| www.freakywinner.vip/img/offers/iq_test2/puzzle.png | 94.237.92.126 | 200 OK | 4.7 kB |
URL GET HTTP/2www.freakywinner.vip/img/offers/iq_test2/puzzle.png IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typePNG image data, 512 x 512, 4-bit colormap, non-interlaced Hash8234356ad8b24022358e1690ef7bd01e 82403de4de07f132e7590e2eecdb41ae0694fc7e d646bd618a65a9e488e2d30ae799d10447bb3ba7a3c4a969ff09de06d2c280ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/offers/iq_test2/puzzle.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 4712
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-1268"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/img/offers/iq_test2/brains.png | 94.237.92.126 | 200 OK | 4.4 kB |
URL GET HTTP/2www.freakywinner.vip/img/offers/iq_test2/brains.png IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash9ed2df13d56e3b3a0243ac9208b9597a 10f2623bfeda1d0bd76dc3dc3c7bd7a343f2497f f643af623e28368725ef7d618d980e052ce9201e4399fd72f9353ba32ab4286f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/offers/iq_test2/brains.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 4422
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-1146"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/img/offers/iq_test2/cash.png | 94.237.92.126 | 200 OK | 2.7 kB |
URL GET HTTP/2www.freakywinner.vip/img/offers/iq_test2/cash.png IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typePNG image data, 256 x 256, 4-bit colormap, non-interlaced Hashc5187508b5c8b7c009e603e6e143a18d c4449836fd2ece36010910790976ee5eb4d4a895 594067042cdbd19b4be737bbf547f2bab5aabf92e60592c7a17271ff0517672f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/offers/iq_test2/cash.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 2747
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-abb"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 12663c35b931.tc-network.net/?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m | 94.237.90.104 | 302 Found | 225 kB |
URL User Request GET HTTP/212663c35b931.tc-network.net/?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m IP94.237.90.104:443
CertificateIssuerLet's Encrypt Subjecttc-network.net FingerprintC1:DE:47:24:2B:F7:55:8E:13:E6:69:A6:FD:5E:91:28:0E:ED:ED:9A ValidityFri, 05 Apr 2024 21:27:22 GMT - Thu, 04 Jul 2024 21:27:21 GMT
File typeRIFF (little-endian) data, Web/P image Size225 kB (225414 bytes) Hashbe5d14f6a3a65214743c37f28f27a591 99a155dbb761ddbe1b52010fb899a3f766cc6bd4 dd31fbf72786f5e458f69bde6d6c1a02697ab7e682e90b8d620faa44fbdcb517
GET /?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m HTTP/1.1
Host: 12663c35b931.tc-network.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 18 Apr 2024 06:54:34 GMT
content-type: text/html; charset=UTF-8
set-cookie: rts-trck=1; expires=Thu, 18 Apr 2024 07:04:34 GMT; Max-Age=600; path=/; domain=12663c35b931.tc-network.net
t-uuid=62ncvsb155uodi4vp77k0gg4c; expires=Tue, 18 Apr 2034 06:54:34 GMT; Max-Age=315532800; path=/; domain=.tc-network.net
rts-trck=1; expires=Thu, 18 Apr 2024 07:04:34 GMT; Max-Age=600; path=/; domain=12663c35b931.tc-network.net
ab=A; expires=Fri, 19 Apr 2024 06:54:34 GMT; Max-Age=86400; path=/; domain=.tc-network.net
traffic-visited-domain=freakywinner.vip; expires=Sat, 18 May 2024 06:54:34 GMT; Max-Age=2592000; path=/; domain=.tc-network.net
traffic-back-ivr=ok; expires=Thu, 18 Apr 2024 06:55:04 GMT; Max-Age=30; path=/; domain=.tc-network.net
location: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/img/offers/iq_test2/growth.png | 94.237.92.126 | 200 OK | 1.8 kB |
URL GET HTTP/2www.freakywinner.vip/img/offers/iq_test2/growth.png IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashd210741d80afbd292471f363bbe1555a fd201c4441c8c1897b4cbf281aed7c64409bc35c cc0bd9f92cd2353fead82a4b502c72cb1ef370ceba8921355e4c219f56fd3b37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/offers/iq_test2/growth.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 1834
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-72a"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/img/offers/iq_test2/verified.png | 94.237.92.126 | 200 OK | 3.7 kB |
URL GET HTTP/2www.freakywinner.vip/img/offers/iq_test2/verified.png IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashddb11e9a091574cefd175de7af1566fb 4372e02b5d7e081cc3381af3736018f0697f3886 39f9a4fdb28c198c413c7b09016508f23fc82d9790f48c586daed29065db9bb8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/offers/iq_test2/verified.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 3657
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-e49"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/js/app.js?id=d41d8cd98f00b204e9800998ecf8427e | 94.237.92.126 | 200 OK | 0 B |
URL GET HTTP/2www.freakywinner.vip/js/app.js?id=d41d8cd98f00b204e9800998ecf8427e IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/app.js?id=d41d8cd98f00b204e9800998ecf8427e HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-0"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/archivo/v19/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 | 216.58.207.227 | 200 OK | 35 kB |
URL GET HTTP/2fonts.gstatic.com/s/archivo/v19/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 IP216.58.207.227:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 35272, version 1.0 Hashaa1941d5b024b0caf9827a10a1223d21 73677337831880c6657227d751661332775bfdee 7c59b09511f172d20fbf5feaf7aff9e844460cdb286d8930a1f546b39ed1a5e1
GET /s/archivo/v19/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.freakywinner.vip
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35272
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 09:52:52 GMT
expires: Wed, 16 Apr 2025 09:52:52 GMT
cache-control: public, max-age=31536000
age: 162103
last-modified: Wed, 13 Sep 2023 22:41:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Archivo:wght@100..900&display=swap | 142.250.74.74 | 200 OK | 13 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Archivo:wght@100..900&display=swap IP142.250.74.74:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hashb43bd56f583ad603a5670c4ad25cfcbb 40e13dfe2f2381166596972b7e6469008c6ed275 68f26c66e9169803d71999b9bed3d5801e5e647e4658d35dfbfaf4c464efd6f8
GET /css2?family=Archivo:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 06:54:35 GMT
date: Thu, 18 Apr 2024 06:54:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/img/offers/iq_test2/laptop.webp | 94.237.92.126 | 200 OK | 225 kB |
URL GET HTTP/2www.freakywinner.vip/img/offers/iq_test2/laptop.webp IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typeRIFF (little-endian) data, Web/P image Size225 kB (225414 bytes) Hashbe5d14f6a3a65214743c37f28f27a591 99a155dbb761ddbe1b52010fb899a3f766cc6bd4 dd31fbf72786f5e458f69bde6d6c1a02697ab7e682e90b8d620faa44fbdcb517
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/offers/iq_test2/laptop.webp HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/webp
content-length: 225414
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-37086"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/css/offers/iq_test2/app.css?id=d3f0203d5f5be414d14e5f6219a7867b | 94.237.92.126 | 200 OK | 3.6 kB |
URL GET HTTP/2www.freakywinner.vip/css/offers/iq_test2/app.css?id=d3f0203d5f5be414d14e5f6219a7867b IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typeASCII text, with very long lines (3553), with no line terminators Hash4475caa4250bce022ececb4f3c39e660 93e83f767797ee138f95e7b145162669831d97b1 a45394706d5689ca9174c6567aef33900b93bc705ae814607276b176cacc2828
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/offers/iq_test2/app.css?id=d3f0203d5f5be414d14e5f6219a7867b HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
vary: Accept-Encoding
etag: W/"660d4eb7-ddf"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9 | 94.237.92.126 | 200 OK | 288 kB |
URL GET HTTP/2www.freakywinner.vip/js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9 IP94.237.92.126:443
Requested byhttps://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
Size288 kB (288396 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9 HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
vary: Accept-Encoding
etag: W/"660d4eb7-4668c"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream | 94.237.92.126 | 200 OK | 15 kB |
URL User Request GET HTTP/2www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream IP94.237.92.126:443
CertificateIssuerLet's Encrypt Subject*.freakywinner.vip Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT
File typeHTML document, ASCII text, with very long lines (2473) Hash076c238ecb6a618184f6a1767bdc581c 413a5957ba16f6a6f78f5f9ed043ab0e10d60d5d 90193996fc8850dc161ddabb051d9ca54b5c6ac11cbad56504b422de9504d1cc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Thu, 18 Apr 2024 06:54:35 GMT
log-id: 28dab380-c99d-4e8e-ae3a-5832546d72c7
set-cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 08:54:35 GMT; Max-Age=7200; path=/
ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 08:54:35 GMT; Max-Age=7200; path=/; httponly
SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; path=/; httponly
visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; expires=Fri, 19 Apr 2024 06:54:35 GMT; Max-Age=86400; path=/; httponly
jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D; expires=Thu, 18 Apr 2024 08:54:35 GMT; Max-Age=7200; path=/; httponly
content-encoding: gzip
X-Firefox-Spdy: h2
|
|