Report - fir3.net/kontakt710011

Report Overview

Visited public
2024-12-22 06:00:39
Tags
URL
fir3.net/kontakt710011
Finishing URL
dev.encurta.app/lp1
IP / ASN
104.21.90.231
#13335 CLOUDFLARENET
Title
EncurtaNet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
perf.cdnads.com	153748	2014-09-10	2017-01-29	2024-12-06	419 B	321 B	82.192.85.249
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-12-19	736 B	496 B	0.0.0.0
fir3.net	unknown	2019-02-27	2017-06-27	2024-12-08	3.2 kB	81 kB	172.67.162.55
www.gstatic.com	unknown	2008-02-11	2012-05-29	2024-12-18	4.9 kB	980 kB	142.250.74.35
www.google.com	7	1997-09-15	2015-05-10	2024-12-18	900 B	17 kB	142.250.74.164
dev.encurta.app	unknown	2021-05-14	2024-01-24	2024-12-08	9.0 kB	157 kB	104.21.15.133
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-12-15	431 B	422 B	3.121.166.192
aiveemtomsaix.net	unknown	2024-11-14	2024-11-14	2024-12-19	1.7 kB	8.7 kB	139.45.197.106
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-12-18	465 B	1.4 kB	172.67.169.157
engagedpungentrepress.com	138457	2021-12-06	2021-12-06	2024-09-22	444 B	35 kB	172.240.108.76
retortloudenvelope.com	unknown	2024-08-14	2024-12-21	2024-12-21	491 B	499 B	192.243.59.20
arvigorothan.com	unknown	2023-10-19	2023-10-19	2024-12-15	403 B	73 kB	104.21.30.34
blog.encurta.net	unknown	2016-12-08	2017-03-01	2024-12-08	929 B	42 kB	172.67.169.12
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2024-12-18	3.2 kB	96 kB	216.58.207.227
br.biofy.ai	unknown	unknown	2023-11-19	2024-12-08	475 B	53 kB	104.21.91.201
1.bp.blogspot.com	8403	2000-07-31	2012-05-21	2024-12-21	1.1 kB	14 kB	142.250.74.161
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25	2024-12-18	626 B	11 kB	142.250.74.97
www.recaptcha.net	2060	2007-01-06	2012-07-11	2024-12-18	2.8 kB	110 kB	142.250.74.99
gekeebsirs.com	unknown	2024-08-13	2024-08-13	2024-12-18	399 B	31 kB	104.21.5.227
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2024-12-18	481 B	17 kB	142.250.74.106
recordedthereby.com	unknown	2024-05-08	2024-05-08	2024-12-15	400 B	86 kB	185.196.197.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-21	medium	gekeebsirs.com	Sinkholed
2024-12-21	medium	aiveemtomsaix.net	Sinkholed
2024-12-22	medium	unseenreport.com	Sinkholed
2024-12-22	medium	arvigorothan.com	Sinkholed
2024-12-21	medium	aiveemtomsaix.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	gekeebsirs.com/tag.min.js	ScriptElement	72 kB	2024-12-19	2024-12-23
Pretty URL gekeebsirs.com/tag.min.js IP 104.21.5.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-19 12:48 Last Seen2024-12-23 15:20 Times Seen187 Hash d19a0affb4272dcf127651b173af0dfd 81c3f8cc7d5228bd3dce2bf6797a0a77bcf9bd75 17d2c655066f2b87f12012245918d54658924486ef602322cc7ada66cb51970d Loading...

	dev.encurta.app/lp1	ScriptElement	194 B	2024-12-22	2025-01-04
Pretty URL dev.encurta.app/lp1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-22 06:00 Last Seen2025-01-04 16:23 Times Seen15 Hash 5db5bad8512b99c99ffb309f0a3761af 35a597699cd4fae97d2441f3b99a943d120021c3 2fb78225b4fdb0d4182fd42b85848c80896e9440d792df187824895b8fee40de Loading...

	dev.encurta.app/vendor/dashboard/js/app.min.js?ver=6.4.0	ScriptElement	9.9 kB	2023-03-07	2025-06-03
Pretty URL dev.encurta.app/vendor/dashboard/js/app.min.js?ver=6.4.0 IP 104.21.15.133 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:38 Last Seen2025-06-03 18:39 Times Seen153 Hash c97edde005d18d707bcf8f3185de7201 99e43178d50c0386a3b222551766cb08e81da1dd 7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236 Loading...

	unknown	ScriptElement	172 B	2024-12-22	2024-12-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-22 06:00 Last Seen2024-12-22 06:00 Times Seen1 Hash ebd61b9269d6055d31ceda33268eecbf 366f76550a0b70ed5b6834bf89293c279a72e84e 8362de828863d8051be1d28ea3825d626c20043ddee3cbe8ee5765ad5709707a Loading...

	dev.encurta.app/vendor/clipboard.min.js?ver=6.4.0	ScriptElement	11 kB	2023-04-07	2025-06-01
Pretty URL dev.encurta.app/vendor/clipboard.min.js?ver=6.4.0 IP 104.21.15.133 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 12:42 Last Seen2025-06-01 04:35 Times Seen160 Hash 440d9349a6bc8eb0fb35317588148985 1f4b462a38a5657298ef2e8ac8c98f4060178bbd 4979e7fea71c2707c8078550d5d03bbe69bfce3b415e7ce4faec7ada9d3a358a Loading...

	engagedpungentrepress.com/14/09/72/140972588d733d0ad80e1b8f8b206aba.js	ScriptElement	95 kB	2024-12-22	2024-12-22
Pretty URL engagedpungentrepress.com/14/09/72/140972588d733d0ad80e1b8f8b206aba.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-22 06:00 Last Seen2024-12-22 06:00 Times Seen1 Hash a31e577d81eda0527c94e21880d8c2dd c763b81d1b45986e0cd4b122a244b50fe3ac453c 70422e5329a87ba5d86bc153ee698381b4b0913dea02539c6572e974b44b34e9 Loading...

	capaciousdrewreligion.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-06-05
Pretty URL capaciousdrewreligion.com/advertisers.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-05 20:08 Times Seen4856334 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2024-05-17	2025-01-21
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-17 16:43 Last Seen2025-01-21 11:22 Times Seen13574 Hash 7e3e44049654b6e244c1777e68ffb8e7 8f2a8298666d607afd92a0baa362ef4dc9ccd039 4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b Loading...

	dev.encurta.app/js/ads.js	ScriptElement	191 B	2023-03-07	2025-06-03
Pretty URL dev.encurta.app/js/ads.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-06-03 22:06 Times Seen944 Hash 17787a2eab84e597896283209c237ef4 8f981359046b81a2c99061fc68d7a6d214fc98bc 347f6365abfcb020615486b3d7e0a6021a507bc720e5fc70efb8bacce6a160ca Loading...

	dev.encurta.app/vendor/bootstrap/js/bootstrap.min.js?ver=6.4.0	ScriptElement	40 kB	2023-03-07	2025-06-05
Pretty URL dev.encurta.app/vendor/bootstrap/js/bootstrap.min.js?ver=6.4.0 IP 104.21.15.133 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-05 09:41 Times Seen7730 Hash 2f34b630ffe30ba2ff2b91e3f3c322a1 b16fd8226bd6bfb08e568f1b1d0a21d60247cefb 9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe Loading...

	dev.encurta.app/vendor/jquery.min.js?ver=6.4.0	ScriptElement	86 kB	2023-03-07	2025-06-05
Pretty URL dev.encurta.app/vendor/jquery.min.js?ver=6.4.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-06-05 18:21 Times Seen3095 Hash b354cc9d56a1da6b0c77604d1b153850 a3d8479f4d4e39b131bc9a53bbf53d1fbaa23732 fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46 Loading...

	dev.encurta.app/lp1	ScriptElement	0 B	0001-01-01	2025-06-05
Pretty URL dev.encurta.app/lp1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-05 20:08 Times Seen4856334 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dev.encurta.app/lp1	ScriptElement	0 B	0001-01-01	2025-06-05
Pretty URL dev.encurta.app/lp1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-05 20:08 Times Seen4856334 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dev.encurta.app/js/app.js?ver=6.4.0	ScriptElement	29 kB	2023-03-08	2025-01-21
Pretty URL dev.encurta.app/js/app.js?ver=6.4.0 IP 104.21.15.133 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:15 Last Seen2025-01-21 09:15 Times Seen65 Hash 3c6e1b5298af4be254a13e1503165465 92f547aac931bb4411cb0134adcff91781c78e78 f8f7883a3de9397521d2e218ee6ceb6b48ab58a17bb90f10171c75d5e92b5b78 Loading...

	unknown	ScriptElement	172 B	2024-12-22	2024-12-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-22 06:00 Last Seen2024-12-22 06:00 Times Seen1 Hash 371e8f5942a8547ab26d84517d1713cb 8ffc419f626f08486c6b6fb6e7a21ceeea2c12f9 21b8f069d3a8fb53263eababdd02d559a5fce28035635dce70afa45df9243000 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 18b2b24382c4fc3fd910ad5c5ecdfbfc	21 kB	2024-12-22 06:00	2025-01-07 01:54
Pretty Observations First Seen2024-12-22 06:00 Last Seen2025-01-07 01:54 Times Seen2 Hash 18b2b24382c4fc3fd910ad5c5ecdfbfc 53e6f7174b057899aa3873bd45d03eb1e84a6d5c a74698537fbacb4a751d84a743c95e06599def03d05337f8808558ea9d84ac2d Loading...

	#2 Eval - 036d13978e1c2808721d573a65b8490a	22 B	2024-12-08 18:02	2025-01-12 04:58
Pretty Observations First Seen2024-12-08 18:02 Last Seen2025-01-12 04:58 Times Seen1826 Hash 036d13978e1c2808721d573a65b8490a 262cc24cd57a32578db3a35bf7d394aa9b194ed5 101cb26d770b341f4a98cedd7f34f01c5191d22b63260cd0f98dffb9ff961aea Loading...

	#3 Eval - 6f8c921563fa080972d49b6293d6149f	180 B	2024-12-22 06:00	2025-01-21 09:15
Pretty Observations First Seen2024-12-22 06:00 Last Seen2025-01-21 09:15 Times Seen21 Hash 6f8c921563fa080972d49b6293d6149f 0d04ba3d5c741615dc3e638c69db67ed6115ee58 227ab4814ae158a8765cb49fb274ef465d97b8b14eb514979268461baac631c9 Loading...

	#4 Eval - 8bc2dc222c6ca03f42bf13f962f78575	22 B	2024-12-08 18:02	2025-01-12 04:58
Pretty Observations First Seen2024-12-08 18:02 Last Seen2025-01-12 04:58 Times Seen1812 Hash 8bc2dc222c6ca03f42bf13f962f78575 4995a4eb8bd48d6d334245a4f36f05cc097d0c15 5179dea905c678187fc80f6ee6c4a3f2c626f34392838c1c7664b42cf795677a Loading...

	#5 Eval - 53d55f3525b449583d2d0aa248989091	64 B	2024-12-08 18:02	2025-01-12 04:58
Pretty Observations First Seen2024-12-08 18:02 Last Seen2025-01-12 04:58 Times Seen1824 Hash 53d55f3525b449583d2d0aa248989091 9fb08d14ae657451f5d42c0e3fc537ae8e9d774a f176b48570e0cd8d3306d9d9eb01e0854bac7f99ffb995ef521d2bc99e13a63f Loading...

	#6 Eval - c68f70e4790192b2b19e32ced8f22d87	19 kB	2024-12-22 06:00	2024-12-22 06:00
Pretty Observations First Seen2024-12-22 06:00 Last Seen2024-12-22 06:00 Times Seen1 Hash c68f70e4790192b2b19e32ced8f22d87 f61d6809127852f8ff9fce6bd28a983b322e68de e921491e51099b8edfe1774c991a87d9ff0374aba966ed9ef47dc5c73431ffb9 Loading...

HTTP Transactions (57)

URL IP Response Size

blog.encurta.net/wp-content/uploads/2017/02/Logo-Nova-2.png

172.67.169.12

200 OK

20 kB

URL GET HTTP/2
blog.encurta.net/wp-content/uploads/2017/02/Logo-Nova-2.png
IP
172.67.169.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.net
Fingerprint68:E5:A0:04:BC:1A:80:07:84:03:5C:17:A3:94:DB:A9:CD:B6:BB:F6
ValiditySun, 08 Dec 2024 19:54:33 GMT - Sat, 08 Mar 2025 19:54:32 GMT

File type
PNG image data, 720 x 245, 8-bit/color RGBA, non-interlaced
Size
20 kB (19763 bytes)
Hash
bb9befcf2032aa148b00cca9510b2c05
1e62ed5a487d9f13e1a3bc0e1afc54bde750a55b
4b5419da69b46c79af03f015c77aa26599869034c95ce63b2a4b8f3975b2593a

HTTP Headers

GET /wp-content/uploads/2017/02/Logo-Nova-2.png HTTP/1.1
Host: blog.encurta.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:13 GMT
content-type: image/png
content-length: 19763
cache-control: public, max-age=604800
expires: Sat, 28 Dec 2024 12:13:40 GMT
last-modified: Thu, 02 Feb 2017 14:44:09 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 63993
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QclGgwljF8qpmMV%2FL7Wv6TywgB%2F8GGbf0wrin1kINrWkzvMyecOqmC2RNfChJdCX9fbQTC4YA8sLhdDzjw7euW4iOMMZXdFQCp3WUs1%2FdXFOek6El00ki9WUmpzOwdEoTfpq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f5de3eac97a1c02-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2089&min_rtt=1067&rtt_var=2110&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3200&recv_bytes=1093&delivery_rate=3031402&cwnd=250&unsent_bytes=0&cid=86ebac3550db2190&ts=38&x=0"
X-Firefox-Spdy: h2

fir3.net/vendor/dashboard/js/app.min.js?ver=6.4.0

172.67.162.55

200 OK

3.6 kB

URL
fir3.net/vendor/dashboard/js/app.min.js?ver=6.4.0
IP
172.67.162.55:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (9522)
Size
3.6 kB (3603 bytes)
Hash
c97edde005d18d707bcf8f3185de7201
99e43178d50c0386a3b222551766cb08e81da1dd
7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236

HTTP Headers

GET /vendor/dashboard/js/app.min.js?ver=6.4.0 HTTP/1.1
Host: fir3.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/kontakt710011
Cookie: AppSession=1711c853168f6ccaf91a186b4983a7f2; csrfToken=8e3ac24dae1913d528b3b24d85730b8dbcb68031ba0840f0758a7d108d8748da1ce01c9702b4cf19753d75f9ea482eeefc2385edf3b071d1346320b65c518b12
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:13 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Wed, 01 Jan 2025 17:39:44 GMT
last-modified: Fri, 20 Dec 2019 05:52:48 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1686029
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSiP4YctTodXJXVYAStjYFVSTAeh%2Bcy2ClrdfB73Kk%2BBCntHoNiWTy6RCaq6JL31gWd6i6npjbwrWrgp54mWilsw%2BnQRuL5jle4s5mpVFpFDjF28JtN06Oc%2FvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de3ea8dd9b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4651&min_rtt=2615&rtt_var=2094&sent=110&recv=18&lost=0&retrans=0&sent_bytes=106829&recv_bytes=5723&delivery_rate=4211696&cwnd=48000&unsent_bytes=0&cid=a35e3e793f124a03&ts=281&x=1", cfExtPri, cfHdrFlush;dur=1

fir3.net/js/ads.js

172.67.162.55

200 OK

581 B

URL
fir3.net/js/ads.js
IP
172.67.162.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
581 B (581 bytes)
Hash
17787a2eab84e597896283209c237ef4
8f981359046b81a2c99061fc68d7a6d214fc98bc
347f6365abfcb020615486b3d7e0a6021a507bc720e5fc70efb8bacce6a160ca

HTTP Headers

GET /js/ads.js HTTP/1.1
Host: fir3.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/kontakt710011
Cookie: AppSession=1711c853168f6ccaf91a186b4983a7f2; csrfToken=8e3ac24dae1913d528b3b24d85730b8dbcb68031ba0840f0758a7d108d8748da1ce01c9702b4cf19753d75f9ea482eeefc2385edf3b071d1346320b65c518b12
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:13 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Fri, 10 Jan 2025 06:49:30 GMT
last-modified: Fri, 20 Dec 2019 05:51:28 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 947443
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XmCqtIBzU8hWhOF%2BI7OMAQJbNDleTAq0goLs7WRPjoxj51GvEkjallN3543mR9j5qyVROuJdyKTBF4cR%2FGBKZ48w%2FCbfdTkQ46AcG3aDurUH9WTF2vadjdhBPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de3ea7dc2b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4651&min_rtt=2615&rtt_var=2094&sent=67&recv=17&lost=0&retrans=0&sent_bytes=58802&recv_bytes=4992&delivery_rate=4211696&cwnd=48000&unsent_bytes=0&cid=a35e3e793f124a03&ts=269&x=1", cfExtPri, cfHdrFlush;dur=0

1.bp.blogspot.com/-kcTGwNfMBUA/XY4pBKoksTI/AAAAAAAAIlY/TsAXaSyXjbIDmh1PynFyoXBAhtS56J44QCPcBGAYYCw/s640/Continuar%2B%25282%2529.png

142.250.74.161

200 OK

6.7 kB

URL
1.bp.blogspot.com/-kcTGwNfMBUA/XY4pBKoksTI/AAAAAAAAIlY/TsAXaSyXjbIDmh1PynFyoXBAhtS56J44QCPcBGAYYCw/s640/Continuar%2B%25282%2529.png
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 250 x 400, 8-bit/color RGB, non-interlaced
Size
6.7 kB (6725 bytes)
Hash
4434678a022143a10f10c4da0fb35235
4c024d3d586abe08b91e98b8a97eb0b6dd6c781b
63aecc1fcc3b836462906c0f57ea36a4f7391c6af6260481dc6b4fae3047b2b5

HTTP Headers

GET /-kcTGwNfMBUA/XY4pBKoksTI/AAAAAAAAIlY/TsAXaSyXjbIDmh1PynFyoXBAhtS56J44QCPcBGAYYCw/s640/Continuar%2B%25282%2529.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Continuar (2).png"
x-content-type-options: nosniff
server: fife
content-length: 6725
x-xss-protection: 0
date: Sun, 22 Dec 2024 04:06:09 GMT
expires: Mon, 23 Dec 2024 04:06:09 GMT
cache-control: public, max-age=86400, no-transform
age: 6844
etag: "v2256"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fir3.net/vendor/dashboard/css/skins/_all-skins.min.css?ver=6.4.0

172.67.162.55

200 OK

19 kB

URL
fir3.net/vendor/dashboard/css/skins/_all-skins.min.css?ver=6.4.0
IP
172.67.162.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (40757), with no line terminators
Size
19 kB (18896 bytes)
Hash
913ee6087926cd35798c04e18c2a2314
34b1088a21d36cd7a2a73311e10fe4794739c6a2
e5e998ea42306cdbaca43e5fbc23a2ca1631d41664c57f60ebaed459d3487451

HTTP Headers

GET /vendor/dashboard/css/skins/_all-skins.min.css?ver=6.4.0 HTTP/1.1
Host: fir3.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/kontakt710011
Cookie: AppSession=1711c853168f6ccaf91a186b4983a7f2; csrfToken=8e3ac24dae1913d528b3b24d85730b8dbcb68031ba0840f0758a7d108d8748da1ce01c9702b4cf19753d75f9ea482eeefc2385edf3b071d1346320b65c518b12
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:13 GMT
content-type: text/css
cache-control: public, max-age=2592000
expires: Fri, 10 Jan 2025 06:49:30 GMT
last-modified: Fri, 20 Dec 2019 05:52:54 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 947443
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gdK5jueLkeKY%2BMcQLy7T3we9oO8DGcN%2F066QGggv%2F4FyiNO%2FczV82WBcEBb4pdco602tdFsBPBt0h2RIfikkYW7eCM45IQ8GESF4J7AALrqqvwhiGSp2ZX1%2BSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de3ea6da9b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5211&min_rtt=2615&rtt_var=2835&sent=28&recv=12&lost=0&retrans=0&sent_bytes=16213&recv_bytes=3033&delivery_rate=225155&cwnd=12000&unsent_bytes=0&cid=a35e3e793f124a03&ts=254&x=1", cfExtPri, cfHdrFlush;dur=4

fir3.net/vendor/jquery.min.js?ver=6.4.0

172.67.162.55

200 OK

46 kB

URL
fir3.net/vendor/jquery.min.js?ver=6.4.0
IP
172.67.162.55:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
46 kB (45667 bytes)
Hash
b354cc9d56a1da6b0c77604d1b153850
a3d8479f4d4e39b131bc9a53bbf53d1fbaa23732
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46

HTTP Headers

GET /vendor/jquery.min.js?ver=6.4.0 HTTP/1.1
Host: fir3.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/kontakt710011
Cookie: AppSession=1711c853168f6ccaf91a186b4983a7f2; csrfToken=8e3ac24dae1913d528b3b24d85730b8dbcb68031ba0840f0758a7d108d8748da1ce01c9702b4cf19753d75f9ea482eeefc2385edf3b071d1346320b65c518b12
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:13 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Fri, 10 Jan 2025 06:49:30 GMT
last-modified: Fri, 20 Dec 2019 05:51:31 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 947443
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hMiZSnsXJ7xdRiOydqSJdnlWbXttzCoVrVZ307VChzLbOlm8WzJ%2FV59hoGbQqe0aob3IsTqjkqv12DVDmX28nwGuq5GRFXOmHIfzQ%2Fkn3WdXSq%2BTkgz04F%2FXjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de3ea7dc7b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4651&min_rtt=2615&rtt_var=2094&sent=73&recv=18&lost=0&retrans=0&sent_bytes=63981&recv_bytes=5723&delivery_rate=4211696&cwnd=48000&unsent_bytes=0&cid=a35e3e793f124a03&ts=278&x=1", cfExtPri, cfHdrFlush;dur=0

fir3.net/js/app.js?ver=6.4.0

172.67.162.55

200 OK

6.5 kB

URL
fir3.net/js/app.js?ver=6.4.0
IP
172.67.162.55:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text
Size
6.5 kB (6531 bytes)
Hash
3c6e1b5298af4be254a13e1503165465
92f547aac931bb4411cb0134adcff91781c78e78
f8f7883a3de9397521d2e218ee6ceb6b48ab58a17bb90f10171c75d5e92b5b78

HTTP Headers

GET /js/app.js?ver=6.4.0 HTTP/1.1
Host: fir3.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/kontakt710011
Cookie: AppSession=1711c853168f6ccaf91a186b4983a7f2; csrfToken=8e3ac24dae1913d528b3b24d85730b8dbcb68031ba0840f0758a7d108d8748da1ce01c9702b4cf19753d75f9ea482eeefc2385edf3b071d1346320b65c518b12
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:13 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Wed, 01 Jan 2025 17:39:44 GMT
last-modified: Tue, 11 Jun 2024 18:59:06 GMT
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1686029
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l6xFfCG8Fawlfr9CSboV07OCxJp0yhVK0f3g3V6O3XIx%2FA0v7iNgUMBTFdzBiahqrapxTZrzjCr2rhn%2BczjX8%2FKSNU4GW1J%2FDLyaA2pVNtdQsRGHgbIqFctEQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de3ea8dd8b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4416&min_rtt=2615&rtt_var=2039&sent=116&recv=19&lost=0&retrans=0&sent_bytes=112764&recv_bytes=5769&delivery_rate=3932124&cwnd=96000&unsent_bytes=0&cid=a35e3e793f124a03&ts=283&x=1", cfExtPri, cfHdrFlush;dur=0

blogger.googleusercontent.com/img/a/AVvXsEhP5dsqG8gU9pOcmTiO_hokWp5jIZ6CYdyyR4-bvSCs2-0n5q7fsiT6n9Hrqi0wcB-DPUOtNIpQH_DENbUEjtlbW488caDD5qhmlv8W5iza1GuTq5Q466rp1FwvYPJC6xZUFMCzGShIuBde_FSCUknZK-dCy-Z72TduKmuTuGiKRIoNLLrTAkMLp6pT=w400-h400

142.250.74.97

200 OK

10 kB

URL
blogger.googleusercontent.com/img/a/AVvXsEhP5dsqG8gU9pOcmTiO_hokWp5jIZ6CYdyyR4-bvSCs2-0n5q7fsiT6n9Hrqi0wcB-DPUOtNIpQH_DENbUEjtlbW488caDD5qhmlv8W5iza1GuTq5Q466rp1FwvYPJC6xZUFMCzGShIuBde_FSCUknZK-dCy-Z72TduKmuTuGiKRIoNLLrTAkMLp6pT=w400-h400
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced
Size
10 kB (10312 bytes)
Hash
7a48859b9f4f046ed10b48c687d7a0da
2cf7b5feea1c3771aa53004b7e99df2cf91a1473
cd4ef8fd9a6e647b83b9306944ab00817de194867594e6b7b2be22d6e2ccac8a

HTTP Headers

GET /img/a/AVvXsEhP5dsqG8gU9pOcmTiO_hokWp5jIZ6CYdyyR4-bvSCs2-0n5q7fsiT6n9Hrqi0wcB-DPUOtNIpQH_DENbUEjtlbW488caDD5qhmlv8W5iza1GuTq5Q466rp1FwvYPJC6xZUFMCzGShIuBde_FSCUknZK-dCy-Z72TduKmuTuGiKRIoNLLrTAkMLp6pT=w400-h400 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v32de"
expires: Mon, 23 Dec 2024 06:00:14 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Errata do EncurtaNet(1).png"
x-content-type-options: nosniff
date: Sun, 22 Dec 2024 06:00:14 GMT
server: fife
content-length: 10312
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.35

200 OK

221 kB

URL
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (654)
Size
221 kB (220882 bytes)
Hash
19ddac3be88eda2c8263c5d52fa7f6bd
c81720778f57c56244c72ce6ef402bb4de5f9619
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fir3.net
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 10:43:02 GMT
expires: Sat, 20 Dec 2025 10:43:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 155832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css

142.250.74.35

200 OK

42 kB

URL
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42044 bytes)
Hash
6aec8cfd5d3a790339dc627f9f1229b5
b6c8cffe38e1015dd8595f2dd1a92435e2795874
80583fa3c83831a9e036eba0500d1b9c0d30892d0701f1617e0fafaf5aeaa2ca

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 42044
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 10:40:44 GMT
expires: Sat, 20 Dec 2025 10:40:44 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/css
vary: Accept-Encoding
age: 155970
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.35

200 OK

221 kB

URL
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (654)
Size
221 kB (220882 bytes)
Hash
19ddac3be88eda2c8263c5d52fa7f6bd
c81720778f57c56244c72ce6ef402bb4de5f9619
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 10:43:02 GMT
expires: Sat, 20 Dec 2025 10:43:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 155832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.recaptcha.net
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 04:23:18 GMT
expires: Sun, 21 Dec 2025 04:23:18 GMT
cache-control: public, max-age=31536000
age: 92216
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.recaptcha.net
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 18:53:03 GMT
expires: Sat, 20 Dec 2025 18:53:03 GMT
cache-control: public, max-age=31536000
age: 126431
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.35

200 OK

2.2 kB

URL
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 19:49:08 GMT
expires: Fri, 27 Dec 2024 19:49:08 GMT
cache-control: public, max-age=604800
age: 123066
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.35

200 OK

221 kB

URL
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (654)
Size
221 kB (220882 bytes)
Hash
19ddac3be88eda2c8263c5d52fa7f6bd
c81720778f57c56244c72ce6ef402bb4de5f9619
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 10:43:02 GMT
expires: Sat, 20 Dec 2025 10:43:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 155832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/js/bg/Xe7AbhhPfZcEikoNmhghBXAEhOusDIBKWKS_roS4Q7E.js

142.250.74.164

200 OK

7.7 kB

URL
www.google.com/js/bg/Xe7AbhhPfZcEikoNmhghBXAEhOusDIBKWKS_roS4Q7E.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (18288)
Size
7.7 kB (7708 bytes)
Hash
0240aa22895cf57cb91160e784542720
f50652ccc59e7556511178a2a6bf92407d2e0955
5deec06e184f7d97048a4a0d9a182105700484ebac0c804a58a4bfae84b843b1

HTTP Headers

GET /js/bg/Xe7AbhhPfZcEikoNmhghBXAEhOusDIBKWKS_roS4Q7E.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 04:05:50 GMT
expires: Sun, 21 Dec 2025 04:05:50 GMT
cache-control: public, max-age=31536000
age: 93264
last-modified: Mon, 02 Dec 2024 19:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U&co=aHR0cHM6Ly9maXIzLm5ldDo0NDM.&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=xyjrkrrvp7nt

142.250.74.99

200 OK

37 kB

URL
www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U&co=aHR0cHM6Ly9maXIzLm5ldDo0NDM.&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=xyjrkrrvp7nt
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
37 kB (36576 bytes)
Hash
de7132d56a3afc6b078933cac43bff54
7cefdbb74b5b79632862b7ece87a81cb76a559c4
32f17aa7e65eb5fe86eb2aade413aeea507254a922d4f23fcef88456c4d9bdf6

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U&co=aHR0cHM6Ly9maXIzLm5ldDo0NDM.&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=xyjrkrrvp7nt HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fir3.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 22 Dec 2024 06:00:14 GMT
content-security-policy: script-src 'nonce-etJ-nh9mYbEpx546cQOiVg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css

142.250.74.35

200 OK

42 kB

URL
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42044 bytes)
Hash
6aec8cfd5d3a790339dc627f9f1229b5
b6c8cffe38e1015dd8595f2dd1a92435e2795874
80583fa3c83831a9e036eba0500d1b9c0d30892d0701f1617e0fafaf5aeaa2ca

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 42044
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 10:40:44 GMT
expires: Sat, 20 Dec 2025 10:40:44 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/css
vary: Accept-Encoding
age: 155971
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.35

200 OK

221 kB

URL
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (654)
Size
221 kB (220882 bytes)
Hash
19ddac3be88eda2c8263c5d52fa7f6bd
c81720778f57c56244c72ce6ef402bb4de5f9619
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 10:43:02 GMT
expires: Sat, 20 Dec 2025 10:43:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 155833
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.recaptcha.net/recaptcha/api2/reload?k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U

142.250.74.99

200 OK

29 kB

URL
www.recaptcha.net/recaptcha/api2/reload?k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
29 kB (29225 bytes)
Hash
3961f435cbe88a5ad6d78c5a0982db8c
fcab403c104624f26a2e96dfef4a2e18c6488e9f
7febda62e42e9e57475af929b55596935ce6c65047296a8a365abd1a08656561

HTTP Headers

POST /recaptcha/api2/reload?k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 6971
Origin: https://www.recaptcha.net
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-resource-policy: same-site
content-encoding: gzip
date: Sun, 22 Dec 2024 06:00:16 GMT
server: ESF
cache-control: private
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: _GRECAPTCHA=09AJNbFnfcRp_qUJGK9dfE96upockMuFSbUBbAef3Jo3N1VCEgoW9tRcivO5HCCDnDUONwiQrC88ePSDuH6AqJ9jk; Expires=Fri, 20-Jun-2025 06:00:16 GMT; Path=/recaptcha; Secure; HttpOnly; Priority=HIGH; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 22 Dec 2024 06:00:16 GMT

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

200 OK

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.recaptcha.net
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 18:50:41 GMT
expires: Sat, 20 Dec 2025 18:50:41 GMT
cache-control: public, max-age=31536000
age: 126575
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.recaptcha.net
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 18:53:03 GMT
expires: Sat, 20 Dec 2025 18:53:03 GMT
cache-control: public, max-age=31536000
age: 126433
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.35

200 OK

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Dec 2024 11:26:18 GMT
expires: Thu, 26 Dec 2024 11:26:18 GMT
cache-control: public, max-age=604800
age: 239638
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

200 OK

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Dec 2024 20:11:46 GMT
expires: Thu, 26 Dec 2024 20:11:46 GMT
cache-control: public, max-age=604800
age: 208110
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.35

200 OK

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Dec 2024 19:05:43 GMT
expires: Fri, 27 Dec 2024 19:05:43 GMT
cache-control: public, max-age=604800
age: 125673
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/js/bg/Xe7AbhhPfZcEikoNmhghBXAEhOusDIBKWKS_roS4Q7E.js

142.250.74.164

200 OK

7.7 kB

URL
www.google.com/js/bg/Xe7AbhhPfZcEikoNmhghBXAEhOusDIBKWKS_roS4Q7E.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (18288)
Size
7.7 kB (7708 bytes)
Hash
0240aa22895cf57cb91160e784542720
f50652ccc59e7556511178a2a6bf92407d2e0955
5deec06e184f7d97048a4a0d9a182105700484ebac0c804a58a4bfae84b843b1

HTTP Headers

GET /js/bg/Xe7AbhhPfZcEikoNmhghBXAEhOusDIBKWKS_roS4Q7E.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 04:05:50 GMT
expires: Sun, 21 Dec 2025 04:05:50 GMT
cache-control: public, max-age=31536000
age: 93266
last-modified: Mon, 02 Dec 2024 19:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.recaptcha.net/recaptcha/api2/payload?p=06AFcWeA6GaF8cI4mrgJ2_pOtehcL0pC4MR5YVKM5tstCLkS8p1jyYVNG30S_wxZhXGFmkFsQkt2FdW0pzRtIQBN6G1lqkvI9UOPynF2oXes9UjvvLbkziPoqQ9VUMxtzljq-U2FwCAYcLVosYZIvq4qVv0eiZ-aRRxWlhycenuEdc6WGh_SgkMKjwjsmTvtkSjUUi0Xt2Q4sp&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U

142.250.74.99

200 OK

40 kB

URL
www.recaptcha.net/recaptcha/api2/payload?p=06AFcWeA6GaF8cI4mrgJ2_pOtehcL0pC4MR5YVKM5tstCLkS8p1jyYVNG30S_wxZhXGFmkFsQkt2FdW0pzRtIQBN6G1lqkvI9UOPynF2oXes9UjvvLbkziPoqQ9VUMxtzljq-U2FwCAYcLVosYZIvq4qVv0eiZ-aRRxWlhycenuEdc6WGh_SgkMKjwjsmTvtkSjUUi0Xt2Q4sp&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
Size
40 kB (39789 bytes)
Hash
57b5f5604c21690503f0bccf06abc0ca
1c9decb7ae94a4bf19916ecd6c60c0f501f38e6b
1c088c83bfa833e614323b9314e5d0d6acdc93268fe2285aa6c31d73775ae69e

HTTP Headers

GET /recaptcha/api2/payload?p=06AFcWeA6GaF8cI4mrgJ2_pOtehcL0pC4MR5YVKM5tstCLkS8p1jyYVNG30S_wxZhXGFmkFsQkt2FdW0pzRtIQBN6G1lqkvI9UOPynF2oXes9UjvvLbkziPoqQ9VUMxtzljq-U2FwCAYcLVosYZIvq4qVv0eiZ-aRRxWlhycenuEdc6WGh_SgkMKjwjsmTvtkSjUUi0Xt2Q4sp&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Sun, 22 Dec 2024 06:00:16 GMT
date: Sun, 22 Dec 2024 06:00:16 GMT
cache-control: private, max-age=30
cross-origin-resource-policy: same-site
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

blog.encurta.net/wp-content/uploads/2017/02/Logo-Nova-2.png

172.67.169.12

200 OK

20 kB

URL GET HTTP/2
blog.encurta.net/wp-content/uploads/2017/02/Logo-Nova-2.png
IP
172.67.169.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.net
Fingerprint68:E5:A0:04:BC:1A:80:07:84:03:5C:17:A3:94:DB:A9:CD:B6:BB:F6
ValiditySun, 08 Dec 2024 19:54:33 GMT - Sat, 08 Mar 2025 19:54:32 GMT

File type
PNG image data, 720 x 245, 8-bit/color RGBA, non-interlaced
Size
20 kB (19763 bytes)
Hash
bb9befcf2032aa148b00cca9510b2c05
1e62ed5a487d9f13e1a3bc0e1afc54bde750a55b
4b5419da69b46c79af03f015c77aa26599869034c95ce63b2a4b8f3975b2593a

HTTP Headers

GET /wp-content/uploads/2017/02/Logo-Nova-2.png HTTP/1.1
Host: blog.encurta.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: image/png
content-length: 19763
cache-control: public, max-age=604800
expires: Sat, 28 Dec 2024 12:13:40 GMT
last-modified: Thu, 02 Feb 2017 14:44:09 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 64013
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtPAh8JNIU91%2FUTBUDuDbNZ%2B2ZZpRxO3Yogc7YMyVdjxFjnI1L5EG0SbSrYWuO91bimcoowszauNuaz6PINU7UmbAVNu6S%2F9ZIqz5T8XVPnQVG1%2F4ChT%2FV18I4ZYunwf8OW%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f5de46abb9d56a5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1050&min_rtt=389&rtt_var=1221&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3275&recv_bytes=1227&delivery_rate=7647887&cwnd=254&unsent_bytes=0&cid=cc411de016499a77&ts=51&x=0"
X-Firefox-Spdy: h2

br.biofy.ai/wp-content/uploads/2024/02/ads-encurtei-encurtanet.png

104.21.91.201

200 OK

52 kB

URL GET HTTP/2
br.biofy.ai/wp-content/uploads/2024/02/ads-encurtei-encurtanet.png
IP
104.21.91.201:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectbiofy.ai
FingerprintB3:0D:53:93:06:CE:0F:3F:32:92:21:B7:BA:72:EA:8A:BC:E6:35:36
ValiditySun, 17 Nov 2024 09:14:33 GMT - Sat, 15 Feb 2025 09:14:32 GMT

File type
PNG image data, 2160 x 2160, 8-bit/color RGBA, non-interlaced
Size
52 kB (52422 bytes)
Hash
9006c38548a2f8b35ce68104dc9db6df
51cad8c120e3fe1ea6d87c4f50a18af8a8cd6201
18c884aa7ee6ef595e29bb6ce824796e55471e7a4743845e7193d48eff0bddcf

HTTP Headers

GET /wp-content/uploads/2024/02/ads-encurtei-encurtanet.png HTTP/1.1
Host: br.biofy.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: image/png
content-length: 52422
cache-control: public, max-age=604800
expires: Fri, 27 Dec 2024 07:06:34 GMT
last-modified: Thu, 22 Feb 2024 21:08:44 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 168839
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RU%2BvZTHX6BG4nKAXnaarLO1jz932I5kQ548BKQ4nDcBwaU2bRtlJzp2QXrOPTgGb8AahpK0AFTqPTsorPZDBQodlOYsj7Cs4%2B8TIG4OdhFDUUen%2FUfrNQXDRajfOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f5de46afaf17130-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=561&min_rtt=418&rtt_var=281&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3262&recv_bytes=1226&delivery_rate=7647887&cwnd=254&unsent_bytes=0&cid=72ead2f33dd47e41&ts=28&x=0"
X-Firefox-Spdy: h2

www.recaptcha.net/recaptcha/api2/webworker.js?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF

142.250.74.99

200 OK

590 B

URL
www.recaptcha.net/recaptcha/api2/webworker.js?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
590 B (590 bytes)
Hash
a0698b44be4a251925f55f2abd7e9534
ce655e18267318b4ad9bda92220e6b07005f91ee
d7ae5b0bf6cfaad0df03dbb966a243540116f05f9c81df4f18fd72ea8ad04e34

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdJ2AYfAAAAAEThIOw_prAL10YazukIVFKI2D7U&co=aHR0cHM6Ly9maXIzLm5ldDo0NDM.&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=xyjrkrrvp7nt
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
expires: Sun, 22 Dec 2024 06:00:14 GMT
date: Sun, 22 Dec 2024 06:00:14 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

dev.encurta.app/vendor/bootstrap/css/bootstrap.min.css?ver=6.4.0

104.21.15.133

200 OK

21 kB

URL
dev.encurta.app/vendor/bootstrap/css/bootstrap.min.css?ver=6.4.0
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65369)
Size
21 kB (20808 bytes)
Hash
7f89537eaf606bff49f5cc1a7c24dbca
b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

HTTP Headers

GET /vendor/bootstrap/css/bootstrap.min.css?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: text/css
cache-control: public, max-age=2592000
expires: Tue, 14 Jan 2025 06:31:51 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 602922
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQMcImXsMqkGQbV0iud88JMXU%2BHMctfWSl%2FJcDC%2FfY5c625HkCVMWZpcUwpYaUYAn4ZskOqu%2BEt%2F2ceV3m1bVblSSSXnQctbg4xb1%2FEneW2FfJQmZYOJqmmi0RTQWtagVuM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a4e6b1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4042&min_rtt=3936&rtt_var=1689&sent=23&recv=12&lost=0&retrans=0&sent_bytes=12233&recv_bytes=2320&delivery_rate=123380&cwnd=12000&unsent_bytes=0&cid=090f7984231bd2b0&ts=172&x=1", cfExtPri, cfHdrFlush;dur=0

1.bp.blogspot.com/-kcTGwNfMBUA/XY4pBKoksTI/AAAAAAAAIlY/TsAXaSyXjbIDmh1PynFyoXBAhtS56J44QCPcBGAYYCw/s640/Continuar%2B%25282%2529.png

142.250.74.161

200 OK

6.7 kB

URL
1.bp.blogspot.com/-kcTGwNfMBUA/XY4pBKoksTI/AAAAAAAAIlY/TsAXaSyXjbIDmh1PynFyoXBAhtS56J44QCPcBGAYYCw/s640/Continuar%2B%25282%2529.png
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 250 x 400, 8-bit/color RGB, non-interlaced
Size
6.7 kB (6725 bytes)
Hash
4434678a022143a10f10c4da0fb35235
4c024d3d586abe08b91e98b8a97eb0b6dd6c781b
63aecc1fcc3b836462906c0f57ea36a4f7391c6af6260481dc6b4fae3047b2b5

HTTP Headers

GET /-kcTGwNfMBUA/XY4pBKoksTI/AAAAAAAAIlY/TsAXaSyXjbIDmh1PynFyoXBAhtS56J44QCPcBGAYYCw/s640/Continuar%2B%25282%2529.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Continuar (2).png"
x-content-type-options: nosniff
server: fife
content-length: 6725
x-xss-protection: 0
date: Sun, 22 Dec 2024 04:06:09 GMT
expires: Mon, 23 Dec 2024 04:06:09 GMT
cache-control: public, max-age=86400, no-transform
age: 6864
etag: "v2256"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gekeebsirs.com/tag.min.js

104.21.5.227

200 OK

30 kB

URL GET HTTP/2
gekeebsirs.com/tag.min.js
IP
104.21.5.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectgekeebsirs.com
Fingerprint79:F3:9B:5F:53:90:E8:57:70:33:10:5D:E4:1F:C7:B2:D0:B0:BD:DF
ValidityMon, 09 Dec 2024 13:20:41 GMT - Sun, 09 Mar 2025 13:20:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29476 bytes)
Hash
d19a0affb4272dcf127651b173af0dfd
81c3f8cc7d5228bd3dce2bf6797a0a77bcf9bd75
17d2c655066f2b87f12012245918d54658924486ef602322cc7ada66cb51970d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: gekeebsirs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: d1cb4ae65794840e934117ce3b031211
cache-control: max-age=86400
last-modified: Thu, 19 Dec 2024 12:28:21 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 22 Dec 2024 12:30:25 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 63008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tzZoeMFr1%2FvTpbcmTwXxdkYb3lPzfmReA6EYU1ydFWiir%2FjiPVxRwxmOE2R6sgsBC%2B7%2FFK1mtojCVRTy5VyP%2FXrU9BuoVYLOxXD7ppBi8JVcvgNjhq61ZIb4Qx3a1ehAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f5de46bdb0e568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=569&min_rtt=483&rtt_var=201&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3209&recv_bytes=1057&delivery_rate=7927007&cwnd=254&unsent_bytes=0&cid=e9359d6232214432&ts=29&x=0"
X-Firefox-Spdy: h2

dev.encurta.app/css/app.css?ver=6.4.0

104.21.15.133

200 OK

2.0 kB

URL
dev.encurta.app/css/app.css?ver=6.4.0
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.0 kB (2011 bytes)
Hash
a3584f3ff0d58a2e6358a5ce7345e5f7
8102736338fb6dc13d4def6febd5292e9c3c2e99
3bba0a18a31057789bd2a52c163cc83be2c43f8956461506969579af2d57cafa

HTTP Headers

GET /css/app.css?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: text/css
cache-control: public, max-age=2592000
expires: Tue, 14 Jan 2025 06:31:51 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 602922
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gF2O1o9HqBgPgk3WtZz694mZATv4nLt34O0bDYwzWkAz62Uzy88ONX7jNE6ndG3auXF9vzEj%2Beh4SoCHdVhF%2FiM3wY70Zi%2FuW9jc%2BXI09Q9AJVGaRJrIglESeT%2FdVODIXf4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a6e721bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3418&min_rtt=1100&rtt_var=1809&sent=58&recv=16&lost=0&retrans=0&sent_bytes=50579&recv_bytes=3256&delivery_rate=9354742&cwnd=48000&unsent_bytes=0&cid=090f7984231bd2b0&ts=179&x=1", cfExtPri, cfHdrFlush;dur=0

fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic

142.250.74.106

200 OK

16 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint30:E5:7E:29:A5:A1:81:DB:C8:A8:49:80:67:40:12:AB:30:C0:34:8D
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
gzip compressed data, max compression
Size
16 kB (15890 bytes)
Hash
8bdfd962d29853ee137790ec2b3a719e
a469d03deedccdf12ac0716ca93749234bb114c7
64adbe1ed07d1cda5db3fffe0c39a799647e6f2fa4487f77b51e76f310ce5019

HTTP Headers

GET /css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Dec 2024 06:00:33 GMT
date: Sun, 22 Dec 2024 06:00:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

engagedpungentrepress.com/14/09/72/140972588d733d0ad80e1b8f8b206aba.js

172.240.108.76

200 OK

34 kB

URL GET HTTP/1.1
engagedpungentrepress.com/14/09/72/140972588d733d0ad80e1b8f8b206aba.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subject*.engagedpungentrepress.com
FingerprintB6:C6:10:3B:DF:1E:D7:07:F2:A6:7B:17:47:E2:B9:53:01:B1:5D:B9
ValidityThu, 21 Nov 2024 21:21:04 GMT - Wed, 19 Feb 2025 21:21:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33957 bytes)
Hash
a31e577d81eda0527c94e21880d8c2dd
c763b81d1b45986e0cd4b122a244b50fe3ac453c
70422e5329a87ba5d86bc153ee698381b4b0913dea02539c6572e974b44b34e9

HTTP Headers

GET /14/09/72/140972588d733d0ad80e1b8f8b206aba.js HTTP/1.1
Host: engagedpungentrepress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Dec 2024 06:00:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: engagedpungentrepress.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: b6b1ad738de0de3a9f3b767d1051523f
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dev.encurta.app/vendor/dashboard/js/app.min.js?ver=6.4.0

104.21.15.133

200 OK

18 kB

URL GET HTTP/3
dev.encurta.app/vendor/dashboard/js/app.min.js?ver=6.4.0
IP
104.21.15.133:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
JavaScript source, ASCII text, with very long lines (9522)
Size
18 kB (17844 bytes)
Hash
c97edde005d18d707bcf8f3185de7201
99e43178d50c0386a3b222551766cb08e81da1dd
7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236

HTTP Headers

GET /vendor/dashboard/js/app.min.js?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Wed, 15 Jan 2025 01:38:58 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 534095
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NopMwCNmQ%2FiDtKwFCGB%2FhklymiXfCL0h%2Br2HVlaJ1bFCe90ZeySrXkPv4sljw%2BXAQ15MC1Uruq1%2Bz0ufZDIS4KususAVbzs0LWtMNxm5zB9gfS8lBgS1L2hnrEC%2FLgekkxY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a8e8d1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3403&min_rtt=1100&rtt_var=1386&sent=97&recv=20&lost=0&retrans=0&sent_bytes=91314&recv_bytes=5521&delivery_rate=1439083&cwnd=48000&unsent_bytes=0&cid=090f7984231bd2b0&ts=204&x=1", cfExtPri, cfHdrFlush;dur=0

recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET HTTP/1.1
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
FingerprintE0:09:99:E3:0E:A5:83:8D:96:1B:26:8A:2E:AC:12:98:C6:D3:E1:76
ValidityWed, 06 Nov 2024 14:09:18 GMT - Tue, 04 Feb 2025 14:09:17 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85378 bytes)
Hash
7e3e44049654b6e244c1777e68ffb8e7
8f2a8298666d607afd92a0baa362ef4dc9ccd039
4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Dec 2024 06:00:34 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 85378
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6aa9cc544edefdc8932a4af9aacdcedc
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

proftrafficcounter.com/stats

3.121.166.192

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
3.121.166.192:443
ASN
#16509 AMAZON-02

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
Fingerprint40:FD:DA:57:15:28:B1:29:02:3E:E6:2F:38:E5:11:E5:7F:DB:6B:40
ValidityMon, 21 Oct 2024 00:00:00 GMT - Thu, 20 Nov 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
cc1eac751b0be52caa46f55b2e179f62
79183df934e464ac646210e4920db5599781d116
427d4977a9c04b5cdfe5b04239dc3bd05376ada41b5101e05d0ec397ee5cd54f

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dev.encurta.app
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dev.encurta.app
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8:3:1; expires=Wed, 20 Dec 2034 06:00:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

dev.encurta.app/vendor/clipboard.min.js?ver=6.4.0

104.21.15.133

200 OK

3.9 kB

URL GET HTTP/3
dev.encurta.app/vendor/clipboard.min.js?ver=6.4.0
IP
104.21.15.133:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10645)
Size
3.9 kB (3928 bytes)
Hash
1278bec9125833f28c1e5d610748eee0
ce23374a9c33ff731ae1e616b5ca831357b50d84
a966b18ec6e3b2e6676df4cd8e274cfba051df4bc26ae0d783a978f5533d2bb4

HTTP Headers

GET /vendor/clipboard.min.js?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Tue, 14 Jan 2025 08:49:48 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 594645
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cBr8ylP%2FZn%2Bqz6d6uqh1jzb8UE3QkHvbWZGvmQXdZMudXMlCzgXCYm9utJTQI6Vl0Y6wbsVGd0%2Fc6F2h9cj%2FaIdgSIa%2FP5OPiYo7ahyOe03HIxB%2BBy9AvbP%2FbdIMtUiWnco%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a8e8a1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3403&min_rtt=1100&rtt_var=1386&sent=89&recv=20&lost=0&retrans=0&sent_bytes=82811&recv_bytes=5521&delivery_rate=1439083&cwnd=48000&unsent_bytes=0&cid=090f7984231bd2b0&ts=204&x=1", cfExtPri, cfHdrFlush;dur=0

aiveemtomsaix.net/?rb=TfLo88vgN4RfGgU5AJNSFMSukHbJPbzlFVio48rf5rmfoFmnbhQ0QPMm9cpFD-PIzNyUtWYMJeNmPVcD1-0-txYxg08AQs8pY-s7q33cbsBJS5UMRUj2iZj5hIeCteBX4VjMhlApvENV2-Q7KbWKck910x2ACT9lmbXBQmZ0L8fH9M33_NU3n2qXqmYnLhOG12OhvHELrSR_1HKaMV0zfHIyEbdJUkhpHJVZW4CEWIgR9BNHQxuPjcfQpb01T2BV-A9MTjFC13vyJIcMECN2ID4Ni4I%3D&request_ab2=0&zoneid=5271460&js_build=iclick-v1.1027.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fdev.encurta.app%2Flp1&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1027.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=95766f02-3410-405f-a4ac-0a7d5630c4aa&wasm=1&userId=00813ac018a445d1e517afbbb1e95d5a&m=link

139.45.197.106

200 OK

2.2 kB

URL GET HTTP/2
aiveemtomsaix.net/?rb=TfLo88vgN4RfGgU5AJNSFMSukHbJPbzlFVio48rf5rmfoFmnbhQ0QPMm9cpFD-PIzNyUtWYMJeNmPVcD1-0-txYxg08AQs8pY-s7q33cbsBJS5UMRUj2iZj5hIeCteBX4VjMhlApvENV2-Q7KbWKck910x2ACT9lmbXBQmZ0L8fH9M33_NU3n2qXqmYnLhOG12OhvHELrSR_1HKaMV0zfHIyEbdJUkhpHJVZW4CEWIgR9BNHQxuPjcfQpb01T2BV-A9MTjFC13vyJIcMECN2ID4Ni4I%3D&request_ab2=0&zoneid=5271460&js_build=iclick-v1.1027.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fdev.encurta.app%2Flp1&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1027.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=95766f02-3410-405f-a4ac-0a7d5630c4aa&wasm=1&userId=00813ac018a445d1e517afbbb1e95d5a&m=link
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subjectaiveemtomsaix.net
FingerprintF4:FC:D8:CB:F1:41:86:2B:B9:2E:AE:D4:3E:92:DE:6D:64:38:F1:26
ValidityThu, 14 Nov 2024 04:13:35 GMT - Wed, 12 Feb 2025 04:13:34 GMT

File type
JSON text data
Size
2.2 kB (2232 bytes)
Hash
a7642352179193461f14271f84f90b9a
32bc2d41032a1747f9f3b674e14383b3b9cadda9
f8e12a1a61eb8c1ef23466e954db8540145b19f6d55f0baeadbaf90b52440dfe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=TfLo88vgN4RfGgU5AJNSFMSukHbJPbzlFVio48rf5rmfoFmnbhQ0QPMm9cpFD-PIzNyUtWYMJeNmPVcD1-0-txYxg08AQs8pY-s7q33cbsBJS5UMRUj2iZj5hIeCteBX4VjMhlApvENV2-Q7KbWKck910x2ACT9lmbXBQmZ0L8fH9M33_NU3n2qXqmYnLhOG12OhvHELrSR_1HKaMV0zfHIyEbdJUkhpHJVZW4CEWIgR9BNHQxuPjcfQpb01T2BV-A9MTjFC13vyJIcMECN2ID4Ni4I%3D&request_ab2=0&zoneid=5271460&js_build=iclick-v1.1027.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fdev.encurta.app%2Flp1&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1027.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=95766f02-3410-405f-a4ac-0a7d5630c4aa&wasm=1&userId=00813ac018a445d1e517afbbb1e95d5a&m=link HTTP/1.1
Host: aiveemtomsaix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dev.encurta.app/
Origin: https://dev.encurta.app
DNT: 1
Connection: keep-alive
Cookie: OAID=00813ac018a445d1e517afbbb1e95d5a; oaidts=1734847234
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Dec 2024 06:00:34 GMT
content-type: application/json
x-trace-id: 60132ebbbcad1b6eca0f472858b7d314
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://dev.encurta.app
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00813ac018a445d1e517afbbb1e95d5a; expires=Mon, 22 Dec 2025 06:00:34 GMT; path=/; secure; SameSite=None
oaidts=1734847234; expires=Mon, 22 Dec 2025 06:00:34 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 29 Dec 2024 06:00:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

dev.encurta.app/js/app.js?ver=6.4.0

104.21.15.133

200 OK

6.1 kB

URL GET HTTP/3
dev.encurta.app/js/app.js?ver=6.4.0
IP
104.21.15.133:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
JavaScript source, ASCII text
Size
6.1 kB (6060 bytes)
Hash
3c6e1b5298af4be254a13e1503165465
92f547aac931bb4411cb0134adcff91781c78e78
f8f7883a3de9397521d2e218ee6ceb6b48ab58a17bb90f10171c75d5e92b5b78

HTTP Headers

GET /js/app.js?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Wed, 15 Jan 2025 01:38:58 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 534095
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCxRkIGxqz%2BLwzJhgy6%2BSEOflzcnKd59lX0GpnqkjPjSMW7EboblvlEuhBab86wy6ivY3vLBl%2FkEPcsAANgu1%2Fs9%2F3Dw9qRgbHxE%2BgpzEJEU%2FXIB%2FEZLGYSTGkaYUInATZs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a8e8b1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3403&min_rtt=1100&rtt_var=1386&sent=97&recv=20&lost=0&retrans=0&sent_bytes=91314&recv_bytes=5521&delivery_rate=1439083&cwnd=48000&unsent_bytes=0&cid=090f7984231bd2b0&ts=204&x=1", cfExtPri, cfHdrFlush;dur=0

perf.cdnads.com/perf.gif

82.192.85.249

200 OK

43 B

URL GET HTTP/1.1
perf.cdnads.com/perf.gif
IP
82.192.85.249:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subjectcdnads.com
FingerprintC7:05:09:11:76:D3:62:A4:31:80:AA:1A:C4:A8:34:A3:4F:B1:0C:7F
ValidityTue, 17 Dec 2024 19:34:51 GMT - Mon, 17 Mar 2025 19:34:50 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /perf.gif HTTP/1.1
Host: perf.cdnads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Dec 2024 06:00:34 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Expires: Mon, 23 Dec 2024 06:00:34 GMT
Cache-Control: max-age=86400
Timing-Allow-Origin: *

dev.encurta.app/assets/securimage/images/audio_icon.png

104.21.15.133

200 OK

1.7 kB

URL
dev.encurta.app/assets/securimage/images/audio_icon.png
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Size
1.7 kB (1684 bytes)
Hash
7ee10d80baf84d879839e72ef3825fce
9e4bb9a5e61f3ea8d13c889796ef23a6229e722b
a03daae92a941b781bf4c29bf6d8e01d14858260bf2ed6c9147d949e0e37a93e

HTTP Headers

GET /assets/securimage/images/audio_icon.png HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab; pp_show_on_140972588d733d0ad80e1b8f8b206aba=1; ab=1; prefetchAd_5271460=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8%3A3%3A1; pp_main_140972588d733d0ad80e1b8f8b206aba=1; pp_exp_140972588d733d0ad80e1b8f8b206aba=1734850834763
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:35 GMT
content-type: image/png
content-length: 1684
cache-control: public, max-age=31536000
expires: Fri, 19 Dec 2025 15:34:07 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent,User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 224788
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPURJmoskhEbrY2V6%2FDiGBiPlwQzaLiwyHEVRJxDJ7GsnD4dGQIC4Yu2rL8AIpdVoVTiIH66w3A7r9gDNvwv38%2FX9LFsYdCMcilP6nTJuYiJSd2SRqDLJVtIkAmYRXdMEWA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de4739b051bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3361&min_rtt=1100&rtt_var=2438&sent=132&recv=30&lost=0&retrans=0&sent_bytes=121647&recv_bytes=9378&delivery_rate=957157&cwnd=63600&unsent_bytes=0&cid=090f7984231bd2b0&ts=1653&x=1", cfExtPri, cfHdrFlush;dur=0

dev.encurta.app/assets/securimage/images/loading.png

104.21.15.133

200 OK

1.1 kB

URL GET
dev.encurta.app/assets/securimage/images/loading.png
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1136 bytes)
Hash
b9c1ca4bbc0baf65e0239ba93737a8aa
6c3b605fbbed1ee11e19fedcf317dea77aa2586d
e8dd645ec842e125f34049581257169d232a170772c18a3e57a727ce692ec299

HTTP Headers

GET /assets/securimage/images/loading.png HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab; pp_show_on_140972588d733d0ad80e1b8f8b206aba=1; ab=1; prefetchAd_5271460=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8%3A3%3A1; pp_main_140972588d733d0ad80e1b8f8b206aba=1; pp_exp_140972588d733d0ad80e1b8f8b206aba=1734850834763
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:35 GMT
content-type: image/png
content-length: 1136
cache-control: public, max-age=31536000
expires: Sat, 26 Jul 2025 12:52:42 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent,User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 12848873
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyKAnznz2vhaGteTECML6DxTjOjydHcj%2FSuRsoKcGDdlJ35MlwGASYKzEEI6S%2FX0Zx5m51P%2F2Lb7HUonrHs29tii5IUJpAq%2B%2Fm9vs0Az3ZA0CWH8Tk1ERg%2FPg4lDHsuDZ7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de4739b071bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3136&min_rtt=1100&rtt_var=2276&sent=135&recv=31&lost=0&retrans=0&sent_bytes=124158&recv_bytes=9424&delivery_rate=207501&cwnd=63600&unsent_bytes=0&cid=090f7984231bd2b0&ts=1655&x=1", cfExtPri, cfHdrFlush;dur=0

dev.encurta.app/assets/securimage/images/refresh.png

104.21.15.133

200 OK

4.8 kB

URL GET
dev.encurta.app/assets/securimage/images/refresh.png
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
4.8 kB (4835 bytes)
Hash
fc1306f1a43ee881ba6113d2c1ccc425
b691ee3985066e4fdf7e2d14736d3619c11da6fa
b0961386f2d1bee85609436e7db3f1bf0b4469ad6498c4f7d851adc7833cf99d

HTTP Headers

GET /assets/securimage/images/refresh.png HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab; pp_show_on_140972588d733d0ad80e1b8f8b206aba=1; ab=1; prefetchAd_5271460=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8%3A3%3A1; pp_main_140972588d733d0ad80e1b8f8b206aba=1; pp_exp_140972588d733d0ad80e1b8f8b206aba=1734850834763
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:35 GMT
content-type: image/png
content-length: 4835
cache-control: public, max-age=31536000
expires: Sat, 26 Jul 2025 12:52:42 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent,User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 12848873
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lWTaBWVTJYXsYsNp34zXnfDLhI3mY%2BhPA9dYurQh50zCi%2BY8EKZ87I6fCIle8T%2BOQ37Elyxpa%2BjcaYYwm7gDpEDTtoRUjVd%2FFbDpkr7yNRvPGU0swffzWTE51cQucwixy5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de4739b0a1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3136&min_rtt=1100&rtt_var=2276&sent=137&recv=31&lost=0&retrans=0&sent_bytes=126100&recv_bytes=9424&delivery_rate=207501&cwnd=63600&unsent_bytes=0&cid=090f7984231bd2b0&ts=1655&x=1", cfExtPri, cfHdrFlush;dur=0

dev.encurta.app/securimage/render/captchaShortlink

104.21.15.133

200 OK

4.5 kB

URL
dev.encurta.app/securimage/render/captchaShortlink
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (860)
Size
4.5 kB (4483 bytes)
Hash
ea8bb804f798ec95f371fd0c64aca382
91f3d07cf9fd4f93fd4783c39d44aa0c39a633ba
1ccc7771f3b2c152a885ec8772f4ac7da8278fcb939e469b6974c0b0bb38e901

HTTP Headers

GET /securimage/render/captchaShortlink HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab; pp_show_on_140972588d733d0ad80e1b8f8b206aba=1; ab=1; prefetchAd_5271460=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8%3A3%3A1; pp_main_140972588d733d0ad80e1b8f8b206aba=1; pp_exp_140972588d733d0ad80e1b8f8b206aba=1734850834763
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:35 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DzJpxr38Laj6KBudSoXlOVC48xRK2CpToiUdJZr3cXbDrCh8JVxrDMNoJvFHQLooB%2B3bHTSV6CXG%2FwZ5LYj3RvTjDoI%2BsCAwEe%2BZF2P3XTiFVj4prU1VI4fBlp8t9ZI%2B5xI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de47179f81bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3656&min_rtt=1100&rtt_var=2463&sent=125&recv=25&lost=0&retrans=0&sent_bytes=119835&recv_bytes=6855&delivery_rate=29770&cwnd=63600&unsent_bytes=0&cid=090f7984231bd2b0&ts=1597&x=1", cfExtPri, cfHdrFlush;dur=0

dev.encurta.app/favicon.ico

104.21.15.133

200 OK

48 B

URL
dev.encurta.app/favicon.ico
IP
104.21.15.133:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors
Size
48 B (48 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab; pp_show_on_140972588d733d0ad80e1b8f8b206aba=1; ab=1; prefetchAd_5271460=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8%3A3%3A1; pp_main_140972588d733d0ad80e1b8f8b206aba=1; pp_exp_140972588d733d0ad80e1b8f8b206aba=1734850834763
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:34 GMT
content-type: image/x-icon
cache-control: public, max-age=31536000
expires: Sat, 20 Dec 2025 08:23:55 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent,User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 164198
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nf5Le9ofIMBxE6as3co9GVKhmiX8W6V2oajxzKsPngLSyWGqN7sMwn0wGf%2BrOJjjC7S27J2nK%2BL0UtqHK87VpfiyH8e%2FFBy87ADa8ZAYq2p6fiR5l3R%2BPwAKGj%2FAsAt7Ze4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de47169f31bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3963&min_rtt=1100&rtt_var=2465&sent=123&recv=23&lost=0&retrans=0&sent_bytes=118980&recv_bytes=6207&delivery_rate=4511675&cwnd=63600&unsent_bytes=0&cid=090f7984231bd2b0&ts=1305&x=1", cfExtPri, cfHdrFlush;dur=0

dev.encurta.app/vendor/bootstrap/js/bootstrap.min.js?ver=6.4.0

104.21.15.133

200 OK

40 kB

URL GET HTTP/3
dev.encurta.app/vendor/bootstrap/js/bootstrap.min.js?ver=6.4.0
IP
104.21.15.133:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
JavaScript source, ASCII text, with very long lines (39553)
Size
40 kB (39680 bytes)
Hash
2f34b630ffe30ba2ff2b91e3f3c322a1
b16fd8226bd6bfb08e568f1b1d0a21d60247cefb
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

HTTP Headers

GET /vendor/bootstrap/js/bootstrap.min.js?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
expires: Wed, 15 Jan 2025 01:38:58 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 534095
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yq7VMB7Oh7cWMf2r6PXP51Sz32IWY%2FhDD6tHvFD%2FX%2BETXk9kLaXII56sNonLiIPPHANlQJe8VfdjJzfxgXJCouPucJH9ekRpR6Lz41ZRPSQf2H4DbVXKhS4Fn4fD07T%2Fo1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a8e881bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3403&min_rtt=1100&rtt_var=1386&sent=97&recv=20&lost=0&retrans=0&sent_bytes=91314&recv_bytes=5521&delivery_rate=1439083&cwnd=48000&unsent_bytes=0&cid=090f7984231bd2b0&ts=204&x=1", cfExtPri, cfHdrFlush;dur=13

fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14712, version 1.0
Size
15 kB (14712 bytes)
Hash
3afeae0d768769f5e5f30ac9805c5b70
3ada17c2b462db3e7a1fd85c3f4670dfe7704f4d
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce

HTTP Headers

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dev.encurta.app
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 04:17:06 GMT
expires: Sun, 21 Dec 2025 04:17:06 GMT
cache-control: public, max-age=31536000
age: 92608
last-modified: Thu, 01 Jun 2023 22:52:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dev.encurta.app/vendor/dashboard/css/skins/_all-skins.min.css?ver=6.4.0

104.21.15.133

200 OK

41 kB

URL GET HTTP/3
dev.encurta.app/vendor/dashboard/css/skins/_all-skins.min.css?ver=6.4.0
IP
104.21.15.133:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectencurta.app
FingerprintE8:EB:89:F6:A0:9D:0F:49:0E:4D:C5:EF:E9:35:AB:A7:03:F7:C7:35
ValidityFri, 29 Nov 2024 14:15:46 GMT - Thu, 27 Feb 2025 14:15:45 GMT

File type
ASCII text, with very long lines (40757), with no line terminators
Size
41 kB (40757 bytes)
Hash
913ee6087926cd35798c04e18c2a2314
34b1088a21d36cd7a2a73311e10fe4794739c6a2
e5e998ea42306cdbaca43e5fbc23a2ca1631d41664c57f60ebaed459d3487451

HTTP Headers

GET /vendor/dashboard/css/skins/_all-skins.min.css?ver=6.4.0 HTTP/1.1
Host: dev.encurta.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/lp1
Cookie: AppSession=bf9d25d923cf11e6ee0017502dd62171; csrfToken=eafdf913209e89cfe6d219df1988f90051ebc980d939110166de3fb933cc7d85bf76ce396f66da53b999796a6828853b11a296bcc6248f89f3653d319fb636ab
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Dec 2024 06:00:33 GMT
content-type: text/css
cache-control: public, max-age=2592000
expires: Mon, 20 Jan 2025 05:23:28 GMT
last-modified: Mon, 06 May 2024 21:12:31 GMT
vary: Accept-Encoding,User-Agent,User-Agent
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 88625
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2B%2BqktPN8J9rPSd087Qv6LXQaW5fsERCiZzfUaW4J0rGbbG9OfA0MZGEBT8Qmdp1nTbyZs%2Bs1BrHO3skO8g6wtHkNNkOlsNiIS%2BN7xvOQUlc18XJ62E0QbS8BRC1Ltirq%2Bc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46a6e711bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3418&min_rtt=1100&rtt_var=1809&sent=60&recv=16&lost=0&retrans=0&sent_bytes=52936&recv_bytes=3256&delivery_rate=9354742&cwnd=48000&unsent_bytes=0&cid=090f7984231bd2b0&ts=180&x=1", cfExtPri, cfHdrFlush;dur=0

unseenreport.com/pxf.gif?uuid=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=140972588d733d0ad80e1b8f8b206aba&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6

0.0.0.0

200 OK

0 B

URL GET
unseenreport.com/pxf.gif?uuid=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=140972588d733d0ad80e1b8f8b206aba&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6
IP
0.0.0.0:0
ASN
#0

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintB3:C3:D3:00:AB:EE:F9:2F:2C:9A:5D:74:A9:E1:4E:36:06:3F:B6:74
ValidityMon, 18 Nov 2024 22:38:22 GMT - Sun, 16 Feb 2025 22:38:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=6d8dcd90-f32a-4ed0-9445-0b8d5fd780f8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=140972588d733d0ad80e1b8f8b206aba&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Dec 2024 06:00:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: aa916e748acec5c72ba0842b126cc264
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

retortloudenvelope.com/pixel/purst?dl=0&th=0&sc=0&rs=1116&rd=1116&fd=587&bv=24.12.6652&tmpl=70

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
retortloudenvelope.com/pixel/purst?dl=0&th=0&sc=0&rs=1116&rd=1116&fd=587&bv=24.12.6652&tmpl=70
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subjectretortloudenvelope.com
Fingerprint2C:FA:A7:9A:E2:BA:82:F4:45:BC:41:C0:A4:7F:89:2A:BC:7F:A3:2F
ValidityFri, 13 Dec 2024 21:33:34 GMT - Thu, 13 Mar 2025 21:33:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1116&rd=1116&fd=587&bv=24.12.6652&tmpl=70 HTTP/1.1
Host: retortloudenvelope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Dec 2024 06:00:34 GMT
Content-Length: 0
Connection: keep-alive
Host: retortloudenvelope.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

arvigorothan.com/tag.min.js

104.21.30.34

200 OK

72 kB

URL GET HTTP/2
arvigorothan.com/tag.min.js
IP
104.21.30.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectarvigorothan.com
Fingerprint26:48:70:42:FE:96:F4:B3:B3:97:CC:DC:62:4D:88:51:7E:AF:01:5E
ValidityFri, 06 Dec 2024 15:37:52 GMT - Thu, 06 Mar 2025 15:37:51 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (71573 bytes)
Hash
d19a0affb4272dcf127651b173af0dfd
81c3f8cc7d5228bd3dce2bf6797a0a77bcf9bd75
17d2c655066f2b87f12012245918d54658924486ef602322cc7ada66cb51970d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: arvigorothan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:34 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 6e951d82e904e75c85114363e5b89b06
cache-control: max-age=86400
last-modified: Thu, 19 Dec 2024 12:26:44 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 22 Dec 2024 12:31:01 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ki8WMwFoIBxfpo%2BqCcw17DGSTmGVVhEkcW8CKzOw7KxbzuA4r8CkNDNDuWwz9A4pHNGM4CA79gJgTcPmU2KHXT5jclZWrgI1AlrY9oek6OczR4GI25QSqzyCpKqSOoBUr3Bi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f5de46ecb625695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=836&min_rtt=481&rtt_var=577&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3286&recv_bytes=1188&delivery_rate=8467836&cwnd=254&unsent_bytes=0&cid=b27282bcb1212449&ts=38&x=0"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14892, version 1.0
Size
15 kB (14892 bytes)
Hash
9ec6deaf6bada919e20b98f9f7b718b1
501d36403ad8205e4644532600019ecb10f5cb0a
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

HTTP Headers

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dev.encurta.app
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 03:58:56 GMT
expires: Sun, 21 Dec 2025 03:58:56 GMT
cache-control: public, max-age=31536000
age: 93697
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

aiveemtomsaix.net/5/5271460/?oo=1&js_build=iclick-v1.1027.0&dmn=gekeebsirs.com&tt=2&ix=0

139.45.197.106

200 OK

4.0 kB

URL GET HTTP/2
aiveemtomsaix.net/5/5271460/?oo=1&js_build=iclick-v1.1027.0&dmn=gekeebsirs.com&tt=2&ix=0
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerLet's Encrypt
Subjectaiveemtomsaix.net
FingerprintF4:FC:D8:CB:F1:41:86:2B:B9:2E:AE:D4:3E:92:DE:6D:64:38:F1:26
ValidityThu, 14 Nov 2024 04:13:35 GMT - Wed, 12 Feb 2025 04:13:34 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3984), with no line terminators
Size
4.0 kB (3980 bytes)
Hash
a0f94085120816e1d633233d1bf0a874
a70a3a97a508c7c5e7c4d6eee7c5ac7e25341e43
c0fe8b07950f5c35f6a9bed9ad8efb1632f0b895c88d8d456f3804f69cf1e14b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/5271460/?oo=1&js_build=iclick-v1.1027.0&dmn=gekeebsirs.com&tt=2&ix=0 HTTP/1.1
Host: aiveemtomsaix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dev.encurta.app
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Dec 2024 06:00:34 GMT
content-type: application/json
x-trace-id: 1c5e72e4f86a344278508f0805e54ff1
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://dev.encurta.app
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00813ac018a445d1e517afbbb1e95d5a; expires=Mon, 22 Dec 2025 06:00:34 GMT; path=/; secure; SameSite=None
oaidts=1734847234; expires=Mon, 22 Dec 2025 06:00:34 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=00813ac018a445d1e517afbbb1e95d5a

172.67.169.157

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=00813ac018a445d1e517afbbb1e95d5a
IP
172.67.169.157:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dev.encurta.app/lp1
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint8A:B7:CD:87:FA:39:07:A8:88:41:1C:9E:2D:0E:97:51:61:75:C1:34
ValidityWed, 06 Nov 2024 10:31:42 GMT - Tue, 04 Feb 2025 10:31:41 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
96fa93d93ee4b0122ae4842d0e115d8f
215f3175784675ceac63ae23d21b7680ea7e04d3
533d109a64e52a986cbb473f66729106568eae77ec3ece9696322b1d2cae0a57

HTTP Headers

GET /gid.js?userId=00813ac018a445d1e517afbbb1e95d5a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dev.encurta.app
DNT: 1
Connection: keep-alive
Referer: https://dev.encurta.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Dec 2024 06:00:34 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dev.encurta.app
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=00813ac018a445d1e517afbbb1e95d5a; expires=Mon, 22 Dec 2025 06:00:34 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TuRs9j%2FA4PKAuqPQi0iAXLbaj0zIEByRpQqfGQ6TI4%2F%2FEOC3q83mYGqligWZ1%2FDMqWCiJ19JkK%2BMa7DNmTaIg70OLpbZ9GxNZQ34VPXwwiHCHXyvBCD%2BnntIIM6szTo8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f5de46dff3d1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=918&min_rtt=406&rtt_var=1045&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1232&delivery_rate=7350253&cwnd=254&unsent_bytes=0&cid=3f101e4e9e234e25&ts=54&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL