Report - hrsea.economictimes.indiatimes.com/etl.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t

Report Overview

Visited public
2024-07-29 16:28:29
Tags
Submit Tags
URL
hrsea.economictimes.indiatimes.com/etl.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t
Finishing URL
x.com/?mx=2&failedScript=polyfills
IP / ASN
95.101.10.144
#20940 Akamai International B.V.
Title
x.com/?mx=2&failedScript=polyfills

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
twitter.com	123	2000-01-21	2012-05-21 14:14:30	2024-07-29 02:16:44	1.2 kB	6.5 kB	104.244.42.193
x.com	521161	1993-04-02	2012-08-16 18:51:36	2024-07-28 20:32:10	1.4 kB	211 kB	104.244.42.1
iko.treldemp.su	unknown	unknown	No data	No data	504 B	3.4 kB	104.21.75.236
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-28 18:17:42	981 B	2.7 kB	23.36.76.226
hrsea.economictimes.indiatimes.com	unknown	1996-11-22	2021-11-16 07:00:14	2022-05-20 09:54:21	3.6 kB	4.3 kB	95.101.10.144
b3yonline.com	unknown	2023-11-20	2023-11-20 09:10:06	2023-11-20 09:10:06	757 B	265 B	198.54.116.102

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-29	medium	treldemp.su	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	x.com/?mx=2&failedScript=polyfills	ScriptElement	473 B	2024-06-08	2024-09-20
Pretty URL x.com/?mx=2&failedScript=polyfills IP 104.244.42.1 ASN #13414 TWITTER Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-08 23:03 Last Seen2024-09-20 21:27 Times Seen467 Hash 14b79d4b4bc03ac3808e750213eca635 fb3a31e55f02df96cec4b8ca841b836c6afe0e4e 1c7b1aed8f8b55d365a36b9db37d2ac0670cef55024f732cc11d5dbefcf7753e Loading...

	x.com/?mx=2&failedScript=polyfills	ScriptElement	107 kB	2024-08-19	2024-08-19
Pretty URL x.com/?mx=2&failedScript=polyfills IP 104.244.42.1 ASN #13414 TWITTER Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 15:21 Last Seen2024-08-19 15:21 Times Seen1 Hash d0769b6ba6b3e16248cee09277254c15 2d2b6e91a139e5a9cec81ff76a484fd932cd59d3 f432a267b80ad370d1c88402e1e2f356f410c2e2bce7d288fd80f151dce096e8 Loading...

	x.com/?mx=2&failedScript=polyfills	ScriptElement	66 kB	2024-07-28	2024-08-19
Pretty URL x.com/?mx=2&failedScript=polyfills IP 104.244.42.1 ASN #13414 TWITTER Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-28 03:33 Last Seen2024-08-19 15:31 Times Seen5 Hash d8ae1a381c18ac492c84b159bbd1b5b4 29185572ccb2cb6de42b6522198705cd27100ff7 80ab506f1c47206905b6c79051150807262bb930f451cac8e067376bd37178bb Loading...

	x.com/?mx=2&failedScript=polyfills	ScriptElement	77 B	2023-03-08	2025-07-16
Pretty URL x.com/?mx=2&failedScript=polyfills IP 104.244.42.1 ASN #13414 TWITTER Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:36 Last Seen2025-07-16 18:43 Times Seen2509 Hash 9131aa2762759852e273e004ee87bc34 c69d37bb0fb387d07bea8ab4d7e50e8b695bc1ed 11228e42ecf5d4e964750b65bb7828a7809130a054a23d04a0c5766cb9ce7dd3 Loading...

	x.com/?mx=2&failedScript=polyfills	ScriptElement	103 B	2023-03-08	2025-07-16
Pretty URL x.com/?mx=2&failedScript=polyfills IP 104.244.42.1 ASN #13414 TWITTER Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:19 Last Seen2025-07-16 18:43 Times Seen2506 Hash 15a3f40dde8f6c27c05cce205a4ea0b4 2835605998abace30d742b3b054c88d446c3acc5 a6c6c8c0218a3fc7f363f06d5e089bf5be86e1f604e54c61dff0b1e08b10b5a5 Loading...

	x.com/?mx=2&failedScript=polyfills	ScriptElement	750 B	2024-05-21	2024-10-16
Pretty URL x.com/?mx=2&failedScript=polyfills IP 104.244.42.1 ASN #13414 TWITTER Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-21 14:02 Last Seen2024-10-16 13:47 Times Seen603 Hash 00c15a622a7abbb08de4ef200c18a1ff 3c36e1d4fc52776e5f0d600162587e0847de41b8 32e77978d96bb4d9835a7accf941daddee7bb8ab4cbc43c7c86bc1e33f8d006a Loading...

HTTP Transactions (13)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
182b9c01b864c7d116c3fc28cbb58d6e
644efdd1cd6ee4e5d5ec976387b3dbf47ed51dc1
5d2cc1a96f886c04483d570f2fba83b9b430796d2faf9d6d115cca98bc6b713f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D2CC1A96F886C04483D570F2FBA83B9B430796D2FAF9D6D115CCA98BC6B713F"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7789
Expires: Mon, 29 Jul 2024 18:37:52 GMT
Date: Mon, 29 Jul 2024 16:28:03 GMT
Connection: keep-alive

hrsea.economictimes.indiatimes.com/etl.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t

95.101.10.144

0 B

URL
hrsea.economictimes.indiatimes.com/etl.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t
IP
95.101.10.144:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /etl.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t HTTP/1.1
Host: hrsea.economictimes.indiatimes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: optout=1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: Bhoot
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: *
pragma: no-cache
location: ./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t
x-cool: 55.34
content-language: en
access-control-allow-credentials: true
x-frame-options: sameorigin
strict-transport-security: max-age=25920000; includeSubdomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 29 Jul 2024 16:28:03 GMT
date: Mon, 29 Jul 2024 16:28:03 GMT
set-cookie: PHPSESSID=a38a7899ac0b7d90127f1e62bb7b30b4; expires=Mon, 05-Aug-2024 16:28:03 GMT; Max-Age=604800; path=/; secure; HttpOnly
pmUsr=1722270483; expires=Tue, 29-Jul-2025 17:34:43 GMT; Max-Age=31540000; path=/; secure; HttpOnly; SameSite=None
ab-chdk1=B; expires=Sun, 27-Oct-2024 16:28:03 GMT
X-Firefox-Spdy: h2

hrsea.economictimes.indiatimes.com/etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t

95.101.10.144

0 B

URL
hrsea.economictimes.indiatimes.com/etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t
IP
95.101.10.144:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t HTTP/1.1
Host: hrsea.economictimes.indiatimes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: optout=1; PHPSESSID=a38a7899ac0b7d90127f1e62bb7b30b4; pmUsr=1722270483; ab-chdk1=B
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: Bhoot
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: *
pragma: no-cache
location: https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=
x-cool: 22.35
content-language: en
access-control-allow-credentials: true
x-frame-options: sameorigin
strict-transport-security: max-age=25920000; includeSubdomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 29 Jul 2024 16:28:04 GMT
date: Mon, 29 Jul 2024 16:28:04 GMT
set-cookie: hrsea_subscription_source=email; expires=Mon, 05-Aug-2024 16:28:04 GMT; Max-Age=604800; path=/
hrsea_pop_user_sub=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fe86340c305817b173f7c0f3f59c795b
bae41a5fad9f6cf6e13281eb7d567d6103f292b3
310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16332
Expires: Mon, 29 Jul 2024 21:00:16 GMT
Date: Mon, 29 Jul 2024 16:28:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fe86340c305817b173f7c0f3f59c795b
bae41a5fad9f6cf6e13281eb7d567d6103f292b3
310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16332
Expires: Mon, 29 Jul 2024 21:00:16 GMT
Date: Mon, 29 Jul 2024 16:28:04 GMT
Connection: keep-alive

hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=

95.101.10.144

0 B

URL
hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=
IP
95.101.10.144:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign= HTTP/1.1
Host: hrsea.economictimes.indiatimes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: optout=1; PHPSESSID=a38a7899ac0b7d90127f1e62bb7b30b4; pmUsr=1722270483; ab-chdk1=B; hrsea_subscription_source=email
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: Bhoot
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: *
pragma: no-cache
location: ./etlr.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=
x-cool: 55.32
content-language: en
access-control-allow-credentials: true
x-frame-options: sameorigin
strict-transport-security: max-age=25920000; includeSubdomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 29 Jul 2024 16:28:05 GMT
date: Mon, 29 Jul 2024 16:28:05 GMT
set-cookie: pmUsr=1722270484; expires=Tue, 29-Jul-2025 17:34:44 GMT; Max-Age=31540000; path=/; secure; HttpOnly; SameSite=None
X-Firefox-Spdy: h2

hrsea.economictimes.indiatimes.com/etlr.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=

95.101.10.144

0 B

URL
hrsea.economictimes.indiatimes.com/etlr.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=
IP
95.101.10.144:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /etlr.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign= HTTP/1.1
Host: hrsea.economictimes.indiatimes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: optout=1; PHPSESSID=a38a7899ac0b7d90127f1e62bb7b30b4; pmUsr=1722270484; ab-chdk1=B; hrsea_subscription_source=email
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: Bhoot
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: *
pragma: no-cache
location: //b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=
x-cool: 55.33
content-language: en
access-control-allow-credentials: true
x-frame-options: sameorigin
strict-transport-security: max-age=25920000; includeSubdomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 29 Jul 2024 16:28:05 GMT
date: Mon, 29 Jul 2024 16:28:05 GMT
set-cookie: hrsea_subscription_source=email; expires=Mon, 05-Aug-2024 16:28:05 GMT; Max-Age=604800; path=/
hrsea_pop_user_sub=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
X-Firefox-Spdy: h2

b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=

198.54.116.102

0 B

URL
b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign=
IP
198.54.116.102:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t./etlr.php?url=https://hrsea.economictimes.indiatimes.com/etl.php?url=//b3yonline.com/.well-known/youtude.emaila/5mGMhwRoB56iMgq/amxlb25hcmRAYWxhbW8tZ3JvdXAuY29t&utm_source=promotions&utm_medium=email&utm_campaign= HTTP/1.1
Host: b3yonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.1.29
refresh: 0;url=https://Alz.raterinth.com/r5lW/#Metlr.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Mon, 29 Jul 2024 16:28:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

twitter.com/

104.244.42.193

86 B

URL
twitter.com/
IP
104.244.42.193:0
ASN
#13414 TWITTER

File type
HTML document, ASCII text, with no line terminators
Size
86 B (86 bytes)
Hash
e8f74fb292e7ac30f01ecff6c28c8519
30f7a782c80f2edc7777fe1b6a635462a67745c0
58f4fa5519cdcd61cbfe3d2147701577b767f65c274aa7726e7a650004bf0d2f

HTTP Headers

GET / HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alz.raterinth.com/
Cookie: d_prefs=MjoxLGNvbnNlbnRfdmVyc2lvbjoyLHRleHRfdmVyc2lvbjoxMDAw; twtr_pixel_opt_in=N
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 29 Jul 2024 16:28:08 GMT
perf: 7402827104
vary: Accept
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_f
location: https://x.com/
set-cookie: guest_id=v1%3A172227048875948483; Max-Age=34214400; Expires=Fri, 29 Aug 2025 16:28:08 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
ct0=; Max-Age=-1722270487; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=Lax
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Mon, 29 Jul 2024 16:28:08 GMT
x-frame-options: DENY
x-transaction-id: fc10539e11cff415
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-Y2UzMTc3MTktNjZkYi00N2I3LTk2ZTUtOTZmYjNkMzEzYjE5'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
content-encoding: gzip
content-length: 86
x-response-time: 119
x-connection-hash: 619138ea825467bb0f0e291435fc5587e8033c2df570c11247be0dddf6b32a04
X-Firefox-Spdy: h2

x.com/x/migrate

104.244.42.1

78 B

URL
x.com/x/migrate
IP
104.244.42.1:0
ASN
#13414 TWITTER

File type
HTML document, ASCII text, with no line terminators
Size
78 B (78 bytes)
Hash
7cf070480efd3c7e0fc69fbeb035d3b9
d483d11f9c5e62d46ce246bb6ccb605cbe8a1885
2f5ea4714337246f8adbd89e947decbadb7cabf4c146eed3ee5e11fd4b381bf8

HTTP Headers

POST /x/migrate HTTP/1.1
Host: x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 374
Origin: https://twitter.com
DNT: 1
Connection: keep-alive
Referer: https://twitter.com/
Cookie: d_prefs=MjoxLGNvbnNlbnRfdmVyc2lvbjoyLHRleHRfdmVyc2lvbjoxMDAw; twtr_pixel_opt_in=N; guest_id=v1%3A172227048893783093
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Mon, 29 Jul 2024 16:28:09 GMT
perf: 7402827104
vary: Accept
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_f
location: /?mx=2
set-cookie: lang=; Max-Age=-1722270488; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; SameSite=None
guest_id=v1%3A172227048875948483; Max-Age=31536000; Expires=Tue, 29 Jul 2025 16:28:09 GMT; Path=/; Domain=.x.com; Secure; SameSite=None
night_mode=2; Max-Age=31536000; Expires=Tue, 29 Jul 2025 16:28:09 GMT; Path=/; Domain=.x.com; Secure; SameSite=None
twid=; Max-Age=-1722270488; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; SameSite=None
att=; Max-Age=-1722270488; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; HTTPOnly; SameSite=None
ct0=; Max-Age=-1722270488; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; SameSite=Lax
auth_token=; Max-Age=-1722270488; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; HTTPOnly; SameSite=None
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Mon, 29 Jul 2024 16:28:09 GMT
x-frame-options: DENY
x-transaction-id: 7bed872ac98bfe05
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-ZmU5NzE1ZGMtMTJhNi00OGQyLTgwYzYtZGM3NWM3NzRiOWFh'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
content-encoding: gzip
content-length: 78
x-response-time: 112
x-connection-hash: bd3fee552692d5025b56935749c46168296686ec590736697530affed3128616
X-Firefox-Spdy: h2

twitter.com/favicon.ico

104.244.42.193

675 B

URL
twitter.com/favicon.ico
IP
104.244.42.193:0
ASN
#13414 TWITTER

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
675 B (675 bytes)
Hash
864232b885e52799e6b0d1c37a4283a0
2c2500822c05b93cf169c338af2fdf7d04ea4260
2b56e0a792d9999e15f3ee39cabcba5cc3f88b4e640e71b3755c1424d8e12010

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://twitter.com/x/migrate?tok=7b2265223a222f222c2274223a313732323237303438387d1b3464b6c78d60e4bb3ab15d2ffee9a9
Cookie: d_prefs=MjoxLGNvbnNlbnRfdmVyc2lvbjoyLHRleHRfdmVyc2lvbjoxMDAw; twtr_pixel_opt_in=N; guest_id=v1%3A172227048875948483
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 16:28:09 UTC
perf: 7402827104
server: tsa_f
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 675
x-transaction-id: 688613b62ee0429b
strict-transport-security: max-age=631138519
x-response-time: 105
x-connection-hash: 619138ea825467bb0f0e291435fc5587e8033c2df570c11247be0dddf6b32a04
X-Firefox-Spdy: h2

iko.treldemp.su/8139911552205444845009uwpRgKRjZFETTJNMPNWYPXVFRMVRSDKLUQFSGRSLEVPKOCJSEILQEDUGJSU

104.21.75.236

2.8 kB

URL
iko.treldemp.su/8139911552205444845009uwpRgKRjZFETTJNMPNWYPXVFRMVRSDKLUQFSGRSLEVPKOCJSEILQEDUGJSU
IP
104.21.75.236:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
2.8 kB (2758 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8139911552205444845009uwpRgKRjZFETTJNMPNWYPXVFRMVRSDKLUQFSGRSLEVPKOCJSEILQEDUGJSU HTTP/1.1
Host: iko.treldemp.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alz.raterinth.com/
Origin: https://alz.raterinth.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 16:28:08 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O8lUyPs02whTh7snwrlfN%2BEn6uvQZo2JHIPrnYtJ4xDxePvZvCLSGhWy56JUeCI89X9ublfZd5DBT6LmFXNblGDJEe7wOe%2BvXYZImhJrtI9NyY4mxEtmQ2G1GACXtOWDTXI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aae7af46ccc1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET x.com/?mx=2&failedScript=polyfills

104.244.42.1

200 OK

200 kB

URL User Request GET HTTP/2
x.com/?mx=2&failedScript=polyfills
IP
104.244.42.1:443
ASN
#13414 TWITTER

Certificate
IssuerDigiCert Inc
Subjecttwitter.com
Fingerprint05:D9:22:59:4D:28:F9:9A:05:28:0C:CD:3A:1A:24:D8:20:6B:25:E2
ValidityTue, 19 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT

File type

Size
200 kB (199760 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?mx=2&failedScript=polyfills HTTP/1.1
Host: x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x.com/?mx=2
Cookie: d_prefs=MjoxLGNvbnNlbnRfdmVyc2lvbjoyLHRleHRfdmVyc2lvbjoxMDAw; twtr_pixel_opt_in=N; guest_id=v1%3A172227048875948483; night_mode=2; gt=1817960314467487981
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 16:28:10 GMT
perf: 7402827104
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_f
set-cookie: ct0=; Max-Age=-1722270489; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; SameSite=Lax
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Mon, 29 Jul 2024 16:28:10 GMT
x-frame-options: DENY
x-transaction-id: 6591e4a04509f25c
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://api.x.ai https://api.x.com https://jf.x.com https://jf.twitter.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-YWQxMGFkNzgtMzYxOC00MzRkLTlmNjctZTAwMGRlMGJiY2Q2'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
content-encoding: gzip
x-response-time: 135
x-connection-hash: bd3fee552692d5025b56935749c46168296686ec590736697530affed3128616
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN