rouonixon.com/4/5181803/
139.45.197.238200 OK 9.2 kB IP 139.45.197.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12966)
Hash 91cff0d2bf2458eac917fd72b1d58a50
b5f924227e4afcda711bad329914003fd8d20c1b
aa59de29bf4e84a378b21199f88b78a875ae5bd74383263215b72dfbfab96031
Analyzer Verdict Alert fortinet Phishing
GET /4/5181803/ HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Mar 2023 15:15:07 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 9fe477dc67165a2a4bac4af3386b4e10
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=c07622f51c7f4b56b50f578a6911986a; expires=Thu, 29 Feb 2024 15:15:07 GMT; path=/
oaidts=1677683707; expires=Thu, 29 Feb 2024 15:15:07 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b44b6d7bebf34d0393567b22a63a93fa
a1a85b268bc8073d8e4622ceb78b78a1b39af96a
4b69973af6e9c5a78d94e8661b08d9349176a515e7bfb3386b10ace4c6f1ae21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B69973AF6E9C5A78D94E8661B08D9349176A515E7BFB3386B10ACE4C6F1AE21"
Last-Modified: Tue, 28 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6162
Expires: Wed, 01 Mar 2023 16:57:49 GMT
Date: Wed, 01 Mar 2023 15:15:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa03c1ea82feaa081cf4094641ce1152
5c62e5281662a4010eb4cb45f3bd4bacae1c9153
7b72ac559134398cedcb17bbca3ea3e5467a05a7da769ee2f83f4f762af62918
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B72AC559134398CEDCB17BBCA3EA3E5467A05A7DA769EE2F83F4F762AF62918"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9047
Expires: Wed, 01 Mar 2023 17:45:54 GMT
Date: Wed, 01 Mar 2023 15:15:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Mar 2023 15:08:07 GMT
content-type: application/json
age: 420
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1fc53096a9ed90534f34db55765fe755
00462323483a73d48261b8e8a0981bec58ef832a
bcfb9a09fd0882661e1eddc5bde947142897dfe816d535ed2cbfb1aa34823bd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCFB9A09FD0882661E1EDDC5BDE947142897DFE816D535ED2CBFB1AA34823BD7"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10484
Expires: Wed, 01 Mar 2023 18:09:51 GMT
Date: Wed, 01 Mar 2023 15:15:07 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6C+wJeSw/nsHm1iBsnhQlLeyljwFyIOKMQpICPxLdtTpUXrHtG2qQWLY/HDRhasQ1w6XbRAl0J8=
x-amz-request-id: SSMM67HWY6PMY69H
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Mar 2023 14:32:41 GMT
age: 2546
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:07 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 74367d6b19fce5fa907f5b42ed1a68d3
c6489eaa01839e946d0807bfa1955e495b38792f
86fafe94e9d7a2f5c14abf5e8cb9a0508729fff3c291e7f38a974b400a4211bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86FAFE94E9D7A2F5C14ABF5E8CB9A0508729FFF3C291E7F38A974B400A4211BC"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14784
Expires: Wed, 01 Mar 2023 19:21:31 GMT
Date: Wed, 01 Mar 2023 15:15:07 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=c07622f51c7f4b56b50f578a6911986a
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=c07622f51c7f4b56b50f578a6911986a
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=c07622f51c7f4b56b50f578a6911986a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rouonixon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:07 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c07622f51c7f4b56b50f578a6911986a; expires=Thu, 29 Feb 2024 15:15:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ab019b401a51c185f95c1352f81ee656
2c7b1ccab829c0db355c862627f2139cc9978541
a4394ccff637b4155565e41610b3e8b5808917522a3541107fa8f76ff6783caa
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Mar 2023 15:15:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Feb 2023 03:13:34 GMT
Expires: Mon, 06 Mar 2023 03:13:33 GMT
Etag: "2c7b1ccab829c0db355c862627f2139cc9978541"
Cache-Control: max-age=388105,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a125a859e5bb4f9-OSL
rouonixon.com/?z=5181803&syncedCookie=true&rhd=false
139.45.197.238302 Found 0 B URL HTTP/1.1 rouonixon.com/?z=5181803&syncedCookie=true&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Adware.Agent.NSU CnC Activity M2
POST /?z=5181803&syncedCookie=true&rhd=false HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 441
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=5181803&var=5181803&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=c07622f51c7f4b56b50f578a6911986a; oaidts=1677683707
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Mar 2023 15:15:07 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 019ec0cfacbfaddc9bf5326a9e9c0590
Link: <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://toapodazoay.com/?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=c07622f51c7f4b56b50f578a6911986a; expires=Thu, 29 Feb 2024 15:15:07 GMT; path=/
oaidts=1677683707; expires=Thu, 29 Feb 2024 15:15:07 GMT; path=/
syncedCookie=true; expires=Wed, 08 Mar 2023 15:15:07 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Last-Modified, Backoff, Alert, Cache-Control, ETag, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Mar 2023 15:12:25 GMT
age: 163
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e9c51a1702509414f4cd1cc42c50d14d
4ba643d3dd74f0695bcdad79b690bbdcfbbd2a44
9fb5c75ea47e0e3cc047673f98fd20a5fd32011eab02499a9048a0c430d93322
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FB5C75EA47E0E3CC047673F98FD20A5FD32011EAB02499A9048A0C430D93322"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12739
Expires: Wed, 01 Mar 2023 18:47:27 GMT
Date: Wed, 01 Mar 2023 15:15:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a518b418b3b845c6c4f61b595d07d29e
fa6b54344b3e4dfb5c6f16090825264152907bd6
b797e9b583b27d9c7288b67ecd1c8fc0da8a0ff8ac6d335f3d6e0bed653f2aed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B797E9B583B27D9C7288B67ECD1C8FC0DA8A0FF8AC6D335F3D6E0BED653F2AED"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14358
Expires: Wed, 01 Mar 2023 19:14:26 GMT
Date: Wed, 01 Mar 2023 15:15:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ffae4d59b32b6a7314fa7ef67cda0fc2
3de4c5f825a116094e15e8b5632f6880603a7d63
3b6261eae7aee33fd74e899dbeaef4e13ac0be1aaa82d389440bb5c6f22db74e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B6261EAE7AEE33FD74E899DBEAEF4E13AC0BE1AAA82D389440BB5C6F22DB74E"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1759
Expires: Wed, 01 Mar 2023 15:44:27 GMT
Date: Wed, 01 Mar 2023 15:15:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6e0114c0f6c5872e8f6dea4f163ea637
94c21d49d95cde869495cbad1b18034ff218f54f
51ca26c6cf36b40e623cf45aac683eab6ac5b33d666cd48ce1f0f9a7c446800c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51CA26C6CF36B40E623CF45AAC683EAB6AC5B33D666CD48CE1F0F9A7C446800C"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16514
Expires: Wed, 01 Mar 2023 19:50:22 GMT
Date: Wed, 01 Mar 2023 15:15:08 GMT
Connection: keep-alive
unphionetor.com/fv.js?t=56193&cb=729024116
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=56193&cb=729024116
IP 139.45.197.236:0
Hash 1a267a8fd5fca1138a9c4eaf8b176ed1
fb3ff1f79972b15504ef07552574347f3b15cc39
b9efbee84207cf2f9dc567717e4ea57690c4f0140deb8d093380a7c39c5a8430
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=56193&cb=729024116 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: f66f1ba7de6f5354a5e1ac7b3e69060e
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.38.227.80101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.227.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 37iaF/H9+vS8cDvf0Hs3SQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IL3MJhGjGc+pO1ct+Up9K0XImog=
toapodazoay.com/favicon.ico
139.45.197.151204 No Content 0 B URL HTTP/2 toapodazoay.com/favicon.ico
IP 139.45.197.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=5181803&rsz=5181803&rid=
Cookie: reverse=yAbcCAQ9aAuEY7A5-un-FZoIPEgGbzeSMlkuX6xeQ50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
strict-transport-security: max-age=60
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stoomawy.net/zone?&pub=0&zone_id=3683319&is_mobile=false&domain=toapodazoay.com&var=qCqekRDLtEBTXwP&ymid=&var_3=&dsig=&action=prerequest
139.45.197.250200 OK 0 B URL HTTP/2 stoomawy.net/zone?&pub=0&zone_id=3683319&is_mobile=false&domain=toapodazoay.com&var=qCqekRDLtEBTXwP&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=3683319&is_mobile=false&domain=toapodazoay.com&var=qCqekRDLtEBTXwP&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: stoomawy.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
content-length: 0
x-trace-id: e5d9159f38bc9770429236aafcb2bcf2
access-control-allow-origin: https://toapodazoay.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=56193&bid=79056&aid=654815531291124624
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=56193&bid=79056&aid=654815531291124624
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=56193&bid=79056&aid=654815531291124624 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 5b80244b2ab7907ebe6e77bd10d62220
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11580
Expires: Wed, 01 Mar 2023 18:28:09 GMT
Date: Wed, 01 Mar 2023 15:15:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11580
Expires: Wed, 01 Mar 2023 18:28:09 GMT
Date: Wed, 01 Mar 2023 15:15:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11580
Expires: Wed, 01 Mar 2023 18:28:09 GMT
Date: Wed, 01 Mar 2023 15:15:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11580
Expires: Wed, 01 Mar 2023 18:28:09 GMT
Date: Wed, 01 Mar 2023 15:15:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f2b86251851c15a6378051a85964269
376c0277369d9cf0f23b197ed42b20be02bb1a8c
e1b4055a26895e7eb7791d8ae2bbd0066dd897ca0f9c27d896480fb0e8ce7bca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1B4055A26895E7EB7791D8AE2BBD0066DD897CA0F9C27D896480FB0E8CE7BCA"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11580
Expires: Wed, 01 Mar 2023 18:28:09 GMT
Date: Wed, 01 Mar 2023 15:15:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59ab132e-e9ad-4556-83de-990c4d390aef.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59ab132e-e9ad-4556-83de-990c4d390aef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3874c3a95ebd4b7fe922878cf7d818ac
d2f74c496308d92082e9499ebde79b65226c63ee
53ca673869045cde8b0c7ad37ecae0583f60545215b86d3197cffd93323a177a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59ab132e-e9ad-4556-83de-990c4d390aef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10391
x-amzn-requestid: 3b126435-0e9d-4688-84d3-dedea6fc024f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BEbroFO8oAMFW6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fe7316-630925bc14685ec8593eb2ee;Sampled=0
x-amzn-remapped-date: Tue, 28 Feb 2023 21:33:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: IxeAET6uxzcr1cUTdoUPp6Vc6vvFMDMTQRU3eftq36GS02eKiy13Eg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Feb 2023 21:38:44 GMT
age: 63385
etag: "d2f74c496308d92082e9499ebde79b65226c63ee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33adbdf5-8582-4c0e-ac8c-334da8925b4c.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33adbdf5-8582-4c0e-ac8c-334da8925b4c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 005d3fd580be1e8f8d16119b2eb49a54
461b0a4ab177c02a4890941361e0039114348197
ebcbf1b04babf578b73d592bf6dd064de5d0f08489b8c4b99cadbe545504ccec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33adbdf5-8582-4c0e-ac8c-334da8925b4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11512
x-amzn-requestid: 376bbbcf-89b7-490e-b204-cfd7f47133c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A4joiG4zIAMFWYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f9b303-1d742abb3fc8f2a14c622eab;Sampled=0
x-amzn-remapped-date: Sat, 25 Feb 2023 07:04:35 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: CKB09XX-OUzww001G8KZ3jRK8V7LrdX7qGW9wCifFktM6Xl_jyB2BQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Feb 2023 16:49:35 GMT
age: 80734
etag: "461b0a4ab177c02a4890941361e0039114348197"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77ea2415-57a8-404d-8313-52c8cc6340fb.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77ea2415-57a8-404d-8313-52c8cc6340fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2b436b88c2f5ba756bd02b66a47097f8
ebfceb33ae49f259314299bddf1be4a848c7203f
ad66d49fe3029b566548789beac637b92f7e52d6a53ef541243280260a69585d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77ea2415-57a8-404d-8313-52c8cc6340fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8862
x-amzn-requestid: 306d5a4c-cfec-464c-9cbc-f45b46d4795c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A38NHFSloAMFf2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f973ed-77dec03d03eecc6552fc5294;Sampled=0
x-amzn-remapped-date: Sat, 25 Feb 2023 02:35:25 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 2z5TP_Q2PivQf0j39LiLpWX0Jrjo5kEAleVemeTEHcoTdpy8g2H_BA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Feb 2023 22:10:58 GMT
age: 61451
etag: "ebfceb33ae49f259314299bddf1be4a848c7203f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: f160a6a5-c245-40ab-9e03-ca03ba05863a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BBNUOGorIAMFTlg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd28e7-74bb8ca33cc8d5ee7e48ad3a;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 22:04:23 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: IO69zcOnxqmoWjuIOWjYbRZ8M97AvxXfMxXSGptvK2ql0SrC0U3d5g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Feb 2023 21:42:06 GMT
age: 63183
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F168e63b4-3ce9-4990-8cfe-f2f3645925e2.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F168e63b4-3ce9-4990-8cfe-f2f3645925e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e9c53b037c590cde3ec26668342bb79c
18176b39b2888a4843a551dcf544e6ff42071635
77580642879580aab11f6c95763029fa58ed25f6cafb1fcee71facc573cf3cd7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F168e63b4-3ce9-4990-8cfe-f2f3645925e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9644
x-amzn-requestid: 8bc468d2-5ab6-46dc-a4c3-f3243d455400
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A36FeEMyoAMF2zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f97089-1d978335370496ab14681c79;Sampled=0
x-amzn-remapped-date: Sat, 25 Feb 2023 02:20:57 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Gz08KSK9ij-FhtHEtnUUyKw1SKl6Gz_ubjJXJcDej94rT6mq-_PTlQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Feb 2023 20:57:20 GMT
age: 65869
etag: "18176b39b2888a4843a551dcf544e6ff42071635"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11b4bf4e-f145-4c9e-abad-1756e89c765f.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11b4bf4e-f145-4c9e-abad-1756e89c765f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2eedbee19ad8b7fe24b5c3cda8d92825
1eaffe902658900d684f44e4c68234075f65cb87
e0c5964a97e0c292958c7ae074d6384bac147d13fb8daf900d2097b46092205c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11b4bf4e-f145-4c9e-abad-1756e89c765f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4866
x-amzn-requestid: 31a47ad4-8fad-4775-b4d6-bdebe4b2cad1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BCPNsGvKoAMF9tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fd9257-57f9393a4cfbedbb3cc3ac3e;Sampled=0
x-amzn-remapped-date: Tue, 28 Feb 2023 05:34:15 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: JyKZZd0oxSliqXLCHiXQZUB_N2o437iz2XAdMCo0bjsif1mZWLg5zw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5c35539543902c678280929df206948c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 04:46:31 GMT
age: 37718
etag: "1eaffe902658900d684f44e4c68234075f65cb87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 01 Mar 2023 15:15:09 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 836 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (379)
Hash 5f89b0612d3f442204098e8b7bd41b11
b86600f04c5b8be0d52f55471a78d8b5a627ff87
f57c73c64406217ea16975f2eeb2aab4d9a7a3db2cd8ac7d9a03bf1c2ebbe214
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 328e1a768bce1b5606526732508eea97
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://indexcontrol.online>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=f1b5d7b964814b2fb432dd6e16b3052c; expires=Thu, 29 Feb 2024 15:15:10 GMT; path=/
oaidts=1677683710; expires=Thu, 29 Feb 2024 15:15:10 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
unphionetor.com/vb?t=56193&bid=79056&aid=654815531291124624&tp=2226
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vb?t=56193&bid=79056&aid=654815531291124624&tp=2226
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vb?t=56193&bid=79056&aid=654815531291124624&tp=2226 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 01 Mar 2023 15:15:10 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d6d782ed17ffacbe2c1adbbe76c6c544
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 74367d6b19fce5fa907f5b42ed1a68d3
c6489eaa01839e946d0807bfa1955e495b38792f
86fafe94e9d7a2f5c14abf5e8cb9a0508729fff3c291e7f38a974b400a4211bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86FAFE94E9D7A2F5C14ABF5E8CB9A0508729FFF3C291E7F38A974B400A4211BC"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14781
Expires: Wed, 01 Mar 2023 19:21:31 GMT
Date: Wed, 01 Mar 2023 15:15:10 GMT
Connection: keep-alive
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=f1b5d7b964814b2fb432dd6e16b3052c; oaidts=1677683710
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 01 Mar 2023 15:15:10 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
my.rtmark.net/img.gif?f=merge&userId=f1b5d7b964814b2fb432dd6e16b3052c
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=f1b5d7b964814b2fb432dd6e16b3052c
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=f1b5d7b964814b2fb432dd6e16b3052c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:10 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f1b5d7b964814b2fb432dd6e16b3052c; expires=Thu, 29 Feb 2024 15:15:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
157.90.254.169200 OK 1.9 kB URL HTTP/1.1 indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2184)
Hash 5706c71a0ca71ccb76379b5d0b476c16
128c7c2a2f15f988ebba9bc9dd50e246c1e2b1a6
8d74f52c34c7b78908accedd13e29b4dafc438891e5c5cdb8e825cb3e8db0740
GET /click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=gxsyc815; expires=Thu, 02-Mar-2023 15:15:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa; expires=Thu, 02-Mar-2023 15:15:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/9cc8f7eaec4aa7b5a3d8a1e8900acc0b.static.css?1643624258
157.90.254.169200 OK 655 B URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/9cc8f7eaec4aa7b5a3d8a1e8900acc0b.static.css?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash 64836db20736f1e7995b43489b4bf0ac
a0db33db05acb39dd01d9f19f5eed634682b0ead
d4d21bac4b13cac53c0b921c3aa69d1e010a32ad3ccb7498821aa6e763e71c87
GET /landers/mcafeecleanlp1_noredirect/lp1/9cc8f7eaec4aa7b5a3d8a1e8900acc0b.static.css?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: text/css
Content-Length: 655
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-28f"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/baa1d5d5027c5653452694f0f66ce039.static.css?1643624258
157.90.254.169200 OK 2.1 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/baa1d5d5027c5653452694f0f66ce039.static.css?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash 4c9f09a9675607afbddf827aaeefcb61
c341d14ed81d4789d998b01d6afa2a7ed6c9607a
808e3f0ad00c29cb12bee57b3eef2e22b83847aba521b2c34c1400bfcc00509a
GET /landers/mcafeecleanlp1_noredirect/lp1/baa1d5d5027c5653452694f0f66ce039.static.css?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: text/css
Content-Length: 2054
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-806"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/56633b8b6c6c63e283fa74cf426bb4b7.static.js?1643624258
157.90.254.169200 OK 1.2 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/56633b8b6c6c63e283fa74cf426bb4b7.static.js?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash fcd546809170dd574eb37b989529f69a
2e227e144e3b4bd68064354d8a7fbc61125f624c
350baff99bbd3db6cdb8d741bc7f75fa333489ad5dcc641e2cfa0e11130e1920
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/56633b8b6c6c63e283fa74cf426bb4b7.static.js?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 1157
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-485"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/5b44b57497117d6121c213672ca3b15f.static.js?1643624258
157.90.254.169200 OK 2.2 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/5b44b57497117d6121c213672ca3b15f.static.js?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash c9e9a54501fc6f6e8918b2c0f2a53981
3d530e6c830ccba6284e79c7245bb45d6f4f2197
491fdee141835401d29318ca584ac3e91a38c92d8694f26d90883bfc324ca454
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/5b44b57497117d6121c213672ca3b15f.static.js?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 2198
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-896"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/e5cb773f86887726adf00544b772f96d.static.js?1643624258
157.90.254.169200 OK 1.1 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/e5cb773f86887726adf00544b772f96d.static.js?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1074), with no line terminators
Hash b93c2e03ce7a45d313a6b7deba058cc5
27f22eb9c15e5e3671493517c56f9952c8a6ac09
6639d11ceed4d2c61a2522894f03122e3a147a627cb1c7a86fd9022cb62ac292
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/e5cb773f86887726adf00544b772f96d.static.js?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 1074
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-432"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/4b3ac8adf00db4ad50528231b01fc05d.static.js?1643624258
157.90.254.169200 OK 2.3 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/4b3ac8adf00db4ad50528231b01fc05d.static.js?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash 4794a3102f0351b663eb39ff6e35f2dc
4a5b15b20844e05e77ec9f209f0a26800d3e628f
27c3394abd8f7828961ee62fd1e725aa6837d61f457d50c7127625c9248a87c6
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/4b3ac8adf00db4ad50528231b01fc05d.static.js?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 2333
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-91d"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/3c7ab8eec6fffcd8d12633f39560a159.static.js?1643624258
157.90.254.169200 OK 87 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/3c7ab8eec6fffcd8d12633f39560a159.static.js?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65451)
Hash a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/3c7ab8eec6fffcd8d12633f39560a159.static.js?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 86927
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-1538f"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/fef12056a0c6ad0223d68d6b762dd7de.static.js?1643624258
157.90.254.169200 OK 6.5 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/fef12056a0c6ad0223d68d6b762dd7de.static.js?1643624258
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash 469e121bb4c4fe159bbca2b4f5a88267
f0c66f226de28b324e4f1ecb766597938f984c60
4706b6d6c3e39cf2915a772595f2cc124e96d0919538b56aa817113e6482c416
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/fef12056a0c6ad0223d68d6b762dd7de.static.js?1643624258 HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 6502
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-1966"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/633d8c95262d5_v.css
157.90.254.169200 OK 7.2 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/633d8c95262d5_v.css
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (7048)
Hash 8d4fba5186f02a0c4458986b0cf91667
785579011ecdda9e4754ca41649fa2fc06453b52
1cfc73a6db9523c12b6b7f5d009bed19c8799eed001f607bd891a1fd838b7739
GET /landers/mcafeecleanlp1_noredirect/lp1/633d8c95262d5_v.css HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: text/css
Content-Length: 7208
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-1c28"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/8dda384b688f7e78af5e906b98c2b337.static.css
157.90.254.169200 OK 19 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/8dda384b688f7e78af5e906b98c2b337.static.css
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (18692)
Hash 028abdb3c23e8b282b583083e56308ec
737f32630b6201cb407e59284ced7111e67060e8
24a7c26261729b65eb532c5572f7c2454e5f4a1a9a33568a409ab23ece261cba
GET /landers/mcafeecleanlp1_noredirect/lp1/8dda384b688f7e78af5e906b98c2b337.static.css HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: text/css
Content-Length: 18746
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-493a"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/7de01cc5e3e9204e191bf3eed0608b3e.static.js?cb=googleTranslateElementInit
157.90.254.169200 OK 78 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/7de01cc5e3e9204e191bf3eed0608b3e.static.js?cb=googleTranslateElementInit
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (560)
Hash fb0d9ac7c01bf99ea71aa98c30a48f1b
1b56d240057a5bfd63c9a92fb77f8a9c8e235d9e
3c6772a74ecd1f2cd06d35edf131707816f80282f1af89729ab07cce26f677fc
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/7de01cc5e3e9204e191bf3eed0608b3e.static.js?cb=googleTranslateElementInit HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 77854
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-1301e"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/2501256b80ce2b760a9aa1403be30d4e.static.js
157.90.254.169200 OK 32 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/2501256b80ce2b760a9aa1403be30d4e.static.js
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (31370)
Hash 198f2f5b0a649f41fe890c59d37319aa
f24629687612889bb59f610df3879afcd766fb80
d2bc2cb800679f495a7731c105b2e2047965800515f98008867ab33edc940912
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/2501256b80ce2b760a9aa1403be30d4e.static.js HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 31705
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-7bd9"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 075db557635793632d91c6d220714041
28fe9fa6377b2658fb1d90c6c81be80eb96874b2
9f225746c23128917d7f062d6c9db7822513922b73833d08645a78b83f137f9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 278 B IP 192.229.221.95:0
Hash e19393d1076db8353d69b068103ce8af
1586b2cfa175f2231b0843fc9cdfd7a24753414f
0971b23147124e6959cd43df45cf1af6ce6cebf676480649d8d0ceaffe93b879
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 74855
Cache-Control: max-age=131968
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Etag: "63fda818-116"
Expires: Fri, 03 Mar 2023 03:54:39 GMT
Last-Modified: Tue, 28 Feb 2023 07:07:04 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 278
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.10200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.10:0
File type ASCII text, with very long lines (22967)
Hash f7bf2121608909b56672e6398ac2335c
864ef3bac46b08ab6609fad23f00d5f09815647d
b9d3a8600d9b6edf9c71b793c42782282ecfb01e2026e0128608b949e91e152c
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3632
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Mar 2023 14:49:54 GMT
expires: Wed, 01 Mar 2023 15:49:54 GMT
cache-control: public, max-age=3600
age: 1517
last-modified: Mon, 09 Jan 2023 20:58:00 GMT
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/5ae2bd8608573f29bfe3c426918be36a.static.js
157.90.254.169200 OK 271 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/5ae2bd8608573f29bfe3c426918be36a.static.js
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1613)
Size 271 kB (271006 bytes)
Hash 36c0b0dc6a2b384defe57e55f520d051
6b87001d2420fd211212022945186b5d0d368f3f
0ac1b7e02a073dddc8f17e00df8b6651d40fcf8767f6c58a54bab047eb54cc5c
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/5ae2bd8608573f29bfe3c426918be36a.static.js HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:10 GMT
Content-Type: application/javascript
Content-Length: 271006
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-4229e"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 075db557635793632d91c6d220714041
28fe9fa6377b2658fb1d90c6c81be80eb96874b2
9f225746c23128917d7f062d6c9db7822513922b73833d08645a78b83f137f9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/bff9f670213705f964ee2438e3c51d68.static.svg
157.90.254.169200 OK 1.3 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/bff9f670213705f964ee2438e3c51d68.static.svg
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1296), with no line terminators
Hash 6afb794723ba525f2c526c9899569924
8921668647cb2e4e8f689abd3f2bb8c9579432a8
e4aef0aba15680c1b745414a7c7bc39cdbeda17f1de0c7bf57bf90378b6a5d26
Analyzer Verdict Alert fortinet Phishing
GET /landers/mcafeecleanlp1_noredirect/lp1/bff9f670213705f964ee2438e3c51d68.static.svg HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:11 GMT
Content-Type: image/svg+xml
Content-Length: 1296
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-510"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
stoomawy.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 15 kB URL HTTP/2 stoomawy.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
Hash 532df7072a3894da454d0ed59f873d76
c4b2274928f476b50b948611959eecb67ec9b90f
bb2a1133711e4cb68d5dfe12379b68676c896e3d4bb9f5fcca934eed9c4501be
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: stoomawy.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
content-type: application/javascript
last-modified: Mon, 20 Feb 2023 17:09:26 GMT
etag: W/"63f3a946-a115"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/f03036d5c103eedbac3c581568b32269.static.png
157.90.254.169200 OK 314 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/f03036d5c103eedbac3c581568b32269.static.png
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 934 x 885, 8-bit/color RGBA, non-interlaced\012- data
Size 314 kB (313991 bytes)
Hash eb5576f156132c190715b2f03f9173c3
cec31b87a0b1c7a49286be0c4caa8ba462d340a4
49970818ac9e72e7c2c3e0d029bcb7a20ccf64ddbc9b1dc62f5518c0ba7afd6e
GET /landers/mcafeecleanlp1_noredirect/lp1/f03036d5c103eedbac3c581568b32269.static.png HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:11 GMT
Content-Type: image/png
Content-Length: 313991
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-4ca87"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/941fa1e5bcd2700ef94edf077fe9fcf0.static.png
157.90.254.169200 OK 4.1 kB URL HTTP/1.1 indexcontrol.online/landers/mcafeecleanlp1_noredirect/lp1/941fa1e5bcd2700ef94edf077fe9fcf0.static.png
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 4cdf3256cd7b8ec3917adb79d6bf457e
bc615337e9223183a126c8fb649774866fb53e69
fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
GET /landers/mcafeecleanlp1_noredirect/lp1/941fa1e5bcd2700ef94edf077fe9fcf0.static.png HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/click.php?key=t1t9w0v99re7r2psk5ad&visitor_id=654815540308882191&cost=0.000801&zoneid=792658&campaignid=6677852&device=desktop&browser=firefox&bannerid=16911470&osversion=win10&country=NO&language=en&isp=blix%20group%20as&8={t10}&rdk=rk1
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa; GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:11 GMT
Content-Type: image/png
Content-Length: 4103
Last-Modified: Mon, 14 Nov 2022 13:57:07 GMT
Connection: keep-alive
ETag: "63724933-1007"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3b42baf847f833fa442676cfb999df72
a6bbdf1621670d1626b90ddcf6fb8f1339850f8d
0e8fb2d4746d2d516d3a8dd2916e087a94ad8a285e7784e78c9099bed59d5a26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3cb24a0e3d83f7099a7b771382b9a1c9
ad5b66f890a627410df36bc11e0c11de6b52a444
da7077c0f05e22fa87e7c4d0eb5c891e7a3c55fd86e36e0eeed400e3214a42f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/images/branding/product/2x/translate_24dp.png
142.250.74.99200 OK 1.8 kB URL HTTP/2 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP 142.250.74.99:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Mar 2023 09:24:18 GMT
expires: Thu, 29 Feb 2024 09:24:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 21053
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3cb24a0e3d83f7099a7b771382b9a1c9
ad5b66f890a627410df36bc11e0c11de6b52a444
da7077c0f05e22fa87e7c4d0eb5c891e7a3c55fd86e36e0eeed400e3214a42f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash d9441057dfd89bf829b682425aa22df2
003aa4b3c3c81786117a7d64bde556e9012fd5ef
d8eede4e2480852ecf426aa5bf9d5f6f1b07fb8336f69dff34a7e61a649a4553
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Mar 2023 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stormtrk.com/api/1.0/ping/pong?location=https%3A%2F%2Findexcontrol.online%2Fclick.php%3Fkey%3Dt1t9w0v99re7r2psk5ad%26visitor_id%3D654815540308882191%26cost%3D0.000801%26zoneid%3D792658%26campaignid%3D6677852%26device%3Ddesktop%26browser%3Dfirefox%26bannerid%3D16911470%26osversion%3Dwin10%26country%3DNO%26language%3Den%26isp%3Dblix%2520group%2520as%268%3D%7Bt10%7D%26rdk%3Drk1
104.26.5.120200 OK 77 kB URL HTTP/2 stormtrk.com/api/1.0/ping/pong?location=https%3A%2F%2Findexcontrol.online%2Fclick.php%3Fkey%3Dt1t9w0v99re7r2psk5ad%26visitor_id%3D654815540308882191%26cost%3D0.000801%26zoneid%3D792658%26campaignid%3D6677852%26device%3Ddesktop%26browser%3Dfirefox%26bannerid%3D16911470%26osversion%3Dwin10%26country%3DNO%26language%3Den%26isp%3Dblix%2520group%2520as%268%3D%7Bt10%7D%26rdk%3Drk1
IP 104.26.5.120:0
File type JSON data\012- , ASCII text, with very long lines (478)
Hash 1b736c368dd67b536a028e6c12056e00
3fd6783ce284b7bbca5c023621cd1b71d129f0d9
15099063c8190e4ba87340fa78d32a3d97961ac09034cfb6c5e5edc77ddc6320
GET /api/1.0/ping/pong?location=https%3A%2F%2Findexcontrol.online%2Fclick.php%3Fkey%3Dt1t9w0v99re7r2psk5ad%26visitor_id%3D654815540308882191%26cost%3D0.000801%26zoneid%3D792658%26campaignid%3D6677852%26device%3Ddesktop%26browser%3Dfirefox%26bannerid%3D16911470%26osversion%3Dwin10%26country%3DNO%26language%3Den%26isp%3Dblix%2520group%2520as%268%3D%7Bt10%7D%26rdk%3Drk1 HTTP/1.1
Host: stormtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://indexcontrol.online
Connection: keep-alive
Referer: https://indexcontrol.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Mar 2023 15:15:11 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, X-Requested-With
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUBV3qUryYpbIRr%2BgGHUNS8rmTlkwJdPgLMbFi28Q75XC3YXNn5ZItjD7Bxl03TEbwU4Yy8V0TVe0ph76ut%2B6dZOM76VlgF1bflzDKG2fE9ILTEO82eu2VdKNRyhaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a125a9a3fecb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.stfilecamp.com/fp.min.js
205.185.216.10200 OK 32 kB URL HTTP/2 cdn.stfilecamp.com/fp.min.js
IP 205.185.216.10:0
File type Unicode text, UTF-8 text, with very long lines (31370)
Hash 198f2f5b0a649f41fe890c59d37319aa
f24629687612889bb59f610df3879afcd766fb80
d2bc2cb800679f495a7731c105b2e2047965800515f98008867ab33edc940912
Analyzer Verdict Alert fortinet Phishing
GET /fp.min.js HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Mar 2023 15:15:11 GMT
cache-control: max-age=3218
content-length: 31705
content-type: text/javascript
last-modified: Mon, 13 Jun 2022 11:23:14 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "198f2f5b0a649f41fe890c59d37319aa"
x-amz-request-id: tx00000000000000baf4ab2-0063ff6a81-30482482-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1677683711.dop003.sk1.t,1677683711.cds218.sk1.hn,1677683711.cds237.sk1.c
X-Firefox-Spdy: h2
indexcontrol.online/js/rt/service-worker.js
157.90.254.169200 OK 20 B URL HTTP/1.1 indexcontrol.online/js/rt/service-worker.js
IP 157.90.254.169:0
ASN #24940 Hetzner Online GmbH
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert fortinet Phishing
GET /js/rt/service-worker.js HTTP/1.1
Host: indexcontrol.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uclick=gxsyc815; uclickhash=gxsyc815-gxsyc815-gm3v-q5ft-qe1m-2ta03y-2ta06o-39f1aa; GoogleAccountsLocale_session=en; googtrans=/en/en; fp_js=9e4947f35751465411fd1a4f5c358c78
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Mar 2023 15:15:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3
139.45.197.151200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3
IP 139.45.197.151:0
GET /?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=yAbcCAQ9aAuEY7A5-un-FZoIPEgGbzeSMlkuX6xeQ50; expires=Wed, 01-Mar-2023 16:15:08 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3&mprtr=1
139.45.197.151200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3&mprtr=1
IP 139.45.197.151:0
POST /?l=qCqekRDLtEBTXwP&s=654815531291124624&z=5181803&g=NO&svar=1677683707&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1677683707&ssk=e829e0cfd153789030b21db0cce3ba40&svarok=1&b=79056&oaid=c07622f51c7f4b56b50f578a6911986a&rdk=rk3&mprtr=1 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=5181803&rsz=5181803&rid=
Cookie: reverse=yAbcCAQ9aAuEY7A5-un-FZoIPEgGbzeSMlkuX6xeQ50
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Mar 2023 15:15:08 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
142.250.74.78200 OK 0 B URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP 142.250.74.78:0
GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://indexcontrol.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Mar 2023 15:15:11 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+114; expires=Fri, 28-Feb-2025 15:15:11 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2