Report - 1wrcnz.top/

Report Overview

URL

1wrcnz.top/
IP

190.115.24.78

ASN

#262254 DDOS-GUARD CORP.
Submitted

2023-02-23T07:30:47Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

2
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
12688802.fls.doubleclick.net (1)	unknown	2023-01-13T19:52:23Z	2023-03-12T18:21:56Z	620	1042	142.250.74.70
vc.hotjar.io (1)	2334	2019-04-16T12:33:25Z	2023-03-13T05:49:45Z	412	368	54.230.111.91
ps250.1win-service.com (1)	unknown	2020-02-06T00:26:52Z	2023-03-12T18:22:01Z	647	677	172.67.209.1
static.hotjar.com (1)	641	2014-11-01T06:14:27Z	2023-03-13T05:12:51Z	372	632	54.230.111.66
detectportal.firefox.com (2)	1601	2018-08-30T11:52:03Z	2023-03-13T05:09:11Z	606	428	34.107.221.82
r3.o.lencr.org (11)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3718	9750	23.36.76.226
firefox.settings.services.mozilla.com (16)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	7563	214299	35.241.9.150
ocsp.comodoca.com (2)	1696	2012-05-21T09:01:17Z	2023-03-13T06:44:20Z	682	2030	104.18.32.68
region1.google-analytics.com (1)	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	628	441	216.239.34.36
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	35.81.108.147
imgproxy.1win-cdn.com (2)	unknown	2022-12-22T23:56:11Z	2023-03-12T18:21:57Z	980	14007	104.26.5.11
getpocket.cdn.mozilla.net (1)	1369	2018-08-28T15:15:36Z	2023-03-13T08:02:38Z	435	47713	34.120.5.221
adservice.google.com (2)	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	1325	1641	142.250.74.66
api.lab.amplitude.com (2)	13117	2020-10-31T14:21:39Z	2023-03-13T07:51:05Z	1122	1148	151.101.194.132
ocsp.pki.goog (17)	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	5915	11969	142.250.74.131
api.amplitude.com (3)	1242	2019-01-27T16:02:28Z	2023-03-13T08:38:49Z	1509	883	35.83.236.67
firefox-settings-attachments.cdn.mozilla.net (1)	11509	2019-11-30T10:32:57Z	2023-03-13T08:38:30Z	412	807706	34.111.73.144
www.googletagmanager.com (1)	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	376	60163	142.250.74.40
adservice.google.no (2)	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	1307	1448	216.58.211.2
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3246	48913	34.120.237.76
content-signature-2.cdn.mozilla.net (2)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	840	11725	34.160.144.191
1win-cdn.com (47)	unknown	2022-12-12T13:37:00Z	2023-03-12T18:21:55Z	19040	2962065	104.26.5.11
shavar.services.mozilla.com (1)	3602	2015-09-28T08:30:01Z	2023-03-13T05:09:14Z	453	204	54.68.195.169
mc.yandex.ru (3)	2672	2012-05-21T11:38:30Z	2023-03-13T08:16:45Z	2092	77791	77.88.21.119
1win.direct (16)	unknown	2022-08-16T12:27:23Z	2023-03-12T18:21:56Z	7773	159921	134.122.54.186
1wrcnz.top (10)	unknown	2023-01-26T06:45:26Z	2023-01-26T06:45:26Z	6734	48051	190.115.24.78
ocsp.digicert.com (1)	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341	737	93.184.220.29
12572451.fls.doubleclick.net (1)	unknown	2022-11-11T19:14:49Z	2023-03-12T18:21:56Z	661	1079	142.250.74.70
script.hotjar.com (1)	887	2020-11-05T17:23:46Z	2023-03-13T07:54:54Z	379	69167	54.230.111.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-23T07:30:34Z	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-02-23T07:30:34Z	medium	Client IP	190.115.24.78	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (157)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

URL HTTP/1.1

detectportal.firefox.com/success.txt?ipv4
IP

34.107.221.82:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

8
Hash

ae780585f49b94ce1444eb7d28906123

7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86

81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

                                        GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 22 Feb 2023 15:24:39 GMT
Age: 57946
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

1wrcnz.top/

190.115.24.78

301 Moved Permanently

175

URL HTTP/1.1

1wrcnz.top/
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

175
Hash

27d3037d4815f88b7bb724cb258524e1

092678ca1f61e13d97f37f7be9438e7b32b722e9

0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

                                        GET / HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Thu, 23 Feb 2023 07:31:12 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://1wrcnz.top
X-Frame-Options: DENY

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

67fc460ed2f69dde3c410ec607ef3510

ba9f582ec321351e5c06c9b2c381f06b685ef274

85df74fac7d59d76840b6359bac24648fede201c0048f2a8382af6468225ffb8

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85DF74FAC7D59D76840B6359BAC24648FEDE201C0048F2A8382AF6468225FFB8"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Thu, 23 Feb 2023 08:26:42 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

3bf2985444924fcb7c28583d95fe3e07

95b5b25c5e28758f16327475be944d68ba858b4d

1e1b4f9fd2e5b5c38916cea3f07edc4abe897defb9db47123d374bc979cad933

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E1B4F9FD2E5B5C38916CEA3F07EDC4ABE897DEFB9DB47123D374BC979CAD933"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5024
Expires: Thu, 23 Feb 2023 08:54:10 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

47027

URL HTTP/2

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP

34.120.5.221:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (65536), with no line terminators

Size

47027
Hash

337da99fcc276f212ae80a9b0f0dcb61

dc7b6dfe8236a0c31d609f0cb1dfe6c464c32a68

97ad36dce13795fd46603336a49e04c6b50ea9d87ce23ac4bef386a286010425

HTTP Headers

                                        GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: tvzCS0vr7pP1BH4T1OTAVgw6WA5t9I78UVCkoCKlTcF6iN79prANlw==
content-encoding: gzip
via: 1.1 7f06047c304d80ea094816a27c933914.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 07:29:41 GMT
content-type: application/json
vary: Accept-Encoding
content-length: 47027
age: 45
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

7fb59e5d3cdf08b94e5f41fdeb9aec6c

ff644039db3b9f74d7e2fab10f93581bea10614a

861573a00d75364e15783c5e448c4f8b4da48b38d9beba3ebd33a87f993489a5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "861573A00D75364E15783C5E448C4F8B4DA48B38D9BEBA3EBD33A87F993489A5"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20690
Expires: Thu, 23 Feb 2023 13:15:16 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

67d5a988edcda47bc3b3b3f65d32b4b6

d4f0e0da8b3690cc7da925026d3414b68c7d954f

55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: VTxVKnkxWwM493nohhCb2IgizogQjumiOlaXQzkoAFkLJKyA4tBU3fIKf8alC7NfG8vJtRYI5V4=
x-amz-request-id: T2HD28SX7KVEY8KB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 07:13:23 GMT
age: 1023
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6eb0a77aa4a20639a06d9621742007c2

d2d03beeb111049117b70d5f3dff3698a671ef8a

62c2da0800bf8efb6bb985b2eb046fa863e0b394681fb2ab187a9c4836fbd320

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62C2DA0800BF8EFB6BB985B2EB046FA863E0B394681FB2AB187A9C4836FBD320"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21525
Expires: Thu, 23 Feb 2023 13:29:11 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

b44c4b5daa307a355e7bab1c83c1ca82

dbd14cd873f1dd4502f277b3f51cb7bc8da0c080

fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:18 GMT
content-type: application/json
age: 3128
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

836108e1bbb7b033c537df908101968e

f33be0cc06ed65735a06529f34d54e2f3683a5a5

356960f884af0a575572f8b80fb3919d58a2c56dc7bc3fedc869265694285104

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "356960F884AF0A575572F8B80FB3919D58A2C56DC7BC3FEDC869265694285104"
Last-Modified: Thu, 23 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 23 Feb 2023 13:30:26 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

5aa46280b9f4ef8602f5e1b6864d898f

f1b8d2278116c2873ec0683122818fc186c74392

bb61e1178bc48dc26984f63f54d2621706fe49faa6f9a5651b06befa53cea9a0

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4118
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Last-Modified: Thu, 23 Feb 2023 06:21:48 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5fa728a339ca32e616d483e61d0aebcd

6a63966de94d16390c8f1e47e5b67fe5bb67f7cd

7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 23 Feb 2023 11:26:35 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

cf662a9839c077afea151efe987dbcc1

8e26bb1413a623c2083e5002c682adb910c6f94f

50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

                                        POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

cf662a9839c077afea151efe987dbcc1

8e26bb1413a623c2083e5002c682adb910c6f94f

50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

                                        POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

cf662a9839c077afea151efe987dbcc1

8e26bb1413a623c2083e5002c682adb910c6f94f

50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

                                        POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

cf662a9839c077afea151efe987dbcc1

8e26bb1413a623c2083e5002c682adb910c6f94f

50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

                                        POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

cf662a9839c077afea151efe987dbcc1

8e26bb1413a623c2083e5002c682adb910c6f94f

50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

                                        POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1win-cdn.com/css/6610.4f034e44.css

104.26.5.11

200 OK

URL HTTP/2

1win-cdn.com/css/6610.4f034e44.css
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /css/6610.4f034e44.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: text/css
content-length: 0
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: "63c7c775-0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 18 Jan 2023 10:18:29 GMT
cf-cache-status: HIT
age: 3032687
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mrj4cSHm3N4FSRpgtCBpDVWQCvilRaSVR67YwBqhAhDtY4WISc7vQ6FlXFidu9UFoTYk9wn9T1r4exHQKqjNP%2FsNyoaybZeKpzBoxBgvfRVv9C%2FgFH00keAgRuCCcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195c946b521-OSL
X-Firefox-Spdy: h2

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

54.68.195.169

200 OK

URL HTTP/1.1

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP

54.68.195.169:0
ASN

#16509 AMAZON-02

Magic

ASCII text

Size

8
Hash

29fc57841962e407cb50c1be60284bf7

ce968a77e2996da5eee8925182318f171ccdce47

ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

                                        POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 23 Feb 2023 07:30:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

1wrcnz.top/img/logo/1w_logo.webp

190.115.24.78

200 OK

4160

URL HTTP/2

1wrcnz.top/img/logo/1w_logo.webp
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

4160
Hash

290ac463251c4079d15ef3fb016bdd9b

8f7013ea3afe0ad8efe6c4afa2bf8fa8e2d61e66

7cc723ed1487f56d1be3f59e23498248d5ad2329d13df59e8f3e2da251d4e900

HTTP Headers

                                        GET /img/logo/1w_logo.webp HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: image/webp
content-length: 4160
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-1040"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.81.108.147

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.81.108.147:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Lt6bXvvfbiAb3xRhxP3BMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: a+inrZAaMX3dw98pxRdN/9p+XBg=

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, Alert, Content-Length, Backoff, ETag, Cache-Control, Retry-After, Last-Modified, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 07:20:35 GMT
age: 592
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22

35.241.9.150

200 OK

21681

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (21681), with no line terminators

Size

21681
Hash

accef8a81ca596001ad5a8fd66ed4bc2

f7167c5429485e973fa1a14646dd4b50eef53caf

71fbf95a3cfbc0f51e2860cd25fa87fc2cdfd9df9b5f5dbe29fa42bdce4d19e0

HTTP Headers

                                        GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21681
via: 1.1 google
date: Thu, 23 Feb 2023 07:02:02 GMT
age: 1705
last-modified: Thu, 23 Feb 2023 02:57:16 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22

35.241.9.150

200 OK

32643

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (32643), with no line terminators

Size

32643
Hash

111a124bfe0fcca1d00eacc4056304c0

09f7b2abd4d09de09db0e11add552e995346c23c

3dfc4c61e3f4a5d95c359d2914ec2dcf4bfc413116dec9b98bc104ecc9f446bf

HTTP Headers

                                        GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 32643
via: 1.1 google
date: Thu, 23 Feb 2023 07:10:15 GMT
age: 1212
last-modified: Wed, 22 Feb 2023 12:37:20 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

1wrcnz.top/affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined

190.115.24.78

200 OK

URL HTTP/2

1wrcnz.top/affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

JSON data\012- , ASCII text, with no line terminators

Size

15
Hash

0f0479874bf6f4a7281099b15df27c27

55a490e280d48996e564d00492437eb17faadd28

a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

HTTP Headers

                                        GET /affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
set-cookie: core-sticky=http://10.233.72.195:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: DENY
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

ff250d3ef3fa45322bf05039a0122a9f

b3e7a2c383bce1bab807dbe1a03c375258b51f1d

d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 06:53:54 GMT
content-type: application/json
age: 2193
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

135606a5e990506b3e92eda82ef79170

a3de3c800534ad64b2e2198941e3911a4e51df8e

558ce08e84a4581859ae4302371540e4240e0b85866e37fb03174786388d5546

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "558CE08E84A4581859AE4302371540E4240E0B85866E37FB03174786388D5546"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2912
Expires: Thu, 23 Feb 2023 08:18:59 GMT
Date: Thu, 23 Feb 2023 07:30:27 GMT
Connection: keep-alive

1wrcnz.top/firebase/8.1.1/firebase-app.js

190.115.24.78

200 OK

35804

URL HTTP/2

1wrcnz.top/firebase/8.1.1/firebase-app.js
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

data

Size

35804
Hash

fe6a411a477695b5b69371b7fab568a9

82bdb41a9edb8d8859661b56b9630f7ea01be884

3801f4ce720d28e324d460a53459558a7ab396981dd3e34fb15afbf1f7af56ca

HTTP Headers

                                        GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/sw.db344b25.js
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 10:12:39 GMT
etag: W/"63f5ea97-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/1895.ba9c11b9.js

104.26.5.11

200 OK

12613

URL HTTP/2

1win-cdn.com/js/1895.ba9c11b9.js
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

12613
Hash

f565a56a815c6322f8afcc6ddcd337a5

6d88b8d68513b3e103f180ae3c415ac4bb6f8c8e

a12016b11959954616c6d01b93a117d0eac3944d043c681b44b7e58aacb96e8e

HTTP Headers

                                        GET /js/1895.ba9c11b9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=60809
access-control-allow-origin: *
etag: W/"63f37b40-ed89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:04 GMT
cf-cache-status: HIT
age: 236173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZINN4AiFlA%2B%2FMExIf%2BcMNNM12VERNrocwR9ob8GzOfBdg6Rzk2n8dnNuLtW%2BPzgnKHhnyQorS3O2TyT4f5Yat0N5QRwtoW8iTJfcD9sZkr3gvYJ91ZT0pHIx6dcxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3fb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/fonts/SFNSText.c652402c.woff2

104.26.5.11

200 OK

379312

URL HTTP/2

1win-cdn.com/fonts/SFNSText.c652402c.woff2
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 379312, version 1.0\012- data

Size

379312
Hash

78c04126100e27b652681e2e225f0303

fe601d94aeed79691f4cb7bc3b741f5263d488e9

49073903870a8bb345c24e632270bc480dde66725f0af85c66df5cb7269c4214

HTTP Headers

                                        GET /fonts/SFNSText.c652402c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/octet-stream
content-length: 379312
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-5c9b0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJ1Dxphyr7jI6Kj12LnywlhveN0j6oA2w8ILugYjGq6miBWniAp7MhiESeTkQwnkbtxdTcr%2BKgy9cuOfjqBrvT4X8fnWoGvyHEEpnx0UJh5LgERRiL7vd6%2B8LynzCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198f983b500-OSL
X-Firefox-Spdy: h2

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807180

URL HTTP/2

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP

34.111.73.144:0
ASN

#15169 GOOGLE

Magic

data

Size

807180
Hash

914be443bdfbe8a1c3ded61e1c114bd6

4fe7c5ff83f6a29e6699f4cebc17550891504661

41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

                                        GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: l+MCtFOuLKzOPj71ctV6p21ZnEwlje3OMs98dDmBuOF/9BlFn9tKisO1m/95doEjfl++IkG0uWc=
x-amz-request-id: VKZJ774KPQ4B1SPR
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Thu, 16 Feb 2023 11:49:05 GMT
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
age: 589282
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

URL HTTP/1.1

detectportal.firefox.com/success.txt?ipv4
IP

34.107.221.82:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

8
Hash

ae780585f49b94ce1444eb7d28906123

7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86

81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

                                        GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 22 Feb 2023 15:24:39 GMT
Age: 57948
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22

35.241.9.150

200 OK

5951

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (5951), with no line terminators

Size

5951
Hash

84c45909a46631dec23c78a3a547ca95

b511f80ad0abe7a6f0ce8988a0b9275573665c9a

ce6af1c28962645f13129411c11c7f156f0cd9e282f5ef0146d5cbd84a4e2b7e

HTTP Headers

                                        GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5951
via: 1.1 google
date: Thu, 23 Feb 2023 06:48:56 GMT
age: 2491
last-modified: Sun, 19 Feb 2023 04:42:53 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

681

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (681), with no line terminators

Size

681
Hash

b3c57c4bb39f0c7541d93ba82a5cd4c9

be92fd1cee01b4a8bb4174b0b11e53be649cd1a3

98e848e13f44cb1595f2f1882c734fd25761a0e8facae4e0c3dcff6f322a4000

HTTP Headers

                                        GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Content-Length, Content-Type, Cache-Control, Pragma, Retry-After, ETag, Expires, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Thu, 23 Feb 2023 06:55:06 GMT
age: 2121
last-modified: Wed, 22 Feb 2023 16:36:55 GMT
etag: "1677083815772"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

67d0353e59411ba1f85c492efa548d94

2bb48dd2638abb14217de43ca03d2485a31eb7e7

c50c81dc979238b0bfea29f69cc5b4e6277e06c407025412430c190acf1e8d29

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.40

200 OK

59516

URL HTTP/2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP

142.250.74.40:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (15455)

Size

59516
Hash

1605f15be14904947e7a0c23ba9570af

b8d279595ec5cac98016b639e88f12a8a9347033

25b6fccc661856f45ad4458efece8a4a2df89f0500681fc1b22524c7e41c9eef

HTTP Headers

                                        GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 Feb 2023 07:30:27 GMT
expires: Thu, 23 Feb 2023 07:30:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 23 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59516
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

67d0353e59411ba1f85c492efa548d94

2bb48dd2638abb14217de43ca03d2485a31eb7e7

c50c81dc979238b0bfea29f69cc5b4e6277e06c407025412430c190acf1e8d29

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1250

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (1250), with no line terminators

Size

1250
Hash

c9f7f64ea0e8fd2d1098afb18806601b

fac82a10d89a339d7970db44b47633465d7b16f8

e0ed15ed986855d3c7eec307e2333aeea9211c5c3d8849dabaa56395dbaec026

HTTP Headers

                                        GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Thu, 23 Feb 2023 07:02:27 GMT
age: 1680
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

35.241.9.150

200 OK

1743

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (36)

#1 JS:Script (size: 112337)

#2 JS:Script (size: 19949)

#3 JS:Script (size: 13690)

#4 JS:Script (size: 60767)

#5 JS:Script (size: 134)

#6 JS:Script (size: 8691)

#7 JS:Script (size: 80016)

#8 JS:Script (size: 19195)

#9 JS:Script (size: 20091)

#10 JS:Script (size: 341)

#11 JS:Script (size: 32)

#12 JS:Script (size: 1544)

#13 JS:Script (size: 120022)

#14 JS:Script (size: 184)

#15 JS:Script (size: 409)

#16 JS:Script (size: 232612)

#17 JS:Script (size: 117)

#18 JS:Script (size: 2165)

#19 JS:Script (size: 11261)

#20 JS:Script (size: 22590)

#21 JS:Script (size: 4551)

#22 JS:Script (size: 29271)

#23 JS:Script (size: 91370)

#24 JS:Script (size: 0)

#25 JS:Script (size: 252)

#26 JS:Script (size: 40741)

#27 JS:Script (size: 186)

#28 JS:Script (size: 215858)

#29 JS:Script (size: 99173)

#30 JS:Script (size: 225689)

#31 JS:Script (size: 462)

#32 JS:Script (size: 421)

#33 JS:Script (size: 236295)

#34 JS:Script (size: 822)

#35 JS:Script (size: 16811)

#36 JS:Script (size: 193)

HTTP Transactions (157)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic