flowhot.cc/wp-content/uploads/2019/11/promo.jpeg
161 kB URL flowhot.cc/wp-content/uploads/2019/11/promo.jpeg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:11:21 20:13:11], progressive, precision 8, 900x250, components 3\012- data
Size 161 kB (160863 bytes)
Hash f66cbb86803abd9d9f37a1588f14d5fd
c38f678cea2edc798d223b0c57f3b6c6b4acb008
ee089d909a7461ab0f483151883331e191c18f0a1db138a4bba12d82330287a1
GET /wp-content/uploads/2019/11/promo.jpeg HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:47:09 GMT
content-type: image/jpeg
content-length: 160863
cache-control: public, max-age=31536000
expires: Sat, 30 Dec 2023 05:45:23 GMT
last-modified: Fri, 22 Nov 2019 02:34:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 316906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nI4%2FvB6RwqYZaT%2BcnL21A8n%2FijUUrdkdYyRJACesJLfHCP6PiqNjIRNkTWEh1mikvsUg3f4tzzPbauwG2OURur2GtQvJdU%2BZTsCJf8Js0AWsW%2BaPXWeVbNW44Z%2F9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff01a6b8430b3d-OSL
alt-svc: h3=":443"; ma=86400
flowhot.cc/wp-content/themes/flowhot/images/no-artist.png
32 kB URL flowhot.cc/wp-content/themes/flowhot/images/no-artist.png
IP
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash a1d40c3876bd1460ff1e9e3858d699c7
63bcf6280a4ef180605a1a6655d1915c0431e815
5d4eb3a4c0176d74096f35cce22ca631cf73173895d3315728b9817288839b57
GET /wp-content/themes/flowhot/images/no-artist.png HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:47:09 GMT
content-type: image/png
content-length: 32241
cache-control: public, max-age=31536000
expires: Sat, 30 Dec 2023 05:45:23 GMT
last-modified: Tue, 17 Dec 2019 21:20:15 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 316906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYeVN2k8k4bjsfecXtidMovHix%2BBOqDaTfS83BYmfxolQ%2FEcf7%2BusF4251pk%2FH0hOs%2F9Qc3mX%2BF%2Ff0pNevKl%2FMUF%2BzCq9afOLKvEBUb%2BLxcuMwnGGMt7n6Z26pyX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff01a6b8440b3d-OSL
alt-svc: h3=":443"; ma=86400
bizarrap.flowhot.cc/
190 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18020)
Size 190 kB (190151 bytes)
Hash 6d9d44d2f0b83d2931a82795077ce89a
40ce530ad64a8e0da0c2a0f92302f2be09e89e8a
673b4b81c82a51cdfc3857b4968f794a05ae5c2b07411fb73555b57921dbe277
GET / HTTP/1.1
Host: bizarrap.flowhot.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c0FOTi2Wyn8fWfm2n5Jg3A5B3%2Bceb%2B%2BRsKfKMgbyMbLBVpCbkHSkbIlZB2IjJmrlhg3YgFV0S2KfoPdjmkngtKlKYgZx5Yb%2BjVSWGkHdRunFsOddsHIWiilQfO5qLwoom%2BvsUYLR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff01a41df60b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-922266-5
200 OK 69 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-922266-5
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 0b4dbe21cbb03c62d2cf89a3c2c497e1
719d06b3ffcf338f352117c92f55e00b8d98d324
32d888f2d371f14f258e6b6ea49740f6318af3423ea94a7ec0177ae714e9cd00
GET /gtag/js?id=UA-922266-5 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 21:47:09 GMT
expires: Sun, 03 Dec 2023 21:47:09 GMT
cache-control: private, max-age=900
last-modified: Sun, 03 Dec 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68945
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
flowhot.cc/wp-content/themes/flowhot/style.css?ver=1701639706
89 kB URL flowhot.cc/wp-content/themes/flowhot/style.css?ver=1701639706
IP
File type ASCII text, with very long lines (4468)
Hash 4c1717ce0a000bdbf8af2b620be2b465
9398d9ac4a1f37374cc187f5a1e3d6dc69f2a208
25f469c98011ebbf04fe876c4a5732b88c74bf48dfc6b03f8fa7d68b34657404
GET /wp-content/themes/flowhot/style.css?ver=1701639706 HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:47:09 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Tue, 02 Jan 2024 21:47:09 GMT
last-modified: Fri, 19 Jun 2020 18:37:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAbTkyU14VHaXcIPt9qbbPaCYIQz5gd%2Bf0YWhTOABvSkfCGkq%2FnSXOrm9pIKNwPpPohdPSQ2Mh4QNarNUD5ThEE2hGjQF0JYcBkmei8yCAWRGSeYgAKAQSE8rYGU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff01a6b8400b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js
200 OK 16 kB URL GET HTTP/1.1 finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectfinallytrained.com
Fingerprint8F:A1:2B:2D:3A:32:A7:71:00:73:CC:06:43:01:E1:62:6F:57:F2:4F
ValiditySat, 04 Nov 2023 06:34:02 GMT - Fri, 02 Feb 2024 06:34:01 GMT
File type ASCII text, with very long lines (42937), with no line terminators
Hash 84000f56b83b5eef60366b56ea8c98bf
c7c3879cb7f606cf7adf23759ce528eeaa2df30f
67d895c80b8b1588f7c2b222ee15e8e4fed57af14542a82e7ed4b94e81fc2513
GET /06/33/56/0633569b5e7b7ced877cf02d43663712.js HTTP/1.1
Host: finallytrained.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dd8520b673b4ecac3057c685250d9e64
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 21:47:10 GMT
Last-Modified: Sun, 03 Dec 2023 20:20:14 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0URdR2NeD5MhCw30rR3CBLZnv3_6GKwyZYpIqNRgEjjTwFOzNsnrhg==
Age: 5216
proftrafficcounter.com/stats
40 B URL proftrafficcounter.com/stats
IP
File type ASCII text, with no line terminators
Hash d7ab48b16d3ac23010c954b42c5317e8
6052011b209db9c80b030622091c2f6695c59bc0
9230cb347e1efb3c41493adf86baef87c16f3736944f9a48cf1f9eeeded605cd
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bizarrap.flowhot.cc
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=9bb53df0-d22a-4ff0-acc3-997aa92af42e:3:1; expires=Wed, 30 Nov 2033 21:47:10 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
77 kB URL maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:47:10 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 19:08:24
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2c885f6c8d3c76a0517012baa55a8b4c
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ff01adbb9a712d-OSL
alt-svc: h3=":443"; ma=86400
notix.io/settings?appId=1004ce02062614f98c25893fe046136&ver=0.15.19
200 OK 318 B URL GET HTTP/2 notix.io/settings?appId=1004ce02062614f98c25893fe046136&ver=0.15.19
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT
File type JSON data\012- , ASCII text, with very long lines (318), with no line terminators
Hash 82b0c0f76512e60ea030da09ee18febf
2c4b11e5713c2f7e6a3da2ef87a1c0c78c3da195
a8ca49249ca90a131bba14405671cb243da2849145a3d8074b0b5c232c2b57d1
GET /settings?appId=1004ce02062614f98c25893fe046136&ver=0.15.19 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bizarrap.flowhot.cc/
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 21:47:10 GMT
content-type: application/json; charset=utf-8
content-length: 318
access-control-allow-origin: https://bizarrap.flowhot.cc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
explosivegleameddesigner.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js
23 kB URL explosivegleameddesigner.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js
IP
File type ASCII text, with very long lines (59653), with no line terminators
Hash e238dd9a793f278a4b2660833d4a90eb
c836611223ffc72ae62e1b14ca600fe49775824c
8ba386d11e9771b9e80f44b705269f4f975492a7c31cf204f5637eac9df02a84
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a6920ad0f74c20efe23eb9b730b8c09
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
explosivegleameddesigner.com/sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e%3A3%3A1
3.4 kB URL explosivegleameddesigner.com/sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (5920), with no line terminators
Hash 2812b4babd6664388f24a56fb9744110
0bfd65ecd3ecd909561cb4ce05cae2c78efb4332
74b5fa25186de053c8bcd06c6f36c8588479cc32b42d74dc1d3ed5bb56f424df
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e%3A3%3A1 HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:10 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bizarrap.flowhot.cc
Access-Control-Allow-Origin: https://bizarrap.flowhot.cc
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19408177; expires=Mon, 04 Dec 2023 21:47:10 GMT; secure; SameSite=None
uid_id2=9bb53df0-d22a-4ff0-acc3-997aa92af42e:3:1; expires=Sun, 10 Dec 2023 21:47:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 21:47:10 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 21:47:10 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 04 Dec 2023 21:47:10 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 04 Dec 2023 21:47:10 GMT; secure; SameSite=None
slec0633569b5e7b7ced877cf02d43663712=[4766299]; expires=Sun, 03 Dec 2023 21:47:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21fb77cb49dc741a38665120abe30173
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
200 OK 7.5 kB URL GET HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT
File type ASCII text, with very long lines (30837)
Hash 269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:09 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 18:48:06
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 9e61a4e37a75208649ae6b63a0cb4f72
cdn-cache: HIT
cf-cache-status: HIT
age: 580299
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ff01a70abeb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
explosivegleameddesigner.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSS4gcVRR9lYwrcaFmIyj0QjGC01Of%2FkyZRTDGxGBMQj7MQhDer3qe86pe8V5VV0%2B7GQxIli24cFlzeiaDJgTjUhCkx40MCGkXMgsHxH02QtxKzzS03kXdc%2B6pxT3nvi%2B2yyMSoKSHNz4yQ6U1XWk3%2FcbZNZUJU7nGtduNwG%2F65xprKuu0zjUGs4%2FtvxP47ab%2FVuOy5BtmJfQD3w%2F8oHFJWZmYwcqxCpU%2FjINm7DdbYTNotzCw%2F%2Beu9OCoB9E%2FIi9Bielz6788huITZOl3F6XbKEz%2B9vtpqWlhLPpi7062kZkqQ7qAifWQZHvzv2HclJCvT8Fke3MHMP2dmQMwNSXe7wFYtjdfE6y%2Fe7Ip05AZmHgeVX8CqSdQdAJu7kKJJwTgAteuI0vvXzO2opsnKp2pU7L07G%2BoakqW%2FjiDLH10QatB45bRZaFM5jBIaqjBBKo3QV7uoxh6UNU%2BePE5lPiVrDy7iizdue60gRKHr8eMtSOR%2BMsiDOlyK0n8Zcp5tBzHXUrjkCatUB5HpNQEKplAyxGoO43SeSiVhzLxUOYeUnHYoO048f1uwpIoWm1xzqOI8%2FZqR7RF1FpNfJR85mGEIh%2BB6xG43UJut7ChRrDlT3DrNZzw4AqCvqhRSYLKEVSUoFIEVUFQ9etdoV3o6vtCu5IF8x7Oe1SPTdHbprum6MmMgNrRdn5EXpyF5519I8CGPGz4nShqd2LWll3W5VKsdrs88UPRijqdqBuEcKqGcqdAnYehmpI3X11Crp68nIHRfTi9D6480PI10GrcDX3Q9XFr1ccwe0CHudTKNblJIUyNvFhCselt6yPyyvEFP%2FjhY0h%2BcP6r4Z%2BXH535DNzWyG2NT9XPBD19b3zTVGTnpqkceXw9L1SqhnR23VsFLeTpbz%2BUm5Wx4spFN%2FrmXT4TZvDhbemKqzQTKus58uCCEkLaS8ZySX684tYku1G69Qulzcr86o33Ll1JcyudUyabgKopIU%2B%2FB1dT8sJTd%2Fxyz975C8pOYMsaaXlA5gVl9sHzLbh8MXOGwOoFZ7mHqqzHNmSLoVYEWi44ZTXcfzhb4G13Dz3rgRZ3kaU1%2BrZGX9egegRXnh4XuT04%2F1t0XGDaGzNtvR2mrf7yJFynDhuynfiJ9EPJkpglXeqLOGnFjMaB7LI2DVC4qdT%2FfPIvAAAA%2F%2F8BAAD%2F%2FzedHGaRBAAA
7 B URL explosivegleameddesigner.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSS4gcVRR9lYwrcaFmIyj0QjGC01Of%2FkyZRTDGxGBMQj7MQhDer3qe86pe8V5VV0%2B7GQxIli24cFlzeiaDJgTjUhCkx40MCGkXMgsHxH02QtxKzzS03kXdc%2B6pxT3nvi%2B2yyMSoKSHNz4yQ6U1XWk3%2FcbZNZUJU7nGtduNwG%2F65xprKuu0zjUGs4%2FtvxP47ab%2FVuOy5BtmJfQD3w%2F8oHFJWZmYwcqxCpU%2FjINm7DdbYTNotzCw%2F%2Beu9OCoB9E%2FIi9Bielz6788huITZOl3F6XbKEz%2B9vtpqWlhLPpi7062kZkqQ7qAifWQZHvzv2HclJCvT8Fke3MHMP2dmQMwNSXe7wFYtjdfE6y%2Fe7Ip05AZmHgeVX8CqSdQdAJu7kKJJwTgAteuI0vvXzO2opsnKp2pU7L07G%2BoakqW%2FjiDLH10QatB45bRZaFM5jBIaqjBBKo3QV7uoxh6UNU%2BePE5lPiVrDy7iizdue60gRKHr8eMtSOR%2BMsiDOlyK0n8Zcp5tBzHXUrjkCatUB5HpNQEKplAyxGoO43SeSiVhzLxUOYeUnHYoO048f1uwpIoWm1xzqOI8%2FZqR7RF1FpNfJR85mGEIh%2BB6xG43UJut7ChRrDlT3DrNZzw4AqCvqhRSYLKEVSUoFIEVUFQ9etdoV3o6vtCu5IF8x7Oe1SPTdHbprum6MmMgNrRdn5EXpyF5519I8CGPGz4nShqd2LWll3W5VKsdrs88UPRijqdqBuEcKqGcqdAnYehmpI3X11Crp68nIHRfTi9D6480PI10GrcDX3Q9XFr1ccwe0CHudTKNblJIUyNvFhCselt6yPyyvEFP%2FjhY0h%2BcP6r4Z%2BXH535DNzWyG2NT9XPBD19b3zTVGTnpqkceXw9L1SqhnR23VsFLeTpbz%2BUm5Wx4spFN%2FrmXT4TZvDhbemKqzQTKus58uCCEkLaS8ZySX684tYku1G69Qulzcr86o33Ll1JcyudUyabgKopIU%2B%2FB1dT8sJTd%2Fxyz975C8pOYMsaaXlA5gVl9sHzLbh8MXOGwOoFZ7mHqqzHNmSLoVYEWi44ZTXcfzhb4G13Dz3rgRZ3kaU1%2BrZGX9egegRXnh4XuT04%2F1t0XGDaGzNtvR2mrf7yJFynDhuynfiJ9EPJkpglXeqLOGnFjMaB7LI2DVC4qdT%2FfPIvAAAA%2F%2F8BAAD%2F%2FzedHGaRBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSS4gcVRR9lYwrcaFmIyj0QjGC01Of%2FkyZRTDGxGBMQj7MQhDer3qe86pe8V5VV0%2B7GQxIli24cFlzeiaDJgTjUhCkx40MCGkXMgsHxH02QtxKzzS03kXdc%2B6pxT3nvi%2B2yyMSoKSHNz4yQ6U1XWk3%2FcbZNZUJU7nGtduNwG%2F65xprKuu0zjUGs4%2FtvxP47ab%2FVuOy5BtmJfQD3w%2F8oHFJWZmYwcqxCpU%2FjINm7DdbYTNotzCw%2F%2Beu9OCoB9E%2FIi9Bielz6788huITZOl3F6XbKEz%2B9vtpqWlhLPpi7062kZkqQ7qAifWQZHvzv2HclJCvT8Fke3MHMP2dmQMwNSXe7wFYtjdfE6y%2Fe7Ip05AZmHgeVX8CqSdQdAJu7kKJJwTgAteuI0vvXzO2opsnKp2pU7L07G%2BoakqW%2FjiDLH10QatB45bRZaFM5jBIaqjBBKo3QV7uoxh6UNU%2BePE5lPiVrDy7iizdue60gRKHr8eMtSOR%2BMsiDOlyK0n8Zcp5tBzHXUrjkCatUB5HpNQEKplAyxGoO43SeSiVhzLxUOYeUnHYoO048f1uwpIoWm1xzqOI8%2FZqR7RF1FpNfJR85mGEIh%2BB6xG43UJut7ChRrDlT3DrNZzw4AqCvqhRSYLKEVSUoFIEVUFQ9etdoV3o6vtCu5IF8x7Oe1SPTdHbprum6MmMgNrRdn5EXpyF5519I8CGPGz4nShqd2LWll3W5VKsdrs88UPRijqdqBuEcKqGcqdAnYehmpI3X11Crp68nIHRfTi9D6480PI10GrcDX3Q9XFr1ccwe0CHudTKNblJIUyNvFhCselt6yPyyvEFP%2FjhY0h%2BcP6r4Z%2BXH535DNzWyG2NT9XPBD19b3zTVGTnpqkceXw9L1SqhnR23VsFLeTpbz%2BUm5Wx4spFN%2FrmXT4TZvDhbemKqzQTKus58uCCEkLaS8ZySX684tYku1G69Qulzcr86o33Ll1JcyudUyabgKopIU%2B%2FB1dT8sJTd%2Fxyz975C8pOYMsaaXlA5gVl9sHzLbh8MXOGwOoFZ7mHqqzHNmSLoVYEWi44ZTXcfzhb4G13Dz3rgRZ3kaU1%2BrZGX9egegRXnh4XuT04%2F1t0XGDaGzNtvR2mrf7yJFynDhuynfiJ9EPJkpglXeqLOGnFjMaB7LI2DVC4qdT%2FfPIvAAAA%2F%2F8BAAD%2F%2FzedHGaRBAAA HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=9bb53df0-d22a-4ff0-acc3-997aa92af42e:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90dcf4618e4b700bde9641be14475cf7
Strict-Transport-Security: max-age=0; includeSubdomains
decorationhailstone.com/pixel/purst?dl=0&th=0&sc=0&rs=1876&rd=1876&fd=529&bv=23.11.v.8&tmpl=136
200 OK 0 B URL GET HTTP/1.1 decorationhailstone.com/pixel/purst?dl=0&th=0&sc=0&rs=1876&rd=1876&fd=529&bv=23.11.v.8&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectdecorationhailstone.com
Fingerprint97:BF:02:A7:DD:87:B5:D8:53:E0:C8:45:18:D1:1C:1C:06:D7:12:AF
ValidityTue, 28 Nov 2023 10:46:39 GMT - Mon, 26 Feb 2024 10:46:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1876&rd=1876&fd=529&bv=23.11.v.8&tmpl=136 HTTP/1.1
Host: decorationhailstone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
591 B URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:11 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1690343
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMVsaeii3PEIH30pzmhoDtzFJmCSDzF%2BRYkvRWiPDpqT%2B6LzGwrKn7panfoN6oNyjp2TTDM%2Ff3ZK4Dm9xBzZ63VCbV%2F0tapCEAXqhz2%2BzSHOL4%2FuTMHPpyjwgNeHLvk1qPbh5f1A8ENw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff01b35f3d418b-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
200 OK 20 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3
GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:11 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Tue, 05 Dec 2023 21:47:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
9.0 kB URL cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec
GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:11 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Tue, 05 Dec 2023 21:47:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 21:47:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be1d5d543027d6673d948690ff88ce9d
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=9bb53df0-d22a-4ff0-acc3-997aa92af42e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 21:47:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 42de5f2b2019384c1773974f45750519
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
200 OK 2.0 kB URL GET HTTP/2 cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT
File type gzip compressed data, from Unix\012- data
Hash d115be67dc7131b1463ca05227bf668f
89b182ad2445731d07edab2e2a92664aefeb2600
2e03f117051cc5d6fd34f260e31ca2d76a372640b85c48d586423b47e6035ed5
GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:11 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 03 Dec 2023 22:47:11 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 347596
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
explosivegleameddesigner.com/pixel/sbs?c=1
0 B URL explosivegleameddesigner.com/pixel/sbs?c=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=9bb53df0-d22a-4ff0-acc3-997aa92af42e:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
explosivegleameddesigner.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3o0n8aDuRVCYg%2BIKZtI%2FM9Mz7mFxXbMGYxL2hxwEobqqelKmuqup6p6ejJfgguxxBA8eO2%2BSDbrL4noUBJl4kYCw40FyMCDe9yKsV5lkYPQ79Pfe9%2FrwvffVF3vFKfFQ0JONj%2FRAKkWXmnW3dnlTplyXtrZ2u%2Ba5dfdKbVOmrcaVWn%2F6Mb13PLdZd9%2Bq3RBsWy%2F5rue6nuvVlqURse4vnamQ2cOOV%2B%2B49YZf95oN9M3%2FuS0cWOqA907JS5B88tzWL48h2Rhp8t11Ybdznb39flIommuDHj%2B8k26nukyRzGFsHMTp4exvaDsh5OsL0OnhzAF0b3%2FqAJGcEOd3D1F6OFsTUe%2FgfNNIQaSI%2BPMoe2MINYakYzB9F5I%2FIQDjWFtHmtxf06akO%2BcqnaoTsvDsb8hyQhb%2BuIQ0eXRNyX7tllZFLnVq0Y8ryP4YsjtGVhwhHziQ5RFY%2Fjkk%2F5UsPVtFmuyvW6Uh%2BcnrnShqBjx2F7nv08VGHLuLlLFgsdMJKe34NG744iwiKceQ8RhKDEHtRRTWQSEdFLGDInOQ8JMabXZi1w3jKA6CdoMxFgSMNdst3uRBox27KNjUwxB5NgRTQzCzi8zsYlsOYYqfYLcqWO7A5gQ9XqEUBKUlKClBKQnKnKDsVQdcWd9W97myReTNuj%2FrQTXSeXePHui8K1ICaoZ72Sl5cRqec%2FkND9vipOa2gqDZ6kRNEUYhE7wdhix2fd4IWq0g9HxYWUHaC6DWwUBOyJuvLiCTT15OEdEjWHUEJh3Q4jXQchT6LujWqNF2MUgf0EEmlLR1phNwXSHLF5DvOHvqlLxydsEPfvgYgh1f%2FWrw541Hlz4DMxUyU%2BFT%2BTNBV90b3dQl2b%2BpS0ser2e5TOSATq97K6e5uPjth2Kn1IavXLfDb95lU2EKH94WNl%2BlKZdp15IH1yTnwixrwwT5ccVuimijsFvXCpMW2erGe8srSWaEtVKnY1A5IeTp92ByQl54as9e7uU7f0GaMUxRISmOyawg9RFYtgubzWdWExg151HmoCyqkfGj%2BVBJAiXmnEYV7H94NMd79h66xgHN7yJNKvRMhZ6qQNUQtrg4yjNzfPW34KwQKWcUKePsR8qoL8%2FDtfKk1vQaoh21Q8Z5JBj3Qj9oB67rc94IO8LrILcTof755F8AAAD%2F%2FwEAAP%2F%2FI5WSgJEEAAA%3D
200 OK 7 B URL GET HTTP/1.1 explosivegleameddesigner.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3o0n8aDuRVCYg%2BIKZtI%2FM9Mz7mFxXbMGYxL2hxwEobqqelKmuqup6p6ejJfgguxxBA8eO2%2BSDbrL4noUBJl4kYCw40FyMCDe9yKsV5lkYPQ79Pfe9%2FrwvffVF3vFKfFQ0JONj%2FRAKkWXmnW3dnlTplyXtrZ2u%2Ba5dfdKbVOmrcaVWn%2F6Mb13PLdZd9%2Bq3RBsWy%2F5rue6nuvVlqURse4vnamQ2cOOV%2B%2B49YZf95oN9M3%2FuS0cWOqA907JS5B88tzWL48h2Rhp8t11Ybdznb39flIommuDHj%2B8k26nukyRzGFsHMTp4exvaDsh5OsL0OnhzAF0b3%2FqAJGcEOd3D1F6OFsTUe%2FgfNNIQaSI%2BPMoe2MINYakYzB9F5I%2FIQDjWFtHmtxf06akO%2BcqnaoTsvDsb8hyQhb%2BuIQ0eXRNyX7tllZFLnVq0Y8ryP4YsjtGVhwhHziQ5RFY%2Fjkk%2F5UsPVtFmuyvW6Uh%2BcnrnShqBjx2F7nv08VGHLuLlLFgsdMJKe34NG744iwiKceQ8RhKDEHtRRTWQSEdFLGDInOQ8JMabXZi1w3jKA6CdoMxFgSMNdst3uRBox27KNjUwxB5NgRTQzCzi8zsYlsOYYqfYLcqWO7A5gQ9XqEUBKUlKClBKQnKnKDsVQdcWd9W97myReTNuj%2FrQTXSeXePHui8K1ICaoZ72Sl5cRqec%2FkND9vipOa2gqDZ6kRNEUYhE7wdhix2fd4IWq0g9HxYWUHaC6DWwUBOyJuvLiCTT15OEdEjWHUEJh3Q4jXQchT6LujWqNF2MUgf0EEmlLR1phNwXSHLF5DvOHvqlLxydsEPfvgYgh1f%2FWrw541Hlz4DMxUyU%2BFT%2BTNBV90b3dQl2b%2BpS0ser2e5TOSATq97K6e5uPjth2Kn1IavXLfDb95lU2EKH94WNl%2BlKZdp15IH1yTnwixrwwT5ccVuimijsFvXCpMW2erGe8srSWaEtVKnY1A5IeTp92ByQl54as9e7uU7f0GaMUxRISmOyawg9RFYtgubzWdWExg151HmoCyqkfGj%2BVBJAiXmnEYV7H94NMd79h66xgHN7yJNKvRMhZ6qQNUQtrg4yjNzfPW34KwQKWcUKePsR8qoL8%2FDtfKk1vQaoh21Q8Z5JBj3Qj9oB67rc94IO8LrILcTof755F8AAAD%2F%2FwEAAP%2F%2FI5WSgJEEAAA%3D
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectexplosivegleameddesigner.com
FingerprintE3:FF:06:A0:A9:B7:64:04:84:D9:73:8B:92:B7:FE:2C:57:F1:C0:84
ValidityTue, 28 Nov 2023 10:48:22 GMT - Mon, 26 Feb 2024 10:48:21 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3o0n8aDuRVCYg%2BIKZtI%2FM9Mz7mFxXbMGYxL2hxwEobqqelKmuqup6p6ejJfgguxxBA8eO2%2BSDbrL4noUBJl4kYCw40FyMCDe9yKsV5lkYPQ79Pfe9%2FrwvffVF3vFKfFQ0JONj%2FRAKkWXmnW3dnlTplyXtrZ2u%2Ba5dfdKbVOmrcaVWn%2F6Mb13PLdZd9%2Bq3RBsWy%2F5rue6nuvVlqURse4vnamQ2cOOV%2B%2B49YZf95oN9M3%2FuS0cWOqA907JS5B88tzWL48h2Rhp8t11Ybdznb39flIommuDHj%2B8k26nukyRzGFsHMTp4exvaDsh5OsL0OnhzAF0b3%2FqAJGcEOd3D1F6OFsTUe%2FgfNNIQaSI%2BPMoe2MINYakYzB9F5I%2FIQDjWFtHmtxf06akO%2BcqnaoTsvDsb8hyQhb%2BuIQ0eXRNyX7tllZFLnVq0Y8ryP4YsjtGVhwhHziQ5RFY%2Fjkk%2F5UsPVtFmuyvW6Uh%2BcnrnShqBjx2F7nv08VGHLuLlLFgsdMJKe34NG744iwiKceQ8RhKDEHtRRTWQSEdFLGDInOQ8JMabXZi1w3jKA6CdoMxFgSMNdst3uRBox27KNjUwxB5NgRTQzCzi8zsYlsOYYqfYLcqWO7A5gQ9XqEUBKUlKClBKQnKnKDsVQdcWd9W97myReTNuj%2FrQTXSeXePHui8K1ICaoZ72Sl5cRqec%2FkND9vipOa2gqDZ6kRNEUYhE7wdhix2fd4IWq0g9HxYWUHaC6DWwUBOyJuvLiCTT15OEdEjWHUEJh3Q4jXQchT6LujWqNF2MUgf0EEmlLR1phNwXSHLF5DvOHvqlLxydsEPfvgYgh1f%2FWrw541Hlz4DMxUyU%2BFT%2BTNBV90b3dQl2b%2BpS0ser2e5TOSATq97K6e5uPjth2Kn1IavXLfDb95lU2EKH94WNl%2BlKZdp15IH1yTnwixrwwT5ccVuimijsFvXCpMW2erGe8srSWaEtVKnY1A5IeTp92ByQl54as9e7uU7f0GaMUxRISmOyawg9RFYtgubzWdWExg151HmoCyqkfGj%2BVBJAiXmnEYV7H94NMd79h66xgHN7yJNKvRMhZ6qQNUQtrg4yjNzfPW34KwQKWcUKePsR8qoL8%2FDtfKk1vQaoh21Q8Z5JBj3Qj9oB67rc94IO8LrILcTof755F8AAAD%2F%2FwEAAP%2F%2FI5WSgJEEAAA%3D HTTP/1.1
Host: explosivegleameddesigner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=9bb53df0-d22a-4ff0-acc3-997aa92af42e:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:47:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f2df7e44b0370254d9b28b556acd0b6
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 319778
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.4.1.js
200 OK 280 kB URL GET HTTP/2 code.jquery.com/jquery-3.4.1.js
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
Size 280 kB (280364 bytes)
Hash 11c05eb286ed576526bf4543760785b9
7faa15a054093f3b5d674e63b6567c835a6fa217
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
GET /jquery-3.4.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-4472c"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 03 Dec 2023 21:47:09 GMT
age: 6837827
x-served-by: cache-lga21923-LGA, cache-bma1681-BMA
x-cache: HIT, HIT
x-cache-hits: 18, 131187
x-timer: S1701640029.283573,VS0,VE0
vary: Accept-Encoding
content-length: 82889
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
200 OK 958 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (1009), with no line terminators
Hash 04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41
GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bizarrap.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:11 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fs7eZzqSmNcfkFouwezX4%2F%2FeR1CrzufGEVP6pQdAG2uzeZlcrY0%2Fc%2F6KM4hpyYBTWZJspeeJomYLIeTFQ%2F%2BzCLHag9BddSkrDxwffxHC%2FmaK22reGzz7%2FCC5bWr5C9ypq4yMOZZTZ1r4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff01b4f9e0418b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
200 OK 84 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (32025)
Hash 4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:47:11 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 488628
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlZH25BJMnlrU2cw%2FkDBRpTq%2Fs43%2Fy9E161fwitDmqB4wSqFs9uniZi%2BA%2FTU5Zixyn%2Bby5FOCmgiXnlwM6tax5jjv5ua2IHrhejoYSN7RYdGTqp2Hb7fQer%2BRSPJOUQl%2BaoBSWO2YPun"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff01b35f47418b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c
200 OK 229 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Size 229 kB (229432 bytes)
Hash 8bb2c8b9d6793fb07c95fa62d0005066
0f19a1bb3792fe201e39dd7e42c5b6772fb4f2bb
eacaf27fcc0b025da5c3f607f681037cba832f21948d49342732002f46306310
GET /gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 21:47:09 GMT
expires: Sun, 03 Dec 2023 21:47:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81203
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
notix.io/ent/current/enot.min.js
200 OK 145 kB URL GET HTTP/2 notix.io/ent/current/enot.min.js
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 145 kB (144887 bytes)
Hash 5ec57c87dbac3f07e59e5d74ae3421e4
70121f1541a1961d7b87544001d612f18ad04243
e1d529afcbb911c99bb039ba39c7fb6716275b97650ae816a90fc03f256542bb
Analyzer Verdict Alert Public Nextron YARA rules malware Unique code from Jetriz, Swid & Jeniva of the Tetris framework
GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 21:47:10 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 09:39:49 GMT
etag: W/"65685865-235f7"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
bizarrap.flowhot.cc/favicon.ico
404 Not Found 1.3 kB URL GET HTTP/3 bizarrap.flowhot.cc/favicon.ico
IP
Requested by https://bizarrap.flowhot.cc/
Certificate IssuerGoogle Trust Services LLC
Subjectflowhot.cc
FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7
ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1336), with no line terminators
Hash f524e65bd054ef4645f2613feecd62ba
8f40c58021af38e48ca8cf873f8fc33016b8191f
519829523d799cdcf97fc3e589c7b8c0d21316df097951cf4108b95ff0a037cc
GET /favicon.ico HTTP/1.1
Host: bizarrap.flowhot.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bizarrap.flowhot.cc/
Cookie: _ga_Z7TJ1ZBHKC=GS1.1.1701640035.1.0.1701640035.0.0.0; _ga=GA1.1.1437426330.1701640035; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9bb53df0-d22a-4ff0-acc3-997aa92af42e%3A3%3A1; sb_main_0633569b5e7b7ced877cf02d43663712=1; sb_count_0633569b5e7b7ced877cf02d43663712=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 03 Dec 2023 21:47:10 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0XP6RXfEsTK1E4riFdtnbA5%2FRKEwOYxN%2BLoCzde9t6JXvhNApNyh2dWomNa%2BP%2BbZeeCZE3xrVNcoePeRw%2F9t1w9AZqWvqnxtJ9Wlj2E1rHdXLbAXBihtAlJpTbbFj%2BJbGZB8SXz4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff01af6ea90b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
172.67.165.215
139.45.240.92
18.184.210.76
104.18.10.207
0.0.0.0