cqwajn.com/gosl/InNpZCI6MTA2NTQ1OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTc3NTIs
172.67.199.124302 Found 0 B URL HTTP/1.1 cqwajn.com/gosl/InNpZCI6MTA2NTQ1OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTc3NTIs
IP 172.67.199.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gosl/InNpZCI6MTA2NTQ1OSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTc3NTIs HTTP/1.1
Host: cqwajn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 22 Jan 2023 19:12:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Max-Age: 0
Location: https://haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&si1=&si2=
X-Zone: eu
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDdR4xz9yn5GFqRvwEjL6NjMh%2B1PRQhpx4PGaD4Dgu7UKu3EYtze8uT%2FnEuWerH1662wEy2ksXBBNVQxSnVI1I2WvAPVl6DDP6yOpmAyO60FHxGIU7m67HAXHXaG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78da99dc0c7a0b55-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3091
Expires: Sun, 22 Jan 2023 20:03:56 GMT
Date: Sun, 22 Jan 2023 19:12:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4386
Expires: Sun, 22 Jan 2023 20:25:31 GMT
Date: Sun, 22 Jan 2023 19:12:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 18:34:52 GMT
content-type: application/json
age: 2253
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 38c102db4bcfb9c4fb19174986950fd3
51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3
dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3507
Expires: Sun, 22 Jan 2023 20:10:52 GMT
Date: Sun, 22 Jan 2023 19:12:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZZ4hpaqzQ9NlYHENvCbFCkrQ1aZbQA8sJqkWcYF+DzUIDxql8/s1a973DF0u5XW9CV3zwqja9M8=
x-amz-request-id: H3CD4NYC8D0EB7RZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 18:47:24 GMT
age: 1501
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5e14d5a7ef323d8103bc80b244083c71
bbddf32b1be8c7508f29a17392549553f354736b
b450b43202176d7d443afc05aa43ea67185f6a42f85128c557d652b2a16bfea9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B450B43202176D7D443AFC05AA43EA67185F6A42F85128C557D652B2A16BFEA9"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10711
Expires: Sun, 22 Jan 2023 22:10:56 GMT
Date: Sun, 22 Jan 2023 19:12:25 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:25 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dc991758980500b13fcee5bb742996ed
c6563d1b69349b9b0c1ab47d0b54bdf0939f72dd
be46f1b3bf09cb2b023ab75e37d9636ad7dee04772ba3a6413807302c35c79c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "BE46F1B3BF09CB2B023AB75E37D9636AD7DEE04772BA3A6413807302C35C79C8"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6601
Expires: Sun, 22 Jan 2023 21:02:26 GMT
Date: Sun, 22 Jan 2023 19:12:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 18:17:30 GMT
age: 3295
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dc991758980500b13fcee5bb742996ed
c6563d1b69349b9b0c1ab47d0b54bdf0939f72dd
be46f1b3bf09cb2b023ab75e37d9636ad7dee04772ba3a6413807302c35c79c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "BE46F1B3BF09CB2B023AB75E37D9636AD7DEE04772BA3A6413807302C35C79C8"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6601
Expires: Sun, 22 Jan 2023 21:02:26 GMT
Date: Sun, 22 Jan 2023 19:12:25 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5856
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 19:12:25 GMT
Last-Modified: Sun, 22 Jan 2023 17:34:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Xp58fMD6zkVxMd94xLZZJw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EnBtPf94l2k2pLolKm3gECnzq0k=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10285
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 19:12:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10285
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 19:12:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3SoP46ER0JjOaLh363bQ9QW4ZIW19_rbgeQ7Ey8W-zgyGMMLSLccA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:17 GMT
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
age: 77050
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ec85cf23f6ed6a70e62e17998dfcede
2a690f14cf97f33da2c4f4b21c737a7ca37665b4
ae3cedd8f51f9ed2d996f1d75e7288802d68fa3c27d928934311e4d8821940cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 86dec496-ff1b-4db8-9bcb-12275f6feeb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkBGiOIAMFaCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c7f-16c24501673bc2161c1e8a3b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EIRH5l-dSShdZbMvwSEE8jKooGny-prLtbXwx8ZNUi0Wfj4GItKV7g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:08:36 GMT
age: 75831
etag: "2a690f14cf97f33da2c4f4b21c737a7ca37665b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f86ec004a2042b4030cd2cce2bf1e1d
e3c00dcc55f095f03a6f4505960ac1cee0b3877c
64b5084d4145d5931af05c335d21e31e75db30b1f9e8a2efd92fc4cd0aa7ac07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8221
x-amzn-requestid: 02db02af-4f05-450d-9370-0e7a9dda6948
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOEWGUMoAMF2QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d4e-050e7cdf21878aa159f36d0b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:46:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VtzsQ7NI9ODiQfxm_EaSDsizPQhDOSH3O23UEaHg1KI9bg8imLdOnw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:16 GMT
age: 77051
etag: "e3c00dcc55f095f03a6f4505960ac1cee0b3877c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b7dac109bc648666356225a0d21ed17
f07e82cffe064c296cb1b2c80f7b09feb7552bbe
cc8997d71cd85021addccb0f6a0f00edf95f9747333ff0a436581db4ede78f51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6102
x-amzn-requestid: 256e7b90-3052-41f7-abcf-43c455a2ee7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFfEZtIAMFWhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d56-3237bb0a1f86766b5eb86e82;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8pl8mAIA_RrOxBgjRkNf9IgG3b7K8R7ypfXIF_APxZr3_2lYnIB8rA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:07:46 GMT
age: 75881
etag: "f07e82cffe064c296cb1b2c80f7b09feb7552bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b9c3b02-6a9e-471d-9d0c-2b50255f00f9.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b9c3b02-6a9e-471d-9d0c-2b50255f00f9.jpeg
IP 34.120.237.76:0
Hash 1990eb26185966fd2b6d4726d3922aba
bdb440da2fe3979bc966ab27c7a998281d99cd7a
ccf37d8fb4bbf7cce462eea482c32cb7f74cde44086bbb5e815c908709331b9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b9c3b02-6a9e-471d-9d0c-2b50255f00f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9334
x-amzn-requestid: 23f9071b-5274-4c6a-9a4a-d63ea74c7483
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNWQETCoAMFdjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c27-393e62854ba77f783f142985;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:41:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BWc9_KsIp1FH10PJZFoIteQrb0Q8cfqRN8RiynsqbHyFUHhDCxwqIw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
age: 77061
etag: "e4e506d7acc877b266c18ae6da3b948e0d41bb1e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe52164e3-afec-433e-87ab-adb17222f1cd.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe52164e3-afec-433e-87ab-adb17222f1cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8656702f08344d3a4658bc43a9074a1f
fba424e1d09cbdc839ca320458b51715dafbbccc
0b0ac963c377b07f843637348f3d7c41d2aca89540ab8c2b80ef5fbbf466fee8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe52164e3-afec-433e-87ab-adb17222f1cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13848
x-amzn-requestid: f7e3e9da-a152-430d-b1e6-c2e00450a000
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEu-RGd0IAMFhFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb5ec1-4a2bc1a802a71bb81bda31b9;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:40:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jbdFknlNlZJVfe7TfMXuLbjYeIsUwvztb-74WeDRY80ruCGiKeXqJQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 15:09:14 GMT
age: 14593
etag: "fba424e1d09cbdc839ca320458b51715dafbbccc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
6fiq5.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=10
185.56.234.205200 OK 11 kB URL HTTP/2 6fiq5.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=10
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19303)
Hash 7a66383a2b506358d2086a32b3c58d06
7a1034db0e4f9336b41fd31549c03e4effcafe95
12d45381b56281388d5090052d7a92b6aa9e37063592b9a3681b502699e7d759
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=10 HTTP/1.1
Host: 6fiq5.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ptzbe.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 4.2 kB IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8fc13da9ddbba6ec6ab191c871e7ee3b
3b385dfbcf34c281d6fa10f587e8a9ca6aa748f1
513c76de2f5049f52ff024abc4c5c68ab0e5b0c2816ab9be440a87fd34c41151
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7840BE15D915B738CD7F3A777D6AF3214823C3C98A95ADA2F2E3E028FDEA4082"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1801
Expires: Sun, 22 Jan 2023 19:42:30 GMT
Date: Sun, 22 Jan 2023 19:12:29 GMT
Connection: keep-alive
tratbc.com/tb?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=11
138.68.123.185302 Found 0 B URL HTTP/1.1 tratbc.com/tb?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=11
IP 138.68.123.185:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tb?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=11 HTTP/1.1
Host: tratbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8g7y3.haxbyq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.15.0
Date: Sun, 22 Jan 2023 19:12:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
X-Zone: eu
ulmoyc.com/fp.js?d=b3ny4.haxbyq.com
172.67.197.128200 OK 1.1 kB URL HTTP/2 ulmoyc.com/fp.js?d=b3ny4.haxbyq.com
IP 172.67.197.128:0
File type ASCII text, with very long lines (1187), with no line terminators
Hash 532526ebcfdc7cc8bad8314bd787ed5f
19a2ad3c728ac46a90fd94a2d71ae0b5388cc635
9436894957769bcb56a10533aa9ea692d627eae0bde6c550491f61fd0b386ca2
GET /fp.js?d=b3ny4.haxbyq.com HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b3ny4.haxbyq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 19:12:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
max-age: 0
access-control-allow-origin: https://b3ny4.haxbyq.com
x-zone: eu
last-modified: Sun, 22 Jan 2023 19:12:25 GMT
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2Am9BuUVZpZ4vlTkOoOq1ZzqTorIJvmhedeQhNXHgGRjXk%2FVtDsqUlzmMD3v49WFiP2QjSfyea4RIs1s3LiytprMBNJ%2BgKnF6uMMMGMHmy43UIB9aWzYNs5vzKj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78da99e168f8b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 15 kB URL HTTP/2 mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7474)
Hash ea52e81e58fff201649ac43078cd700e
8d613360ca733ec1d15a5263f2da55c1190aaa63
ef6a7c61f6eb708d21177e6b38145516b54c6d9db6574a81b3e239936a25fa15
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8g7y3.haxbyq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:29 GMT; Max-Age=2592000; path=/; domain=mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0feef8b702b5ffd89ae2f7622cf3c356
5f6f1f1cd62e64a0d344f84a586045075ace20f5
c68fe5c5d3cb88b08073d9583942b850793020f2df8ade2cb0cabb697e406ad3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C68FE5C5D3CB88B08073D9583942B850793020F2DF8ADE2CB0CABB697E406AD3"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19580
Expires: Mon, 23 Jan 2023 00:38:49 GMT
Date: Sun, 22 Jan 2023 19:12:29 GMT
Connection: keep-alive
0.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 19 kB URL HTTP/2 0.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash 8989d4b8fa3ace5c81fa1631a8bc437b
b7f893eb2ed083bc71dd24fb5f7fa6edc7d9e440
d5088845a2ef021e6d3db0283cc665822034b03d89457cf720efd6fb146fa77b
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 0.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:29 GMT; Max-Age=2592000; path=/; domain=0.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
mo17.biz/img/24/icon2.png
185.177.92.179200 OK 4.6 kB URL HTTP/2 mo17.biz/img/24/icon2.png
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash c947d439eb93367f1af5b2a3d222f057
5b4c10820d39e624bc6df72a113679da80a8e44e
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer Verdict Alert quad9 Sinkholed
GET /img/24/icon2.png HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: image/png
content-length: 4576
last-modified: Mon, 25 Nov 2019 14:45:38 GMT
etag: "5ddbe912-11e0"
expires: Tue, 21 Feb 2023 19:12:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo17.biz/img/24/icon3.png
185.177.92.179200 OK 7.8 kB URL HTTP/2 mo17.biz/img/24/icon3.png
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 8f3cc830da0b1fdf66bda7d1d734747b
94588f041eec3a78a8780c8124c56a1434a89277
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer Verdict Alert quad9 Sinkholed
GET /img/24/icon3.png HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: image/png
content-length: 7847
last-modified: Mon, 25 Nov 2019 14:45:43 GMT
etag: "5ddbe917-1ea7"
expires: Tue, 21 Feb 2023 19:12:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo17.biz/img/24/icon4.png
185.177.92.179200 OK 7.0 kB URL HTTP/2 mo17.biz/img/24/icon4.png
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 7ad7f32c1c0df7b4975cc41bda4ac435
81d57e996ee6cd9e122592e68ffa3d55c1ba10ff
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer Verdict Alert quad9 Sinkholed
GET /img/24/icon4.png HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: image/png
content-length: 7032
last-modified: Mon, 25 Nov 2019 14:45:47 GMT
etag: "5ddbe91b-1b78"
expires: Tue, 21 Feb 2023 19:12:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo17.biz/img/24/icon5.png
185.177.92.179200 OK 3.3 kB URL HTTP/2 mo17.biz/img/24/icon5.png
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash 1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer Verdict Alert quad9 Sinkholed
GET /img/24/icon5.png HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: image/png
content-length: 3264
last-modified: Mon, 25 Nov 2019 14:45:54 GMT
etag: "5ddbe922-cc0"
expires: Tue, 21 Feb 2023 19:12:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo17.biz/img/24/icon7.png
185.177.92.179200 OK 3.3 kB URL HTTP/2 mo17.biz/img/24/icon7.png
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash b512735542cb07b3b2dcf153a7dfe456
93bde8875412ce266600e2af1c37123483a50376
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer Verdict Alert quad9 Sinkholed
GET /img/24/icon7.png HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: image/png
content-length: 3283
last-modified: Mon, 25 Nov 2019 14:46:00 GMT
etag: "5ddbe928-cd3"
expires: Tue, 21 Feb 2023 19:12:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo17.biz/img/24/icon8.png
185.177.92.179200 OK 4.1 kB URL HTTP/2 mo17.biz/img/24/icon8.png
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash f92d6474ebc6a3a0b576749cfb4afe98
0f4ce3dcf04873b8098c01d20c44967fb9fce0cc
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer Verdict Alert quad9 Sinkholed
GET /img/24/icon8.png HTTP/1.1
Host: mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: image/png
content-length: 4064
last-modified: Mon, 25 Nov 2019 14:46:06 GMT
etag: "5ddbe92e-fe0"
expires: Tue, 21 Feb 2023 19:12:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
0.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 0.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 0.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 1.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
1.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 1.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 4.2 kB IP 195.154.52.104:0
Hash 65dd7828717a17faf97eeb8d97f6a10c
d0ba1a8cc8c078a170a1a7c2ae606e3fc6b70fd7
b9db5e6b8b0a01e5557525f82655353791a7f5d92e30ecbc89bcebc7e69976b7
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:29 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:29 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
2.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 15 kB URL HTTP/2 2.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7491)
Hash 9668b0bfe8ff084605c248a46889f257
bea984458a74461e60946bc3b41851a8733e2648
00088cd6a4fa5e40632368c29a4c6dab46c67e5355826fd3e866ab26ef4d5aa0
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 2.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:30 GMT; Max-Age=2592000; path=/; domain=2.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
v9m23.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=5
185.56.234.205200 OK 37 kB URL HTTP/2 v9m23.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=5
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 65a41fbd2a7f34787782c13e59304f08
0da748bc8795adbf44b7d83fdfe568078b7e06a9
d137b72cebe476788b15e131f5d766648788081eae9fa399334a9ad224a48348
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=5 HTTP/1.1
Host: v9m23.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lu1cj.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:27 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
3.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 15 kB URL HTTP/2 3.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7474)
Hash e826eeca2af53b8cda651add911286aa
8fc3d0da675a68ccc09f98f2feb73d8ca1b109f6
b3dc4729a8b714c05f1492513cc0a260eb0fb593ba48d54e8d4ff6efd80be903
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 3.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:30 GMT; Max-Age=2592000; path=/; domain=3.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
4.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 4.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
4.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 4.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
5.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 15 kB URL HTTP/2 5.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7491)
Hash aa691298078a7ef25da363728fb98acd
2aafc08a1a4263efa4925c1a1b270d57809b7e4e
6d66541ef3f867c5a866e11638d3b79f45216fac98db2b533f619a7c3df3c217
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 5.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:31 GMT; Max-Age=2592000; path=/; domain=5.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
5.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 5.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
6.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 6.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
6.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 6.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
7.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 7.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
7.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 7.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
8.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 8.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
8.mo17.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 8.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
9.mo17.biz/w77899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash de7a2014a9db2f10fc9e6c4353257c40
11038ba6174b1871641732cd883420b8a9c2e623
7731a810f39a43942ab8020dea8921bb345f9aad0425322b4774b6985c572779
Analyzer Verdict Alert quad9 Sinkholed
GET /w77899721.js HTTP/1.1
Host: 9.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 21 Dec 2022 06:26:11 GMT
etag: "63a2a703-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
9.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 12 kB URL HTTP/2 9.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7448)
Hash 768ba42f034fc3377edb63bf0ef50b93
d34dbd704150fe376eef30170079892686846cb0
c81fde4808f358e3c6e0bec6beb0a14432a6fe080ab5856f70a1de0896865076
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 9.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:32 GMT; Max-Age=2592000; path=/; domain=9.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 08444ad0e91e84ff0ae12fa08ae89cd2
5c1c778e269522997e20c9ed871e1846e68a57d6
10449a1cf41ea12817edf56be218b82b7ae65b8012ccacd5d4b1797496114af1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "10449A1CF41EA12817EDF56BE218B82B7AE65B8012CCACD5D4B1797496114AF1"
Last-Modified: Sat, 21 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19441
Expires: Mon, 23 Jan 2023 00:36:33 GMT
Date: Sun, 22 Jan 2023 19:12:32 GMT
Connection: keep-alive
au01.bid/w825ac25a.js
185.177.94.180200 OK 53 B IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 68db1172cecb1ba0c26c9ae5d46e4886
1453afc8cdc52c7fdb1f17d1ec23b7c3e67a75bd
67510b0376d97447e5560fca3522149c51be402bc7a3186e14bb2183d92a8824
GET /w825ac25a.js HTTP/1.1
Host: au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 18 May 2022 18:26:45 GMT
etag: "62853a65-35"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.4.1.min.js
69.16.175.42200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.4.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash 9abb42735168ac9e960b770179b642aa
11475bf8c7244af7a820108b7762e7a3f95aa52c
df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243
GET /jquery-3.4.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au01.bid/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 19:12:32 GMT
content-encoding: gzip
content-length: 30638
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15851"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CLCxtp4GEoYBCiQ2YjE3YzZhMS1iODQ3LTQ5ODYtOTY1Mi1mNWNjNGI4OGFkNWMQ+OiCoKvU+wIaBgiglbaeBiIMOTEuOTAuNDIuMTU0KNQ3MAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaLAgBEiQ5OTNiMzU5ZS1hZTQwLTQwODUtOTU1NC0yMWNhMDU0YjI1MjAYru8BIhgIAhIUY2RzMjAxLnNrMS5od2Nkbi5uZXQ=.4lvDe/OLQei2hHqUrqgth7JV4K5IZE3uMaL3PqfnnTQ=
x-hw: 1674414752.dop016.sk1.t,1674414752.cds261.sk1.hn,1674414752.cds201.sk1.c
X-Firefox-Spdy: h2
au01.bid/images/arrow.png
185.177.94.180404 Not Found 146 B URL HTTP/2 au01.bid/images/arrow.png
IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /images/arrow.png HTTP/1.1
Host: au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au01.bid/go/mnqwgzddmy5donbygu
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: text/html; charset=utf-8
content-length: 146
X-Firefox-Spdy: h2
report2.biz/img/vi.mp4
188.114.98.234206 Partial Content 1.4 MB IP 188.114.98.234:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 1.4 MB (1386253 bytes)
Hash f44a971b5d5d18a03859a29a4de9f752
8bfaed283b8f754ea531517c16ac06f3ab673b71
e81647e1bc311cff7e0d2aac0796f0e2c5b83e7b4cb6b5bd8bbf06cde4ae6f19
GET /img/vi.mp4 HTTP/1.1
Host: report2.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://au01.bid/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: video/mp4
content-length: 1386253
last-modified: Thu, 12 Mar 2020 14:24:15 GMT
etag: "5e6a460f-15270d"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 5723
content-range: bytes 0-1386252/1386253
server: cloudflare
cf-ray: 78da9a0d2d26fab4-OSL
X-Firefox-Spdy: h2
au01.bid/favicon.ico
185.177.94.180204 No Content 0 B IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au01.bid/go/mnqwgzddmy5donbygu
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.au01.bid/w825ac25a.js
185.177.94.180200 OK 53 B IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 68db1172cecb1ba0c26c9ae5d46e4886
1453afc8cdc52c7fdb1f17d1ec23b7c3e67a75bd
67510b0376d97447e5560fca3522149c51be402bc7a3186e14bb2183d92a8824
GET /w825ac25a.js HTTP/1.1
Host: 0.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 18 May 2022 18:26:45 GMT
etag: "62853a65-35"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.au01.bid/images/arrow.png
185.177.94.180404 Not Found 146 B URL HTTP/2 0.au01.bid/images/arrow.png
IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /images/arrow.png HTTP/1.1
Host: 0.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.au01.bid/index.php?p=mnqwgzddmy5donbygu
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
content-type: text/html; charset=utf-8
content-length: 146
X-Firefox-Spdy: h2
0.au01.bid/favicon.ico
185.177.94.180204 No Content 0 B IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.au01.bid/index.php?p=mnqwgzddmy5donbygu
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dao01.bid/sw/worker.js
51.15.19.37200 OK 3.6 kB IP 51.15.19.37:0
Hash cb57a7819a284a432a0a59f9430e2d7f
9b91d0ff90ee3f183c123d0b4bbbe4306d9960c7
c312250ff0d4d5bf808aa75361c9367507fd5fd7ad5963bca2a35fd57a01a0be
GET /sw/worker.js HTTP/1.1
Host: dao01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.au01.bid/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:33 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.au01.bid/images/arrow.png
185.177.94.180404 Not Found 146 B URL HTTP/2 1.au01.bid/images/arrow.png
IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /images/arrow.png HTTP/1.1
Host: 1.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.au01.bid/index.php?p=mnqwgzddmy5donbygu
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
content-type: text/html; charset=utf-8
content-length: 146
X-Firefox-Spdy: h2
1.au01.bid/favicon.ico
185.177.94.180204 No Content 0 B IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 1.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.au01.bid/index.php?p=mnqwgzddmy5donbygu
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 19:12:34 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
lu1cj.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=4
185.56.234.205200 OK 0 B URL HTTP/2 lu1cj.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=4
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=4 HTTP/1.1
Host: lu1cj.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zls18.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
1.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 0 B URL HTTP/2 1.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 1.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:30 GMT; Max-Age=2592000; path=/; domain=1.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 0 B IP 195.154.52.104:0
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5.mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:31 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 0 B IP 195.154.52.104:0
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6.mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:31 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
ond4h.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=2
185.56.234.205200 OK 0 B URL HTTP/2 ond4h.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=2
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=2 HTTP/1.1
Host: ond4h.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b3ny4.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
ioj9v.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=7
185.56.234.205200 OK 0 B URL HTTP/2 ioj9v.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=7
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=7 HTTP/1.1
Host: ioj9v.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tls5f.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:27 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 0 B IP 195.154.52.104:0
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8.mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:32 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.au01.bid/index.php?p=mnqwgzddmy5donbygu
185.177.94.180200 OK 0 B URL HTTP/2 0.au01.bid/index.php?p=mnqwgzddmy5donbygu
IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
GET /index.php?p=mnqwgzddmy5donbygu HTTP/1.1
Host: 0.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au01.bid/
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; expires=Tue, 21-Feb-2023 19:12:33 GMT; Max-Age=2592000; path=/; domain=0.au01.bid
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
b3ny4.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=1
185.56.234.205200 OK 0 B URL HTTP/2 b3ny4.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=1
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=1 HTTP/1.1
Host: b3ny4.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haxbyq.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
zls18.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=3
185.56.234.205200 OK 0 B URL HTTP/2 zls18.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=3
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=3 HTTP/1.1
Host: zls18.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ond4h.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
8g7y3.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=11
185.56.234.205200 OK 0 B URL HTTP/2 8g7y3.haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=11
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&i=11 HTTP/1.1
Host: 8g7y3.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6fiq5.haxbyq.com/
Cookie: truniq=1; ufp2=d73530bbe30e4c21a0571c3fd0b2efa99b02884a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 0 B IP 195.154.52.104:0
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:31 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 0 B IP 195.154.52.104:0
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7.mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:31 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.au01.bid/index.php?p=mnqwgzddmy5donbygu
185.177.94.180200 OK 0 B URL HTTP/2 1.au01.bid/index.php?p=mnqwgzddmy5donbygu
IP 185.177.94.180:0
ASN #39572 DataWeb Global Group B.V.
GET /index.php?p=mnqwgzddmy5donbygu HTTP/1.1
Host: 1.au01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.au01.bid/
Cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:33 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f6d0428-3b2d-4b42-bb3c-bb6e36420628; expires=Tue, 21-Feb-2023 19:12:33 GMT; Max-Age=2592000; path=/; domain=1.au01.bid
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&si1=&si2=
185.56.234.205200 OK 0 B URL HTTP/2 haxbyq.com/age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&si1=&si2=
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /age-check?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6Mn0=eyJ&si1=&si2= HTTP/1.1
Host: haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 22 Jan 2023 19:12:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Mon, 23-Jan-2023 19:12:25 GMT; Max-Age=86400; path=/; domain=haxbyq.com
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6MiwicG0iOjF9eyJ&d=haxbyq.com&tpl=1&pbd=iOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsImkiOiIxIn0=eyJwaWQ
172.67.197.128200 OK 0 B URL HTTP/2 ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6MiwicG0iOjF9eyJ&d=haxbyq.com&tpl=1&pbd=iOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsImkiOiIxIn0=eyJwaWQ
IP 172.67.197.128:0
GET /v1/sdk.js?h=waWQiOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsInNyYyI6MiwicG0iOjF9eyJ&d=haxbyq.com&tpl=1&pbd=iOjEwNTc3NTIsInNpZCI6MTA2NTQ1OSwid2lkIjozNTg3MDEsImkiOiIxIn0=eyJwaWQ HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b3ny4.haxbyq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 19:12:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-origin: https://haxbyq.com
etag: W/"davEoa1sld2VnXztNhRNwS3xLpw"
x-zone: eu
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WW71ntfukw5AR%2FM%2BAk4OcBd9995IYs8Ms8dvm%2Bfb5U0Hl3WleSnEJaFqqjqkFS2qFVItGySNsyJFQDqx7KTxyTAQK28GHKQCKtBKypq0uIlJEIYPmZ8Z6udMXbSf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78da99e0d825b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
8.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
185.177.92.179200 OK 0 B URL HTTP/2 8.mo17.biz/?p=gyzdeytfgy5gi3bpgy4tgmi&sub4=
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=gyzdeytfgy5gi3bpgy4tgmi&sub4= HTTP/1.1
Host: 8.mo17.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7.mo17.biz/
Cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:31 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=1f337807-156d-4d96-bd6d-3cdbcb59c69f; expires=Tue, 21-Feb-2023 19:12:31 GMT; Max-Age=2592000; path=/; domain=8.mo17.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dm06.biz/sw/w1s.js
195.154.52.104200 OK 0 B IP 195.154.52.104:0
Analyzer Verdict Alert fortinet Malware
GET /sw/w1s.js HTTP/1.1
Host: dm06.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9.mo17.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:32 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
dao01.bid/sw/worker.js
51.15.19.37200 OK 0 B IP 51.15.19.37:0
GET /sw/worker.js HTTP/1.1
Host: dao01.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au01.bid/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 19:12:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 22 Jan 2024 19:12:32 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2