Report - oggcb.cn.wy5532.com/

Report Overview

Submitted URL
oggcb.cn.wy5532.com/
IP
172.93.103.102
ASN
#23470 RELIABLESITE
Submitted
2022-12-01 18:40:42
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.fst-ent-lnk.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	536 B	776 B	44.228.224.65
go.cyberslut2069.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.2 kB	3.7 MB	54.230.111.33
kankfn.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	24 kB	207.120.33.13
geoip.enlistsecureup.com	269993	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	623 B	163.171.128.172
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.1 kB	142.250.74.131
secadmt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	591 B	999 B	163.171.128.172
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	411 B	32 kB	142.250.74.106
www.arkdcz.com	767397	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	530 B	869 B	34.149.6.227
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	714 B	3.8 kB	104.18.21.226
ka-p.fontawesome.com	4489	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	4.7 kB	104.18.22.52
flirtyhoookup.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	559 B	1.2 kB	172.67.201.85
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	805 B	1.5 kB	142.250.74.106
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.214.64.191
cartining-specute.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	746 B	673 B	18.197.36.77
ocsp.starfieldtech.com	6616	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	692 B	4.7 kB	192.124.249.36
country.gameops.tech	775443	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	1.5 kB	172.67.136.190
btpnav.com	207578	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	6.5 kB	192.99.158.241
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	72 kB	34.120.237.76
kit.fontawesome.com	1868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	59 kB	104.18.22.52
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	95.101.11.115
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	3.0 kB	54.230.245.118
ajax.aspnetcdn.com	693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	816 B	30 kB	152.199.19.160
oggcb.cn.wy5532.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.7 kB	172.93.103.102
dipaka-ead.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.3 kB	3.208.247.235
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.9 kB	93.184.220.29
landers.of-bo.com	416367	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	20 kB	172.67.155.108

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	oggcb.cn.wy5532.com/	Malware
2022-12-01	medium	go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click1.mp3	Phishing
2022-12-01	medium	go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click2.mp3	Phishing
2022-12-01	medium	go.cyberslut2069.com/vrfttcyber/assets/sounds/general/music.mp3	Phishing
2022-12-01	medium	go.cyberslut2069.com/vrfttcyber/assets/font/tomorrow.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4	11 kB	2023-03-07	2023-05-29
Pretty URL go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4 IP 54.230.111.33 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-05-29 02:59:38 Times Seen5 Hash 62018df04f2c2cc15159184836236332 743240c283d1893d55f717fadceea330be22871b b5d04f667e13a35f97080ffe06595f31d97d49c20633c24ac03fc03b93c3e9ea Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-26 01:31:18 Times Seen95544 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	kankfn.com/common_tpls/js/validate_form_v2.js?jsv=29	25 kB	2023-03-08	2023-03-12
Pretty URL kankfn.com/common_tpls/js/validate_form_v2.js?jsv=29 IP 207.120.33.13 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:49 Last Seen2023-03-12 14:53:22 Times Seen1 Hash 3c08eb2dc8ebcaf8d56a7e616a5c50c9 0b17e9364b41e4d25d0cac17f472f960a5cc82ed 9f1dd7e6654df9384fa10dc39fbadb13e844319400af27c73652362bfbed1e35 Loading...

	kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897	127 B	2023-03-07	2024-02-03
Pretty URL kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2024-02-03 22:04:12 Times Seen98 Hash 987cb4cd06cbdbc694458792197453a0 03a7bedae186b4579555956a004744f78497b3e7 b1ec8ca388b07625941809d2bea46f0ba3ed49485c25cf1fe5735c080d81771d Loading...

	kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897	166 B	2023-03-07	2024-02-03
Pretty URL kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-02-03 22:04:12 Times Seen152 Hash 30fbeedd3ef42ed4b3c0cedc516b2f71 dff25b928dad51d1d769285bf2a302d2be531927 1a9018c8172241d8aade74fd982307b0171e6b21ce2b4a470342852d92a99ed0 Loading...

	landers.of-bo.com/bundle.js	99 kB	2023-03-07	2023-03-17
Pretty URL landers.of-bo.com/bundle.js IP 172.67.155.108 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-03-17 12:47:27 Times Seen1 Hash 2f68fb7cd74453a748e232155e853e64 2148e09d8a0dddaa42b9bcafa6a1d6765fff8b99 2e1ff31dbfd4c5c3ecd658a623b2a77a2876cf4a67c705a46bd7654fa017ac70 Loading...

	go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4	23 kB	2023-03-07	2023-03-17
Pretty URL go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4 IP 54.230.111.33 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-03-17 12:47:26 Times Seen1 Hash 61584a249ea882bb46ad7f860c33cd27 44d234f7a6b4786cc9ebe14e217e45f9c5ea0576 d1ef83a563d1a09a7b985cae7cc01e232d66afeb7a99482555d79929abc3ce13 Loading...

	kankfn.com/common_tpls/js/form_support.js?v=1101202201	3.8 kB	2023-03-08	2024-02-03
Pretty URL kankfn.com/common_tpls/js/form_support.js?v=1101202201 IP 207.120.33.13 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:49 Last Seen2024-02-03 22:04:12 Times Seen165 Hash 4ffa5d12f2aa2394aa284438d9ab1658 66a6678dc24eae37e35b8ee571e78f6e8af796da a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0 Loading...

	oggcb.cn.wy5532.com/	376 B	2023-03-11	2023-03-11
Pretty URL oggcb.cn.wy5532.com/ IP 172.93.103.102 ASN #23470 RELIABLESITE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:45:27 Last Seen2023-03-11 23:45:27 Times Seen1 Hash 3831677e5a2a64d4a5a3f13028adc38b 698904c20637237c5af5973d41b3e9c07f645316 6e63d13c373d01af16147ba62a24b429d4921f0402a7b6e655bc44e803ea331e Loading...

	country.gameops.tech/geoip/country?callback=window.gapwn.get_country	525 B	2023-03-07	2023-09-19
Pretty URL country.gameops.tech/geoip/country?callback=window.gapwn.get_country IP 172.67.136.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-09-19 20:22:13 Times Seen32 Hash 3eb3012270a2feeaff74445cfeadcad1 b0aa4ac3c28686298a5718959219093d62b5f3b9 6688da3364153c2eb27db4d19ff2f5085227425f85287ffacc5d3f29f1d09300 Loading...

	kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897	31 kB	2023-03-07	2023-03-17
Pretty URL kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2023-03-17 12:47:27 Times Seen1 Hash 0d87c9ac63664e90bcdcf1df76813118 4922933dfd297349786a49b93ade8565bc3040bc 692f48e66ad8fd2dec40dc04445caa0f052e1cfc39da5802ae2e0f36b36eca6e Loading...

	kit.fontawesome.com/b314bdf1b3.js	11 kB	2023-03-07	2023-03-29
Pretty URL kit.fontawesome.com/b314bdf1b3.js IP 104.18.22.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-03-29 22:57:13 Times Seen11 Hash 6f15d6dbe44fe662d8ef38365779270d 6d288cddd5a672fac15cb84d49d80f194bfaf4ba 4f407eed3de87bf0000c7d0673961f460c2b25348c80dd8fa239bfea6479d39c Loading...

	geoip.enlistsecureup.com/?v=1	369 B	2023-03-07	2024-02-03
Pretty URL geoip.enlistsecureup.com/?v=1 IP 163.171.128.172 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-02-03 22:04:12 Times Seen4 Hash 9ccec3631b0a10edce932cfb0f0cd957 0b4723e99dd1fd4bee774e9a069e522116660c12 ec55e1812df586723a860e491d69417ae786eee7966dd618005ee126c945fab4 Loading...

	kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897	582 B	2023-03-07	2023-09-23
Pretty URL kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-09-23 22:04:21 Times Seen47 Hash 14312a32b278cfe30cac6f23eeaa5a32 704d9b11a487947cb303589747c543d572cd6100 714d6c8a1fd4bc9ce75bfd2186821e4e64e9839c62989d054d1997cd5464255a Loading...

	dipaka-ead.com/zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97	850 B	2023-03-11	2023-03-11
Pretty URL dipaka-ead.com/zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97 IP 3.208.247.235 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:45:27 Last Seen2023-03-11 23:45:27 Times Seen1 Hash eff103162dcd2ca8fb81ff200fd7995c 635271a5fd7d84e27fcf8752749fe954ac96a750 9337959e5bcac2382a6c7b57ed97c4761002f2822c4050752de9f0ad044066f9 Loading...

	dipaka-ead.com/zcredirect?visitid=a2393a55-71a7-11ed-af71-1294fa5f4b49&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	332 B	2023-03-11	2023-03-11
Pretty URL dipaka-ead.com/zcredirect?visitid=a2393a55-71a7-11ed-af71-1294fa5f4b49&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 3.208.247.235 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:45:27 Last Seen2023-03-11 23:45:27 Times Seen1 Hash f8ce8cfd550206461f52713aa49f6eb7 800b2751156b0cea26c9043f647e69b4a3bf4a09 e51ed2acb716538bac54c4201103afcd5721273c1b35727e845203a592d1c194 Loading...

	go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4	209 B	2023-03-07	2023-05-29
Pretty URL go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4 IP 54.230.111.33 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:52 Last Seen2023-05-29 02:59:38 Times Seen5 Hash 25f0eb846ea5c84931972f387a4c925c 5a080eb683b6a45276fbf321aedd4f19cb17e532 4d5aa41e19423a57ac0766e9ba1d8e03ddb39327e78f1ad9a5d91a807535fb13 Loading...

	ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js	37 kB	2023-03-07	2024-04-26
Pretty URL ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-26 00:46:52 Times Seen54637 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	kankfn.com/common_tpls/js/iframeResizer.contentWindow.min.js	13 kB	2023-03-07	2024-04-24
Pretty URL kankfn.com/common_tpls/js/iframeResizer.contentWindow.min.js IP 207.120.33.13 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-04-24 21:03:17 Times Seen369 Hash 2cf9df789476bc39b9906030f639660d de708b4a0fe32f3d77505675eb119b671327a6b4 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Loading...

	btpnav.com/click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217	4.1 kB	2023-03-07	2023-04-05
Pretty URL btpnav.com/click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217 IP 192.99.158.241 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2023-04-05 01:56:36 Times Seen24 Hash a95ebc524317681eea9a586db022de39 4971459c3a5c26de04f1ca1edaa9c7ba225ee161 0bdbdaa3f492019a740ce5685efd434006c22801330be205bd590974e73c1b82 Loading...

HTTP Transactions (76)

URL IP Response Size

oggcb.cn.wy5532.com/

172.93.103.102

200 OK

480 B

URL HTTP/1.1
oggcb.cn.wy5532.com/
IP
172.93.103.102:0
ASN
#23470 RELIABLESITE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (480), with no line terminators
Size
480 B (480 bytes)
Hash
83aba89d9c21f69efdf4b57f8382f5f3
152271f09481b2da9652a58943c270f4e301c47f
72cbaf90fe12a8dac6f4dbdc7d36642dd0a036189f2d74c7c48d69c6956e5c48

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: oggcb.cn.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 480
content-type: text/html; charset=utf-8
date: Thu, 01 Dec 2022 18:40:30 GMT
server: nginx
set-cookie: sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b; path=/; domain=.wy5532.com; expires=Tue, 19 Dec 2090 21:54:37 GMT; max-age=2147483647; HttpOnly

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3074
Expires: Thu, 01 Dec 2022 19:31:45 GMT
Date: Thu, 01 Dec 2022 18:40:31 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5971
Cache-Control: max-age=149412
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:31 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:10:43 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8624
Expires: Thu, 01 Dec 2022 21:04:15 GMT
Date: Thu, 01 Dec 2022 18:40:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: DACa23VMWdoG5wTS4gQ6niRTPRrwLUvl4azW2AOJB64xOpseSQZ1gPp2F4X6NFUa0unl+OCqh/o=
x-amz-request-id: 7YN1KTPBJQFMBP0D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 17:45:45 GMT
age: 3286
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 18:19:47 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1244
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:40:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

oggcb.cn.wy5532.com/favicon.ico

172.93.103.102

404 Not Found

9 B

URL HTTP/1.1
oggcb.cn.wy5532.com/favicon.ico
IP
172.93.103.102:0
ASN
#23470 RELIABLESITE

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: oggcb.cn.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oggcb.cn.wy5532.com/
Cookie: sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Thu, 01 Dec 2022 18:40:31 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 18:11:15 GMT
cache-control: public,max-age=3600
age: 1756
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5902
Cache-Control: max-age=144280
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:31 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:45:11 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

oggcb.cn.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTkyNzIzMCwiaWF0IjoxNjY5OTIwMDMwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21idXF0NDFja2Y1cXV2YzAxdnVmazIiLCJuYmYiOjE2Njk5MjAwMzAsInRzIjoxNjY5OTIwMDMwODgyMTQzfQ.a0J_1xuz4K_1R-ncODQG50WbIUUTfYAXSa74gh9HpZ4&sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b

172.93.103.102

302 Found

11 B

URL HTTP/1.1
oggcb.cn.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTkyNzIzMCwiaWF0IjoxNjY5OTIwMDMwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21idXF0NDFja2Y1cXV2YzAxdnVmazIiLCJuYmYiOjE2Njk5MjAwMzAsInRzIjoxNjY5OTIwMDMwODgyMTQzfQ.a0J_1xuz4K_1R-ncODQG50WbIUUTfYAXSa74gh9HpZ4&sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b
IP
172.93.103.102:0
ASN
#23470 RELIABLESITE

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTkyNzIzMCwiaWF0IjoxNjY5OTIwMDMwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21idXF0NDFja2Y1cXV2YzAxdnVmazIiLCJuYmYiOjE2Njk5MjAwMzAsInRzIjoxNjY5OTIwMDMwODgyMTQzfQ.a0J_1xuz4K_1R-ncODQG50WbIUUTfYAXSa74gh9HpZ4&sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b HTTP/1.1
Host: oggcb.cn.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oggcb.cn.wy5532.com/
Cookie: sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Thu, 01 Dec 2022 18:40:31 GMT
location: http://btpnav.com/click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217
server: nginx
set-cookie: sid=a1f19380-71a7-11ed-977e-75e9d02aeb4b; path=/; domain=.wy5532.com; expires=Tue, 19 Dec 2090 21:54:39 GMT; max-age=2147483647; HttpOnly

push.services.mozilla.com/

34.214.64.191

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.64.191:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dex5SYm+fhfEujJIC5Gqfw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m2k63G4HNqX1N08qtL36aW6bJAY=

btpnav.com/click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217

192.99.158.241

200 OK

5.4 kB

URL HTTP/1.1
btpnav.com/click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217
IP
192.99.158.241:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (320), with CRLF line terminators
Size
5.4 kB (5412 bytes)
Hash
bf73313884d126de5ee5816651ed32e6
cc10414d341653af01e3b3fd7cf00cd030c45628
4fa6ba1e64a7aec1ff12ec84e0a8d9328ff4ea0e1678c985bb1c8d85939cc36b

HTTP Headers

GET /click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217 HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://oggcb.cn.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: KsEHxBKnTlzSQzW=KsEHxBKnTlzSQzW; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Thu, 01 Dec 2022 18:40:32 GMT
Content-Length: 5412

btpnav.com/Redirect/

192.99.158.241

302 Found

270 B

URL HTTP/1.1
btpnav.com/Redirect/
IP
192.99.158.241:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
270 B (270 bytes)
Hash
62907be4bff50b01af27df4788fdce3b
80e3643c1448dcda232206588027a370904239e6
325b60ab3c426a1b75fb5146207049921385785e90ff3aeefa3aba0840201746

HTTP Headers

POST /Redirect/ HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 329
Origin: http://btpnav.com
Connection: keep-alive
Referer: http://btpnav.com/click?data=c1Z5MWRwVlV1ZndNNGlZVnl4Z19ydDUxRG0zT2JCbm5DUzBjdVJWZEUtOW5LYVdBRVFuVW5najhwbWJSU1lOdnRwNFZ4VlAtUXNrUTM3bktxSkdNREFBQ2FVNF9LN290ZklwRUhZeTFieG1aekl2RW1DQWN5dnhfeU9JejZ3dDAwbzBTMTlBVi13M3Q5NjdZbDRGUGtnMg2&id=24999572-fb32-44f0-b7c9-cb349237c217
Cookie: KsEHxBKnTlzSQzW=KsEHxBKnTlzSQzW
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://dipaka-ead.com/zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Thu, 01 Dec 2022 18:40:32 GMT
Content-Length: 270

dipaka-ead.com/zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97

3.208.247.235

200

1.1 kB

URL HTTP/1.1
dipaka-ead.com/zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1100 bytes)
Hash
149bdd181f0c5de387e0f8bb42e9c3da
4f7eb053a6ce1a1552fc9a187fef709d59962736
71e05cfdafcffa16d67a7633cc07fec374929b6c7c38c45978eb05e0c3a0fcfd

HTTP Headers

GET /zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97 HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://btpnav.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Thu, 01 Dec 2022 18:40:32 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: FqxvZEJe

dipaka-ead.com/zcredirect?visitid=a2393a55-71a7-11ed-af71-1294fa5f4b49&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

3.208.247.235

200

794 B

URL HTTP/1.1
dipaka-ead.com/zcredirect?visitid=a2393a55-71a7-11ed-af71-1294fa5f4b49&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (354)
Size
794 B (794 bytes)
Hash
91524a048fd72e5fc503232142c339b6
a13e88f80f47bfe5d720dd778268fc49a249635c
b970e5a39153882827a299d39e90142ae571cb12f79e663fed42e535df99444b

HTTP Headers

GET /zcredirect?visitid=a2393a55-71a7-11ed-af71-1294fa5f4b49&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/a2393a55-71a7-11ed-af71-1294fa5f4b49/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Thu, 01 Dec 2022 18:40:33 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: kmdOulZa

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4768
Expires: Thu, 01 Dec 2022 20:00:01 GMT
Date: Thu, 01 Dec 2022 18:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4768
Expires: Thu, 01 Dec 2022 20:00:01 GMT
Date: Thu, 01 Dec 2022 18:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4768
Expires: Thu, 01 Dec 2022 20:00:01 GMT
Date: Thu, 01 Dec 2022 18:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4768
Expires: Thu, 01 Dec 2022 20:00:01 GMT
Date: Thu, 01 Dec 2022 18:40:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13411 bytes)
Hash
328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 17fcc4e1-76c1-4eca-9235-c1a513bca24a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80FCQoAMFs1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-26da4f265d74215f31425eb9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MttRByNp1C1ZeFFicFVa0w3XRyXJnUycPy2Izk8hzGEgXGdDqD3L3A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:48:17 GMT
age: 75136
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:44:47 GMT
age: 75346
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: b7c0e28a-de0d-443d-8bf4-900a964bf110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uSFcMoAMF2CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc1-7abade3a670201cf1906b79f;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gZSkafSw8cXo9AChLOTVJW7r_hHLW8kaHlA-ED2_zFJwuUk1uS3VRw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:29:36 GMT
age: 18657
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12898 bytes)
Hash
820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gsn5uUFEzDZDOMPTvW9UQxtccvRfJKUM4eJ8U99jvUGzNIKkF9SzeA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:20 GMT
age: 75073
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 12:31:43 GMT
age: 22130
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 75300
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dipaka-ead.com/favicon.ico

3.208.247.235

404

653 B

URL HTTP/1.1
dipaka-ead.com/favicon.ico
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=a2393a55-71a7-11ed-af71-1294fa5f4b49&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

HTTP/1.1 404 
Date: Thu, 01 Dec 2022 18:40:33 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: WgfQhAjo

cartining-specute.com/zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwl1ki01ciem2vaskirkel9fq&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=a2393a55-71a7-11ed-af71-1294fa5f4b49&cid=wl1ki01ciem2vaskirkel9fq&rt=R

18.197.36.77

302 Found

0 B

URL HTTP/2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwl1ki01ciem2vaskirkel9fq&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=a2393a55-71a7-11ed-af71-1294fa5f4b49&cid=wl1ki01ciem2vaskirkel9fq&rt=R
IP
18.197.36.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwl1ki01ciem2vaskirkel9fq&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=a2393a55-71a7-11ed-af71-1294fa5f4b49&cid=wl1ki01ciem2vaskirkel9fq&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 01 Dec 2022 18:40:33 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wl1ki01ciem2vaskirkel9fq
pragma: no-cache
set-cookie: cc-v4=WJPv8sgbHTUSY1a1w4W%2FI0ywmenbGkmbS0h9J2fYryMiYEFM8ZZK5kPP9eE%2FTYdj0q39ZYXX9ikDi6QI%2F7fVuMWMneaX0Mfod%2Bx4scvIXi1SzACMVhV0jpk52nN8%2BIulnIYJfRXK5aqMYTs8lMMc2Q%3D%3D; Max-Age=31536000; Expires=Fri, 01-Dec-2023 18:40:33 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

www.arkdcz.com/MSJ7L4/HX6G2NF/?sub1=418543&sub2=qqUGsdWjsyLWUdTAMBjQgWKRENdtBlQULW

34.149.6.227

302 Found

169 B

URL HTTP/2
www.arkdcz.com/MSJ7L4/HX6G2NF/?sub1=418543&sub2=qqUGsdWjsyLWUdTAMBjQgWKRENdtBlQULW
IP
34.149.6.227:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text
Size
169 B (169 bytes)
Hash
2975f887cd359e8035f54fa5d817b772
4d19aa59b6e0cd595ebf219fc521ed2f6287c569
7cc9a64e130debef8206b1ca6241e0bfc0b8ea52e53c79efe92fabd2b445dd99

HTTP Headers

GET /MSJ7L4/HX6G2NF/?sub1=418543&sub2=qqUGsdWjsyLWUdTAMBjQgWKRENdtBlQULW HTTP/1.1
Host: www.arkdcz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 01 Dec 2022 18:40:34 GMT
content-type: text/html; charset=utf-8
content-length: 169
location: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
set-cookie: uniqueClick_HX6G2NF=76081443-d313-4cc7-ab79-80727e674667:1669920034; Path=/; Expires=Fri, 02 Dec 2022 18:40:34 GMT; Secure; SameSite=None
transaction_id=5ff94d1e13d047fca079991920eccf6a; Path=/; Expires=Wed, 01 Mar 2023 18:40:34 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 4e3adc46-bdf7-4d16-8812-4f279c9cee27
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8d7677f421bbbdaf9f628dd40a6f9b9b
59dc385c8d550b3dd55209f5cc632113eb367831
fa88c44be451b30ea426bd5947a0ba594303b0a5ea6222745fe2018132731446

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=163941
Date: Thu, 01 Dec 2022 18:40:35 GMT
Etag: "6388d288-1d7"
Expires: Sat, 03 Dec 2022 16:12:56 GMT
Last-Modified: Thu, 01 Dec 2022 16:12:56 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5xsV5kSVcTbxRQHudrq4uo7E18NFfyAn3py-E0ZQffTeRbbiLWC9SQ==

go.cyberslut2069.com/vrfttcyber/assets/images/flags/us.png

54.230.111.33

200 OK

2.4 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/flags/us.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 250 x 132, 8-bit colormap, non-interlaced\012- data
Size
2.4 kB (2375 bytes)
Hash
a2080b2d193dbbd3cb34b32ad919da62
f822886642e0388d79c8f5917b41f27efbdec94b
5b38ab13f52bc95184012a4b6afafa3eca7a6ac03c762515b4550b4337548ca7

HTTP Headers

GET /vrfttcyber/assets/images/flags/us.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 2375
last-modified: Thu, 02 Dec 2021 15:25:52 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 01:36:06 GMT
etag: "a2080b2d193dbbd3cb34b32ad919da62"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tuCeivnZUOSBDn6pJP2AtlV362bpU1OtlR2bZLF_XVCtoKzkxuedTg==
age: 61470
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/beyblade.gif

54.230.111.33

200 OK

36 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/beyblade.gif
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 200 x 200\012- data
Size
36 kB (36298 bytes)
Hash
93a41ee339dd621452c6aa4054e8eca8
a1f75cc251cbe7291cefd06fd91b4c35b6c93612
0ea3f03b9e168629659c281ec66fd5a82d36d7b6fd644381c18ecad41e62a5a3

HTTP Headers

GET /vrfttcyber/assets/images/beyblade.gif HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 36298
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 02:30:31 GMT
etag: "93a41ee339dd621452c6aa4054e8eca8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M0TlKsjXDl9h5XThD2wSW7q1haIM9sEA-qN0UYnVqi2lfhCvSxewEQ==
age: 58205
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/logo/logo.png

54.230.111.33

200 OK

16 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/logo/logo.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 637 x 156, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16420 bytes)
Hash
4673cfc8d2708f4ebe2f821483548ccc
815322d33fb4298771be6a43e14b821d365766d7
f2cd404c754d24e0721a08f4b203d5b9853c4bd229c62f339edf1f46195b2154

HTTP Headers

GET /vrfttcyber/assets/images/themes/cyber/logo/logo.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 16420
last-modified: Thu, 02 Dec 2021 15:26:11 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 05:29:35 GMT
etag: "4673cfc8d2708f4ebe2f821483548ccc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MyjB73hL6aQH3upyZTEf24y_ufmY7Un0qhPMhwd6i6CZ_zLEmB1bwQ==
age: 47461
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png

54.230.111.33

200 OK

331 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 790 x 1600, 8-bit colormap, non-interlaced\012- data
Size
331 kB (330574 bytes)
Hash
8d7069ee14a82c9f9139a5d08882497a
0310dd9990c5888f8d51b4defa3ca78ce820b3e2
933adcdf66e29312523119f0f868488a25e92a5b05e0443c961ca80aaeb42a9f

HTTP Headers

GET /vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 330574
last-modified: Thu, 02 Dec 2021 15:25:53 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 07:16:36 GMT
etag: "8d7069ee14a82c9f9139a5d08882497a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9NpbrODrKOQiax4FRqsoXYFKS5hKE1xE4Av6HlXwypl7LkDLueiHIg==
age: 41040
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/locale/style/en.css

54.230.111.33

200 OK

192 B

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/locale/style/en.css
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
192 B (192 bytes)
Hash
9749fa77c9872329d27a73ea48c2d4c0
4cb73328ffbb21a8f4588d512c9cdffa11232f8d
e75fb29290acb854de53014f67a449f915d8ea8ab263cd6ba8a0bc72023a5c8b

HTTP Headers

GET /vrfttcyber/assets/locale/style/en.css HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 192
date: Thu, 01 Dec 2022 04:29:07 GMT
last-modified: Thu, 02 Dec 2021 15:25:59 GMT
etag: "9749fa77c9872329d27a73ea48c2d4c0"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0xvjChIGMNA-vnKNJ9sUOQtJV0PjxcHWxgfs9dDgz9SWaOESuXUtHg==
age: 51089
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/favicon/favicon.png

54.230.111.33

200 OK

1.4 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/favicon/favicon.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
1.4 kB (1421 bytes)
Hash
93a7efbb00d5e8f3bd556d7b9efb658e
fd6578509d9557cebe3e37fee5ae16dc25b09711
3274036fdc55ac82651c2146f211e508703e5ae97875c722e8b3694df636cd9d

HTTP Headers

GET /vrfttcyber/assets/images/themes/cyber/favicon/favicon.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 1421
last-modified: Thu, 02 Dec 2021 15:26:08 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 18:40:35 GMT
etag: "93a7efbb00d5e8f3bd556d7b9efb658e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0TafvasZNK5CQO7IilNW-fak1iY2dXWdag9fs4ck9mRQ1FPFjOVBmQ==
age: 31459
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/background/bkg.jpg

54.230.111.33

200 OK

14 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/themes/cyber/background/bkg.jpg
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 1920x1081, components 3\012- data
Size
14 kB (13989 bytes)
Hash
d5dabdf9d18c947ea72fe90f8c39e31e
33a5e90f4a59072ab4b3d73204fff01d6a08a0f8
d940cab6f0a1fe6a425596757ac2a10b89fb4311acfd34aba2f075c0e2338f09

HTTP Headers

GET /vrfttcyber/assets/images/themes/cyber/background/bkg.jpg HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 13989
last-modified: Thu, 02 Dec 2021 15:26:08 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 18:40:35 GMT
etag: "d5dabdf9d18c947ea72fe90f8c39e31e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NQjK2iGdxhvkfDcbI6M6VZ6f6RvAuU4p-jwMjSMYeFE43ykak3YaOA==
age: 29808
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/box.png

54.230.111.33

200 OK

13 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/box.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 747 x 644, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (13243 bytes)
Hash
0fcc2772acc897c48dae5c6f52093388
c8a80e850168e1fd7b761327dd460054e7451d8e
e73f3a488ee9e68ff4484df002b38a200aee2170617bb0746e05c7f992135805

HTTP Headers

GET /vrfttcyber/assets/images/box.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 13243
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 18:40:35 GMT
etag: "0fcc2772acc897c48dae5c6f52093388"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WvIkGN-eBVacQOZYrUUguvw3Bh4zWnYXlmml_VhOC9zVHLfuY0DIbw==
age: 41945
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click1.mp3

54.230.111.33

206 Partial Content

17 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click1.mp3
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size
17 kB (16635 bytes)
Hash
4838176bcd52d9b69d6d48c1870ca579
5a0892ccae91806a9695c5be1f2752e122608d8e
781bb8d577f6448612e8fa861dfa39d64a2e5961c17a58c79ef4bcdf4131847b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /vrfttcyber/assets/sounds/general/click1.mp3 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
content-type: application/octet-stream
content-length: 16635
last-modified: Thu, 02 Dec 2021 15:26:03 GMT
server: AmazonS3
date: Wed, 30 Nov 2022 21:28:44 GMT
etag: "4838176bcd52d9b69d6d48c1870ca579"
vary: Accept-Encoding
content-range: bytes 0-16634/16635
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TNEnYOUtGTHWN5AqmXdZvbPwg1lj1tMKX2wXtNqfuHrmd2aS5vWwcA==
age: 76312
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click2.mp3

54.230.111.33

206 Partial Content

16 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/sounds/general/click2.mp3
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size
16 kB (15590 bytes)
Hash
2694fd6fc680f77dcf1ae58d9b8ba926
6016e8fb7136ec769fbe6d120c7c97d390922564
4266071bbd14949a438e1d9a958cac2f0b128963b6f6e9fa96b005ed8e718f9e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /vrfttcyber/assets/sounds/general/click2.mp3 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
content-type: application/octet-stream
content-length: 15590
last-modified: Thu, 02 Dec 2021 15:26:03 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 04:55:36 GMT
etag: "2694fd6fc680f77dcf1ae58d9b8ba926"
vary: Accept-Encoding
content-range: bytes 0-15589/15590
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qr_lpWi5K1kxjjbnXpjGhlJpxjjbokNonNOu_oEHLIj42sRqXpRE4A==
age: 49500
X-Firefox-Spdy: h2

landers.of-bo.com/bundle.js

172.67.155.108

200 OK

19 kB

URL HTTP/2
landers.of-bo.com/bundle.js
IP
172.67.155.108:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (2014)
Size
19 kB (19280 bytes)
Hash
3babf5cde318c9fecf71b095917826ac
fc9acf9e1366bae19af069584c67625699e33bff
a8a38baf66b623c8779eb659f3c28f0848a270fe1f040dc8409cfbd02754c81a

HTTP Headers

GET /bundle.js HTTP/1.1
Host: landers.of-bo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:35 GMT
content-type: application/javascript
x-amz-id-2: E1iZQsAhGg3SjYuTzzcBGkhQtszxLD0aCyYnpV0H/N6wLcUlGLBdyO4Sc6M4P/KQrNMAcRotfEA=
x-amz-request-id: YGXAS2QERW7Z6X0K
last-modified: Tue, 09 Aug 2022 22:05:52 GMT
etag: W/"2f68fb7cd74453a748e232155e853e64"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4942
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyUxWQt3xMvPLXaF%2BnUxah3XZ6eJPQQKNG1lV0ZR9QWFftExEauPEur0rzaxhFMkf4EfyoQGpsgQCTOElhE4t1Id%2FA%2BOXG4YwX4K%2BgwzM22QKo%2BsoBL1DJlSGSEqiLt98ElmFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772df3bd8801b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/browsers/firefox.png

54.230.111.33

200 OK

128 kB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/browsers/firefox.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
128 kB (127454 bytes)
Hash
ff5982c71adc3b6a987a2192b6008949
c2819962300bfa4db9dd7ee6f22e35ea910a3808
612ec2b0a5a9d4b3841189d8c4af98509df5ac48eeea5ab1945dfd0e1eab78b3

HTTP Headers

GET /vrfttcyber/assets/images/browsers/firefox.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 127454
last-modified: Thu, 02 Dec 2021 15:25:36 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 00:35:37 GMT
etag: "ff5982c71adc3b6a987a2192b6008949"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UCyPxSFYg5yqVUZv2GvhH4cLoSTZhgP2CGVP_cUOEjuyuiWyShzZ2A==
age: 65099
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/sounds/general/music.mp3

54.230.111.33

206 Partial Content

3.2 MB

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/sounds/general/music.mp3
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size
3.2 MB (3165435 bytes)
Hash
8482f7c1977139c5f5bbb2af66e88e01
0a7325177e7b98d2809f05beb496a301fb8a1d3b
6cb796e9dc70bd32aca90e420a8e7b3cc548569f42d876e384e0d073d3b4c7a1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /vrfttcyber/assets/sounds/general/music.mp3 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
content-type: application/octet-stream
content-length: 3165435
last-modified: Thu, 02 Dec 2021 15:26:05 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 04:34:22 GMT
etag: "8482f7c1977139c5f5bbb2af66e88e01"
vary: Accept-Encoding
content-range: bytes 0-3165434/3165435
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wc91ztmmD9zTgx2h-SyswH1hu-ZP7wg65PGTUMl3_Gu6BBX86jZ40g==
age: 50774
X-Firefox-Spdy: h2

ocsp.starfieldtech.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.starfieldtech.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1845 bytes)
Hash
2f222e15d8a3f01bf9f3896d1313857b
759733b28214034e2ab20559a89d0aee073e6b9b
929b83306e9c0c10c2213cae85656cf723d590a768d9aba3e9c1416b90ed2bb3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 18:40:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 30 Nov 2022 20:11:29 GMT
Expires: Thu, 01 Dec 2022 20:11:29 GMT
ETag: "759733b28214034e2ab20559a89d0aee073e6b9b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2cefa444f69b3255d0544873db6e82fa
370688f109350f18064e0f4cba78860ee5a1ccac
c31d65af6ee9d0d48de5ccc7bb9903667e9f9c01fb13f7e7877d902f03c3d417

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=153857
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:36 GMT
Etag: "6388ab25-118"
Expires: Sat, 03 Dec 2022 13:24:53 GMT
Last-Modified: Thu, 01 Dec 2022 13:24:53 GMT
Server: nginx
Content-Length: 280

country.gameops.tech/geoip/country?callback=window.gapwn.get_country

172.67.136.190

200 OK

607 B

URL HTTP/2
country.gameops.tech/geoip/country?callback=window.gapwn.get_country
IP
172.67.136.190:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (478), with no line terminators
Size
607 B (607 bytes)
Hash
986c30126070134c12c37a6db074d95c
0d8372136faa350bebf9eadebb493fac04ff13c7
79b6adfca52263563c6d608d6d521bb2958675a6e77c8d94fe4bc4f02016a11c

HTTP Headers

GET /geoip/country?callback=window.gapwn.get_country HTTP/1.1
Host: country.gameops.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:36 GMT
content-type: text/javascript; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
x-content-type-options: nosniff
etag: W/"20d-sKpKw8KGhimKVxiVkhkJPWK187k"
via: 1.1 varnish
age: 2194
x-served-by: cache-bma1634-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669920036.133162,VS0,VE1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8mXmQgiOJb6Wh9rUVPEiCM8fVed8CchUguU%2FhDBIDJuZhixr6T0euf9JAnfOuml5h13LDnkVvmmIDL66hFS%2FNRoDbqZlBgL3%2BNfnN47FlznPN2YC3plP%2BJSeoKWpPqDgau9%2FReWSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772df3c1bb371c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/images/flags/no.png

54.230.111.33

200 OK

414 B

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/images/flags/no.png
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
PNG image data, 250 x 182, 8-bit colormap, non-interlaced\012- data
Size
414 B (414 bytes)
Hash
55946900ad615ec4b62748677444f5b7
8a0f25e081a3266ef7f8ab939417d5c7d48a09d7
c82386961fded0d9947ad3320b7ff4c066eea989d082b6409a0815ce0f9a6eb5

HTTP Headers

GET /vrfttcyber/assets/images/flags/no.png HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 414
date: Thu, 01 Dec 2022 10:20:42 GMT
last-modified: Thu, 02 Dec 2021 15:25:47 GMT
etag: "55946900ad615ec4b62748677444f5b7"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: isjR3ZZKjgX0xzzVetsN9MKs5Z6hjtMPVIuVN2T6W7LUgufLpVyx1Q==
age: 29994
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
3a2dba52d6cfd02865da6bd1d56167ee
bf1323b2ffba213e147cd11f2e17eb29c2d2163c
271b8f6abf206791ec68f33851b2e1c618e17796f2112c1339dc93c95f584554

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132187
Date: Thu, 01 Dec 2022 18:40:36 GMT
Etag: "6388512c-1d7"
Expires: Sat, 03 Dec 2022 07:23:43 GMT
Last-Modified: Thu, 01 Dec 2022 07:01:00 GMT
Server: ECS (dcb/7F39)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 71J4pdHR_OPkRptKeV-AqdHLL7Zen_kqLNMxESFlPCZpD_lTBAEgjg==
Age: 1363

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
3a2dba52d6cfd02865da6bd1d56167ee
bf1323b2ffba213e147cd11f2e17eb29c2d2163c
271b8f6abf206791ec68f33851b2e1c618e17796f2112c1339dc93c95f584554

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130824
Date: Thu, 01 Dec 2022 18:40:36 GMT
Etag: "6388512c-1d7"
Expires: Sat, 03 Dec 2022 07:01:00 GMT
Last-Modified: Thu, 01 Dec 2022 07:01:00 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Tzt-zKiv5109VWIemNU_BguwW4dXUL6E9h6kbI_tOCgotdQ9HnDYMQ==

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
f34b4f0e988daba24fc8ad971ded9b95
dade8b652a56159df7c0d8e7cc97f95228052190
3db4d2ecf9369c03a2472c5fb5b2a42562681ab66cb9b6d4e34746875daf0019

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 18:40:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 05 Dec 2022 15:44:40 GMT
ETag: "dade8b652a56159df7c0d8e7cc97f95228052190"
Last-Modified: Thu, 01 Dec 2022 15:44:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772df3c688e80b51-OSL

ocsp.starfieldtech.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.starfieldtech.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1845 bytes)
Hash
2f222e15d8a3f01bf9f3896d1313857b
759733b28214034e2ab20559a89d0aee073e6b9b
929b83306e9c0c10c2213cae85656cf723d590a768d9aba3e9c1416b90ed2bb3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Dec 2022 18:40:37 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 30 Nov 2022 20:11:29 GMT
Expires: Thu, 01 Dec 2022 20:11:29 GMT
ETag: "759733b28214034e2ab20559a89d0aee073e6b9b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bb4c13350399e619b1128e5d8e72c91a
d5ca6cdd6b26eaceebc0e36454c554ae69ff2dff
40aaea4637291384555919aac1cae4c2c1f8af648149df46a8cb29a5bd765a5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40AAEA4637291384555919AAC1CAE4C2C1F8AF648149DF46A8CB29A5BD765A5E"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3095
Expires: Thu, 01 Dec 2022 19:32:12 GMT
Date: Thu, 01 Dec 2022 18:40:37 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
6f32d3238eb07ffa44dad668d2cf8f13
d144992f3ce23834eb502de016e7c752b51b7eaf
5039e9d0850d1cbb5e2b895d5d1dc45ca1dc63a829ff10968c49454e93f65756

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5645
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:38 GMT
Last-Modified: Thu, 01 Dec 2022 17:06:33 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js

152.199.19.160

200 OK

9.8 kB

URL HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
152.199.19.160:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9839 bytes)
Hash
432ca07a1a844dbb27f9e0ab0d468be5
7fdaf858d702f84536a515c675b4028ce2eb0cfa
12732099d21835fabf83a93eec52f7cf1847cd64a0572d18917b2e13b06d5cf0

HTTP Headers

GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kankfn.com
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 11552583
cache-control: public,max-age=31536000
content-type: application/javascript
date: Thu, 01 Dec 2022 18:40:38 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css

152.199.19.160

200 OK

20 kB

URL HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
152.199.19.160:0
ASN
#15133 EDGECAST

File type
ASCII text, with very long lines (65371)
Size
20 kB (19629 bytes)
Hash
7e2bb6028f0b19917a1a2d1944fc72b1
e1837fc75ee2ddd24c6e1df6b309ea212b57e681
cc6093bd7162882fd34252fb5d3e8e7d07247e3b70fad894320bf2a960abeda5

HTTP Headers

GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 14646774
cache-control: public,max-age=31536000
content-type: text/css
date: Thu, 01 Dec 2022 18:40:38 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:40:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kankfn.com
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 13:29:29 GMT
expires: Wed, 29 Nov 2023 13:29:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
age: 191469
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

kankfn.com/common_tpls/compactML/css/epcjfgacs2.css

207.120.33.13

200 OK

8.9 kB

URL HTTP/2
kankfn.com/common_tpls/compactML/css/epcjfgacs2.css
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
ASCII text
Size
8.9 kB (8861 bytes)
Hash
ef8e766f1dfe79bb74ec76f86a60a2fc
fe15cdb2e0e53401762b85a58846ef5dedbc4695
91cda8b6560c950b4907d81eda3a09730c2fc892383fed9549337037837cf2fb

HTTP Headers

GET /common_tpls/compactML/css/epcjfgacs2.css HTTP/1.1
Host: kankfn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
Cookie: PHPSESSID=0e6d15fb4e867f178fddda88a71365f1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: text/css
content-length: 8861
last-modified: Thu, 15 Jul 2021 14:49:07 GMT
etag: W/"60f04ae3-bac6"
content-encoding: gzip
section-io-cache-id: a0474f88c9e944cbb9fa3c8152b410c7
vary: Accept-Encoding
x-varnish: 27458533 30221983
age: 16139
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: d836e83b4154ed1d1c7eda1dafdda944
X-Firefox-Spdy: h2

kankfn.com/common_tpls/images/icons/email.png

207.120.33.13

200 OK

1.3 kB

URL HTTP/2
kankfn.com/common_tpls/images/icons/email.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1254 bytes)
Hash
a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1

HTTP Headers

GET /common_tpls/images/icons/email.png HTTP/1.1
Host: kankfn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
Cookie: PHPSESSID=0e6d15fb4e867f178fddda88a71365f1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
section-io-cache-id: a39a8ca52d5674b4427653ca44476ca9
x-varnish: 29193281 26297571
age: 16634
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 255ee0ffc75749b7b0acb22eef050dd0
X-Firefox-Spdy: h2

kankfn.com/common_tpls/images/icons/password.png

207.120.33.13

200 OK

1.5 kB

URL HTTP/2
kankfn.com/common_tpls/images/icons/password.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1452 bytes)
Hash
6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74

HTTP Headers

GET /common_tpls/images/icons/password.png HTTP/1.1
Host: kankfn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
Cookie: PHPSESSID=0e6d15fb4e867f178fddda88a71365f1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
section-io-cache-id: 94acb7548850f09ec598b4d253d7cb06
x-varnish: 27458535 24275731
age: 16724
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 51ec9f7428c14b58a5749de8cd47b0a3
X-Firefox-Spdy: h2

kankfn.com/common_tpls/js/form_support.js?v=1101202201

207.120.33.13

200 OK

1.9 kB

URL HTTP/2
kankfn.com/common_tpls/js/form_support.js?v=1101202201
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
data
Size
1.9 kB (1868 bytes)
Hash
750793c8d75abd49ff3a1865d68b667d
d247774e0298d3526041df3a7b48ccfe05067674
15777b6a6c24173133bd6d24439e2bbc9a7b13d196c69457631c2dba9139a56e

HTTP Headers

GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: kankfn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
Cookie: PHPSESSID=0e6d15fb4e867f178fddda88a71365f1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 21:23:38 GMT
etag: W/"6377f7da-ed7"
section-io-cache-id: 7b7324ce9a93935feb15257c2ce7e414
x-varnish: 29193280 23536434
age: 16729
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: d54bbacbea81df57890d830ff072a898
X-Firefox-Spdy: h2

kankfn.com/common_tpls/js/validate_form_v2.js?jsv=29

207.120.33.13

200 OK

8.4 kB

URL HTTP/2
kankfn.com/common_tpls/js/validate_form_v2.js?jsv=29
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text, with very long lines (27832)
Size
8.4 kB (8424 bytes)
Hash
baa983b0d9d5f3bc961d724b49828e00
2963fac44f2ec123e7c4334f1fb23cbd75c6c16c
53f3ec80f50348420b08252aba644d0811cc0d3d1fb46b6ea48c1f0cb85062d8

HTTP Headers

GET /common_tpls/js/validate_form_v2.js?jsv=29 HTTP/1.1
Host: kankfn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
Cookie: PHPSESSID=0e6d15fb4e867f178fddda88a71365f1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 01 Nov 2022 21:07:07 GMT
etag: W/"63618a7b-614a"
section-io-cache-id: 8af9757ae20933f1bc6c26d13951396a
x-varnish: 27458534 23486974
age: 16725
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: cdbc5e4da2fb93e87d9df4584e82a3d9
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

104.18.22.52

200 OK

4.2 kB

URL HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
104.18.22.52:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
7fd743485fa194e25e2a207bff6c258a
97c999d752b95ee1ed6271a29aa58109dc17281e
dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kankfn.com/
Origin: https://kankfn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 2594349
accept-ranges: bytes
server: cloudflare
cf-ray: 772df3cfca00b518-OSL
X-Firefox-Spdy: h2

kit.fontawesome.com/b314bdf1b3.js

104.18.22.52

200 OK

58 kB

URL HTTP/2
kit.fontawesome.com/b314bdf1b3.js
IP
104.18.22.52:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (54322)
Size
58 kB (58203 bytes)
Hash
d04ab01f6c5f0fe7c725b11894a5fc19
b521d532a1f5edab45e9ee81e8142cf25d9e7877
bba0bfb776b9bdb3711d3c3af4bf941892c27850d26c8aaff39feaa81ae7b2cc

HTTP Headers

GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kankfn.com
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FyOH0jOTZ5b3S7eoKSaB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 772df3ce2fc7b518-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
547c124cbe8c8aebfd6f42d46ff71691
2d308e2bda13d8918de89ba03fb9409803763091
3850e8fbc72c9a3415103e1562747bfd55fe4902392c9d66a87a3e9c6ee1e728

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 18:40:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 05 Dec 2022 16:51:40 GMT
ETag: "2d308e2bda13d8918de89ba03fb9409803763091"
Last-Modified: Thu, 01 Dec 2022 16:51:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772df3d61e850b51-OSL

flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wl1ki01ciem2vaskirkel9fq

172.67.201.85

302 Found

0 B

URL HTTP/2
flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wl1ki01ciem2vaskirkel9fq
IP
172.67.201.85:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wl1ki01ciem2vaskirkel9fq HTTP/1.1
Host: flirtyhoookup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 01 Dec 2022 18:40:33 GMT
content-type: text/html; charset=utf-8
location: https://www.arkdcz.com/MSJ7L4/HX6G2NF/?sub1=418543&sub2=qqUGsdWjsyLWUdTAMBjQgWKRENdtBlQULW
cache-control: max-age=0, private, must-revalidate
cross-origin-window-policy: deny
set-cookie: k=SFMyNTY.g3QAAAAEbQAAAARhdW5xdAAAAAFtAAAABTMxNTQ4bQAAAApLclhWV3hBcWdSbQAAAANoaWRtAAAAInFxVUdzZFdqc3lMV1VkVEFNQmpRZ1dLUkVOZHRCbFFVTFdtAAAAAmhsZAADbmlsbQAAAAN1bnFtAAAADEJRaGp4bUFaa1BzeA.acV6--Tyn4IJBHC91W-siNTPoIe4icnN3e5Tfq4EoQ0; path=/; expires=Fri, 01 Dec 2023 18:40:33 GMT; max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uWVTHDFFjHLT5U1MEu9jvXAguVwWIlFdYd8sHwBcsVu3321P4j1cWNqV2XgmkBMhKtrKOAt2cj%2BnR%2FFuPDUzzkxXFt9F0KT1cs%2FYH%2Fn7CR2Zane7wl7C8dIOez2eYw96Bb6W0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772df3b1fbc60afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/assets/font/tomorrow.ttf

54.230.111.33

200 OK

0 B

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/assets/font/tomorrow.ttf
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /vrfttcyber/assets/font/tomorrow.ttf HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-font-ttf
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 18:40:35 GMT
etag: W/"0a9ac70c15e2fc709830d2eccb2b8cff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: k726acaoBbVRQswThKNpXRs6jo0g1_SiNtUR6GAexOsdG_9PIbR_Tw==
age: 15646
X-Firefox-Spdy: h2

secadmt.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a

163.171.128.172

302 Found

0 B

URL HTTP/2
secadmt.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a
IP
163.171.128.172:0
ASN
#54994 QUANTILNETWORKS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a HTTP/1.1
Host: secadmt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.cyberslut2069.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 01 Dec 2022 18:40:37 GMT
content-type: text/html; charset=UTF-8
server: PWS/8.3.1.0.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
via: 1.1 PSmglsjLAX2hu177:8 (W), 1.1 PSdgflkfFRA1vg90:11 (W)
x-px: ms PSdgflkfFRA1vg90FRA,ms PSmglsjLAX2hu177LAX(origin)
x-ws-request-id: 6388f525_PSdgflkfFRA1vg90_32499-62940
set-cookie: PHPSESSID=ec47d51dd89da8d2c761dc2618e8bfbb; path=/; secure; SameSite=None
HMF_CI=8e06104a092f7d28689f6e45f20536fa01591b1228f13b402dce5bd1b9ca2b65e1b1868bf0cec890f8b26663b8ba7dcfd0b3164e9e214ab55c50369b82e2ed5ad7; Expires=Sat, 31-Dec-22 18:40:37 GMT; Path=/
X-Firefox-Spdy: h2

geoip.enlistsecureup.com/?v=1

163.171.128.172

200 OK

0 B

URL HTTP/2
geoip.enlistsecureup.com/?v=1
IP
163.171.128.172:0
ASN
#54994 QUANTILNETWORKS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?v=1 HTTP/1.1
Host: geoip.enlistsecureup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:39 GMT
content-type: application/javascript
server: waf/4.32.3-0.el6
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-via: 1.1 PS-SJC-011UH181:8 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1je97:15 (Cdn Cache Server V2.0)
x-ws-request-id: 6388f527_PSdgflkfFRA1vg90_31397-49406
set-cookie: HMF_CI=86711768adaf80f3d851f116d09bec65c31ae8d77c8069e1a16c70fdf7f58a327624df0c3915b7af2b415605110f23b2f733d6639e7cc719c69b81b8a59e51d7bc; Expires=Sat, 31-Dec-22 18:40:39 GMT; Path=/
X-Firefox-Spdy: h2

kankfn.com/common_tpls/js/iframeResizer.contentWindow.min.js

207.120.33.13

200 OK

0 B

URL HTTP/2
kankfn.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: kankfn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a&epcCID=c7x4qbU2Tdv0e0Scfde8z5p9L0R6a8K59&rtid=11154051897
Cookie: PHPSESSID=0e6d15fb4e867f178fddda88a71365f1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:40:38 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
section-io-cache-id: 4955bb57a17b36b1c5992576033cd1aa
x-varnish: 26504003 30285267
age: 16724
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 64381813e9f0c90816c47152f07d869a
X-Firefox-Spdy: h2

go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4

54.230.111.33

200 OK

0 B

URL HTTP/2
go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=5ff94d1e13d047fca079991920eccf6a&tk=MSJ7L4 HTTP/1.1
Host: go.cyberslut2069.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 23 Dec 2021 16:52:18 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 30 Nov 2022 20:33:36 GMT
etag: W/"0d1c30819e500f4f596aa3421773d64f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: H9kWsCBQJg9JVr49LQFr-VXDj7RpnjDOy7GhdI0qOxUMFbS_Tgoq1Q==
age: 79620
X-Firefox-Spdy: h2

www.fst-ent-lnk.com/ep.php/prmagms:71475/68088:415.5ff94d1e13d047fca079991920eccf6a

44.228.224.65

302 Found

0 B

URL HTTP/2
www.fst-ent-lnk.com/ep.php/prmagms:71475/68088:415.5ff94d1e13d047fca079991920eccf6a
IP
44.228.224.65:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ep.php/prmagms:71475/68088:415.5ff94d1e13d047fca079991920eccf6a HTTP/1.1
Host: www.fst-ent-lnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 01 Dec 2022 18:40:36 GMT
content-type: text/html; charset=UTF-8
location: https://secadmt.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47355-509478.415.5ff94d1e13d047fca079991920eccf6a
set-cookie: AWSALB=qr8KVJcClStHr5nXDTek/cNDOjpjdg8tCKF9Hj6K339zcBihtRw7a1OHQizPOZF/MFW/ZCCcSvDIPbwY/X53ELrcvjpOlVlk/5LDAr41NWqbkLzDMLbUVoCXNDQU; Expires=Thu, 08 Dec 2022 18:40:36 GMT; Path=/
AWSALBCORS=qr8KVJcClStHr5nXDTek/cNDOjpjdg8tCKF9Hj6K339zcBihtRw7a1OHQizPOZF/MFW/ZCCcSvDIPbwY/X53ELrcvjpOlVlk/5LDAr41NWqbkLzDMLbUVoCXNDQU; Expires=Thu, 08 Dec 2022 18:40:36 GMT; Path=/; SameSite=None; Secure
vip_id=68088.47355-509478; expires=Sun, 04-Dec-2022 18:40:36 GMT; Max-Age=259200; path=/
server: Apache
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 18:40:38 GMT
date: Thu, 01 Dec 2022 18:40:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Poppins:wght@300;400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kankfn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 18:40:38 GMT
date: Thu, 01 Dec 2022 18:40:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations