Report - pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html

Report Overview

Visited public
2025-06-30 12:44:11
Tags
Submit Tags
URL
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Finishing URL
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
IP / ASN
172.66.0.235
#13335 CLOUDFLARENET
Title
The Courier Guy

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-25	2.4 kB	2.0 MB	142.251.9.97
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-25	1.7 kB	116 kB	142.251.9.94
www.google.no	25607	2001-02-26	2012-06-26	2025-06-25	966 B	580 B	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-06-25	567 B	18 kB	142.250.74.10
bat.bing.net	unknown	1997-09-03	2023-11-04	2025-06-26	1.3 kB	1.1 kB	150.171.27.10
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-06-25	1.1 kB	877 B	216.239.34.36
bat.bing.com	387	1996-01-29	2014-04-08	2025-06-25	860 B	55 kB	150.171.27.10
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev	unknown	2022-08-23	2025-06-30	2025-06-30	3.5 kB	412 kB	162.159.140.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-06-26	medium	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	Generic/Spear Phishing

PhishTank

Scan Date	Severity	Indicator	Alert
2025-06-29	medium	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	Other

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x	ScriptElement	363 kB	2025-06-30	2025-06-30
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-30 12:44 Last Seen2025-06-30 12:44 Times Seen2 Hash 446c1b5bb815fe04a6a5fa0024f2d096 6455917d6cdf6bfe4af98e667fdbf5af4594a2e2 62bdb7b48f74d2a34029eaec740584eb8e0cc551d3cca75c51951050ff36de8d Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	747 B	2024-07-07	2025-07-24
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-07 23:13 Last Seen2025-07-24 15:45 Times Seen102 Hash b268f473705061e828680559a8dd8e3f 41a1a067c9ba901cc3fe21e1191b53c401475909 2e9f5cc2ae69684c23b0cfb581c0eb7ed05b6576b1bf525b53c06cbcf41d29d2 Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	480 B	2024-07-07	2025-07-24
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-07 23:13 Last Seen2025-07-24 15:45 Times Seen103 Hash 2790d97c2b02d1a98a6e7f5174dd41f2 5f8db6f326d6a337b400ac11a1c444aa4ec979e1 ed87e46e707ff5e88eea78d00ba195cad24d6ad712e0af0f64f32a97af557bd1 Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	435 B	2024-07-07	2025-07-24
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-07 23:13 Last Seen2025-07-24 15:45 Times Seen101 Hash d29e7f41dbd55f384e323ee2bf328630 8fe6365e05778d055fc170fe0bcfe4f7f8ba84ce 6c06de7fa7b555fca06849f5113bd23c477708beb336ee58488ed06f029951d2 Loading...

	www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x	ScriptElement	399 kB	2025-06-30	2025-06-30
Pretty URL www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-30 12:44 Last Seen2025-06-30 12:44 Times Seen1 Hash c66078baaaaa8671932ad3950991180c 7c2df81e0eebe8483a1bc6a6bdcb86774e50f5d5 4fb767f7eebb423c368a97836c90b9d2668dc284199f241d0bf818c95dc56056 Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	434 B	2024-07-07	2025-07-24
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-07 23:13 Last Seen2025-07-24 15:45 Times Seen101 Hash 7c40b81fc1f536b0b3c5ce8ef3c827e8 affce4f974bade323940b963e1724f264993fc34 54dc18bc4e52c14ca353755b242e392177db72e3c6c732f2a1b8a277862e540e Loading...

	www.googletagmanager.com/gtag/js?id=G-YSSLKN609T&l=dataLayer&cx=c	ScriptElement	427 kB	2025-06-30	2025-06-30
Pretty URL www.googletagmanager.com/gtag/js?id=G-YSSLKN609T&l=dataLayer&cx=c IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-30 12:44 Last Seen2025-06-30 12:44 Times Seen1 Hash 37d12335451496a40f254519894c564b 754e0eb150c037786e7768f0d99986e4e766dd98 720e81fb597731e5a64bc66c9abe4a5bd070d26c819a05d51714f0771160d9a8 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x	ScriptElement	363 kB	2025-06-30	2025-06-30
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-30 12:44 Last Seen2025-06-30 12:44 Times Seen2 Hash 4404eb48c2cf994d68cf927691c91339 b67634af0864dea28b5c8c156f9ef77addc04c23 f2e0271ca9500d772cb7b236f1d74da8c941be4bdc55c1138126b301e39a85c1 Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	281 B	2024-12-31	2025-07-24
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-31 12:51 Last Seen2025-07-24 15:45 Times Seen101 Hash df628df2922022b920c68c20ec4a4b22 35345d7090cfe49e8e4e90730a7060aba862cfce 0f46a7d9941bc379eb45319fdd49e19f10df094a2aecd3c7b0344f2fb3407a46 Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	423 B	2024-12-31	2025-07-07
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-31 12:51 Last Seen2025-07-07 13:28 Times Seen96 Hash f7598f2a0a181c775c144d25789d404c 0eda89e0c1241181b3451b51b242f121001c4ca9 0073c8c8860ca0dae8c87c4b0723992b2f579767d425a115f5be57ad9dfda552 Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	887 B	2024-07-07	2025-07-07
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-07 23:13 Last Seen2025-07-07 13:28 Times Seen98 Hash f1e6bc67dd58ac99f16e57b1df6b8b50 740ed69c6abc603bb4bfbc6e69a01372606f327a 8dc485f3b4f993f3ad3cef256759b25ca4faefb21217dacc2df7caeb597feb1c Loading...

	pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html	ScriptElement	480 B	2024-07-07	2025-07-24
Pretty URL pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html IP 162.159.140.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-07 23:13 Last Seen2025-07-24 15:45 Times Seen103 Hash 2790d97c2b02d1a98a6e7f5174dd41f2 5f8db6f326d6a337b400ac11a1c444aa4ec979e1 ed87e46e707ff5e88eea78d00ba195cad24d6ad712e0af0f64f32a97af557bd1 Loading...

	www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x	ScriptElement	399 kB	2025-06-30	2025-06-30
Pretty URL www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-30 12:44 Last Seen2025-06-30 12:44 Times Seen1 Hash 9e3da5c6cf88728914400f0b6857a107 17bbd451fbee38753319e89fa43c858ce248fbe0 8c9e19a85c7a29105ae049616a3eea9c7175851aecbebdd0a124f5972140d531 Loading...

	bat.bing.com/p/action/97133523.js	ScriptElement	389 B	2025-06-10	2025-07-25
Pretty URL bat.bing.com/p/action/97133523.js IP 150.171.27.10 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-10 00:38 Last Seen2025-07-25 03:57 Times Seen8682 Hash ca111780a7079620d32a81f177e2e440 4e7a9b171f7be0df085af2947364bb808a2bc281 eacf96de3b003e21f5f49a7c1f05f673bad5dc9c33d40edf99a8be8d46f6570a Loading...

	bat.bing.com/bat.js	ScriptElement	53 kB	2025-05-08	2025-07-25
Pretty URL bat.bing.com/bat.js IP 150.171.27.10 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-08 20:13 Last Seen2025-07-25 03:59 Times Seen23942 Hash 8aa3621e078f553b342b105272dd45fc 7d0086d79b7ba961871becf1f55233d2cf9750cb c4e400da2b9e9a111a08457d1de07c9280c7233e4a305b967da320564a83eb0f Loading...

HTTP Transactions (22)

URL IP Response Size

GET bat.bing.com/bat.js

150.171.27.10

200 OK

53 kB

URL GET
bat.bing.com/bat.js
IP
150.171.27.10:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint42:FB:17:7D:A8:3B:A5:42:94:4A:3F:29:95:40:EB:9D:E5:9B:B6:B3
ValidityThu, 12 Jun 2025 05:26:50 GMT - Tue, 09 Dec 2025 05:26:50 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (52941), with no line terminators
Size
53 kB (52942 bytes)
Hash
8aa3621e078f553b342b105272dd45fc
7d0086d79b7ba961871becf1f55233d2cf9750cb
c4e400da2b9e9a111a08457d1de07c9280c7233e4a305b967da320564a83eb0f

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 14978
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 08 May 2025 19:07:55 GMT
accept-ranges: bytes
etag: "8077e3804cc0db1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C544E233191640478DE8BD09D20A0B14 Ref B: OSL30EDGE0314 Ref C: 2025-06-30T12:43:51Z
date: Mon, 30 Jun 2025 12:43:50 GMT
X-Firefox-Spdy: h2

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/static/js/main.ad300ac0.js

162.159.140.237

404 Not Found

27 kB

URL GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/static/js/main.ad300ac0.js
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

HTTP Headers

GET /static/js/main.ad300ac0.js HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 30 Jun 2025 12:43:49 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc0626d5eabcf-CPH

GET www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x

142.251.9.97

200 OK

363 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (38976)
Size
363 kB (363297 bytes)
Hash
4404eb48c2cf994d68cf927691c91339
b67634af0864dea28b5c8c156f9ef77addc04c23
f2e0271ca9500d772cb7b236f1d74da8c941be4bdc55c1138126b301e39a85c1

HTTP Headers

GET /gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jun 2025 12:43:49 GMT
expires: Mon, 30 Jun 2025 12:43:49 GMT
cache-control: private, max-age=900
last-modified: Mon, 30 Jun 2025 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 116969
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.251.9.94

200 OK

38 kB

URL GET
fonts.gstatic.com/s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.251.9.94:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint6C:DD:E7:B7:B0:02:A6:B7:4F:2D:EB:A1:11:A3:4B:1C:31:F9:07:F7
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 37828, version 1.0
Size
38 kB (37828 bytes)
Hash
50b140b1e97d859d6d0603414f4298ee
500e4872ee1ba9cf89f1ba626d64987b0f9ab5c9
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1

HTTP Headers

GET /s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37828
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jun 2025 09:37:14 GMT
expires: Fri, 26 Jun 2026 09:37:14 GMT
cache-control: public, max-age=31536000
age: 356796
last-modified: Wed, 28 May 2025 18:51:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/TCG_HOME_Once-Off_Illustration.png

162.159.140.237

200 OK

58 kB

URL GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/TCG_HOME_Once-Off_Illustration.png
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
PNG image data, 1311 x 739, 8-bit/color RGBA, non-interlaced
Size
58 kB (58000 bytes)
Hash
60d29756adf293f2f76373282bf22c53
aa890368f85765100d24c5d6cf860779097e5b4b
93cebacd70d6c0af8834052e9ec26c3905178b9594b171d9d47c9e51a08b4bb4

HTTP Headers

GET /files/TCG_HOME_Once-Off_Illustration.png HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jun 2025 12:43:49 GMT
Content-Type: image/png
Content-Length: 58000
Connection: keep-alive
Accept-Ranges: bytes
ETag: "60d29756adf293f2f76373282bf22c53"
Last-Modified: Fri, 20 Jun 2025 12:24:56 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc064ad5ed090-CPH

GET fonts.gstatic.com/s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.251.9.94

200 OK

38 kB

URL GET
fonts.gstatic.com/s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.251.9.94:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint6C:DD:E7:B7:B0:02:A6:B7:4F:2D:EB:A1:11:A3:4B:1C:31:F9:07:F7
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 37828, version 1.0
Size
38 kB (37828 bytes)
Hash
50b140b1e97d859d6d0603414f4298ee
500e4872ee1ba9cf89f1ba626d64987b0f9ab5c9
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1

HTTP Headers

GET /s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37828
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jun 2025 09:37:14 GMT
expires: Fri, 26 Jun 2026 09:37:14 GMT
cache-control: public, max-age=31536000
age: 356796
last-modified: Wed, 28 May 2025 18:51:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-YSSLKN609T&cid=1991801657.1751287431&gtm=45je56p1v9164947838z8893583155za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&z=152365231

142.250.74.35

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-YSSLKN609T&cid=1991801657.1751287431&gtm=45je56p1v9164947838z8893583155za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&z=152365231
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint06:9A:0B:8C:DF:AC:70:7A:12:56:3A:16:E7:C4:85:BA:3E:C8:E2:63
ValidityMon, 02 Jun 2025 08:38:19 GMT - Mon, 25 Aug 2025 08:38:18 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-YSSLKN609T&cid=1991801657.1751287431&gtm=45je56p1v9164947838z8893583155za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&z=152365231 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jun 2025 12:43:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bat.bing.com/p/action/97133523.js

150.171.27.10

200 OK

389 B

URL GET
bat.bing.com/p/action/97133523.js
IP
150.171.27.10:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint42:FB:17:7D:A8:3B:A5:42:94:4A:3F:29:95:40:EB:9D:E5:9B:B6:B3
ValidityThu, 12 Jun 2025 05:26:50 GMT - Tue, 09 Dec 2025 05:26:50 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
389 B (389 bytes)
Hash
ca111780a7079620d32a81f177e2e440
4e7a9b171f7be0df085af2947364bb808a2bc281
eacf96de3b003e21f5f49a7c1f05f673bad5dc9c33d40edf99a8be8d46f6570a

HTTP Headers

GET /p/action/97133523.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: private,max-age=1800
content-type: application/javascript; charset=utf-8
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43C0EC3068AB44A5A5491880D70BAA6E Ref B: OSL30EDGE0314 Ref C: 2025-06-30T12:43:51Z
date: Mon, 30 Jun 2025 12:43:50 GMT
X-Firefox-Spdy: h2

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/chunk.css

162.159.140.237

404 Not Found

27 kB

URL GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/chunk.css
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27150 bytes)
Hash
46dd133ee00dc1bae5e4eeba7b88432f
8af86a4ac91ce48c062216fb94a6e1d57618a19b
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

HTTP Headers

GET /files/chunk.css HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 30 Jun 2025 12:43:49 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc0630e308f57-CPH

GET fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,800,900&display=swap

142.250.74.10

200 OK

17 kB

URL GET
fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,800,900&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint58:09:05:96:27:31:E2:3D:AB:89:AD:1C:2E:C3:03:82:B0:27:3D:86
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
ASCII text
Size
17 kB (16983 bytes)
Hash
330e0ba72144b6c9603973bfd3029e0f
91a240c00ac1d805b2f542e42bccee2598da1e1b
ca8dbb4065b32934c9aff1ab65a258a7b532f0b16d01abf5222ad99cd84f134b

HTTP Headers

GET /css?family=Montserrat:100,200,300,400,500,600,700,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 30 Jun 2025 12:43:49 GMT
date: Mon, 30 Jun 2025 12:43:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/main.css

162.159.140.237

200 OK

101 kB

URL GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/main.css
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
ASCII text, with very long lines (38629)
Size
101 kB (100855 bytes)
Hash
0076222f6b1f37ea799ee3f7e5047f7e
550ccba4729f09f45f3f3951d1bea9be59fcb2c4
187305b5a8c4f0e00b8b1ef5ace8d7b1929068109767404e0161a4551d22e862

HTTP Headers

GET /files/main.css HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jun 2025 12:43:49 GMT
Content-Type: text/css
Content-Length: 100855
Connection: keep-alive
Accept-Ranges: bytes
ETag: "0076222f6b1f37ea799ee3f7e5047f7e"
Last-Modified: Fri, 20 Jun 2025 12:24:55 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc063299dd090-CPH

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/favicon.png

162.159.140.237

200 OK

2.9 kB

URL GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/favicon.png
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
Size
2.9 kB (2911 bytes)
Hash
2ea2e719393d38f90e6632396882195c
825c586037fac00ec2ce664cdca3d2bd22c40b63
68b6633d1a1e518c52844b32531c25c08c809894f55a140acb0d3adabf4bf710

HTTP Headers

GET /files/favicon.png HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jun 2025 12:43:50 GMT
Content-Type: image/png
Content-Length: 2911
Connection: keep-alive
Accept-Ranges: bytes
ETag: "2ea2e719393d38f90e6632396882195c"
Last-Modified: Fri, 20 Jun 2025 12:24:54 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc06b1e6fabcf-CPH

POST bat.bing.net/actionp/0?ti=97133523&tm=gtm002&Ver=2&mid=73b0dcb0-5c47-457a-8e7d-9e901828e827&bo=1&evt=consent&src=enforced&cdb=AQAY&asc=D

150.171.27.10

204 No Content

0 B

URL POST
bat.bing.net/actionp/0?ti=97133523&tm=gtm002&Ver=2&mid=73b0dcb0-5c47-457a-8e7d-9e901828e827&bo=1&evt=consent&src=enforced&cdb=AQAY&asc=D
IP
150.171.27.10:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerMicrosoft Corporation
Subjectbat.bing.net
Fingerprint36:B0:89:87:47:4A:B0:8A:1F:A8:EB:71:A6:13:8A:FF:CD:94:46:23
ValidityThu, 24 Apr 2025 22:29:23 GMT - Tue, 21 Oct 2025 22:29:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /actionp/0?ti=97133523&tm=gtm002&Ver=2&mid=73b0dcb0-5c47-457a-8e7d-9e901828e827&bo=1&evt=consent&src=enforced&cdb=AQAY&asc=D HTTP/1.1
Host: bat.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2EE9DE9BF0EE412AA0DDB8BEB28E367D Ref B: OSL30EDGE0112 Ref C: 2025-06-30T12:43:51Z
date: Mon, 30 Jun 2025 12:43:50 GMT
X-Firefox-Spdy: h2

GET bat.bing.net/action/0?ti=97133523&tm=gtm002&Ver=2&mid=73b0dcb0-5c47-457a-8e7d-9e901828e827&bo=2&gtm_tag_source=1&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=The%20Courier%20Guy&p=https%3A%2F%2Fpub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev%2Findex.html&r=&lt=1273&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=607530

150.171.27.10

204 No Content

0 B

URL GET
bat.bing.net/action/0?ti=97133523&tm=gtm002&Ver=2&mid=73b0dcb0-5c47-457a-8e7d-9e901828e827&bo=2&gtm_tag_source=1&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=The%20Courier%20Guy&p=https%3A%2F%2Fpub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev%2Findex.html&r=&lt=1273&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=607530
IP
150.171.27.10:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerMicrosoft Corporation
Subjectbat.bing.net
Fingerprint36:B0:89:87:47:4A:B0:8A:1F:A8:EB:71:A6:13:8A:FF:CD:94:46:23
ValidityThu, 24 Apr 2025 22:29:23 GMT - Tue, 21 Oct 2025 22:29:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=97133523&tm=gtm002&Ver=2&mid=73b0dcb0-5c47-457a-8e7d-9e901828e827&bo=2&gtm_tag_source=1&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=The%20Courier%20Guy&p=https%3A%2F%2Fpub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev%2Findex.html&r=&lt=1273&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=607530 HTTP/1.1
Host: bat.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 304C0F24843F4DCAA32136B0B9F68629 Ref B: OSL30EDGE0112 Ref C: 2025-06-30T12:43:51Z
date: Mon, 30 Jun 2025 12:43:50 GMT
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x

142.251.9.97

200 OK

399 kB

URL GET
www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (6004)
Size
399 kB (398973 bytes)
Hash
9e3da5c6cf88728914400f0b6857a107
17bbd451fbee38753319e89fa43c858ce248fbe0
8c9e19a85c7a29105ae049616a3eea9c7175851aecbebdd0a124f5972140d531

HTTP Headers

GET /gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jun 2025 12:43:49 GMT
expires: Mon, 30 Jun 2025 12:43:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 132671
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x

142.251.9.97

200 OK

363 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (38976)
Size
363 kB (363297 bytes)
Hash
446c1b5bb815fe04a6a5fa0024f2d096
6455917d6cdf6bfe4af98e667fdbf5af4594a2e2
62bdb7b48f74d2a34029eaec740584eb8e0cc551d3cca75c51951050ff36de8d

HTTP Headers

GET /gtm.js?id=GTM-N6Q2L78&gtm_auth=&gtm_preview=&gtm_cookies_win=x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jun 2025 12:43:49 GMT
expires: Mon, 30 Jun 2025 12:43:49 GMT
cache-control: private, max-age=900
last-modified: Mon, 30 Jun 2025 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 116966
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x

142.251.9.97

200 OK

399 kB

URL GET
www.googletagmanager.com/gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (6004)
Size
399 kB (398983 bytes)
Hash
c66078baaaaa8671932ad3950991180c
7c2df81e0eebe8483a1bc6a6bdcb86774e50f5d5
4fb767f7eebb423c368a97836c90b9d2668dc284199f241d0bf818c95dc56056

HTTP Headers

GET /gtm.js?id=G-H6ZR9QHC6R&gtm_auth=&gtm_preview=&gtm_cookies_win=x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jun 2025 12:43:49 GMT
expires: Mon, 30 Jun 2025 12:43:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 132653
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-YSSLKN609T&gtm=45je56p1v9164947838z8893583155za200&_p=1751287429416&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&cid=1991801657.1751287431&ecid=1548806167&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1751287431&sct=1&seg=0&dl=https%3A%2F%2Fpub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev%2Findex.html&dt=The%20Courier%20Guy&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2277

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-YSSLKN609T&gtm=45je56p1v9164947838z8893583155za200&_p=1751287429416&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&cid=1991801657.1751287431&ecid=1548806167&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1751287431&sct=1&seg=0&dl=https%3A%2F%2Fpub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev%2Findex.html&dt=The%20Courier%20Guy&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2277
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-YSSLKN609T&gtm=45je56p1v9164947838z8893583155za200&_p=1751287429416&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103308216~103308218~103351869~103351871~104684208~104684211~104718208~104784387~104784389~104784694~104885886~104885888&cid=1991801657.1751287431&ecid=1548806167&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1751287431&sct=1&seg=0&dl=https%3A%2F%2Fpub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev%2Findex.html&dt=The%20Courier%20Guy&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2277 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
date: Mon, 30 Jun 2025 12:43:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html

162.159.140.237

200 OK

166 kB

URL User Request GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
JavaScript source, ASCII text, with very long lines (34659), with CRLF line terminators
Size
166 kB (166309 bytes)
Hash
22d4d4674d74d31dbb87a03a262cca18
6d4715f32c3964e774d30b316dbf0da9a0d01ea0
f6a624bdc9ba848a0749718cb99a5ba197b30d1c18b34e56cb7ec8a395314a55

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
PhishTank	phishing	Other

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jun 2025 12:43:49 GMT
Content-Type: text/html
Content-Length: 166309
Connection: keep-alive
Accept-Ranges: bytes
ETag: "22d4d4674d74d31dbb87a03a262cca18"
Last-Modified: Fri, 20 Jun 2025 12:25:14 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc05f19dfabcf-CPH

GET fonts.gstatic.com/s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.251.9.94

200 OK

38 kB

URL GET
fonts.gstatic.com/s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.251.9.94:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint6C:DD:E7:B7:B0:02:A6:B7:4F:2D:EB:A1:11:A3:4B:1C:31:F9:07:F7
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 37828, version 1.0
Size
38 kB (37828 bytes)
Hash
50b140b1e97d859d6d0603414f4298ee
500e4872ee1ba9cf89f1ba626d64987b0f9ab5c9
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1

HTTP Headers

GET /s/montserrat/v30/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37828
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jun 2025 09:37:14 GMT
expires: Fri, 26 Jun 2026 09:37:14 GMT
cache-control: public, max-age=31536000
age: 356797
last-modified: Wed, 28 May 2025 18:51:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-YSSLKN609T&l=dataLayer&cx=c

142.251.9.97

200 OK

427 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-YSSLKN609T&l=dataLayer&cx=c
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint79:AA:03:D4:F6:6B:0F:61:E5:C5:AB:19:F4:A5:5D:DC:97:80:AF:DA
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type
JavaScript source, ASCII text, with very long lines (8282)
Size
427 kB (426911 bytes)
Hash
37d12335451496a40f254519894c564b
754e0eb150c037786e7768f0d99986e4e766dd98
720e81fb597731e5a64bc66c9abe4a5bd070d26c819a05d51714f0771160d9a8

HTTP Headers

GET /gtag/js?id=G-YSSLKN609T&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jun 2025 12:43:49 GMT
expires: Mon, 30 Jun 2025 12:43:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 140120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/logo.png

162.159.140.237

200 OK

27 kB

URL GET
pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/files/logo.png
IP
162.159.140.237:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintA0:6E:D0:AC:8C:5F:AD:21:E0:F8:7F:70:3A:24:CF:CE:66:EF:FE:60
ValidityFri, 23 May 2025 11:13:16 GMT - Thu, 21 Aug 2025 11:13:15 GMT

File type
PNG image data, 600 x 192, 8-bit/color RGBA, non-interlaced
Size
27 kB (27142 bytes)
Hash
0eaa9a807bcf371336f4f69bce75d46a
98b55a038981e21f824f2f171f613b0300cf6b11
26d48bd3c5369cfd91446b80db4017b59a96c5c6c04e56a6ed92e245a4960e90

HTTP Headers

GET /files/logo.png HTTP/1.1
Host: pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-6d319b1da44841e4a0eb9eda871e6fa9.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 30 Jun 2025 12:43:49 GMT
Content-Type: image/png
Content-Length: 27142
Connection: keep-alive
Accept-Ranges: bytes
ETag: "0eaa9a807bcf371336f4f69bce75d46a"
Last-Modified: Fri, 20 Jun 2025 12:24:55 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 957dc064af84abcf-CPH

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML