Report - fanvortex.rest/join/5489/verify.php/verify.php

Report Overview

Visited public
2025-04-15 07:02:33
Tags
URL
fanvortex.rest/join/5489/verify.php/verify.php
Finishing URL
cggdfgb.offrsmatch.com/s/63623a2b02510
IP / ASN
172.67.202.122
#13335 CLOUDFLARENET
Title
Best dating worldwide

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-09	1.1 kB	17 kB	142.250.74.3
cggdfgb.offrsmatch.com	unknown	2024-11-06	2024-12-24	2025-04-10	14 kB	1.3 MB	81.30.157.12
fanvortex.rest	unknown	unknown	No data	No data	2.8 kB	97 kB	172.67.202.122
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-04-09	506 B	20 kB	104.16.79.73
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-09	469 B	2.4 kB	216.58.211.10
nrb2mr0.wild-match-network.com	unknown	2025-02-12	2025-02-18	2025-04-08	561 B	45 kB	185.155.184.43

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-15	medium	wild-match-network.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	fanvortex.rest/verify.php	ScriptElement	413 B	2025-03-04	2025-05-08
Pretty URL fanvortex.rest/verify.php IP 172.67.202.122 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 07:54 Last Seen2025-05-08 14:38 Times Seen907 Hash 7d250f965f47630c6301bf4681b1fe26 dabf66066e04a1f82dc57b3963a5a391d9cfbbc0 966df4c70bd6f38e56187df4be553a46fbd9ec157c34563ec1ac1ac7c41b778a Loading...

	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-05-11
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-05-11 03:17 Times Seen49703 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	cggdfgb.offrsmatch.com/bundle/428/assets/js/jquery.js	ScriptElement	1.0 kB	2023-04-18	2025-05-10
Pretty URL cggdfgb.offrsmatch.com/bundle/428/assets/js/jquery.js IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-18 07:29 Last Seen2025-05-10 04:35 Times Seen266 Hash 5dbe4bb7fe9a5c0875783e83f40ba7d1 93cc961c758dfe56657bfd38858873032f796b18 3260e71f812bd689a42bd34db1562100def4c4e0b468abe7b0cbbf304bed2496 Loading...

HTTP Transactions (16)

URL IP Response Size

cggdfgb.offrsmatch.com/bundle/428/assets/js/functions.js

81.30.157.12

200 OK

482 B

URL GET
cggdfgb.offrsmatch.com/bundle/428/assets/js/functions.js
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerLet's Encrypt
Subjectoffrsmatch.com
Fingerprint98:15:7D:6A:AD:59:A0:04:42:3E:17:38:64:BD:78:80:A7:51:C1:12
ValiditySat, 25 Jan 2025 08:52:47 GMT - Fri, 25 Apr 2025 08:52:46 GMT

File type
JavaScript source, ASCII text
Size
482 B (482 bytes)
Hash
fbdec189249655732dd6b77b6a17cd05
3863d0bf28d09e2f48b13154b971a8ca05db0060
83bb7c980d89c37b001a853bbe497515aae4f6403e805c16a0df9f7f5bd1ee5e

HTTP Headers

GET /bundle/428/assets/js/functions.js HTTP/1.1
Host: cggdfgb.offrsmatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cggdfgb.offrsmatch.com/s/63623a2b02510
Cookie: s=e1uHPNQbYUAzv%2B2FrMv%2FGvyzbNT%2FXgiyrGnAI7R80Ij9YLjHlq%2FYLo3j55AOrI%2Fbak56aUpiByOZa1GzobSHwiB%2BLvanHuNb%2FRS476AbZd0CoVKsztBnAqfw2HFrgRb2Vw024Xh9BygErfmVXcjE9TrksZXMq%2F53prsS%2FRf1NWONCH7heWoRFAqHta4ahkr%2F3kArMxUEHVwtWzDd8dfqeLnur%2BAvNCC9tpiEna8YX81KXr7%2BdbNensVOCNDh6b9cOzZmnSxdKHp6pEslPDVE9lpavDRpl1D%2BucfbFqawFjjd%2B7V%2BaXnadKsRsPuU0G%2BCkoUXQmwjPWxcnKi2IyKzMJEN%2BweGpt10uWiW1Az4lc6SxtsT9XAmmymUPAEhNwMaxHDKcWr%2BQfJV5uJlXzFiGpJkUuhCENuYf3nt6y20kYOENatkhFr8POUaa8QNaE%2BJsquWZro5TGnm0VfnFTkElYwqvvxwykJ7HG4pQWRpT9BvSicryifVG1CGz6kvYAnpzmcKBJCWalBaRhpMErTBvx6R%2Bk20gqCKh3cE0i98sKOktQJC21zbBp2R%2FnoEUHmQ2JboQJfhi3rYwoaCkEOIeIqZQXi3Er8FgFGgRM6X1B9vazw0ZWtfSxofcx5pCndE61CmY8bGldubYpynue46oyk4pT2zbqrTsHx9ZIrXJxIKdac4%2FV9HQLN3laVUb6hbefhTS3wTY9a5cnP8SaV%2FZyfHoT6kOGCbKbWOgcYQb2lD0kjVMQwkHf5wMG7VDTYkVL4DUWYPnV2RDP5fDUrpZbnCzeAvv877teTimhUPFXHP6zaljTuJJOUahR2pOlzkZAxDYc%2B3vFXCTj5GHkSynqokpyhl8Hel1EHiJ27FHGCWY7GyarnQpTYjZ39tZ2F0HoeTTYwXQy4IXzYUgW6wl51WWmkSrPvb%2FqlDOf7FtgwPYh5UNv5wseoFVw%2B68qirlbmQ0obLUnITcz6FMzLEGS7YE3j4g8pZCzSwX%2F0dA0oOFVyejHqUMjhWOF7XHPySGGLs9yycSzCMb1sBk%2BB4yH0tsYc1Kndpxxc625N0sJuGk1mabdV3afY7b1ruHhgPYJHabePUXv0mPuSPIt8%2FIOkjDGhmEkfvCEldSHu9bISbuGWX%2F8cL9CVCEbAkrWs2cGU302ytZahKeEDKZTfY8mfqmf7m0s19BR6zpBrZNDkvVNEnhurJ0R2Oqrkit3iui4Sx7koeDVYmz%2FKbVGUFmY1gF7JuvpI84rlJCppRFRIoqn1EBf%2F2xOR1sE1IaY2OVElan1wJgNszVbN2Jsw4swbj3bMczLjbM42zXivuMKMTyU9HeeTNs7Maw7CAeJs1t9uKxxuq9qt2Aut7fwaVVC9FvsKJ1w%2BU7eeJI8rUOPurIcu9wqZa31VDtqut3svOzSuiRT4kDUMXVxevKlIB6v7dD7Eb%2BPop9N6zNRO7iZTh1twYEFkUvDxU1ysNgAiPbp1dRGGOr%2FZKqhB2X9v%2FxshOsZVL%2B6t4H6c60nuV8p8uGdwNemVoMVSxfqFk2eY9K6%2FHXnUWRhiIMIXHvlRGtAkVYLkMuuskXZB2H0Q8cq1tecO7qzjZQLqCW%2FCPj2PswveTavNiOAZAsTRnQDT0H1d1MbhRFKcDODHzfUb9PyUe7WsguT50Xk%2BVfOq4RhBBkFjjNy8sk1%2B%2FN6QOUF%2BMNTTElvBJ7IcbxGbpQjUmHX2xITdWucDvbnCJxsuwiINY1aNh%2BiALdveBQdch0OKALG0%2BAZRxVImtE%2BOkqwJGWyqmTDDKWgtSqZ8RBv6%2FU5ZJRim8GmNjb5Dx6m3wPBeZaFhVG3Z6RH8RsA4T3K7%2F%2FiUg2pyYH2MWXDMEkumWFPiz1Y8A1zY%2FC7xEHe%2Fn%2BIbqsCOO2WeXy4AV4E83uptuCFZtMDvP41k5jgwk6ZcQeuR33iDyZLPooEOFteYJ2XNSLjhz1cV20TqXolYj%2FKh6aok2GqwVMCRPhuV0fwO0iGBRGcF7SvRdU61HOxAc7%2Biyiw9mc3NJtcSc8BuWqqJyqwa9sjtKESl%2FGnA1NaorBLzWCb64hpcC3k%2FIbjUbpLeoiaYHLw%2B7cTVK8%2FMuBOTYXY43
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 15 Apr 2025 07:02:10 GMT
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

fanvortex.rest/join/5489/verify.php/verify.php

172.67.202.122

302 Found

1.8 kB

URL User Request GET
fanvortex.rest/join/5489/verify.php/verify.php
IP
172.67.202.122:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfanvortex.rest
Fingerprint89:6E:3B:66:E6:7B:E2:95:1D:FD:DA:69:2F:C8:CF:E9:39:05:29:AE
ValidityMon, 14 Apr 2025 18:25:08 GMT - Sun, 13 Jul 2025 19:22:47 GMT

File type

Size
1.8 kB (1842 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /join/5489/verify.php/verify.php HTTP/1.1
Host: fanvortex.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 15 Apr 2025 07:02:09 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 930993624cd4712e-OSL
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: /verify.php
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JCnW8bMKU64QIxv9Rdyjz029VCkqgKpkESKEtVGId5JVPVJZQ5biaLW4jAbSAs8YBQEUKkM6NGIqHb3l0rObi6%2FBn3Gewi0EAAH%2BjSGdVbKSkE9w4mLh4d%2FgkQRhyllocA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: PHPSESSID=t0u59hd08u5r28j6lbg97rl2bi; Path=/
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=6274&min_rtt=446&rtt_var=11670&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1274&delivery_rate=8074349&cwnd=249&unsent_bytes=0&cid=8d2ca41380eb7345&ts=104&x=0"
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.79.73

200 OK

20 kB

URL GET
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fanvortex.rest/verify.php
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fanvortex.rest
DNT: 1
Connection: keep-alive
Referer: https://fanvortex.rest/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Apr 2025 07:02:09 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 930993650d341bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fanvortex.rest/verify.php

172.67.202.122

200 OK

1.8 kB

URL User Request GET
fanvortex.rest/verify.php
IP
172.67.202.122:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfanvortex.rest
Fingerprint89:6E:3B:66:E6:7B:E2:95:1D:FD:DA:69:2F:C8:CF:E9:39:05:29:AE
ValidityMon, 14 Apr 2025 18:25:08 GMT - Sun, 13 Jul 2025 19:22:47 GMT

File type
HTML document, ASCII text, with very long lines (471)
Size
1.8 kB (1842 bytes)
Hash
c97ccfbb562cf86c090c0e1e13d77bc2
693ce6415124433a8b37820d63684b0c4c0c4f78
223e95f4d579a67125442e21e6d636450a59abc7cb3414477d34e26cea6c78dc

HTTP Headers

GET /verify.php HTTP/1.1
Host: fanvortex.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=t0u59hd08u5r28j6lbg97rl2bi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Apr 2025 07:02:09 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
cf-ray: 93099362edac712e-OSL
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VKfplMsw%2FwaExmJB94HcVWf71%2FGFMKV9RQY66kCQm3tmAlyICmgMUgpT80IbMzJ053Dr9VAnDMrrYFN8sGP6b%2FVtor%2Fh7CCzEMA5sLOc20%2ByVBmI2l8cgfSozYiOIFiT4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=4907&min_rtt=414&rtt_var=8937&sent=11&recv=14&lost=0&retrans=0&sent_bytes=4074&recv_bytes=1379&delivery_rate=8074349&cwnd=251&unsent_bytes=0&cid=8d2ca41380eb7345&ts=166&x=0"
X-Firefox-Spdy: h2

fanvortex.rest/favicon.ico

0.0.0.0

0 B

URL GET
fanvortex.rest/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://fanvortex.rest/verify.php
Certificate
IssuerGoogle Trust Services
Subjectfanvortex.rest
Fingerprint89:6E:3B:66:E6:7B:E2:95:1D:FD:DA:69:2F:C8:CF:E9:39:05:29:AE
ValidityMon, 14 Apr 2025 18:25:08 GMT - Sun, 13 Jul 2025 19:22:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fanvortex.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fanvortex.rest/verify.php
Cookie: PHPSESSID=t0u59hd08u5r28j6lbg97rl2bi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

cggdfgb.offrsmatch.com/s/63623a2b02510

81.30.157.12

200 OK

45 kB

URL User Request GET
cggdfgb.offrsmatch.com/s/63623a2b02510
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Certificate
IssuerLet's Encrypt
Subjectoffrsmatch.com
Fingerprint98:15:7D:6A:AD:59:A0:04:42:3E:17:38:64:BD:78:80:A7:51:C1:12
ValiditySat, 25 Jan 2025 08:52:47 GMT - Fri, 25 Apr 2025 08:52:46 GMT

File type
HTML document, ASCII text, with very long lines (30569), with CRLF, LF line terminators
Size
45 kB (44609 bytes)
Hash
f8dbc92d8ebe8a7b271fef524471bb2d
9a3ca8349a7b19ddce0195494bdcc588483cd0c6
75d8aa90b5ba564ef89a140559599ca908fef0d2d63328b5cd50bf9865378c71

HTTP Headers

GET /s/63623a2b02510 HTTP/1.1
Host: cggdfgb.offrsmatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 15 Apr 2025 07:02:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: s=e1uHPNQbYUAzv%2B2FrMv%2FGvyzbNT%2FXgiyrGnAI7R80Ij9YLjHlq%2FYLo3j55AOrI%2Fbak56aUpiByOZa1GzobSHwiB%2BLvanHuNb%2FRS476AbZd0CoVKsztBnAqfw2HFrgRb2Vw024Xh9BygErfmVXcjE9TrksZXMq%2F53prsS%2FRf1NWONCH7heWoRFAqHta4ahkr%2F3kArMxUEHVwtWzDd8dfqeLnur%2BAvNCC9tpiEna8YX81KXr7%2BdbNensVOCNDh6b9cOzZmnSxdKHp6pEslPDVE9lpavDRpl1D%2BucfbFqawFjjd%2B7V%2BaXnadKsRsPuU0G%2BCkoUXQmwjPWxcnKi2IyKzMJEN%2BweGpt10uWiW1Az4lc6SxtsT9XAmmymUPAEhNwMaxHDKcWr%2BQfJV5uJlXzFiGpJkUuhCENuYf3nt6y20kYOENatkhFr8POUaa8QNaE%2BJsquWZro5TGnm0VfnFTkElYwqvvxwykJ7HG4pQWRpT9BvSicryifVG1CGz6kvYAnpzmcKBJCWalBaRhpMErTBvx6R%2Bk20gqCKh3cE0i98sKOktQJC21zbBp2R%2FnoEUHmQ2JboQJfhi3rYwoaCkEOIeIqZQXi3Er8FgFGgRM6X1B9vazw0ZWtfSxofcx5pCndE61CmY8bGldubYpynue46oyk4pT2zbqrTsHx9ZIrXJxIKdac4%2FV9HQLN3laVUb6hbefhTS3wTY9a5cnP8SaV%2FZyfHoT6kOGCbKbWOgcYQb2lD0kjVMQwkHf5wMG7VDTYkVL4DUWYPnV2RDP5fDUrpZbnCzeAvv877teTimhUPFXHP6zaljTuJJOUahR2pOlzkZAxDYc%2B3vFXCTj5GHkSynqokpyhl8Hel1EHiJ27FHGCWY7GyarnQpTYjZ39tZ2F0HoeTTYwXQy4IXzYUgW6wl51WWmkSrPvb%2FqlDOf7FtgwPYh5UNv5wseoFVw%2B68qirlbmQ0obLUnITcz6FMzLEGS7YE3j4g8pZCzSwX%2F0dA0oOFVyejHqUMjhWOF7XHPySGGLs9yycSzCMb1sBk%2BB4yH0tsYc1Kndpxxc625N0sJuGk1mabdV3afY7b1ruHhgPYJHabePUXv0mPuSPIt8%2FIOkjDGhmEkfvCEldSHu9bISbuGWX%2F8cL9CVCEbAkrWs2cGU302ytZahKeEDKZTfY8mfqmf7m0s19BR6zpBrZNDkvVNEnhurJ0R2Oqrkit3iui4Sx7koeDVYmz%2FKbVGUFmY1gF7JuvpI84rlJCppRFRIoqn1EBf%2F2xOR1sE1IaY2OVElan1wJgNszVbN2Jsw4swbj3bMczLjbM42zXivuMKMTyU9HeeTNs7Maw7CAeJs1t9uKxxuq9qt2Aut7fwaVVC9FvsKJ1w%2BU7eeJI8rUOPurIcu9wqZa31VDtqut3svOzSuiRT4kDUMXVxevKlIB6v7dD7Eb%2BPop9N6zNRO7iZTh1twYEFkUvDxU1ysNgAiPbp1dRGGOr%2FZKqhB2X9v%2FxshOsZVL%2B6t4H6c60nuV8p8uGdwNemVoMVSxfqFk2eY9K6%2FHXnUWRhiIMIXHvlRGtAkVYLkMuuskXZB2H0Q8cq1tecO7qzjZQLqCW%2FCPj2PswveTavNiOAZAsTRnQDT0H1d1MbhRFKcDODHzfUb9PyUe7WsguT50Xk%2BVfOq4RhBBkFjjNy8sk1%2B%2FN6QOUF%2BMNTTElvBJ7IcbxGbpQjUmHX2xITdWucDvbnCJxsuwiINY1aNh%2BiALdveBQdch0OKALG0%2BAZRxVImtE%2BOkqwJGWyqmTDDKWgtSqZ8RBv6%2FU5ZJRim8GmNjb5Dx6m3wPBeZaFhVG3Z6RH8RsA4T3K7%2F%2FiUg2pyYH2MWXDMEkumWFPiz1Y8A1zY%2FC7xEHe%2Fn%2BIbqsCOO2WeXy4AV4E83uptuCFZtMDvP41k5jgwk6ZcQeuR33iDyZLPooEOFteYJ2XNSLjhz1cV20TqXolYj%2FKh6aok2GqwVMCRPhuV0fwO0iGBRGcF7SvRdU61HOxAc7%2Biyiw9mc3NJtcSc8BuWqqJyqwa9sjtKESl%2FGnA1NaorBLzWCb64hpcC3k%2FIbjUbpLeoiaYHLw%2B7cTVK8%2FMuBOTYXY43; expires=Wed, 16 Apr 2025 07:02:10 GMT; Max-Age=86400; path=/; domain=offrsmatch.com
cache-control: must-revalidate, no-cache, no-store, private
pragma: no-cache
expires: 0
content-encoding: gzip
X-Firefox-Spdy: h2

cggdfgb.offrsmatch.com/bundle/428/assets/img/1.gif

81.30.157.12

200 OK

1.2 MB

URL GET
cggdfgb.offrsmatch.com/bundle/428/assets/img/1.gif
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerLet's Encrypt
Subjectoffrsmatch.com
Fingerprint98:15:7D:6A:AD:59:A0:04:42:3E:17:38:64:BD:78:80:A7:51:C1:12
ValiditySat, 25 Jan 2025 08:52:47 GMT - Fri, 25 Apr 2025 08:52:46 GMT

File type
GIF image data, version 89a, 750 x 385
Size
1.2 MB (1176357 bytes)
Hash
efea5730b0f337b47d434886a91a9cc0
7ae59bc9b1b913d4f7487e4f2bbc5a7547658166
1eb934761608d336d78bac4e8e387deae2fac1dac4c0d7156d6bcfd7b31f3d9e

HTTP Headers

GET /bundle/428/assets/img/1.gif HTTP/1.1
Host: cggdfgb.offrsmatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cggdfgb.offrsmatch.com/s/63623a2b02510
Cookie: s=e1uHPNQbYUAzv%2B2FrMv%2FGvyzbNT%2FXgiyrGnAI7R80Ij9YLjHlq%2FYLo3j55AOrI%2Fbak56aUpiByOZa1GzobSHwiB%2BLvanHuNb%2FRS476AbZd0CoVKsztBnAqfw2HFrgRb2Vw024Xh9BygErfmVXcjE9TrksZXMq%2F53prsS%2FRf1NWONCH7heWoRFAqHta4ahkr%2F3kArMxUEHVwtWzDd8dfqeLnur%2BAvNCC9tpiEna8YX81KXr7%2BdbNensVOCNDh6b9cOzZmnSxdKHp6pEslPDVE9lpavDRpl1D%2BucfbFqawFjjd%2B7V%2BaXnadKsRsPuU0G%2BCkoUXQmwjPWxcnKi2IyKzMJEN%2BweGpt10uWiW1Az4lc6SxtsT9XAmmymUPAEhNwMaxHDKcWr%2BQfJV5uJlXzFiGpJkUuhCENuYf3nt6y20kYOENatkhFr8POUaa8QNaE%2BJsquWZro5TGnm0VfnFTkElYwqvvxwykJ7HG4pQWRpT9BvSicryifVG1CGz6kvYAnpzmcKBJCWalBaRhpMErTBvx6R%2Bk20gqCKh3cE0i98sKOktQJC21zbBp2R%2FnoEUHmQ2JboQJfhi3rYwoaCkEOIeIqZQXi3Er8FgFGgRM6X1B9vazw0ZWtfSxofcx5pCndE61CmY8bGldubYpynue46oyk4pT2zbqrTsHx9ZIrXJxIKdac4%2FV9HQLN3laVUb6hbefhTS3wTY9a5cnP8SaV%2FZyfHoT6kOGCbKbWOgcYQb2lD0kjVMQwkHf5wMG7VDTYkVL4DUWYPnV2RDP5fDUrpZbnCzeAvv877teTimhUPFXHP6zaljTuJJOUahR2pOlzkZAxDYc%2B3vFXCTj5GHkSynqokpyhl8Hel1EHiJ27FHGCWY7GyarnQpTYjZ39tZ2F0HoeTTYwXQy4IXzYUgW6wl51WWmkSrPvb%2FqlDOf7FtgwPYh5UNv5wseoFVw%2B68qirlbmQ0obLUnITcz6FMzLEGS7YE3j4g8pZCzSwX%2F0dA0oOFVyejHqUMjhWOF7XHPySGGLs9yycSzCMb1sBk%2BB4yH0tsYc1Kndpxxc625N0sJuGk1mabdV3afY7b1ruHhgPYJHabePUXv0mPuSPIt8%2FIOkjDGhmEkfvCEldSHu9bISbuGWX%2F8cL9CVCEbAkrWs2cGU302ytZahKeEDKZTfY8mfqmf7m0s19BR6zpBrZNDkvVNEnhurJ0R2Oqrkit3iui4Sx7koeDVYmz%2FKbVGUFmY1gF7JuvpI84rlJCppRFRIoqn1EBf%2F2xOR1sE1IaY2OVElan1wJgNszVbN2Jsw4swbj3bMczLjbM42zXivuMKMTyU9HeeTNs7Maw7CAeJs1t9uKxxuq9qt2Aut7fwaVVC9FvsKJ1w%2BU7eeJI8rUOPurIcu9wqZa31VDtqut3svOzSuiRT4kDUMXVxevKlIB6v7dD7Eb%2BPop9N6zNRO7iZTh1twYEFkUvDxU1ysNgAiPbp1dRGGOr%2FZKqhB2X9v%2FxshOsZVL%2B6t4H6c60nuV8p8uGdwNemVoMVSxfqFk2eY9K6%2FHXnUWRhiIMIXHvlRGtAkVYLkMuuskXZB2H0Q8cq1tecO7qzjZQLqCW%2FCPj2PswveTavNiOAZAsTRnQDT0H1d1MbhRFKcDODHzfUb9PyUe7WsguT50Xk%2BVfOq4RhBBkFjjNy8sk1%2B%2FN6QOUF%2BMNTTElvBJ7IcbxGbpQjUmHX2xITdWucDvbnCJxsuwiINY1aNh%2BiALdveBQdch0OKALG0%2BAZRxVImtE%2BOkqwJGWyqmTDDKWgtSqZ8RBv6%2FU5ZJRim8GmNjb5Dx6m3wPBeZaFhVG3Z6RH8RsA4T3K7%2F%2FiUg2pyYH2MWXDMEkumWFPiz1Y8A1zY%2FC7xEHe%2Fn%2BIbqsCOO2WeXy4AV4E83uptuCFZtMDvP41k5jgwk6ZcQeuR33iDyZLPooEOFteYJ2XNSLjhz1cV20TqXolYj%2FKh6aok2GqwVMCRPhuV0fwO0iGBRGcF7SvRdU61HOxAc7%2Biyiw9mc3NJtcSc8BuWqqJyqwa9sjtKESl%2FGnA1NaorBLzWCb64hpcC3k%2FIbjUbpLeoiaYHLw%2B7cTVK8%2FMuBOTYXY43
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 15 Apr 2025 07:02:10 GMT
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

cggdfgb.offrsmatch.com/bundle/428/assets/js/jquery.js

81.30.157.12

200 OK

90 kB

URL GET
cggdfgb.offrsmatch.com/bundle/428/assets/js/jquery.js
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerLet's Encrypt
Subjectoffrsmatch.com
Fingerprint98:15:7D:6A:AD:59:A0:04:42:3E:17:38:64:BD:78:80:A7:51:C1:12
ValiditySat, 25 Jan 2025 08:52:47 GMT - Fri, 25 Apr 2025 08:52:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89475 bytes)
Hash
12b69d0ae6c6f0c42942ae6da2896e84
d2cc8d43ce1c854b1172e42b1209502ad563db83
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

HTTP Headers

GET /bundle/428/assets/js/jquery.js HTTP/1.1
Host: cggdfgb.offrsmatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cggdfgb.offrsmatch.com/s/63623a2b02510
Cookie: s=e1uHPNQbYUAzv%2B2FrMv%2FGvyzbNT%2FXgiyrGnAI7R80Ij9YLjHlq%2FYLo3j55AOrI%2Fbak56aUpiByOZa1GzobSHwiB%2BLvanHuNb%2FRS476AbZd0CoVKsztBnAqfw2HFrgRb2Vw024Xh9BygErfmVXcjE9TrksZXMq%2F53prsS%2FRf1NWONCH7heWoRFAqHta4ahkr%2F3kArMxUEHVwtWzDd8dfqeLnur%2BAvNCC9tpiEna8YX81KXr7%2BdbNensVOCNDh6b9cOzZmnSxdKHp6pEslPDVE9lpavDRpl1D%2BucfbFqawFjjd%2B7V%2BaXnadKsRsPuU0G%2BCkoUXQmwjPWxcnKi2IyKzMJEN%2BweGpt10uWiW1Az4lc6SxtsT9XAmmymUPAEhNwMaxHDKcWr%2BQfJV5uJlXzFiGpJkUuhCENuYf3nt6y20kYOENatkhFr8POUaa8QNaE%2BJsquWZro5TGnm0VfnFTkElYwqvvxwykJ7HG4pQWRpT9BvSicryifVG1CGz6kvYAnpzmcKBJCWalBaRhpMErTBvx6R%2Bk20gqCKh3cE0i98sKOktQJC21zbBp2R%2FnoEUHmQ2JboQJfhi3rYwoaCkEOIeIqZQXi3Er8FgFGgRM6X1B9vazw0ZWtfSxofcx5pCndE61CmY8bGldubYpynue46oyk4pT2zbqrTsHx9ZIrXJxIKdac4%2FV9HQLN3laVUb6hbefhTS3wTY9a5cnP8SaV%2FZyfHoT6kOGCbKbWOgcYQb2lD0kjVMQwkHf5wMG7VDTYkVL4DUWYPnV2RDP5fDUrpZbnCzeAvv877teTimhUPFXHP6zaljTuJJOUahR2pOlzkZAxDYc%2B3vFXCTj5GHkSynqokpyhl8Hel1EHiJ27FHGCWY7GyarnQpTYjZ39tZ2F0HoeTTYwXQy4IXzYUgW6wl51WWmkSrPvb%2FqlDOf7FtgwPYh5UNv5wseoFVw%2B68qirlbmQ0obLUnITcz6FMzLEGS7YE3j4g8pZCzSwX%2F0dA0oOFVyejHqUMjhWOF7XHPySGGLs9yycSzCMb1sBk%2BB4yH0tsYc1Kndpxxc625N0sJuGk1mabdV3afY7b1ruHhgPYJHabePUXv0mPuSPIt8%2FIOkjDGhmEkfvCEldSHu9bISbuGWX%2F8cL9CVCEbAkrWs2cGU302ytZahKeEDKZTfY8mfqmf7m0s19BR6zpBrZNDkvVNEnhurJ0R2Oqrkit3iui4Sx7koeDVYmz%2FKbVGUFmY1gF7JuvpI84rlJCppRFRIoqn1EBf%2F2xOR1sE1IaY2OVElan1wJgNszVbN2Jsw4swbj3bMczLjbM42zXivuMKMTyU9HeeTNs7Maw7CAeJs1t9uKxxuq9qt2Aut7fwaVVC9FvsKJ1w%2BU7eeJI8rUOPurIcu9wqZa31VDtqut3svOzSuiRT4kDUMXVxevKlIB6v7dD7Eb%2BPop9N6zNRO7iZTh1twYEFkUvDxU1ysNgAiPbp1dRGGOr%2FZKqhB2X9v%2FxshOsZVL%2B6t4H6c60nuV8p8uGdwNemVoMVSxfqFk2eY9K6%2FHXnUWRhiIMIXHvlRGtAkVYLkMuuskXZB2H0Q8cq1tecO7qzjZQLqCW%2FCPj2PswveTavNiOAZAsTRnQDT0H1d1MbhRFKcDODHzfUb9PyUe7WsguT50Xk%2BVfOq4RhBBkFjjNy8sk1%2B%2FN6QOUF%2BMNTTElvBJ7IcbxGbpQjUmHX2xITdWucDvbnCJxsuwiINY1aNh%2BiALdveBQdch0OKALG0%2BAZRxVImtE%2BOkqwJGWyqmTDDKWgtSqZ8RBv6%2FU5ZJRim8GmNjb5Dx6m3wPBeZaFhVG3Z6RH8RsA4T3K7%2F%2FiUg2pyYH2MWXDMEkumWFPiz1Y8A1zY%2FC7xEHe%2Fn%2BIbqsCOO2WeXy4AV4E83uptuCFZtMDvP41k5jgwk6ZcQeuR33iDyZLPooEOFteYJ2XNSLjhz1cV20TqXolYj%2FKh6aok2GqwVMCRPhuV0fwO0iGBRGcF7SvRdU61HOxAc7%2Biyiw9mc3NJtcSc8BuWqqJyqwa9sjtKESl%2FGnA1NaorBLzWCb64hpcC3k%2FIbjUbpLeoiaYHLw%2B7cTVK8%2FMuBOTYXY43
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 15 Apr 2025 07:02:10 GMT
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:400,700&display=swap

216.58.211.10

200 OK

1.7 kB

URL GET
fonts.googleapis.com/css?family=Poppins:400,700&display=swap
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT

File type
ASCII text
Size
1.7 kB (1684 bytes)
Hash
99d90ab26c341699c53981b36717c9b3
82174e96776a8902e585abff2f3be64cd66b3ee6
9af30ce313eaded8bbaa00a74211181dc2ff174ef652cd127d31fa39623f0a13

HTTP Headers

GET /css?family=Poppins:400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cggdfgb.offrsmatch.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 15 Apr 2025 07:02:10 GMT
date: Tue, 15 Apr 2025 07:02:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fanvortex.rest/verify.php

172.67.202.122

302 Found

45 kB

URL User Request POST
fanvortex.rest/verify.php
IP
172.67.202.122:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfanvortex.rest
Fingerprint89:6E:3B:66:E6:7B:E2:95:1D:FD:DA:69:2F:C8:CF:E9:39:05:29:AE
ValidityMon, 14 Apr 2025 18:25:08 GMT - Sun, 13 Jul 2025 19:22:47 GMT

File type

Size
45 kB (44609 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /verify.php HTTP/1.1
Host: fanvortex.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 189
Origin: https://fanvortex.rest
DNT: 1
Connection: keep-alive
Referer: https://fanvortex.rest/verify.php
Cookie: PHPSESSID=t0u59hd08u5r28j6lbg97rl2bi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Tue, 15 Apr 2025 07:02:09 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZLYLHRUzHCgPHUgFpFYDlHt3qA%2Fgft8XffrkuRzBtEA7J%2BMH1wRPeimS9bvWFhthEX%2F2%2BA9A0licAW%2FpwpX2L1AkcyoxjKg13h2Njkml6GaktasHcwgSFAduWnNSyWSzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=QUIC&rtt=3340&min_rtt=843&rtt_var=1858&sent=126&recv=187&lost=0&retrans=0&sent_bytes=9899&recv_bytes=11060&delivery_rate=687&cwnd=12000&unsent_bytes=0&cid=bfd2359f9da98304&ts=511&x=16"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: /join/5489/verify.php/verify.php
cf-cache-status: DYNAMIC
cf-ray: 930993659976b50f-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

fanvortex.rest/join/5489/verify.php/verify.php

172.67.202.122

302 Found

45 kB

URL User Request GET
fanvortex.rest/join/5489/verify.php/verify.php
IP
172.67.202.122:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfanvortex.rest
Fingerprint89:6E:3B:66:E6:7B:E2:95:1D:FD:DA:69:2F:C8:CF:E9:39:05:29:AE
ValidityMon, 14 Apr 2025 18:25:08 GMT - Sun, 13 Jul 2025 19:22:47 GMT

File type

Size
45 kB (44609 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /join/5489/verify.php/verify.php HTTP/1.1
Host: fanvortex.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fanvortex.rest/verify.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=t0u59hd08u5r28j6lbg97rl2bi
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Tue, 15 Apr 2025 07:02:09 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jzk%2FdcT3qR8EHApfmzFckau%2F0OVSpUtBVCLIyQU5QCgHLWkssmpEnoEasmHLqQztWaUsjFuWux%2FriYWZomRKmkVq7vgExZfMknA6sTOkOHDK8cD1gsZRjAa%2B%2F5dGMPFCew%3D%3D"}],"group":"cf-nel","max_age":604800}
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=QUIC&rtt=3340&min_rtt=843&rtt_var=1858&sent=126&recv=187&lost=0&retrans=0&sent_bytes=9899&recv_bytes=11060&delivery_rate=687&cwnd=12000&unsent_bytes=0&cid=bfd2359f9da98304&ts=565&x=16"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: https://nrb2mr0.wild-match-network.com/t6pp7e3?t=CasualDating&cid=1
cf-cache-status: DYNAMIC
cf-ray: 93099366197bb50f-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

nrb2mr0.wild-match-network.com/t6pp7e3?t=CasualDating&cid=1

185.155.184.43

302 Found

45 kB

URL User Request GET
nrb2mr0.wild-match-network.com/t6pp7e3?t=CasualDating&cid=1
IP
185.155.184.43:443
ASN
#6898 AS5398 SA

Certificate
IssuerLet's Encrypt
Subjectwild-match-network.com
FingerprintDC:DC:7F:21:C0:97:E8:FB:75:37:20:80:55:F0:3E:B8:95:A1:3F:41
ValidityMon, 14 Apr 2025 00:35:50 GMT - Sun, 13 Jul 2025 00:35:49 GMT

File type

Size
45 kB (44609 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /t6pp7e3?t=CasualDating&cid=1 HTTP/1.1
Host: nrb2mr0.wild-match-network.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fanvortex.rest/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: openresty
date: Tue, 15 Apr 2025 07:02:10 GMT
content-type: text/html; charset=utf-8
content-length: 163
location: https://cggdfgb.offrsmatch.com/s/63623a2b02510
set-cookie: sid=t4~0g4hozfgj1rxz52k3floe00p; path=/
referrer-policy: no-referrer
cache-control: private, no-transform
X-Firefox-Spdy: h2

cggdfgb.offrsmatch.com/bundle/428/assets/css/style.css

81.30.157.12

200 OK

7.5 kB

URL GET
cggdfgb.offrsmatch.com/bundle/428/assets/css/style.css
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerLet's Encrypt
Subjectoffrsmatch.com
Fingerprint98:15:7D:6A:AD:59:A0:04:42:3E:17:38:64:BD:78:80:A7:51:C1:12
ValiditySat, 25 Jan 2025 08:52:47 GMT - Fri, 25 Apr 2025 08:52:46 GMT

File type
ASCII text
Size
7.5 kB (7504 bytes)
Hash
f640259daeb9248af8129ab5345b3b6b
0573fa50895bfef79716b536407de48dd194da06
44b28135838b343bd4d190b0bedcdf06bdf5809f1143651e9a78265c3321c531

HTTP Headers

GET /bundle/428/assets/css/style.css HTTP/1.1
Host: cggdfgb.offrsmatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cggdfgb.offrsmatch.com/s/63623a2b02510
Cookie: s=e1uHPNQbYUAzv%2B2FrMv%2FGvyzbNT%2FXgiyrGnAI7R80Ij9YLjHlq%2FYLo3j55AOrI%2Fbak56aUpiByOZa1GzobSHwiB%2BLvanHuNb%2FRS476AbZd0CoVKsztBnAqfw2HFrgRb2Vw024Xh9BygErfmVXcjE9TrksZXMq%2F53prsS%2FRf1NWONCH7heWoRFAqHta4ahkr%2F3kArMxUEHVwtWzDd8dfqeLnur%2BAvNCC9tpiEna8YX81KXr7%2BdbNensVOCNDh6b9cOzZmnSxdKHp6pEslPDVE9lpavDRpl1D%2BucfbFqawFjjd%2B7V%2BaXnadKsRsPuU0G%2BCkoUXQmwjPWxcnKi2IyKzMJEN%2BweGpt10uWiW1Az4lc6SxtsT9XAmmymUPAEhNwMaxHDKcWr%2BQfJV5uJlXzFiGpJkUuhCENuYf3nt6y20kYOENatkhFr8POUaa8QNaE%2BJsquWZro5TGnm0VfnFTkElYwqvvxwykJ7HG4pQWRpT9BvSicryifVG1CGz6kvYAnpzmcKBJCWalBaRhpMErTBvx6R%2Bk20gqCKh3cE0i98sKOktQJC21zbBp2R%2FnoEUHmQ2JboQJfhi3rYwoaCkEOIeIqZQXi3Er8FgFGgRM6X1B9vazw0ZWtfSxofcx5pCndE61CmY8bGldubYpynue46oyk4pT2zbqrTsHx9ZIrXJxIKdac4%2FV9HQLN3laVUb6hbefhTS3wTY9a5cnP8SaV%2FZyfHoT6kOGCbKbWOgcYQb2lD0kjVMQwkHf5wMG7VDTYkVL4DUWYPnV2RDP5fDUrpZbnCzeAvv877teTimhUPFXHP6zaljTuJJOUahR2pOlzkZAxDYc%2B3vFXCTj5GHkSynqokpyhl8Hel1EHiJ27FHGCWY7GyarnQpTYjZ39tZ2F0HoeTTYwXQy4IXzYUgW6wl51WWmkSrPvb%2FqlDOf7FtgwPYh5UNv5wseoFVw%2B68qirlbmQ0obLUnITcz6FMzLEGS7YE3j4g8pZCzSwX%2F0dA0oOFVyejHqUMjhWOF7XHPySGGLs9yycSzCMb1sBk%2BB4yH0tsYc1Kndpxxc625N0sJuGk1mabdV3afY7b1ruHhgPYJHabePUXv0mPuSPIt8%2FIOkjDGhmEkfvCEldSHu9bISbuGWX%2F8cL9CVCEbAkrWs2cGU302ytZahKeEDKZTfY8mfqmf7m0s19BR6zpBrZNDkvVNEnhurJ0R2Oqrkit3iui4Sx7koeDVYmz%2FKbVGUFmY1gF7JuvpI84rlJCppRFRIoqn1EBf%2F2xOR1sE1IaY2OVElan1wJgNszVbN2Jsw4swbj3bMczLjbM42zXivuMKMTyU9HeeTNs7Maw7CAeJs1t9uKxxuq9qt2Aut7fwaVVC9FvsKJ1w%2BU7eeJI8rUOPurIcu9wqZa31VDtqut3svOzSuiRT4kDUMXVxevKlIB6v7dD7Eb%2BPop9N6zNRO7iZTh1twYEFkUvDxU1ysNgAiPbp1dRGGOr%2FZKqhB2X9v%2FxshOsZVL%2B6t4H6c60nuV8p8uGdwNemVoMVSxfqFk2eY9K6%2FHXnUWRhiIMIXHvlRGtAkVYLkMuuskXZB2H0Q8cq1tecO7qzjZQLqCW%2FCPj2PswveTavNiOAZAsTRnQDT0H1d1MbhRFKcDODHzfUb9PyUe7WsguT50Xk%2BVfOq4RhBBkFjjNy8sk1%2B%2FN6QOUF%2BMNTTElvBJ7IcbxGbpQjUmHX2xITdWucDvbnCJxsuwiINY1aNh%2BiALdveBQdch0OKALG0%2BAZRxVImtE%2BOkqwJGWyqmTDDKWgtSqZ8RBv6%2FU5ZJRim8GmNjb5Dx6m3wPBeZaFhVG3Z6RH8RsA4T3K7%2F%2FiUg2pyYH2MWXDMEkumWFPiz1Y8A1zY%2FC7xEHe%2Fn%2BIbqsCOO2WeXy4AV4E83uptuCFZtMDvP41k5jgwk6ZcQeuR33iDyZLPooEOFteYJ2XNSLjhz1cV20TqXolYj%2FKh6aok2GqwVMCRPhuV0fwO0iGBRGcF7SvRdU61HOxAc7%2Biyiw9mc3NJtcSc8BuWqqJyqwa9sjtKESl%2FGnA1NaorBLzWCb64hpcC3k%2FIbjUbpLeoiaYHLw%2B7cTVK8%2FMuBOTYXY43
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 15 Apr 2025 07:02:10 GMT
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.3

200 OK

7.8 kB

URL GET
fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cggdfgb.offrsmatch.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 09:22:11 GMT
expires: Fri, 10 Apr 2026 09:22:11 GMT
cache-control: public, max-age=31536000
age: 423600
last-modified: Wed, 04 Dec 2024 06:53:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.3

200 OK

7.9 kB

URL GET
fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cggdfgb.offrsmatch.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 09:32:10 GMT
expires: Fri, 10 Apr 2026 09:32:10 GMT
cache-control: public, max-age=31536000
age: 423001
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cggdfgb.offrsmatch.com/bundle/428/assets/img/favicon.png

81.30.157.12

200 OK

6.1 kB

URL GET
cggdfgb.offrsmatch.com/bundle/428/assets/img/favicon.png
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://cggdfgb.offrsmatch.com/s/63623a2b02510
Certificate
IssuerLet's Encrypt
Subjectoffrsmatch.com
Fingerprint98:15:7D:6A:AD:59:A0:04:42:3E:17:38:64:BD:78:80:A7:51:C1:12
ValiditySat, 25 Jan 2025 08:52:47 GMT - Fri, 25 Apr 2025 08:52:46 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
6.1 kB (6079 bytes)
Hash
77d88fe642cde0070a90a7dafd0e7f1f
3ddabddec8ca2a3153c660132bab4e340f3fda64
6e951e334de8a90efba56079d218967cddfac054427022f1b294e35823beebfa

HTTP Headers

GET /bundle/428/assets/img/favicon.png HTTP/1.1
Host: cggdfgb.offrsmatch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cggdfgb.offrsmatch.com/s/63623a2b02510
Cookie: s=e1uHPNQbYUAzv%2B2FrMv%2FGvyzbNT%2FXgiyrGnAI7R80Ij9YLjHlq%2FYLo3j55AOrI%2Fbak56aUpiByOZa1GzobSHwiB%2BLvanHuNb%2FRS476AbZd0CoVKsztBnAqfw2HFrgRb2Vw024Xh9BygErfmVXcjE9TrksZXMq%2F53prsS%2FRf1NWONCH7heWoRFAqHta4ahkr%2F3kArMxUEHVwtWzDd8dfqeLnur%2BAvNCC9tpiEna8YX81KXr7%2BdbNensVOCNDh6b9cOzZmnSxdKHp6pEslPDVE9lpavDRpl1D%2BucfbFqawFjjd%2B7V%2BaXnadKsRsPuU0G%2BCkoUXQmwjPWxcnKi2IyKzMJEN%2BweGpt10uWiW1Az4lc6SxtsT9XAmmymUPAEhNwMaxHDKcWr%2BQfJV5uJlXzFiGpJkUuhCENuYf3nt6y20kYOENatkhFr8POUaa8QNaE%2BJsquWZro5TGnm0VfnFTkElYwqvvxwykJ7HG4pQWRpT9BvSicryifVG1CGz6kvYAnpzmcKBJCWalBaRhpMErTBvx6R%2Bk20gqCKh3cE0i98sKOktQJC21zbBp2R%2FnoEUHmQ2JboQJfhi3rYwoaCkEOIeIqZQXi3Er8FgFGgRM6X1B9vazw0ZWtfSxofcx5pCndE61CmY8bGldubYpynue46oyk4pT2zbqrTsHx9ZIrXJxIKdac4%2FV9HQLN3laVUb6hbefhTS3wTY9a5cnP8SaV%2FZyfHoT6kOGCbKbWOgcYQb2lD0kjVMQwkHf5wMG7VDTYkVL4DUWYPnV2RDP5fDUrpZbnCzeAvv877teTimhUPFXHP6zaljTuJJOUahR2pOlzkZAxDYc%2B3vFXCTj5GHkSynqokpyhl8Hel1EHiJ27FHGCWY7GyarnQpTYjZ39tZ2F0HoeTTYwXQy4IXzYUgW6wl51WWmkSrPvb%2FqlDOf7FtgwPYh5UNv5wseoFVw%2B68qirlbmQ0obLUnITcz6FMzLEGS7YE3j4g8pZCzSwX%2F0dA0oOFVyejHqUMjhWOF7XHPySGGLs9yycSzCMb1sBk%2BB4yH0tsYc1Kndpxxc625N0sJuGk1mabdV3afY7b1ruHhgPYJHabePUXv0mPuSPIt8%2FIOkjDGhmEkfvCEldSHu9bISbuGWX%2F8cL9CVCEbAkrWs2cGU302ytZahKeEDKZTfY8mfqmf7m0s19BR6zpBrZNDkvVNEnhurJ0R2Oqrkit3iui4Sx7koeDVYmz%2FKbVGUFmY1gF7JuvpI84rlJCppRFRIoqn1EBf%2F2xOR1sE1IaY2OVElan1wJgNszVbN2Jsw4swbj3bMczLjbM42zXivuMKMTyU9HeeTNs7Maw7CAeJs1t9uKxxuq9qt2Aut7fwaVVC9FvsKJ1w%2BU7eeJI8rUOPurIcu9wqZa31VDtqut3svOzSuiRT4kDUMXVxevKlIB6v7dD7Eb%2BPop9N6zNRO7iZTh1twYEFkUvDxU1ysNgAiPbp1dRGGOr%2FZKqhB2X9v%2FxshOsZVL%2B6t4H6c60nuV8p8uGdwNemVoMVSxfqFk2eY9K6%2FHXnUWRhiIMIXHvlRGtAkVYLkMuuskXZB2H0Q8cq1tecO7qzjZQLqCW%2FCPj2PswveTavNiOAZAsTRnQDT0H1d1MbhRFKcDODHzfUb9PyUe7WsguT50Xk%2BVfOq4RhBBkFjjNy8sk1%2B%2FN6QOUF%2BMNTTElvBJ7IcbxGbpQjUmHX2xITdWucDvbnCJxsuwiINY1aNh%2BiALdveBQdch0OKALG0%2BAZRxVImtE%2BOkqwJGWyqmTDDKWgtSqZ8RBv6%2FU5ZJRim8GmNjb5Dx6m3wPBeZaFhVG3Z6RH8RsA4T3K7%2F%2FiUg2pyYH2MWXDMEkumWFPiz1Y8A1zY%2FC7xEHe%2Fn%2BIbqsCOO2WeXy4AV4E83uptuCFZtMDvP41k5jgwk6ZcQeuR33iDyZLPooEOFteYJ2XNSLjhz1cV20TqXolYj%2FKh6aok2GqwVMCRPhuV0fwO0iGBRGcF7SvRdU61HOxAc7%2Biyiw9mc3NJtcSc8BuWqqJyqwa9sjtKESl%2FGnA1NaorBLzWCb64hpcC3k%2FIbjUbpLeoiaYHLw%2B7cTVK8%2FMuBOTYXY43
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 15 Apr 2025 07:02:11 GMT
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN