| besttop-goods.press/flexosamine/lt/v2/img/offer-image.jpg | 104.21.29.217 | 200 OK | 48 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/offer-image.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x376, components 3 Hash60b9b0366c39b75ff510932ec76ed504 cf9e165372c825e6628d975bb7a56cd5b1eb81fa 4f36afadc9167fcd9c0f1fd18ff0b4393795264719ab962a1de74283c93b230d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/offer-image.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 47544
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-b9b8"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3lY5UIpypjvNPArWTTmEu48ZMwgS1c5%2BIfpRLlmaYcc1z6STwm3UtYInbjRKykTiAaUdsQEv3hqrgQZaTXoBNIgo8%2BmlQ1X0n%2FH72j%2BTyjLJFpC3FEzCKzHB8fnKgg0cR87c0UI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db699d4356c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b2-list2.jpg | 104.21.29.217 | 200 OK | 3.9 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b2-list2.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x146, components 3 Hash7a9fbf8a23b72e52df6a7316c9578d8e f71347f844e6e3893a687ba8e0b8567dec5d6cb6 8decc9ff31a51f86d5e1e8342e261853a7d6595c217ddc7d0c54e7206a47e87e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b2-list2.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 3916
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-f4c"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xgD72SUWpWGW0wr0b62uoIyGRrxysnDa%2FtAnGjAq5a2ZoqGdPIEHSGop9Gevhvgt4er8IMvczDHvBy2Yxg0qWnAfHc38v1DqfGjgbTvxdqZ0ZxpJASv%2BqWdET4o7T1%2FnWYL38UhV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db699d4756c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b2-list3.jpg | 104.21.29.217 | 200 OK | 4.8 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b2-list3.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x146, components 3 Hash1e23daa4e2ce0e86d10fce48aea66f47 506275b2cf2c1300caf5717a2599331a38438397 ab3d145dcc3c77e743e98bfed52c07429b2e268cb2925a8e4486079260e195f9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b2-list3.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 4815
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-12cf"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZePcRAl8Bn74d%2BCeiplKH3Xq7GVxGPcf8m1L0rvcCHI5dDabzz0KkDNBX7rhQJMNjfHZaywQQCmC2NLavLpJbCildb482Vws7ga%2FXgovZEyy43B9BxSfit84Fmsrbljx3TilrcG6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db699d4a56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b2-list1.jpg | 104.21.29.217 | 200 OK | 7.1 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b2-list1.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x145, components 3 Hashf486e3fddc5ef4f25490eace71b5b798 895a23141ca445f84f16b6830e4db7dccdb5de7e 15c84221fe27708a47b6b07b3167e089b86c1c557407e96d09d10814f207dcca
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b2-list1.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 7072
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-1ba0"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Wzn9a011xeIJhb6BeQS78Hu5q2dGE4xZzY9gcDQ%2BIsKf9tRbXkclmJ1w67t9BUlM%2B1mU0e44%2FEewyL9aEfP%2BbjyuSeZat1SIin4BX%2F%2BThk8sEpySLd3KR%2BlH8tr4NeYtJZY%2B0oF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db699d4656c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b2-list4.jpg | 104.21.29.217 | 200 OK | 11 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b2-list4.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x253, components 3 Hash92b51ddfd06ddacaf5971a2b348b99ac 54530caad97563d107a4fedd3a62a751b618fbf8 79aa86934aadb7ae513b27abd58e34a3216072dccc10c63b00be81f3deb0c88f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b2-list4.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 11233
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-2be1"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CK7plw%2BXdWbTpJAGMckO2JnwBHG18F57hvEMTwL%2FGc54fdU2%2Fu3AfNU5lXX09nVniw0nTdeFDLZtxhSxivLDnvPFwxJZULhbbzudgaPA0LU%2FJi83AxA2OOyifGqjteWqB7FiNekF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db699d4b56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b3-img.jpg | 104.21.29.217 | 200 OK | 38 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b3-img.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x285, components 3 Hash3356f8eda0f699417b26d5f69d27ac54 8831c90e5d832b934d6e0a88ab13c88dde2361c9 87f252acb7a11f54234df04555b2aee7c596e0a847277da05a877ae943fd197f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b3-img.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 38019
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-9483"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FtAkma8PJBBI8%2BMElZ6Af7p3ieRP3JPVutBdrNY3FNzZYFX09sjmugmbNVKCeUJmJAZb7siQGbnwcs3U%2BCTJe3yti%2BKLNWy9uC56acrHxqT5VQzwna1sisQ0MEHeOjUBnnhxoCgj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad4c56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b4-list1.jpg | 104.21.29.217 | 200 OK | 2.9 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b4-list1.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3 Hash5a3a68aca6296c4e976da627e3939ac3 c11c40b5af85ea35cc1dc8a6ce376263e61c9c7a 0ba168d1e82de80faf031d7fb852bd55266ae63bd76af39b8f384d8f8d8aea96
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b4-list1.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 2918
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-b66"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6WtqJ10HlbdvlJAiudnjVaQxgF5PpJxT1I0hMICNTxAQBTCNACD1Qdv1AgYO636ubBpwqS3xqr9EZ422l3bEt10jurye8X%2FmXQqY3oN4zyRMVNnRXUng2hSfKIoV5DCfxG2A90i5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad4e56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b4-list4.jpg | 104.21.29.217 | 200 OK | 5.5 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b4-list4.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3 Hasha1b1bbf0e238d7d1c3192ed7c6681fbf 9ea3c11c6c323e0ce7e166204a007b79ed4961f2 ef33e030d92c3dce0cab22d6f3dad2dbe49c42efa37fb72885cdcd97b8de1b3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b4-list4.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 5502
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-157e"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R7wZrGujLlJ4GviZjte7HTmvPb5zlWG%2BPYIWgYi1nkjqzAe4T1cP0%2BC8lvZ2%2B4TOZ9PmMIElkPRRQJ1Pq%2F3LpJMhJ6VHtJ6LyzchWdcrSh9Hu%2BouVnkPmEgyH214hlYqyX0nLvyd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad5256c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b4-list2.jpg | 104.21.29.217 | 200 OK | 4.7 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b4-list2.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3 Hash63849d29bf4c87f5806ebd2ed9ab0db2 e78f5ef35b56600daf45796faf55e593286e04f9 fa607517ca793af46a190b627d3d4fc3a84add19cc9f46aa67a49c7bd5561bf6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b4-list2.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 4663
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-1237"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxJxi53nTXNrNyURD5VwDwAb9%2FM%2FEqreHeajtbuobzH%2BYkU9QNCPXSxGB0xPZkR1yGzc0YBNLaYKp7XeP1u2dtDYcVnku8jG550iAbU2U4DV27nGwEkMEOkC7CikswVpRhfIWlV0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad4f56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b4-list5.jpg | 104.21.29.217 | 200 OK | 3.7 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b4-list5.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3 Hash226be08cb65f3f02b4f3ff3155c7bb5c 371259e4df716f7c546a0676899a2645ef2bfc8a ec36440371f3671d3d974c9e223687fd1f4aa03e48878e4316985833d934cb3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b4-list5.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 3708
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-e7c"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LWe%2BJiL7jZC8j1xE3LdI6Vxfc%2BDd6cx6%2FgAzSvXz4BpxVCPU07K3LlV3Asifn9C%2FnuBWGJltahUhkIuRGg9shLrxDX6B%2FCVQGN%2BMm2lQeT5s9Y4nS2Wcj94f4gqbDl6CNp0bm2SQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad5356c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b4-list3.jpg | 104.21.29.217 | 200 OK | 5.2 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b4-list3.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3 Hashae3f8fef5e8c7094c45f4ded5da88e97 580f758611a670fe59e67ed5bd032a5002f140e0 230f317810a850628272f044dc8fd3f129dd6b9be4b0ce3311f3fc48c5d92311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b4-list3.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 5218
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-1462"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BTOAUC6bW3TJqnNnNDN17rQSZPun3h1cvhmSw3pNUeRWs%2FQrjvI8vUQS2W1AtGqdp9uKMgZPadnCUhRn1AXBPkqcrT0TI%2BRiyIQuK1Ly52Bz227pSgtooO%2F2NlJ4rmy2GKpDO76P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad5156c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b4-list6.jpg | 104.21.29.217 | 200 OK | 8.7 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b4-list6.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3 Hash77d022902f4c83958732a088156d0251 009c5305968571518f27b425a7c031dfec59c4db c2565c8c0926f9e00bbf2613ca66d53a104d6bd7c2f9fbde03443c857d049ac2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b4-list6.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 8735
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-221f"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FYhx0bu0oIrIRzB3dHhQWSIfoIbA3%2FlnHyjcGNRpYTB6%2FaanZoOBz5Hj53THpEHXMmQbsv6JUUGIuGyVS%2BKIjdSbZBRmT81rFrZcZ%2Bv%2BUqO%2Fn%2BIzz2hLzAOCTZxZQQGNRuBxIDUC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69ad5456c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b6-list1.jpg | 104.21.29.217 | 200 OK | 14 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b6-list1.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x150, components 3 Hashb56862b2420015d9ef695c01c0143c85 d374b72677f500872bda500f8193801667e47467 c6a88e4de2d1c2f67f6f8246582c794949ed8ea934edf4ccf838f6704434a16a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b6-list1.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 14003
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-36b3"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=39dG3dxKYhGI10AWWHiHbqrr9IwXBNHnJ4ivBp%2FXJr0%2Fu6HQMAZDkeqNOvT3JjWiRRep1ODzLHkyVpOqqygyAjtYSd5Qe6gJK%2Bgs1ISDkWpzm%2B%2BJJVa1veGUXEkjYoSTjpAOctg6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5656c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/exp-img.jpg | 104.21.29.217 | 200 OK | 6.6 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/exp-img.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 185x265, components 3 Hasha01b096545e255e18b31c6c468f4b67b ab0f9670eb48597e54db854cf3a2e55d8d727dd3 06268fa7632d101bdef1caa161c6eee9d811ff1a26d698b3d46edc7ade0ee01e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/exp-img.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 6582
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-19b6"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=952VTNjOp6CpLJCVYnLcvGbsR5kyDmUJwjs2jjv%2FMGNgUdGkMILPkoAFEeDBSfsiomkzgrpaNCEr3GcuCJYaCi6zV68pP9X3M4Bpo%2FDvRXxK%2FqrToTBVWFnL7Vz%2BKPo0l%2Bpn3IfE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5556c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b6-list3.jpg | 104.21.29.217 | 200 OK | 14 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b6-list3.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x150, components 3 Hash9d279482fede78bd164f920e5f17c9e7 b12a1b0cd5516546b2ada72ffe67b95e92662563 f662c4e80cac3e65e85581b1307d937bfb7d92b501b39286c35f9bd43050f648
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b6-list3.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 13623
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-3537"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=An3JKzUjS7MG6jGQZBaPgFkxeZ7DXTNX1xSbN6%2FFc0KIS0oIBV%2BEYAxG7VWpomJ0rjXgt8ZyvI4Uj6BuzjKYP1KZqjKOh3P%2FeJUxuGriSLVk2updRTgINRgEwYyeYyjHERPLdq60"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5856c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b7-list1.jpg | 104.21.29.217 | 200 OK | 4.2 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b7-list1.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 181x181, components 3 Hashbf0bb2a9c3b3dff340e16d079addd68e 3df724c97eebf15ac1ea749a72d4a725e7c3b9d0 141412fa215d1893407b227ea2299ac8f12a7220e0bafd92cc470ed58921fbe6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b7-list1.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 4152
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-1038"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TbDnJOrbfeM0%2FpN8erjXRC%2BYTxsMgtcTINn7O7p0uadHeT067nJGi%2FjBQtV9XL7ah4Y94HWUL6J%2FhGoE1%2FviKsq78lMK91vQj1YGWShYqPgNpKsyOrAN0cggp4wq7UcD6Yi6S%2BAB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5d56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b7-list2.jpg | 104.21.29.217 | 200 OK | 5.2 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b7-list2.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 181x181, components 3 Hash020ebcf75fb0eb9040c20c1a1915d626 be812e266c76366e17931a22a48a8f094891e98e 94050f472f1153a52a62f3c8c32d3e51bdbc751ea5912be6b04989301ccdd7c6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b7-list2.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 5204
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-1454"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b0aNHc4MbriRf75B93JkNDxl1q2v%2BdcZwsobiWOStULBcWlGmeW0vftzKHFZFlCHsADkw7odpvxghiw41YhcoPIKYlI0Dov%2B%2Fk2FBAcYuiepz8k0tyzLFBdhdzgQGqqRgZjWyF%2F%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5e56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b6-list2.jpg | 104.21.29.217 | 200 OK | 8.7 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b6-list2.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x150, components 3 Hashdc4c12ba90ad7b27d795d16b75a8ae33 12667cebe1af29b9363a533fb86e8c5e14cd733c 21dbb523d73a1954f837ccede4da89e4a92e7cf91f8a5995f6f36345476cd99a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b6-list2.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 8684
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-21ec"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6cI05OPc8IOJt2DRm6yOzzxZVHl7S0vq5UHW5mBOTQD4KVigLl10m66XU8Neh49pvefPBIEMayw5kQqNenqZHyr9c6eWY9yOPEKVIJG5V%2B8Dwcz4egKokgpbUCSmyBOijo9ouBsT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5756c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b6-list4.jpg | 104.21.29.217 | 200 OK | 11 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b6-list4.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x150, components 3 Hash4b61d5adb974b4a488535491f65e7c0b a8e95b2fafc3e4dd027b5e70f1eff69cdc89b698 0b04854e354ecd7660aab8db3bf821a2fe8901fbf909966686c7ed06b05b654b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b6-list4.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 11428
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-2ca4"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mw6joK5wb4BGi30QumSlfilEeB8fla5ZNIowMG9ez8UW8HFBtMa9A14cMWMc4zawWxmVojrZ6P%2FR80IlZmkC6W2qdNKfTLV7oUkMgcbGmNiH9be2I1KVd6ve93wFr1au3fFiiryR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69bd5a56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b7-list3.jpg | 104.21.29.217 | 200 OK | 3.8 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b7-list3.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 181x181, components 3 Hash8a2770e0838d5aea2fcca36a92ec597a dcb226f42ede3f16c589309b50ead9549948cd54 6d68fbfda27efb3bd6269b5e614320e8b46d666b67a92176241b8ff76d96f2c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b7-list3.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 3779
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-ec3"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqDF%2Fhr21Shhmw%2FGiD2bw0HbPcOq2iKHaivnlVcEQWA6IoWVnUb%2FsIsBde1%2FQp2dGFcb0yOAOvc6yfX3VWgKN7WH4%2F0MSYZnSUEvzZnfLOtAvPu1UEhXS%2BcwigOtHu8naFG1YqRm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69cd6356c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/people1.jpg | 104.21.29.217 | 200 OK | 7.1 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/people1.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 113x113, components 3 Hashc34f4ca5c208e2761eb6da331ce0aab5 45ec1e9e2dde7c24c738b86385c3d43420774c36 14bea16c7b455c09b720231af61b418843d661d9219582f105811d34f0d426a8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/people1.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 7095
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-1bb7"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HxQnxh4M%2FDuOyM4fGiGJ1NqeL2RjFAHnoUTsXJAL%2Fp1otiz1%2Fd8f4s2YrkwMwQnFX2xKJPKHeGrgLnVzOPOiiIHjueqb1opmqh9f7rfVSTQvcmIyt1qMplxta6KbwJQXHcDI5f7g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69cd6456c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/people2.jpg | 104.21.29.217 | 200 OK | 2.3 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/people2.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 113x113, components 3 Hash9d5a9e878d5e27abba650cb56b469e01 9d00dac9ea53c5fe7a97971774665944defe26de d2ecba6842087fb78e095d7aff6e38072604815183483ee92ebbef78be4fd1b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/people2.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: image/jpeg
content-length: 2314
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-90a"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aBBay5nnit0mA2eXMORD19ZEDkCYD9hF%2FKtbM7OaTXLhrvbmKxgqwhO1qO7uqeyHmq0mNgAb3M%2F4PeA6%2BCi%2FlIUytjCPFWhhP1H0KeFCMIdsUF%2F7GAfTX9eyo%2F%2BAU3ZphG%2B39bq%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69cd6556c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/people3.jpg | 104.21.29.217 | 200 OK | 3.4 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/people3.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 113x113, components 3 Hash9dfd1343ca36730bfeb87fd495028b43 8bc9d2e55d84ccc13c05285da3c0f77cdb2e45b0 19abf51efddfc44f5cbf4cee554cc63870aae92f8158a6e1b205b51f83f931f5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/people3.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/jpeg
content-length: 3449
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-d79"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cX6iWO9SV2PvwBZU7ytRCIxSP1twKNK0MqAxLcQVlRhMYi0ddfVjh56%2Fk1Ar1QN30ku0SUh4pQknuRSgBB5iUC7diSME0s3waIqQOBGMBarfrznuLwtEc1qzUdKEmCawv%2FRg7m6P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db69cd6656c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b1-bg.jpg | 104.21.29.217 | 200 OK | 3.0 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b1-bg.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 112x47, components 3 Hashb07d35b7fd2e3eafef1fc9c075a49b96 c9a3a49478067351baec4ad5abeaf40bc16ac460 36ed64f774f9168848dae97bd5b0402c9e39ff0b8715a386990ef10e917bbf9e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b1-bg.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/jpeg
content-length: 2972
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-b9c"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BhhEJADkE7%2Fngq7VdGw%2F4yjMVrDWRZCyGbyC7vA5xbFHVKGGAWENSVucBEc1Dli0a4Prtxgxv7G6Fcn9v%2BJDnHcE3ybcvxP7k%2FDZbj9JtaqrLQfmmYNwXkEWIYEiRRxvZp1iyIBP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6a5d9256c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/b1-bull-icon.png | 104.21.29.217 | 200 OK | 769 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/b1-bull-icon.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 35 x 77, 4-bit colormap, non-interlaced Hash8002ec16a57e58f735f5896751fd9c1b 519990c57e2a5b4ce4891bd5f8c4fc944c323676 891e2e3eb51c5924e89cf45348a308214dbcbcc6f305fc8c52bc1f76d693bf1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/b1-bull-icon.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 769
last-modified: Mon, 21 Nov 2022 09:50:26 GMT
etag: "637b49e2-301"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJrXd1rpKW6wMGoLquivqtgQYNNg%2BCudSofgogRGw9cId0MOtSA%2Fl%2FfAG4%2BLOeB20VAQJRpl51ZLJn3uXI%2FaYzyvJhN2zCdUb65p1xRvuCRl2lMmpbUeUzqxFPJLoYfYR3l2T0KZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6a5d9556c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/offer-bull-icon.png | 104.21.29.217 | 200 OK | 687 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/offer-bull-icon.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 29 x 187, 4-bit colormap, non-interlaced Hasha1e6d59a405535f65c400c8c909d5c0c 77147e7b2acb964e7df7408d2b5d6026e37d5b8e 62d0ca9f98b9c4c9faf6aa6441d879e8636f8d8e2ed34733e72ffea0e1c0b1f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/offer-bull-icon.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 687
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-2af"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBrQZ9kZZ7bo%2B5xvWO7RuQL60Myo52QL8m0xRiRUvl0gxPd5%2BcV621LdEhnn7ZhFfpw%2BrxtU6KXYw4cV564gV%2F4J5eTKPxY1I0NOKK9414vO814FlR4vVEB%2BD5UkJAdVWdlrZt1k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6a7da156c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/price-block-bg.png | 104.21.29.217 | 200 OK | 407 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/price-block-bg.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 50 x 43, 4-bit colormap, non-interlaced Hashfba7b520fc9ed82d5ac15eaf928072cc eba46f6606d6309dad65bc8413cb3904f082343a 566c42f04d617efad46f9c11d4ab34189f6363cce1cffdcfd1309243bc3d3ab5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/price-block-bg.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 407
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-197"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWS3pH0zLPDlfy8IzUKs3Il0LR3GAM%2BYKj8CtRbX90P%2FCiB10hXBmRkp7RtiO4qKiyyL2wcGbhlJRw37dEdPobD%2BFebQHaqaqaEtS0c5j0ND%2FG3F22TCZFjqzfx6HWDLutDHYOL1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6a8da356c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/form-pers-icon.png | 104.21.29.217 | 200 OK | 378 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/form-pers-icon.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 24 x 31, 4-bit colormap, non-interlaced Hash567021367285d0094945a6cac6c4ce27 e69b4bef4b59a3fa644726a3d35ae054bc6438c0 2c3ad73bc016caac60e28f02efccb572ca4a960bc47c77df61cb630171e8b608
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/form-pers-icon.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 378
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-17a"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztopzRz6KpkIkisDs5IUuG7VPJsRHL3GkQo67ONWRJBWgE%2FBLXPq2Hw%2Fu8xz0ZWf%2FHizN8bP%2FB%2Fl0AvVEiFgsoEsNx3LxmseGkBSsIcjUugbTFqiU193OMCyCeMp3EoHWcL0%2FIx2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6a9dad56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/form-phone-icon.png | 104.21.29.217 | 200 OK | 450 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/form-phone-icon.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 28 x 28, 4-bit colormap, non-interlaced Hash9a84f90259779908715f7035d14a1388 a6383330cd9605b0a7ce79c414093f69136ee3ce 0930052579734357a7fbc6b65c3914a5b14df5d20f29c414cfcacc7c4540560a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/form-phone-icon.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 450
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-1c2"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xRhHWCUlixJyQxCnzjCZmdCZuEgidAaSvjuf%2FJAvQZYbg4CFz9g9Ry1x1paBv1dpGG0i3sI6GXkth5sX08suyNNdkz8CmOb1MtGKxv98cFm6XhR34HQZIg1xm9ewLtlMskrUBY0H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6aadb356c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/exp-r.png | 104.21.29.217 | 200 OK | 2.1 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/exp-r.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 181 x 113, 4-bit colormap, non-interlaced Hash39658d9369da337fa95e5746b94ce698 d5b7c3a5de83c0431a7ce02777d4d4162446e879 c4a2189ee3261cd31437e6388e0e3516aeeab9629a25273553fe295950a61993
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/exp-r.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 2092
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-82c"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPF0AZmhQI6qSLdDVB2%2Fa9CcIB%2BhMKX3NIuAlpSGK%2BiqvJ9%2F33M9pX0neoWci4L0tCjoyPCryKsXSgn40YiMSGsxJr0V4c528VbuqxkMxin4VE7XbuLdX6Q0aCxR8c%2BWVUSuhBfQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6abdba56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/exp-bg.png | 104.21.29.217 | 200 OK | 439 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/exp-bg.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 39 x 8, 8-bit colormap, non-interlaced Hash10dac0d4e0194521053606eb0148695d e61b21811d25eaac5a7568135553494964daa8e8 7ad1333404c2e79ace6f167c2be65d30f84718f87bfe4ce57cb98c1a446dda04
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/exp-bg.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 439
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-1b7"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RLdu%2BpvEfwAR5kdwj6fRigP2zbHbZwXZ3pkmaur6c8b0vBQbW7Yj3ht49LCWvO43bOT1eagsoVW0DCjdS%2FpGw4RrG3pZ%2FHM8lnGyETQ8c2sMy%2FP3AKGzy%2F9IGdJ6WsmVl6tofHqN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6acdbe56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/kov.png | 104.21.29.217 | 200 OK | 541 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/kov.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 68 x 58, 4-bit colormap, non-interlaced Hash45c34c03630d9a1eb40ee5c3e4cc3263 7c3197f133b9f720c9ce4e98f080b510fafb166f 165d0851459833fbfa46de0474c6a4da66df960e8151e213e8ebcf91d21a1a3f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/kov.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 541
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-21d"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxbpN5qL5dybGVjSOAhUHgulKEZPKjekvamDpcUguOz6FTP6ED4FXrBT%2BUsdU81taWn796c7dWRp4to%2BvqHxWHdzq1d%2BVEcPXe3%2Bat1E2VzJJccnwCw6XEspwACKzlUM%2F1uF5O8a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6addbf56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/offer-bg.jpg | 104.21.29.217 | 200 OK | 602 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/offer-bg.jpg IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x12, components 3 Hash191b3c7b660b502fecc959daf91cac1c 9873cd639ee5de0eaaca00e60727d8b0b08ebf7b c134d73fecf2fa9739d479a0914a2166b4b1ac16d3196d7ad83e02670ca7dcd6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/offer-bg.jpg HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/jpeg
content-length: 602
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-25a"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NvxfOkanx4kcZRgWL3fgzbpgwEEc55bsMbnHFFt3IK%2FQlaa2FeGS%2BPeXVMqDFrSrG6hDq2VKIpo2D2S%2FrfYRszbOM%2FBp7mbzs6VpnTXXpyamxc0%2F%2Fc68kIAV9cH%2BD3F7qonveUso"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6a6d9756c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/how-order-2.png | 104.21.29.217 | 200 OK | 1.2 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/how-order-2.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 84 x 84, 8-bit colormap, non-interlaced Hashbf51107657950037159d327c1fb1abc3 465d876eeb4a88fe1dbf622eddcfd798a07f83ad f6d658a41683d2d9dcb5766579eed6bf840de3842438a3eacb2314c1b6adc612
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/how-order-2.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 1233
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-4d1"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lz0X3paD9fDhQLtDtvSydp3y6mFs0PRP04OSZQ7Bfswg5%2FGUzid0H7I33dDiyUHq%2FC0x2%2BAsSqBeu4H9B2VLdwUDk0viE7f3ByQZKa9FKwIq5Lif2HTZN4bQfAzdbTlVovjTNa13"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6addc156c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/how-order-3.png | 104.21.29.217 | 200 OK | 1.3 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/how-order-3.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 84 x 84, 8-bit colormap, non-interlaced Hash16fc130dc07579e667c33f60c6152236 9d7c79132c5717609a276bf66fdb576e7e170837 c8ecadda1331ea811ab5496624fb37bbb891ae4bad1fbeb68dc543707d38c5be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/how-order-3.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 1307
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-51b"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XtOzJEl554NFELoCBoDCLQEvQDqWlDKr4Oen5DpF5NOuKdFj%2FyZgZMK6oaxqE58c4y9poQDpit4QyGKSqih4mpkQt6NaoWgpyKba152YkTeQdigHvjwxBO4PzF1un9x22Pi54NxC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6addc556c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/how-order-1.png | 104.21.29.217 | 200 OK | 1.3 kB |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/how-order-1.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 84 x 84, 8-bit colormap, non-interlaced Hashcc0515c35940a5b39e422f2d5c8a986e 0be1f44c92261ba33188358269ee98130628ae95 890b55236f45c4fd124b2f445959dfb713057bd6e1ae0657065c5cc9475a9c0f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/how-order-1.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 1255
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-4e7"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2F0J7mYXl114nhLfm9LiAaC1M5ftg3E5EGVTDINV%2FMLuO0snYRPIGlOBZpYL9yI0NDJyEBBspKWYqbgEMpESycaog%2FgwpyjCwudl06dmW2OSZaohOPXyCglFgLMv%2Bx3UedKbVpI%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6addc056c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/flexosamine/lt/v2/img/order-desc.png | 104.21.29.217 | 200 OK | 711 B |
URL GET HTTP/3besttop-goods.press/flexosamine/lt/v2/img/order-desc.png IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typePNG image data, 68 x 68, 8-bit colormap, non-interlaced Hashd5bd53bf020c75e729d6c6df8724c537 9a2ba203515e38eda0bf045690339348813c3e4c 988547ef4be776b8e7e37cd13ff4037efa79e86547ee723142072277913f9ac9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/img/order-desc.png HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/png
content-length: 711
last-modified: Mon, 21 Nov 2022 09:50:28 GMT
etag: "637b49e4-2c7"
expires: Wed, 24 Apr 2024 01:07:52 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5WMy%2BriGgNnr%2BAIRO3nGUpHrdGB2oNOOSoEZV5lAhzpMxKjijdFmfpM3IoC82PDWMYtGI4tpvSaarlu6MNHcQwWn%2BCq5n4BYhAOzfREpratIj5huVTEP1BykrcuRi1dCKE6NGQ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6addc656c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| besttop-goods.press/favicon.ico | 104.21.29.217 | 200 OK | 18 kB |
URL GET HTTP/3besttop-goods.press/favicon.ico IP104.21.29.217:443
Requested byhttps://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash28b90d600c125d3d59a6c9c15679e6a2 d9ed958ef3dd9bded8e42e180e5f70ec7933126f 68f40d7144648b722e380ad277b562aa5a49eb2c931f829a451a3c8c14ea3309
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id}
Cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 00:08:08 GMT
content-type: image/x-icon
last-modified: Tue, 24 Nov 2020 16:59:18 GMT
etag: W/"5fbd3be6-47e"
expires: Wed, 24 Apr 2024 00:51:48 GMT
cache-control: public, max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUIpPcCc98VUo4yUqOMye7PjTEV9eNniGIDcXvY7AOIApmGuryqTwXdOmFpruRdjEpOIuaySfOdTCHZZzwLKYmBWYB2%2FVWl3LpVLwn48dsEIGdnQxGNDnChBk3bXb6oiwicayeO%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8791db6b8dee56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=PtstayLv1hb4Cq2PbmEIiU2pqSAtXscPcQ72tIqwCSmWqKVpCF5GBkhOgEbdpCtRKiIo7HXE1kLO-JZKPWo6DdBr1LP2U1EbQXkM9VDviViS0KR4776NVPERfmGLpQAy
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Wed, 24 Apr 2024 00:07:13 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 73
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} | 104.21.29.217 | 200 OK | 28 kB |
URL User Request GET HTTP/2besttop-goods.press/flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} IP104.21.29.217:443
CertificateIssuerGoogle Trust Services LLC Subjectbesttop-goods.press Fingerprint07:CF:21:0C:68:AC:93:55:ED:DA:0F:3B:3B:AD:96:2A:BF:CE:3D:27 ValidityMon, 04 Mar 2024 12:33:55 GMT - Sun, 02 Jun 2024 12:33:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /flexosamine/lt/v2/?geo=28525&flow_id={flow_id}&click_id={click_id}&sub1={sub1}&sub2={sub2}&sub3={sub3}&sub4={sub4}&sub5={sub5}&facebook={facebook}&pl={prelanding_id}&lp={landing_id} HTTP/1.1
Host: besttop-goods.press
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 00:08:07 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=ikj34e7raapifqervcetrlh8v2; path=/
CSA=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=besttop-goods.press; HttpOnly
CSA=eyJnZW8iOiIyODUyNSIsImZsb3dfaWQiOiJ7Zmxvd19pZH0iLCJjbGlja19pZCI6IntjbGlja19pZH0iLCJzdWIxIjoie3N1YjF9Iiwic3ViMiI6IntzdWIyfSIsInN1YjMiOiJ7c3ViM30iLCJzdWI0Ijoie3N1YjR9Iiwic3ViNSI6IntzdWI1fSIsImZhY2Vib29rIjoie2ZhY2Vib29rfSIsInBsIjoie3ByZWxhbmRpbmdfaWR9IiwibHAiOiJ7bGFuZGluZ19pZH0iLCJkaXIiOiJmbGV4b3NhbWluZVwvbHQiLCJpbnRlZ3JhdGlvbiI6Im1ldGEiLCJjbGlja19oYXNoIjoie2NsaWNrX2lkfSIsImlwIjoiOTEuOTAuNDIuMTU0In0%3D; expires=Wed, 24-Apr-2024 10:08:07 GMT; Max-Age=36000; path=/; domain=besttop-goods.press; HttpOnly
expires: Wed, 24 Apr 2024 01:08:07 GMT
cache-control: max-age=3600, public, max-age=3600
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WCFY%2FxbD3wkP613BPmj0AMU2T0W62sjnuEAOo41oxseXIM6bNKI%2FzP3nwfWbLHEwp3xkyeCqsbxT80ADXyOvfIVoSg2s7zWUKphQHKlElptdcBpEM7cAXcbuNGFt4aJhCsqVyL9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8791db66bdaeb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|