420
cache-control: public, max-age=604800
etag: W/"1a4-5faa60e6-959389537b65d2c0;gz"
expires: Sat, 04 Feb 2023 18:34:40 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPZ%2B47n1GoigD%2FVG9X1yOG9%2BWJpC71Xt%2FmHa1MQl2CzvpYTWGnx9o%2FVdJR3Hv65uf2CNdCn3uawoUy9kMlXzmrA3ZJZ3l43exm1bVuLC3fz3EGJ65U%2BLToYb7r4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790bf454b94e0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fbcdn2.com/script/compatibility.js

104.16.218.20

200 OK

4.9 kB

URL HTTP/1.1
fbcdn2.com/script/compatibility.js
IP
104.16.218.20:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (14461), with no line terminators
Size
4.9 kB (4901 bytes)
Hash
dfc1ef193e722034b53ecdad122950eb
0bc2035e46a7ebc8e22f06f7f4d8e6aa646c7f19
35c379bfbbac999a2ca7542c1ce9c3796f5e51ca5896b06e84fb8ddf41e0870d

HTTP Headers

GET /script/compatibility.js HTTP/1.1
Host: fbcdn2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/

HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdu6SV7GZH7FqQnppnmMyP-I_uS9-WTSFBst6U-Axe1UNPYkmFJrjBPFv5QNcGeOmX1RcfMnh8Op_LSNNoqamKZ3iQ
x-goog-generation: 1655802523449377
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14461
x-goog-hash: crc32c=COVK0Q==, md5=lGu5GSoU5trQNansgXjwcw==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 28 Jan 2023 22:57:32 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 21 Jun 2022 09:08:43 GMT
ETag: W/"946bb9192a14e6dad035a9ec8178f073"
CF-Cache-Status: HIT
Age: 33
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790bf4551b67b51d-OSL
Content-Encoding: gzip

d1nmxiiewlx627.cloudfront.net/?ixmnd=709056

54.230.245.135

200 OK

36 kB

URL HTTP/1.1
d1nmxiiewlx627.cloudfront.net/?ixmnd=709056
IP
54.230.245.135:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15481)
Size
36 kB (36020 bytes)
Hash
5d717f6744d7366bcae877708c954211
6a19b5689d37a178b4bca16d29305140334aaad5
1840e9db4e155e5139fa5473f04a8b805f9110dbc7b3bb61271614550e0c3c03

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?ixmnd=709056 HTTP/1.1
Host: d1nmxiiewlx627.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/

HTTP/1.1 200 OK
Content-Length: 36020
Connection: keep-alive
Date: Sat, 28 Jan 2023 18:57:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Pr1DPrZbRRRrEYsFWTTHzSuc4ZYd37Nlou94naA_zEg4sLrjOiTAIg==

push.services.mozilla.com/

35.163.1.35

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.1.35:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nSwZzZU1T1H6KocvwsELgQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XQwQOW/I1VDpCtQzdcbdElsOzE0=

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7602
Expires: Sat, 28 Jan 2023 21:04:15 GMT
Date: Sat, 28 Jan 2023 18:57:33 GMT
Connection: keep-alive

onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com

35.190.71.96

200 OK

1.5 kB

URL HTTP/1.1
onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com
IP
35.190.71.96:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5584)
Size
1.5 kB (1476 bytes)
Hash
a1be62f4c98a0a4258e1196554587ab5
993ddd38f09632e972bb7ccc25382fbae5c16f16
4f5476dc25af46901abeeb1637cf8898044e1019146de8231d34daaf9c39d66b

HTTP Headers

GET /script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com HTTP/1.1
Host: onclickgenius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 28 Jan 2023 18:57:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google

hethisisath.xyz/MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg

65.9.44.118

200 OK

1.2 kB

URL HTTP/1.1
hethisisath.xyz/MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg
IP
65.9.44.118:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Size
1.2 kB (1198 bytes)
Hash
e08cf24b50fc1d94db1c0caae47d714d
da3ab9c28e90195e6c313bb87c8b3499a425f309
3741637d008a0ab1cf2acaca6d9293cd165722307d2bc5e25805039f2370f494

HTTP Headers

GET /MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1198
Connection: keep-alive
Date: Sat, 28 Jan 2023 18:57:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 d661c8f821b4dd0011bb1bb50baf07c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: CP9p7HooqgOWJJO-b4Fd-n5Buv9Yw-fkI9FNPnWd3_um6T1bTuyC6A==

fbcdn2.com/script/firefox.js

104.16.218.20

200 OK

3.7 kB

URL HTTP/1.1
fbcdn2.com/script/firefox.js
IP
104.16.218.20:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (11758), with no line terminators
Size
3.7 kB (3741 bytes)
Hash
9cec94fe431f2a287a07b6ae67093935
77cfbdf64caeabaa890e537408e66d9c3fd80cde
f803761c68ac15eaad6f0ccd84b35ac312da397359f6badf8b8c40b5df068896

HTTP Headers

GET /script/firefox.js HTTP/1.1
Host: fbcdn2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/

HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 18:57:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdvH-yqjXKyaHKUPK-aQKwedkGEubqC3QMOqF_XwP5SDPhN4By_4HctypCwXqOBx7LQKpL2ZiP3qSkpfNExP2kFHWw
Expires: Sat, 28 Jan 2023 22:57:33 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 21 Jun 2022 09:08:59 GMT
ETag: W/"1461940cfd6093640b63b931682cce4d"
x-goog-generation: 1655802539797909
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11758
x-goog-hash: crc32c=BzbV2Q==, md5=FGGUDP1gk2QLY7kxaCzOTQ==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790bf4569d7ab51d-OSL
Content-Encoding: gzip

dhthrewdownth.xyz/RzYyeXJoCVEKTxFYZAETd0JaKCcjb1Q+JAVldDNXdXRoEhYEbmoOVDNfVkRFdw8CTERhRlsdT3UPFAoGJkJHCk92EFsXFCgLFA9PdhgCV0R3GANfB3oHFA0CJlEPSFQ3QkYVT3YABU1LdAQATEV3DgU

188.114.96.1

204 No Content

0 B

URL HTTP/2
dhthrewdownth.xyz/RzYyeXJoCVEKTxFYZAETd0JaKCcjb1Q+JAVldDNXdXRoEhYEbmoOVDNfVkRFdw8CTERhRlsdT3UPFAoGJkJHCk92EFsXFCgLFA9PdhgCV0R3GANfB3oHFA0CJlEPSFQ3QkYVT3YABU1LdAQATEV3DgU
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /RzYyeXJoCVEKTxFYZAETd0JaKCcjb1Q+JAVldDNXdXRoEhYEbmoOVDNfVkRFdw8CTERhRlsdT3UPFAoGJkJHCk92EFsXFCgLFA9PdhgCV0R3GANfB3oHFA0CJlEPSFQ3QkYVT3YABU1LdAQATEV3DgU HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 28 Jan 2023 18:57:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSa5U1Ot1S1GRlsyr7unSgjl5Ixkgm9Z0Emj0v22E83uqnFoyfhXo34%2BO0daso3qvbK58Hif88k4%2BqMTBuUi4CPlfakR%2B58VLGu4f24k%2F8LJ13XgD4OY2LPyDrUIbQ5OlLKnxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790bf457296c0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.ay.gy/static/image/favicon.ico

188.114.97.1

200 OK

1.1 kB

URL HTTP/2
cdn.ay.gy/static/image/favicon.ico
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.1 kB (1081 bytes)
Hash
e3cbe64708ae336ed59ef6fd14806bcf
178ed19d9fd29ea9e2c6043d627c43659ac37739
793b196f5619c5b1ca30fc146c1d474b3325c2c11c80d81924bb7ef17f06fe75

HTTP Headers

GET /static/image/favicon.ico HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:33 GMT
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:17:00 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: W/"47e-5faa60e6-ae87f5cbe4d6cff3;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYwiG%2FPNyG%2BaJAk%2Fks3X22PAUVYQnjTfhZwbDR1AmLUzifcnnoYrN4yl4W0iw1FBQ9Ccuj1Q6ntlHjZShVgqJdct%2BzFPnVtIQRSS0OiqC2GtMhXeO4x90qCd6qA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790bf457ecf40b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10647
Expires: Sat, 28 Jan 2023 21:55:00 GMT
Date: Sat, 28 Jan 2023 18:57:33 GMT
Connection: keep-alive

hethisisath.xyz/utx?cb=7aEV9J7jTqFX&top=oaxyteek.net&tid=709056

65.9.44.118

204 No Content

0 B

URL HTTP/2
hethisisath.xyz/utx?cb=7aEV9J7jTqFX&top=oaxyteek.net&tid=709056
IP
65.9.44.118:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=7aEV9J7jTqFX&top=oaxyteek.net&tid=709056 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oaxyteek.net
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 28 Jan 2023 18:57:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://oaxyteek.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 18:58:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5c2d36b0430d7877f1609d99fe01caa8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: TgqByt6T7zSI8L8W5FSZetGj4Yf3j3GKG-qxFcnaJEykws3ZHLTbZw==
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10647
Expires: Sat, 28 Jan 2023 21:55:00 GMT
Date: Sat, 28 Jan 2023 18:57:33 GMT
Connection: keep-alive

pogothere.xyz/

172.64.106.19

200 OK

29 B

URL HTTP/2
pogothere.xyz/
IP
172.64.106.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
7237713c999881e6f26cda45d5671fc0
2910cc022487badb1717798dd46b2fcd585ec928
f1f03c7281a27795f86dedc392d59549ab819f6507e8c8a8122a115901cf3886

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oaxyteek.net/
Origin: http://oaxyteek.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:33 GMT
content-type: text/plain
set-cookie: csu=2015178324158510@1@1674932253; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://oaxyteek.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxidPiA%2FM2QIkz8TcC5wyPx5HRoy%2B8A7cQ3ji%2FJ1Gkl7sZHUh7jcOUGgwmtiRvihAlUBUPT43bk%2BOT2YN5wPfT5tT9tb0b95vA8R1OckT%2B6Zl%2BEDH42pvqVWteXLoSgo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790bf458880976ff-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-GT41R23D5L&gtm=2oe1p0&_p=1229758446&cid=1818487839.1674932257&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674932256&sct=1&seg=0&dl=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&dt=AdF.ly%20-%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-GT41R23D5L&gtm=2oe1p0&_p=1229758446&cid=1818487839.1674932257&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674932256&sct=1&seg=0&dl=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&dt=AdF.ly%20-%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-GT41R23D5L&gtm=2oe1p0&_p=1229758446&cid=1818487839.1674932257&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674932256&sct=1&seg=0&dl=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&dt=AdF.ly%20-%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oaxyteek.net
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://oaxyteek.net
date: Sat, 28 Jan 2023 18:57:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ

54.230.245.135

200 OK

447 B

URL HTTP/1.1
d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ
IP
54.230.245.135:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (595), with no line terminators
Size
447 B (447 bytes)
Hash
8708ce5d0b8e775c621b71fd7a56a86d
4945f315aaf3bf87f1567ef593ef0230851e6b71
5be699f51c91ea476f1be5dd22e06dba214b81a9872e61934aa430295d035adf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ HTTP/1.1
Host: d1nmxiiewlx627.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hethisisath.xyz/

HTTP/1.1 200 OK
Content-Length: 447
Connection: keep-alive
Date: Sat, 28 Jan 2023 18:57:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Tvnuo_DBlAfDUpJFBg8EUXHYdkUj-gY0KMDFaDEj4rP4vfdpigIz_g==

hethisisath.xyz/multi?cs=N1J5RVUAZk92YgRmQHxgB2BKc2I&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2015178324158510&agec=1674932253&fs=1&mbkb=273.972602739726&ref=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_CPUw=1674932257586&crc=1

65.9.44.118

200 OK

41 B

URL HTTP/2
hethisisath.xyz/multi?cs=N1J5RVUAZk92YgRmQHxgB2BKc2I&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2015178324158510&agec=1674932253&fs=1&mbkb=273.972602739726&ref=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_CPUw=1674932257586&crc=1
IP
65.9.44.118:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
795c6cd02ff4af0445069c7480f79467
7455b40a4f4e2b4348d672f491e95c6817f7f940
86128b6fea67c80b9a710075b1381c06388a52059a73b06e6e8aa90d1daffd6a

HTTP Headers

GET /multi?cs=N1J5RVUAZk92YgRmQHxgB2BKc2I&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2015178324158510&agec=1674932253&fs=1&mbkb=273.972602739726&ref=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_CPUw=1674932257586&crc=1 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oaxyteek.net
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 41
date: Sat, 28 Jan 2023 18:57:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://oaxyteek.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a3a7c573-250d-4458-bfe8-d8e6fc0d05c5
csu=2015178324158510
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5c2d36b0430d7877f1609d99fe01caa8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: xGZWp4R9ufm3pfN9EcaYuRGhH0z8Dc5kAOdN6-NiolrPE5BVg3YQoQ==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4475 bytes)
Hash
4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 75648
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 71633
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12397 bytes)
Hash
0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 75657
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7585 bytes)
Hash
ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 72681
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4975 bytes)
Hash
c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 76108
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13375 bytes)
Hash
b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 76116
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.106.19

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.106.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oaxyteek.net/
Origin: http://oaxyteek.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://oaxyteek.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6156
last-modified: Sat, 28 Jan 2023 17:14:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RhmIV%2BHN4u6BPeYZspa33oz99xASBzvP74JLv2W178el69DSwybrYgP2UpNeR4D4RvywUNS7KYPz4b%2FyuAfOsnSRgSCrclAH5PuoSfIP9IV57zSlxJjRkFRus5zdDkc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790bf458a84176ff-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML