| veryfastcdn.com/clickadu/templates/onebutton/verification3/18.png |  188.114.97.1 | 200 OK | 4.7 kB |
URL GET HTTP/2veryfastcdn.com/clickadu/templates/onebutton/verification3/18.png IP188.114.97.1:443
Requested byhttps://lookmommynohands.com/?b=104461073&ba=1&campid=103271833&did=223&dm=1&ep=1&g=US&i18db=1&l=5mV67Vu23AT4diK&oaid=2a708023601f722b6861877e9f0fc899&rid={reverse_id|1224055}&s=916699269442842624&ssk=a1dc23168198ebc2f3996eff89be9c41&svar=1740121655&vi=1&vo=1&z=7328388&tr=default&stest=a2bd01170eb545828cb63a624716454f CertificateIssuerGoogle Trust Services Subjectveryfastcdn.com FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7 ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT
File typePNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced Hash46cb3edc4a2ea526989b8c22ba6144bb 307edaf289185e85a5af9f777dade274c8e381b5 af583d4b34b8c7ea070531ba08a688388d35f9184891041edf6203a49d745bc3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /clickadu/templates/onebutton/verification3/18.png HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 21 Feb 2025 07:08:17 GMT
content-type: image/png
content-length: 4652
last-modified: Thu, 20 Feb 2025 11:53:32 GMT
vary: Accept-Encoding
etag: "67b717bc-122c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 6985
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=su4R%2FolMbCpb0q6pdWYO5ppkZ%2FzRCYMCUs6XCMuUJNYNYoUEXObqnmHkgGVtbeFJXpOOnQr%2FRHCK01wP31Rnbf8guyzD1MlJUojuQyRBCfBlLZbZj93WKGZi4w%2F3IPAXEIg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9154e7813a1f5699-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=605&min_rtt=475&rtt_var=240&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3286&recv_bytes=1217&delivery_rate=7515570&cwnd=254&unsent_bytes=0&cid=72a5b4e5691589e7&ts=48&x=0"
X-Firefox-Spdy: h2
|
| lookmommynohands.com/favicon.ico | 188.114.97.1 | 204 No Content | 0 B |
URL GET HTTP/3lookmommynohands.com/favicon.ico IP188.114.97.1:443
Requested byhttps://lookmommynohands.com/?b=104461073&ba=1&campid=103271833&did=223&dm=1&ep=1&g=US&i18db=1&l=5mV67Vu23AT4diK&oaid=2a708023601f722b6861877e9f0fc899&rid={reverse_id|1224055}&s=916699269442842624&ssk=a1dc23168198ebc2f3996eff89be9c41&svar=1740121655&vi=1&vo=1&z=7328388&tr=default&stest=a2bd01170eb545828cb63a624716454f CertificateIssuerGoogle Trust Services Subjectlookmommynohands.com FingerprintB2:AE:94:16:C8:3A:8A:BE:1E:32:CF:23:89:86:C3:1C:51:DC:8C:58 ValidityFri, 24 Jan 2025 16:20:34 GMT - Thu, 24 Apr 2025 17:18:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: lookmommynohands.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: reverse=jQILnleu62h44Am82mccNdCh7yqOyZ08va3EtwA8Zkg; OAID=2a708023601f722b6861877e9f0fc899; oaidts=1740121696
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 21 Feb 2025 07:08:17 GMT
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 1409
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aEFGRlXtEuU9WMF8Bn7USmsIPfiqjuN0hkvJLnLoxpKjyJXOuMZECwPnypI8ouloVYpLB5MPQn2tZvFf68rGZ%2BP8qSD8Q6g1%2F3NlSkT4xjawlsZ4kmEumbkfja8ri8XEwmV%2FwemkkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9154e7821e0cb4eb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19578&min_rtt=5981&rtt_var=11955&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4069&recv_bytes=1173&delivery_rate=99301&cwnd=12000&unsent_bytes=0&cid=1702c4819fbf9b3f&ts=735&x=1", cfExtPri, cfHdrFlush;dur=0
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml |  35.244.181.201 | 200 OK | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/g/chains/202402/aus.content-signature.mozilla.org-2025-04-10-18-02-02.chain; p384ecdsa=f1wCrgMH954umab8Q0Dq8qMre0TejbZ2zC00MLvAoytqm1s1rq6MPUyeIKhIhiUWlJtWQibt6vm9-dlRPkz2DjydMEpfLSkU5GlnUac9vAp8Pr4oyO7zoXppP-4owbKr
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 21 Feb 2025 07:06:56 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 99
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
| lookmommynohands.com/?b=104461073&ba=1&campid=103271833&did=223&dm=1&ep=1&g=US&i18db=1&l=5mV67Vu23AT4diK&oaid=2a708023601f722b6861877e9f0fc899&rid={reverse_id|1224055}&s=916699269442842624&ssk=a1dc23168198ebc2f3996eff89be9c41&svar=1740121655&vi=1&vo=1&z=7328388&tr=default&stest=a2bd01170eb545828cb63a624716454f | 188.114.97.1 | 200 OK | 11 kB |
URL User Request GET HTTP/2lookmommynohands.com/?b=104461073&ba=1&campid=103271833&did=223&dm=1&ep=1&g=US&i18db=1&l=5mV67Vu23AT4diK&oaid=2a708023601f722b6861877e9f0fc899&rid={reverse_id|1224055}&s=916699269442842624&ssk=a1dc23168198ebc2f3996eff89be9c41&svar=1740121655&vi=1&vo=1&z=7328388&tr=default&stest=a2bd01170eb545828cb63a624716454f IP188.114.97.1:443
CertificateIssuerGoogle Trust Services Subjectlookmommynohands.com FingerprintB2:AE:94:16:C8:3A:8A:BE:1E:32:CF:23:89:86:C3:1C:51:DC:8C:58 ValidityFri, 24 Jan 2025 16:20:34 GMT - Thu, 24 Apr 2025 17:18:51 GMT
File typeHTML document, ASCII text, with very long lines (1954), with CRLF, LF line terminators Hash97c892a755ecf8d134e389e5e333fcad cce99198c645e25d7423ee27c41a1f894a3ce3a2 a01e6dc000262f16bf07e2723ff364c4345ea4650b01433710fa920eaca6fa3b
GET /?b=104461073&ba=1&campid=103271833&did=223&dm=1&ep=1&g=US&i18db=1&l=5mV67Vu23AT4diK&oaid=2a708023601f722b6861877e9f0fc899&rid={reverse_id|1224055}&s=916699269442842624&ssk=a1dc23168198ebc2f3996eff89be9c41&svar=1740121655&vi=1&vo=1&z=7328388&tr=default&stest=a2bd01170eb545828cb63a624716454f HTTP/1.1
Host: lookmommynohands.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 21 Feb 2025 07:08:16 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: reverse=jQILnleu62h44Am82mccNdCh7yqOyZ08va3EtwA8Zkg; Path=/; Max-Age=3600; Expires=Fri, 21 Feb 2025 08:08:16 GMT
OAID=2a708023601f722b6861877e9f0fc899; Path=/; Max-Age=1771657696; Expires=Sun, 13 Apr 2081 14:16:32 GMT
oaidts=1740121696; Path=/; Max-Age=1771657696; Expires=Sun, 13 Apr 2081 14:16:32 GMT
syncedCookie=deleted; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 9154e77cc8ba56c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
0.0.0.0