Overview

URLdyztfsq.net/
IP 103.224.182.242 (Australia)
ASN#133618 Trellian Pty. Limited
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-07 05:26:54 UTC
StatusLoading report..
IDS alerts0
Blocklist alert6
urlquery alerts No alerts detected
Tags None

Domain Summary (15)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-12-06 17:31:54 UTC 34.120.237.76
ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-12-06 17:12:08 UTC 216.58.211.3
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-06 17:12:34 UTC 34.102.187.140
d38psrni17bvxu.cloudfront.net (2) 0 2022-09-22 16:48:38 UTC 2022-12-07 00:59:12 UTC 54.230.245.8 Unknown ranking
partner.googleadservices.com (1) 798 2012-06-26 16:06:42 UTC 2022-12-06 17:12:43 UTC 216.58.207.194
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-06 17:17:39 UTC 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-06 17:13:17 UTC 34.117.237.239
c.parkingcrew.net (1) 70582 2017-01-29 19:17:16 UTC 2022-12-06 10:57:01 UTC 185.53.178.30
afs.googleusercontent.com (2) 12123 2013-05-06 19:11:00 UTC 2022-12-06 17:12:43 UTC 142.250.74.97
r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-12-06 17:12:17 UTC 23.36.76.226
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-12-06 21:45:35 UTC 93.184.220.29
dyztfsq.net (1) 0 2022-11-27 01:38:45 UTC 2022-11-27 01:38:45 UTC 103.224.182.242 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-06 17:19:43 UTC 52.89.136.7
ww38.dyztfsq.net (5) 0 No data No data 13.248.148.254 Unknown ranking
www.google.com (3) 7 2012-11-08 00:08:21 UTC 2022-12-06 23:42:40 UTC 216.58.207.228

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-12-07 2 dyztfsq.net Sinkholed
2022-12-07 2 dyztfsq.net Sinkholed
2022-12-07 2 dyztfsq.net Sinkholed
2022-12-07 2 dyztfsq.net Sinkholed
2022-12-07 2 dyztfsq.net Sinkholed
2022-12-07 2 dyztfsq.net Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 103.224.182.242
Date UQ / IDS / BL URL IP
2023-02-04 06:53:08 +0000 0 - 0 - 4 etssme.com/sid/panelnew/admin.php 103.224.182.242
2023-02-04 03:00:58 +0000 0 - 0 - 4 uaefreezone.net/wp-admin/freshback/noww_eIWeY (...) 103.224.182.242
2023-02-03 23:22:09 +0000 0 - 1 - 0 www.hoalanvn.com/ 103.224.182.242
2023-02-03 10:33:16 +0000 0 - 0 - 4 uaefreezone.net/wp-admin/freshback/noww_eIWeY (...) 103.224.182.242
2023-02-03 03:31:11 +0000 0 - 0 - 3 kookliet.com/ 103.224.182.242


Last 5 reports on ASN: Trellian Pty. Limited
Date UQ / IDS / BL URL IP
2023-02-05 00:39:06 +0000 0 - 0 - 3 caiaxbak.online/ae7b076e5342cb7/clients/login (...) 103.224.212.219
2023-02-04 23:03:26 +0000 0 - 0 - 1 www.localmatters.com/blog/author/jnelson/ 103.224.182.246
2023-02-04 22:57:51 +0000 0 - 0 - 3 indwed.com/ 103.224.182.218
2023-02-04 21:53:07 +0000 0 - 0 - 3 kass.com.au/inbox/Bofa/verify.php 103.224.182.246
2023-02-04 21:33:12 +0000 0 - 0 - 2 www.paulproductor.com/ 103.224.182.253


Last 1 reports on domain: dyztfsq.net
Date UQ / IDS / BL URL IP
2022-12-07 05:26:54 +0000 0 - 0 - 6 dyztfsq.net/ 103.224.182.242


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-04 21:53:15 +0000 0 - 0 - 2 ww38.kass.com.au/inbox/Bofa/verify.php 76.223.26.96
2023-02-04 19:33:10 +0000 0 - 0 - 2 www.uniche.com/ 45.33.30.197
2023-02-02 22:18:46 +0000 0 - 0 - 2 nausea.ktplan.jp/ 99.83.248.67
2023-02-02 06:34:46 +0000 0 - 0 - 2 ww38.f0ndsftq.com/ 13.248.148.254
2023-02-01 14:52:54 +0000 0 - 0 - 3 freecreditkrama.com/ 103.224.182.218

JavaScript

Executed Scripts (19)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (41)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9850
Expires: Wed, 07 Dec 2022 08:10:54 GMT
Date: Wed, 07 Dec 2022 05:26:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1481
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 05:26:44 GMT
Last-Modified: Wed, 07 Dec 2022 05:02:03 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 05:18:45 GMT
cache-control: public,max-age=3600
age: 479
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2182
Expires: Wed, 07 Dec 2022 06:03:06 GMT
Date: Wed, 07 Dec 2022 05:26:44 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: dyztfsq.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         103.224.182.242
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 07 Dec 2022 05:26:44 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670390804.5814904; expires=Sat, 04-Dec-2032 05:26:44 GMT; Max-Age=315360000
Location: http://ww38.dyztfsq.net/?subid1=20221207-1626-443e-9761-50cae1082b6a
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: P7gC4PsHvWLw5q0NAkTpfpVCcNfsfLzwDAGqzcyaTlJcfi5s9lFniCbz8M+Onn29bj8qjtShjwU=
x-amz-request-id: 57ZC38PH3CDV4MT0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 04:47:22 GMT
age: 2362
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 07 Dec 2022 05:26:44 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 05:11:20 GMT
cache-control: public,max-age=3600
age: 924
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1456
Cache-Control: max-age=101061
Date: Wed, 07 Dec 2022 05:26:45 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 09:31:06 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dPC4YBSsYEKwq8fPkc5OsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.136.7
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XZ4ongnLYjG4u9X5xHzbhL31nXM=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Wed, 07 Dec 2022 06:49:42 GMT
Date: Wed, 07 Dec 2022 05:26:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Wed, 07 Dec 2022 06:49:42 GMT
Date: Wed, 07 Dec 2022 05:26:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Wed, 07 Dec 2022 06:49:42 GMT
Date: Wed, 07 Dec 2022 05:26:46 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffedaa717-23e2-407d-9833-52d537b9b6c5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5704
x-amzn-requestid: 7b87f011-2d7b-41fc-9897-358e5d1a3e5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cc4a2FrvIAMF5tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63883aab-32ed5f3631606c622938642e;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 05:24:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yeauf5fYorNWQgdcsLswhkdLfT_cs5GJcl1dcNRs6zMpTLoN0UWEjA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 04:40:30 GMT
age: 2776
etag: "46c6733ae3f0c01f1ec1f71790d71cac9797fcd2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5704
Md5:    2d237b386960b3fbbcfdde0d2f0179ca
Sha1:   46c6733ae3f0c01f1ec1f71790d71cac9797fcd2
Sha256: 4a86ff99f57d9dea3d7f2f22a02f54f3e9bfbdfca07722d1a7c3d25a1dc5160c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Wed, 07 Dec 2022 06:49:42 GMT
Date: Wed, 07 Dec 2022 05:26:46 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19ffa93b-2002-4f40-ab8b-aa163e9b5939.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6186
x-amzn-requestid: 53d1d373-ff6c-4c59-bdeb-fff592bca586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUsyGOEIAMFwfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e67eb-0156077b52dc07fb124c087b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:51:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4ORpzqbzQyJz_i3wpxf_07mXK3ovj1JT8kn-M9fdrGRgDVig7hhN5w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 16:47:32 GMT
age: 45554
etag: "d51162b7fcba50022482b7130a556f3a7dfe822f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6186
Md5:    535710165275856757bd7d1689f79de3
Sha1:   d51162b7fcba50022482b7130a556f3a7dfe822f
Sha256: c93e2df13b78cd4b718eb4fe3fe70a9d6d12fd0a0d7f505219ec0d5e6a70653c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8116e95d-8c6c-4a81-8560-89710dcf8c9b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8659
x-amzn-requestid: 3b64a1cf-0ad7-4ecf-a25e-ca65c06330ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVFcECMoAMF1SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6889-42dde2da60f083383ab06b82;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z3yEknYzqJG3oEe-t3nxHYkDXSYGdWkRdbB1V4ixYcJjV5DjxzLzEA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 15:53:10 GMT
age: 48816
etag: "80283cb298a1b2326620be406ee3daa42ee0b3ef"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8659
Md5:    22e3174edbfe337cc29266cc38abb51e
Sha1:   80283cb298a1b2326620be406ee3daa42ee0b3ef
Sha256: 520858a9d9540d5768988d0ebb04f0162ded5eb9cd8f4718989b033d04702111
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fo3lMa6shsclTxMwkqU7b-FdfADL1J2vHt8BNpEImo0gsmmI01BNTQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 10:08:58 GMT
age: 69468
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6846
Md5:    a7ee62c5e846e8ad4808f4724f15146d
Sha1:   6d55b299f906908309f91eaf0a720ad65866db04
Sha256: 0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7609
x-amzn-requestid: 02299a39-6804-49ae-b415-313b6e06b2ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfj24G39oAMF25Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63894cf8-5f578e3f211063bd125b645a;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 00:55:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EmQGdW6eDQGTNSY5o0bGb7rS5i9FBeV29pEQMPui8P9XOpgZHW8leA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:56:16 GMT
age: 27030
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7609
Md5:    0d0219e6bee2a28f003f396f872eecf0
Sha1:   b3d22d146c6094cb539de40a72b9c5a140802ee5
Sha256: 41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe44b6ac-66fe-4013-a696-460f9692e93e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3175
x-amzn-requestid: 3b5ffd5c-a8a5-40d8-b370-c13b0da5f543
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csXJEF0hIAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6bd3-40d73fc5702a607c4ef71574;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 22:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2Qmmv5s2Vpw4nmSpCj3WLX-yy2qKOk30Q_ZeA3C2IqFgjxzm4MMxEA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 04:47:35 GMT
age: 2351
etag: "ec084f21bd0bcf5c101366e5732421835b3230d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3175
Md5:    cefc5a863db79a7a8acd7366322ea34d
Sha1:   ec084f21bd0bcf5c101366e5732421835b3230d3
Sha256: ee5a022da888181060a9d4ac8ab18fb8e35143b5f046f905d38553b9552f0bbb
                                        
                                            GET /?subid1=20221207-1626-443e-9761-50cae1082b6a HTTP/1.1 
Host: ww38.dyztfsq.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 07 Dec 2022 05:26:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_rZqDGER6XfSvrQ62u1miMKccAV4/36/nbTNo9AjsQzQ035EVoZeeT9FsGufG6ilOIbGWBXUoLi+WZ2LibYxqkQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2476)
Size:   5544
Md5:    a5a22b68500e81deef3a79b63850f998
Sha1:   9dd0c575c8d504bedec86e1ae0e7b4fc13aec05d
Sha256: 2953a6c8cbcbfb3fb0c223195f03a40c713470129bf184b8b9085fd545d7ab89

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /scripts/maincaf.js HTTP/1.1 
Host: d38psrni17bvxu.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/

search
                                         54.230.245.8
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Wed, 07 Dec 2022 02:41:52 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cjaYW56td_BYTEt4Nz-t8ly7RT4yXsb8ZV5kcDFETIhR13CYx6bmCA==
Age: 9895


--- Additional Info ---
Magic:  ASCII text, with very long lines (316)
Size:   7006
Md5:    3c7567521347bf95b105ffa7fdc7da86
Sha1:   08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
Sha256: 0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29
                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/

search
                                         216.58.207.228
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Wed, 07 Dec 2022 05:26:47 GMT
Expires: Wed, 07 Dec 2022 05:26:47 GMT
Cache-Control: private, max-age=3600
ETag: "4168607944686720504"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0


--- Additional Info ---
Magic:  ASCII text, with very long lines (1885)
Size:   53521
Md5:    3627d5760d6e998e56ded351ac6f9875
Sha1:   c55992f098e8a71443b743adde69c77ef5a8e14c
Sha256: 37122e188978e0bbd1ab2584a4b6d2ddde51848041d67a0506c49901b1069ce7
                                        
                                            GET /scripts/sale_form.js HTTP/1.1 
Host: c.parkingcrew.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/

search
                                         185.53.178.30
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 07 Dec 2022 05:26:47 GMT
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   761
Md5:    64f809e06446647e192fce8d1ec34e09
Sha1:   5b7ced07da42e205067afa88615317a277a4a82c
Sha256: f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
                                        
                                            GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 
Host: d38psrni17bvxu.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/

search
                                         54.230.245.8
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Wed, 07 Dec 2022 02:14:27 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ak5o5AVwzjaeGRKDoIK_DyXBLjfs7Z1p4uCG_EODrtd_PPYCr9_xeQ==
Age: 11540


--- Additional Info ---
Magic:  PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Size:   11375
Md5:    0cb2e5165dc9324eb462199f04e1ffa9
Sha1:   9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
Sha256: 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ww38.dyztfsq.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/?subid1=20221207-1626-443e-9761-50cae1082b6a

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Wed, 07 Dec 2022 05:26:47 GMT
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /track.php?domain=dyztfsq.net&toggle=browserjs&uid=MTY3MDM5MDgwNi42OTYxOjg2ODMwYzllMzY1YzJiNzllMTEwYTkzZGEzZmFlNDQ5ZjJjMmViMWI4NzFiZmY0NmZkZTY1MGU1ZDYwM2RiZDg6NjM5MDI0MTZhOWVmZg%3D%3D HTTP/1.1 
Host: ww38.dyztfsq.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/?subid1=20221207-1626-443e-9761-50cae1082b6a

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /ls.php HTTP/1.1 
Host: ww38.dyztfsq.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2182
Origin: http://ww38.dyztfsq.net
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/?subid1=20221207-1626-443e-9761-50cae1082b6a

search
                                         13.248.148.254
HTTP/1.1 201 Created
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 639024182cb1be6c965fd2f4
Charset: utf-8
Access-Control-Allow-Origin: http://ww38.dyztfsq.net
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_IjVWYySzxz9GYRA2lq8h105abbLqI7d6S0jpAA9QxuZQk2a9dhP7yULEOo/lHcHsLZPzCEaPKbGxHs3+lC5E7w==


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gampad/cookie.js?domain=ww38.dyztfsq.net&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/1.1 
Host: partner.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.194
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 05:26:48 GMT
server: cafe
cache-control: private
content-length: 179
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   179
Md5:    47254d196ceaae9b0c4025dc3bea9a70
Sha1:   c1719b9d1289792f86bf1fc04a14edb10377c795
Sha256: e50014f3a97701b011589857a0b836bbb03eb2a1d627d5a19b9825cda2dec922
                                        
                                            GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2617353989497713&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300001&format=r1%7Cs&nocache=9921670390807798&num=0&output=afd_ads&domain_name=ww38.dyztfsq.net&v=3&bsl=8&pac=1&u_his=1&u_tz=0&dt=1670390807799&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=795&frm=0&cl=493016327&uio=--&cont=tc&jsid=caf&jsv=493016327&rurl=http%3A%2F%2Fww38.dyztfsq.net%2F%3Fsubid1%3D20221207-1626-443e-9761-50cae1082b6a&adbw=master-1%3A530 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
content-disposition: inline
date: Wed, 07 Dec 2022 05:26:48 GMT
expires: Wed, 07 Dec 2022 05:26:48 GMT
cache-control: private, max-age=3600
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 1965
x-xss-protection: 0
set-cookie: NID=511=vDecqKwaoulyoxR2zUlqrRdW6POZIrLCgeIgRLQG7h6VTCFh8xXD3zSut_DOyy49rJJpZHv7mZvr-Ju2dQbG7OGsbN9DDD-Munzm39gnmWyOrRsS4KLArJR4hsslg68bWpZboPql5OgMmbYlzz6B1akDEPoaTqCD2OstzmuVoMM; expires=Thu, 08-Jun-2023 05:26:48 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none CONSENT=PENDING+719; expires=Fri, 06-Dec-2024 05:26:48 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5172)
Size:   1965
Md5:    4768cabacf0636ac42633ce325da0700
Sha1:   a64b3b468ce55ebf919160bf1bd7a2948821eb77
Sha256: dd4e49af2e340e4571c219562c564f148b6b80339bd49f8199a9f39f8602f3ae
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.97
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 20:41:35 GMT
expires: Wed, 07 Dec 2022 19:41:35 GMT
cache-control: public, max-age=82800
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
age: 31513
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size:   270
Md5:    5100391430a00e10ce60aa159f525b5c
Sha1:   231a4492d73b225f441b1e9028dc33c89862e498
Sha256: 52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
                                        
                                            GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.97
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 14:59:50 GMT
expires: Wed, 07 Dec 2022 13:59:50 GMT
cache-control: public, max-age=82800
age: 52018
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size:   174
Md5:    4de8b85c8915995b571bde50e231be7c
Sha1:   29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
Sha256: 2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /track.php?domain=dyztfsq.net&caf=1&toggle=answercheck&answer=yes&uid=MTY3MDM5MDgwNi42OTYxOjg2ODMwYzllMzY1YzJiNzllMTEwYTkzZGEzZmFlNDQ5ZjJjMmViMWI4NzFiZmY0NmZkZTY1MGU1ZDYwM2RiZDg6NjM5MDI0MTZhOWVmZg%3D%3D HTTP/1.1 
Host: ww38.dyztfsq.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.dyztfsq.net/?subid1=20221207-1626-443e-9761-50cae1082b6a
Cookie: __gsas=ID=8acde47f130752ed:T=1670390808:S=ALNI_MaCVTlhcQsqiihxy-he61nrLNnC7w

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 07 Dec 2022 05:26:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 07 Dec 2022 05:26:48 GMT
expires: Wed, 07 Dec 2022 05:26:48 GMT
cache-control: private, max-age=3600
etag: "3596691404974738380"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---