Report - ito-gamy.flowhot.cc/

Report Overview

Visitedpublic

2023-10-21 10:32:08

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-10-21 05:11:13	884 B	40 kB	45.133.44.9
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-10-20 23:56:50	413 B	281 kB	151.101.194.137
flowhot.cc	unknown	2019-11-25	2019-12-10 22:55:57	2023-10-20 08:14:10	1.9 kB	232 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-21 02:11:14	886 B	152 kB	142.250.74.168
postureunlikeagile.com	unknown	2023-10-10	2023-10-10 11:43:24	2023-10-20 13:12:06	6.9 kB	40 kB	192.243.59.20
braceletdistraughtpoll.com	unknown	2023-10-10	2023-10-10 11:34:51	2023-10-20 17:55:39	500 B	467 B	173.233.137.44
notix.io	14765	2020-08-20	2020-08-20 15:14:00	2023-10-20 18:49:09	412 B	46 kB	139.45.240.92
finallytrained.com	unknown	2023-09-05	2023-09-12 21:50:04	2023-10-18 12:55:37	443 B	15 kB	192.243.61.225
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-10-20 18:46:28	1.0 kB	110 kB	104.18.10.207
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-10-21 05:11:22	1.5 kB	846 B	192.243.59.20
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-21 02:04:35	1.1 kB	33 kB	142.250.74.3
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-10-19 19:00:34	500 B	1.9 kB	45.133.44.4
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-20 18:12:03	1.7 kB	3.5 kB	142.250.74.131
ito-gamy.flowhot.cc	unknown	unknown	No data	No data	3.0 kB	203 kB	188.114.96.1
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-10-20 02:08:41	2.3 kB	62 kB	172.64.102.10
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-21 02:01:58	418 B	1.8 kB	142.250.74.106
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-10-21 05:11:10	446 B	428 B	35.157.63.144
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-10-21 08:13:18	419 B	28 kB	104.21.234.92

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-21 10:31:45	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-10-21 10:31:45	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-10-21 10:31:46	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-10-21 10:31:46	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-10-21	medium	notix.io/ent/current/enot.min.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-21	medium	finallytrained.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed
2023-10-21	medium	braceletdistraughtpoll.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed
2023-10-21	medium	unseenreport.com	Sinkholed
2023-10-21	medium	unseenreport.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed
2023-10-21	medium	postureunlikeagile.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	From	Size	First Seen	Last Seen
	ito-gamy.flowhot.cc/	ScriptElement	148 B	2023-03-09	2024-09-28
URL ito-gamy.flowhot.cc/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-09 Last Seen 2024-09-28 Times Seen 34 Size 148 B (148 bytes) MD5 dd6e524cff2611872ab48985e58b71d7 SHA1 09c2380064492d64de00a3043fe5b1a3abf6f447 SHA256 9bf95a9c9383498a7b8e622101674e170a705ef5fc657b63fa0be2b61ede5e77 Format Code Loading...

	ito-gamy.flowhot.cc/	ScriptElement	164 kB	2023-03-12	2025-07-12
URL ito-gamy.flowhot.cc/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-12 Times Seen 28 Size 164 kB (163946 bytes) MD5 8e20e60e353bf74c5d70f97756d269b4 SHA1 ec6b42705b69cc6e85900f2c30558cfdfc91544f SHA256 d37010fa777ca889a00381d3be7f516b548bc9dfe95efaba5d72d7683fdb5c3b Format Code Loading...

	finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js	ScriptElement	40 kB	2023-10-18	2023-10-21
URL finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js IP / ASN 192.243.61.225 #39572 DataWeb Global Group B.V. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-18 Last Seen 2023-10-21 Times Seen 2 Size 40 kB (40549 bytes) MD5 5a5088da385523d8e33fba41b554be0e SHA1 17168f9918ae98791be04fb26a1a48b10f6ba0d9 SHA256 0ba963bbfc918609b70cda0ef4827c02074270d5d2a9ad4258df6aa58a8c9b17 Format Code Loading...

	ito-gamy.flowhot.cc/	ScriptElement	246 B	2023-03-12	2024-08-21
URL ito-gamy.flowhot.cc/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2024-08-21 Times Seen 2 Size 246 B (246 bytes) MD5 a7a0966649a66b4f677f81195a5e0f89 SHA1 87ac2cd85c36ce64f296d3e84db28f5136463601 SHA256 8278a2b6f314fc9664ae547bce236a197667c202e681e9e497411bca0cbd5e0f Format Code Loading...

	notix.io/ent/current/enot.min.js	ScriptElement	148 kB	2023-10-18	2023-10-23
URL notix.io/ent/current/enot.min.js IP / ASN 139.45.240.92 #9002 RETN Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-18 Last Seen 2023-10-23 Times Seen 67 Size 148 kB (148264 bytes) MD5 68384dc7ca44f5f78c3dbd3927e14db5 SHA1 b3c6068114ab6884c3054cbbb10dce192df457d4 SHA256 87cf89783fc9dcfaa007676cfcf91d891d33848dbbbbb3d72cb9d8f5d164dc9e Format Code Loading...

	postureunlikeagile.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js	ScriptElement	86 kB	2023-10-21	2023-10-21
URL postureunlikeagile.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js IP / ASN 192.243.59.20 #39572 DataWeb Global Group B.V. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-21 Last Seen 2023-10-21 Times Seen 1 Size 86 kB (85838 bytes) MD5 6e8505175f379804c9c4d1d7794da02f SHA1 b3e558bc413384bc65b72702f1b3267a3b990b90 SHA256 6a448a69d03709e9aecf5669c60d9a541d60acff28b6b3bea5203bc91a6d09d4 Format Code Loading...

	code.jquery.com/jquery-3.4.1.js	ScriptElement	280 kB	2023-03-07	2025-08-05
URL code.jquery.com/jquery-3.4.1.js IP / ASN 151.101.194.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-05 Times Seen 976 Size 280 kB (280364 bytes) MD5 11c05eb286ed576526bf4543760785b9 SHA1 7faa15a054093f3b5d674e63b6567c835a6fa217 SHA256 5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55 Format Code Loading...

	ito-gamy.flowhot.cc/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-08-06
URL ito-gamy.flowhot.cc/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 98433 Size 1.2 kB (1239 bytes) MD5 9e8f56e8e1806253ba01a95cfc3d392c SHA1 a8af90d7482e1e99d03de6bf88fed2315c5dd728 SHA256 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Format Code Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
URL friendshipmale.com/sfp.js IP / ASN 104.21.234.92 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-08-25 Last Seen 2023-11-23 Times Seen 6642 Size 86 kB (85471 bytes) MD5 2d0450888479d4ddda305bd96206b240 SHA1 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 SHA256 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Format Code Loading...

	unknown	ScriptElement	1.3 kB	2023-07-06	2024-08-21
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-07-06 Last Seen 2024-08-21 Times Seen 15 Size 1.3 kB (1272 bytes) MD5 678266a9b76da209bcc143809d5c524a SHA1 f19b32c9c5c61b2cdba6332b7726e8d039bf98da SHA256 e14b8746c7598e05e398a1e223ee30e5a2c95fca188e23c84c1e5aeb3b613482 Format Code Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-08-06
URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP / ASN 172.64.102.10 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 8924 Size 84 kB (84380 bytes) MD5 4a356126b9573eb7bd1e9a7494737410 SHA1 8258d046f17dd3c15a5d3984e1868b7b5d1db329 SHA256 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Format Code Loading...

	ito-gamy.flowhot.cc/cdn-cgi/apps/head/hWKZRCl_p5W3AeulawGLi1ghRvM.js	ScriptElement	6.4 kB	2023-03-09	2024-08-21
URL ito-gamy.flowhot.cc/cdn-cgi/apps/head/hWKZRCl_p5W3AeulawGLi1ghRvM.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-09 Last Seen 2024-08-21 Times Seen 33 Size 6.4 kB (6366 bytes) MD5 60f5b7288354db3bf85bdb6f0f7823e4 SHA1 4b3cd1fec98d9c997df4bf4f39ef9fdc796d6c67 SHA256 1aa4afd6f61c0a3f4bedab7497625c81da7571c73f5e8d6b0d7984b861d79de8 Format Code Loading...

	ito-gamy.flowhot.cc/	ScriptElement	284 B	2023-03-09	2025-07-12
URL ito-gamy.flowhot.cc/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-09 Last Seen 2025-07-12 Times Seen 35 Size 284 B (284 bytes) MD5 465d79e14cb845cd01337ce36e1850c9 SHA1 fefabf7b83ae2202b67dd2defb763d6d7427e66c SHA256 0e8412c6e49a71ed8678eb35e792d7f76c3fd33e366eeb22907a068ffa7c6fca Format Code Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-08-06
URL www.google-analytics.com/analytics.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-06 Times Seen 421025 Size 4.7 kB (4691 bytes) MD5 f24128d0c9cba7be2916c693427a3483 SHA1 1b6397d496ea896ebc2018b01b995cee4f166029 SHA256 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Format Code Loading...

	ito-gamy.flowhot.cc/	ScriptElement	84 kB	2023-03-09	2024-09-28
URL ito-gamy.flowhot.cc/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-09 Last Seen 2024-09-28 Times Seen 34 Size 84 kB (84217 bytes) MD5 ae8a0adb558010e1445fe3e7222967ba SHA1 b36dad2a993a5793735a31fcfdeabe0462a29e46 SHA256 bc14d66eb67f5a7a265f1d90d31b7037608c5e6ff938c1d92617c675aa28e8b7 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=UA-922266-5	ScriptElement	191 kB	2023-10-21	2023-10-21
URL www.googletagmanager.com/gtag/js?id=UA-922266-5 IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-21 Last Seen 2023-10-21 Times Seen 1 Size 191 kB (191022 bytes) MD5 d70bdacefbea56849c31f3bf2af7aee9 SHA1 4c132705601ed07b14a8b2daaa2e7af3dae5333a SHA256 07cf7834f2ab8c292512d4e0a63bc159e68513826cd3d6b3a11053cd60885586 Format Code Loading...

	ito-gamy.flowhot.cc/sandbox%20eval%20code		147 B	2023-04-11	2025-08-06
URL ito-gamy.flowhot.cc/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-06 Times Seen 421760 Size 147 B (147 bytes) MD5 92b651082ce234f66bb544e678befda3 SHA1 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 SHA256 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Format Code Loading...

	ito-gamy.flowhot.cc/	ScriptElement	852 B	2023-03-09	2024-09-28
URL ito-gamy.flowhot.cc/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-09 Last Seen 2024-09-28 Times Seen 34 Size 852 B (852 bytes) MD5 6ace82ed16f70a40632e356eb029f181 SHA1 600c5e751e56964ba1666c79738d0ce95dd513d3 SHA256 2c46bb13c09a5546005ffdeb1a2928ea6a6d30e299a4ac06b88b84b3e61d57ec Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c	ScriptElement	229 kB	2023-10-21	2023-10-21
URL www.googletagmanager.com/gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-21 Last Seen 2023-10-21 Times Seen 1 Size 229 kB (228892 bytes) MD5 1ff9285a3a9b1d7c0263be5853afddbd SHA1 4f486f1d354d4693abed76cba718ef57bf5b9f61 SHA256 84e5a2d9686a4800c3c50b130536e08487051a56d145a656bede154961540c6c Format Code Loading...

HTTP Transactions (45)

URL IP Response Size

GET flowhot.cc/wp-content/uploads/2019/11/promo.jpeg

188.114.96.1

200 OK

161 kB

URL GET HTTPS

flowhot.cc/wp-content/uploads/2019/11/promo.jpeg

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:11:21 20:13:11], progressive, precision 8, 900x250, components 3\012- data

First Seen2023-05-04

Last Seen2025-07-12

Times Seen35

Size161 kB (160863 bytes)

MD5f66cbb86803abd9d9f37a1588f14d5fd

SHA1c38f678cea2edc798d223b0c57f3b6c6b4acb008

SHA256ee089d909a7461ab0f483151883331e191c18f0a1db138a4bba12d82330287a1

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /wp-content/uploads/2019/11/promo.jpeg HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: image/jpeg
content-length: 160863
cache-control: public, max-age=31536000
expires: Sat, 18 Nov 2023 15:13:01 GMT
last-modified: Fri, 22 Nov 2019 02:34:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 155924
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMVZG73AhGOc3b3dGWeC97Ok%2BrHLi%2FtWMUHAHIX43vBe03z6Lk6GLKpwnvGtB4ZtsoVK7AFeZOCdSUhg4QyfOM0mgJDfEQrbxtC%2Fj6KWGBmPqatZH5z42TmyoZ9u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d52f19b2b51e-OSL
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL HTTP

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-10-21

Last Seen2023-10-22

Times Seen1469

Size472 B (472 bytes)

MD588b50be89a63943549086a376c939af2

SHA1b93695d168fa011d7216bdd7d39e63ea87f8c985

SHA2566c010a4d59c86f500ab8cee9fcc0465f8486b9e8e72816034a9ab5144d72638b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 10:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET ito-gamy.flowhot.cc/

188.114.96.1

200 OK

188 kB

URL User Request GET HTTPS

ito-gamy.flowhot.cc/

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18020)

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size188 kB (188178 bytes)

MD59ec8eb31ea698a4d0b725000681080c5

SHA1fca5f55e15f26a63b088aa3703a14d557fde5a05

SHA25624f200414a77bf87c977a68707171b86ea31817be299d5c5e4e3bb34b89d8c36

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET / HTTP/1.1
Host: ito-gamy.flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iAuZTpJ7Ir10TrV33XMAtx76nUnstagjcKX3fZlHhiOloYDnaLd1lwxL4oV0dEPVOvqCCh1q3QDjOk99HTMYrmiZiHq7PHA7ubS6TcCxnOOY%2FI%2BTLVrOzm9DrvekR1dK8Brg%2F3mS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8198d52bbb5ab4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET flowhot.cc/wp-content/themes/flowhot/images/no-artist.png

188.114.96.1

200 OK

32 kB

URL GET HTTPS

flowhot.cc/wp-content/themes/flowhot/images/no-artist.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-06-28

Last Seen2025-07-25

Times Seen5

Size32 kB (32241 bytes)

MD5a1d40c3876bd1460ff1e9e3858d699c7

SHA163bcf6280a4ef180605a1a6655d1915c0431e815

SHA2565d4eb3a4c0176d74096f35cce22ca631cf73173895d3315728b9817288839b57

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /wp-content/themes/flowhot/images/no-artist.png HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: image/png
content-length: 32241
cache-control: public, max-age=31536000
expires: Mon, 20 Nov 2023 10:31:45 GMT
last-modified: Tue, 17 Dec 2019 21:20:15 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ICDZ8ojrgLiq4%2FiiTRmoY4xpogFXapbzlRcosL6TalqTFa9FE5KGTYw9rEUfPJmn291gyHM3nfxjmcf1weix3%2FffXOiq%2BzjKAf01Es7%2Bd9R0%2FrFUzWEyFpTwKI6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d52f19b3b51e-OSL
alt-svc: h3=":443"; ma=86400

GET www.googletagmanager.com/gtag/js?id=UA-922266-5

142.250.74.168

200 OK

69 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=UA-922266-5

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (4179)

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size69 kB (69247 bytes)

MD5d70bdacefbea56849c31f3bf2af7aee9

SHA14c132705601ed07b14a8b2daaa2e7af3dae5333a

SHA25607cf7834f2ab8c292512d4e0a63bc159e68513826cd3d6b3a11053cd60885586

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89

ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

HTTP Headers

GET /gtag/js?id=UA-922266-5 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 10:31:45 GMT
expires: Sat, 21 Oct 2023 10:31:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 21 Oct 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL HTTP

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-10-20

Last Seen2023-10-21

Times Seen1414

Size472 B (472 bytes)

MD5edee579ed690af70dfe56ee7f921cc3a

SHA14c8dea9ad77fddae9d0e69e4260d2665bbbfef27

SHA25615fcc8b37f107b369da54988225e0f8a4ee3c0813ca9a9153b7327fb8fa34ff4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 10:31:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.googletagmanager.com/gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (5788)

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size81 kB (81215 bytes)

MD51ff9285a3a9b1d7c0263be5853afddbd

SHA14f486f1d354d4693abed76cba718ef57bf5b9f61

SHA25684e5a2d9686a4800c3c50b130536e08487051a56d145a656bede154961540c6c

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89

ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

HTTP Headers

GET /gtag/js?id=G-Z7TJ1ZBHKC&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Oct 2023 10:31:46 GMT
expires: Sat, 21 Oct 2023 10:31:46 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js

192.243.61.225

200 OK

14 kB

URL GET HTTPS

finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js

IP / ASN

192.243.61.225

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (40549), with no line terminators

First Seen2023-10-18

Last Seen2023-10-21

Times Seen2

Size14 kB (14473 bytes)

MD55a5088da385523d8e33fba41b554be0e

SHA117168f9918ae98791be04fb26a1a48b10f6ba0d9

SHA2560ba963bbfc918609b70cda0ef4827c02074270d5d2a9ad4258df6aa58a8c9b17

Certificate Info

IssuerLet's Encrypt

Subjectfinallytrained.com

Fingerprint4B:C8:B1:48:B5:11:C2:20:A9:58:B9:49:F1:CE:6F:14:F1:9B:72:C0

ValidityTue, 05 Sep 2023 00:52:30 GMT - Mon, 04 Dec 2023 00:52:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /06/33/56/0633569b5e7b7ced877cf02d43663712.js HTTP/1.1
Host: finallytrained.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 10:31:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eac0dddb8041e75e6de4858e41eb0aa2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET ito-gamy.flowhot.cc/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.96.1

200 OK

1.1 kB

URL GET HTTPS

ito-gamy.flowhot.cc/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typegzip compressed data, from Unix\012- data

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size1.1 kB (1126 bytes)

MD5c61437234aac8b2191d5b64f5444d84b

SHA154ca3dbb3a29f13ece7620d3aed6491cd5e597ad

SHA2564f92a7bb020637c7451857706a92b8262d0c88a023e6b21a50a777004dce9fb2

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ito-gamy.flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: application/javascript
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
etag: W/"652d1f47-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j12IJNalQwspxLj0n7%2F0%2BjO4Dd3%2FHokD3n93JPx3%2Fy01PLmuswt3gXaogwFvx3MNo59Mc327bzVoKgy7K8ov3qWZDG8pZPgQf6pwgZQRe67PvV42CyACagPKtw%2FiFHTpEb90kR8M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d52ee99ab51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 23 Oct 2023 10:31:45 GMT
cache-control: max-age=172800, public
content-encoding: gzip

GET ito-gamy.flowhot.cc/cdn-cgi/apps/head/hWKZRCl_p5W3AeulawGLi1ghRvM.js

188.114.96.1

200 OK

2.1 kB

URL GET HTTPS

ito-gamy.flowhot.cc/cdn-cgi/apps/head/hWKZRCl_p5W3AeulawGLi1ghRvM.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (858)

First Seen2023-03-09

Last Seen2024-08-21

Times Seen33

Size2.1 kB (2148 bytes)

MD560f5b7288354db3bf85bdb6f0f7823e4

SHA14b3cd1fec98d9c997df4bf4f39ef9fdc796d6c67

SHA2561aa4afd6f61c0a3f4bedab7497625c81da7571c73f5e8d6b0d7984b861d79de8

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /cdn-cgi/apps/head/hWKZRCl_p5W3AeulawGLi1ghRvM.js HTTP/1.1
Host: ito-gamy.flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:46 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: oE3xR9wthc3tJvDzZtBV7cjNwOIjgmSufmxZ6Lf9B9lVsOlyQ4o9jp3MdQuUqOk5dTXSHkPY4co=
x-amz-request-id: DNEPFQ9VEA34AAW6
cache-control: public, max-age=31536000
last-modified: Wed, 11 Dec 2019 13:31:58 GMT
x-amz-version-id: ESUrlvQQwNmPgiI2n2eMDNt6te85sX_N
etag: W/"ceb291a94a4e29bc8fe20512e46d29e3"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqdzGhIDYjq5a%2B228Ae7Sln%2B7GlsHC33OhxwKaH6qCR0jBjNouiKL47Y94b%2B%2BbRmAj6zi9AaAufKJBMFs9kvKDO4oFdpmzIHgJBF79Z094G0VSsuD3fZuckLoxcnkdcLfCVl0BCj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d52ec982b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

104.18.10.207

200 OK

77 kB

URL GET HTTPS

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

IP / ASN

104.18.10.207

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data

First Seen2023-04-05

Last Seen2025-08-06

Times Seen168376

Size77 kB (77160 bytes)

MD5af7ae505a9eed503f8b8e6982036873e

SHA1d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA2562adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

HTTP Headers

GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:47 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 06/15/2023 15:40:53
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 1a745a96e48a052ad5000228ce098ef3
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8198d53c6d8eb512-OSL
alt-svc: h3=":443"; ma=86400

GET postureunlikeagile.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js

192.243.59.20

200 OK

29 kB

URL GET HTTPS

postureunlikeagile.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size29 kB (28780 bytes)

MD56e8505175f379804c9c4d1d7794da02f

SHA1b3e558bc413384bc65b72702f1b3267a3b990b90

SHA2566a448a69d03709e9aecf5669c60d9a541d60acff28b6b3bea5203bc91a6d09d4

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2814-3-new=0; expires=Wed, 25 Oct 2023 10:31:48 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5c1338de20a5f7e95de10012a264dd27
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET ito-gamy.flowhot.cc/dectector.js

188.114.96.1

404 Not Found

4.3 kB

URL GET HTTPS

ito-gamy.flowhot.cc/dectector.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators

First Seen2023-04-19

Last Seen2024-08-21

Times Seen19

Size4.3 kB (4302 bytes)

MD5e00762520e4ab4b33624eaa8ad271f53

SHA17a41deabed370ebe3a80f9bca5f7394693495b8a

SHA256c36d24216ab2a409590f390838c3950da222f30e6ce7399f009a66446de4e3f2

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /dectector.js HTTP/1.1
Host: ito-gamy.flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: _ga_Z7TJ1ZBHKC=GS1.1.1697884307.1.0.1697884307.0.0.0; _ga=GA1.1.1223841874.1697884307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sat, 21 Oct 2023 10:31:47 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HcvPSSnfaABQMrrk%2FOIr0dd0i4uh0NHMWgkYBoqXo2U%2B0%2FPfHOrJ0eOcrFf9bbpjzsDg%2BvlEiTaMLkZMnA2z78R8KSJq095nJEvTnL7K7jH7%2BbZ8FTK1yMkG%2BE9JbqauE8TH1h8h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d53b6a2bb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET friendshipmale.com/sfp.js

104.21.234.92

200 OK

27 kB

URL GET HTTPS

friendshipmale.com/sfp.js

IP / ASN

104.21.234.92

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (65529), with no line terminators

First Seen2023-08-25

Last Seen2023-11-23

Times Seen6642

Size27 kB (27093 bytes)

MD52d0450888479d4ddda305bd96206b240

SHA15b4595aab1cd3f854718e05db9be0c65a12ab2f6

SHA25644de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37

ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:48 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 787ce20de4c97a4bddfb20953e2ae730
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: STALE
age: 0
last-modified: Sat, 21 Oct 2023 10:31:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=clNvhJjc4ERphmcyXjG3Kn5ocdJ7rIZcYFplzwn8g%2FVcOLmV8DJ0LHLRYSdA1Fw7HHTYEPrP6vTvMm1mU35YtnZhhMUacGYf5Bq%2B3ufuuAcVeOWbmrIAkKUMiziiVtZJcTjmQkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d540f9f7638f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET braceletdistraughtpoll.com/pixel/purst?dl=0&th=0&sc=0&rs=3479&rd=3479&fd=846&bv=22.10.v.10&tmpl=136

173.233.137.44

200 OK

0 B

URL GET HTTPS

braceletdistraughtpoll.com/pixel/purst?dl=0&th=0&sc=0&rs=3479&rd=3479&fd=846&bv=22.10.v.10&tmpl=136

IP / ASN

173.233.137.44

#7979 SERVERS-COM

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691015

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectbraceletdistraughtpoll.com

FingerprintCF:2F:4E:E5:4D:6A:DC:4E:2A:EE:4A:6D:40:59:00:A3:63:B0:8C:00

ValidityTue, 10 Oct 2023 08:34:07 GMT - Mon, 08 Jan 2024 08:34:06 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3479&rd=3479&fd=846&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: braceletdistraughtpoll.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 10:31:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET notix.io/ent/current/enot.min.js

139.45.240.92

200 OK

45 kB

URL GET HTTPS

notix.io/ent/current/enot.min.js

IP / ASN

139.45.240.92

#9002 RETN Limited

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2023-10-18

Last Seen2023-10-23

Times Seen67

Size45 kB (45277 bytes)

MD568384dc7ca44f5f78c3dbd3927e14db5

SHA1b3c6068114ab6884c3054cbbb10dce192df457d4

SHA25687cf89783fc9dcfaa007676cfcf91d891d33848dbbbbb3d72cb9d8f5d164dc9e

Certificate Info

IssuerLet's Encrypt

Subjectnotix.io

Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D

ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 21 Oct 2023 10:31:40 GMT
content-type: application/javascript
last-modified: Wed, 18 Oct 2023 11:33:33 GMT
etag: W/"652fc28d-24328"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL HTTP

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-10-20

Last Seen2023-10-21

Times Seen2029

Size472 B (472 bytes)

MD5d2f53b5d45c5c1e3e0ed129981832d95

SHA156847aa5bc4806bc9b5125cf8871c1d47fdeda82

SHA256e23cb6948acde29d8e68e2d56eaa1d77d5bb0ef7eefb908854950b91cb17808e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 10:31:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.102.10

200 OK

591 B

URL GET HTTPS

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

IP / ASN

172.64.102.10

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-11

Last Seen2025-08-06

Times Seen2614

Size591 B (591 bytes)

MD59fd5bcb6103d86e317bd1eb019bcbe71

SHA16b5a52ea669dcb74946f2bed4bdd7ec985026113

SHA2560ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

Certificate Info

IssuerGoogle Trust Services LLC

Subjectcreative-bars1.com

Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87

ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27666441
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMAWQx6q%2Bu1IlP2A4EMqcTQDq6xzW%2BkQ2gB3pCYEbzArZ8oadW2P6C3AnL2Ei1Fm3iEjru9M3sVxJSdO0fqas4R7xIccTukRual2v09HDdVeZKN6vjX438OuLxknJwZC%2FKW8JU%2FdsCns"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d5470c622403-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTPS

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

IP / ASN

142.250.74.106

#15169 GOOGLE

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typegzip compressed data, max compression\012- data

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size1.2 kB (1197 bytes)

MD583c9a6baf729a97b1ab8860cb8636ef2

SHA15386221dadd6516f6e5586e523c4904dabc37335

SHA256090aa23464122ae3b0c39c0e1373908647a40b80469f9f6bf9066388a8e368fe

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C

ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 21 Oct 2023 10:31:49 GMT
date: Sat, 21 Oct 2023 10:31:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.102.10

200 OK

31 kB

URL GET HTTPS

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

IP / ASN

172.64.102.10

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (32025)

First Seen2023-03-07

Last Seen2025-08-06

Times Seen8924

Size31 kB (31115 bytes)

MD54a356126b9573eb7bd1e9a7494737410

SHA18258d046f17dd3c15a5d3984e1868b7b5d1db329

SHA25622642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Certificate Info

IssuerGoogle Trust Services LLC

Subjectcreative-bars1.com

Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87

ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27666441
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2f7dZn5%2BgULoAloqc6N0Ann18ZCRg1bbCvnZpK53R8kPin0ZgyCTQTiFWVfBnlEK5oSCFCZFMkKeaz6DL7kMUzLTHM0lmBcuQwpYlDSH8IB6oEHL0Mmh8t26aHEOYx1BnNip9dngej2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d5470c6e2403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL HTTP

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-10-20

Last Seen2023-10-21

Times Seen2029

Size472 B (472 bytes)

MD5d2f53b5d45c5c1e3e0ed129981832d95

SHA156847aa5bc4806bc9b5125cf8871c1d47fdeda82

SHA256e23cb6948acde29d8e68e2d56eaa1d77d5bb0ef7eefb908854950b91cb17808e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 10:31:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET cdn.cloudimagesb.com/si/d4/71/e8/d471e866a1924ea9dbc2f76b1a8e9f2c/1686846404.png

45.133.44.9

200 OK

14 kB

URL GET HTTPS

cdn.cloudimagesb.com/si/d4/71/e8/d471e866a1924ea9dbc2f76b1a8e9f2c/1686846404.png

IP / ASN

45.133.44.9

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-10-13

Last Seen2024-08-21

Times Seen240

Size14 kB (14409 bytes)

MD5405d4d1f26c3e6fdfa9d35458bc5b0bd

SHA1280ca8973e3979fd9502cb9d44efc1dfcfe618e6

SHA2564d56359b995a0d48393ab53da6aa232ce7c833bf8ae8ceef38d51987ad71ca66

Certificate Info

IssuerLet's Encrypt

Subjectcdn.cloudimagesb.com

Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42

ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

HTTP Headers

GET /si/d4/71/e8/d471e866a1924ea9dbc2f76b1a8e9f2c/1686846404.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: image/png
content-length: 14409
server: nginx/1.21.6
last-modified: Thu, 15 Jun 2023 16:26:53 GMT
etag: "648b3bcd-3849"
expires: Mon, 23 Oct 2023 10:31:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/si/84/17/f1/8417f103cb0d035558518bf6ba6c2e1d/1697199900.png

45.133.44.9

200 OK

25 kB

URL GET HTTPS

cdn.cloudimagesb.com/si/84/17/f1/8417f103cb0d035558518bf6ba6c2e1d/1697199900.png

IP / ASN

45.133.44.9

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typePNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-07-05

Last Seen2024-08-21

Times Seen286

Size25 kB (25270 bytes)

MD5bdc31a4330b8181ee2fb46f3c281480a

SHA13e0f3a7438a7b4d0f704a1c348d333d0887244d7

SHA256aaab7b2cfbb3770c3f6c9ac22efcf9c88f9ad4f665f607f012d075b65fd3b4df

Certificate Info

IssuerLet's Encrypt

Subjectcdn.cloudimagesb.com

Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42

ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

HTTP Headers

GET /si/84/17/f1/8417f103cb0d035558518bf6ba6c2e1d/1697199900.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: image/png
content-length: 25270
server: nginx/1.21.6
last-modified: Fri, 13 Oct 2023 12:25:09 GMT
etag: "65293725-62b6"
expires: Mon, 23 Oct 2023 10:31:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET postureunlikeagile.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=319

192.243.59.20

200 OK

0 B

URL GET HTTPS

postureunlikeagile.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=319

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691015

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=319 HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0633569b5e7b7ced877cf02d43663712=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET unseenreport.com/pxf.gif?uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10

192.243.59.20

200 OK

1 B

URL GET HTTPS

unseenreport.com/pxf.gif?uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typevery short file (no magic)

First Seen2023-04-05

Last Seen2025-07-31

Times Seen25187

Size1 B (1 bytes)

MD593b885adfe0da089cdf634904fd59f71

SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Certificate Info

IssuerLet's Encrypt

Subject*.unseenreport.com

FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A

ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef1e73c1f963f866ca6eae3785a637bf
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10

192.243.59.20

200 OK

1 B

URL GET HTTPS

unseenreport.com/pxf.gif?uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typevery short file (no magic)

First Seen2023-04-05

Last Seen2025-07-31

Times Seen25187

Size1 B (1 bytes)

MD593b885adfe0da089cdf634904fd59f71

SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Certificate Info

IssuerLet's Encrypt

Subject*.unseenreport.com

FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A

ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 43938ee84b3b49b38775b759f6170a51
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.102.10

200 OK

5.3 kB

URL GET HTTPS

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

IP / ASN

172.64.102.10

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text

First Seen2023-04-05

Last Seen2025-08-06

Times Seen2504

Size5.3 kB (5318 bytes)

MD5e1d8acd5ee9d1a90ea09313cbd8f2b02

SHA18a8327b115d1356715e63270d1ce6d46124c7b1a

SHA2563028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

Certificate Info

IssuerGoogle Trust Services LLC

Subjectcreative-bars1.com

Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87

ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dV%2B5WZ7ybjrdNqhjPY7WEPQgAQRtFunP59%2F1YEg2Q6T2fq4a1Gmp8dzhRrIIuYRwRTI7%2FUhJXEqujKVtSmCy86MTw%2FFMBjKusRmB3UiJxRLeQ69EC8qW5TEC6fWcKDx16WrmMzu9Sh2u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d546ec4b2403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL HTTP

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-10-20

Last Seen2023-10-21

Times Seen2341

Size471 B (471 bytes)

MD5628066cdf1a30b77bc772a23a8ff3870

SHA1db13a0cbc465a3543da9c2fa12be99649ec67274

SHA2564c3f013bdb9bacd3c7ba7338562acb03f47db1ad9e7a4af61e2159c001d79201

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Oct 2023 10:31:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.102.10

200 OK

16 kB

URL GET HTTPS

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

IP / ASN

172.64.102.10

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text

First Seen2023-04-05

Last Seen2025-08-06

Times Seen448

Size16 kB (16198 bytes)

MD589918681df9f363bb293cb027c2f1113

SHA1cf7dca97b09ed3d03e821b407286539519a9f037

SHA2566648e7501f858c8ffaf2b35736dbd37f2d22afb2c781ee552d7c113d77413b9e

Certificate Info

IssuerGoogle Trust Services LLC

Subjectcreative-bars1.com

Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87

ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:50 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i0wJ29vOuVBneKIp8Zc%2FPHX0izwCMpCLny1AnKFHINOTommJD5bnJGPfbhLicD1%2B1G9bcnirWG0wonv6iirF2xnufYgyz2DYBejQkoWC6SN%2FpUBWNkI%2FK1YZEdMJStfp219uxy%2BZsYFe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d5480dab2403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTPS

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

IP / ASN

142.250.74.3

#15169 GOOGLE

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data

First Seen2023-04-05

Last Seen2025-08-06

Times Seen151765

Size16 kB (15744 bytes)

MD515d9f621c3bd1599f0169dcf0bd5e63e

SHA17ca9c5967f3bb8bffeab24b639b49c1e7d03fa52

SHA256f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33

ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 02:00:44 GMT
expires: Sat, 19 Oct 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 117066
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET postureunlikeagile.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8cRRydDa5AIPEhJMTXFaAECZ%2F3675IERGCowgThxgEHczOzJ4Hz%2B6sZnZvz1dZREAkmkPiD1i%2Fs2MgVgQdDR8601mK5KO6AhdIVDSgiNCisy0sfs3v95v3ijfv%2FT7ZLA6Ji4JOF9%2FUA6kUXWjU3dq59zzvfG1JpkW%2F1m8332%2BG52um94rnduruS7XLgq3pBd%2F1XNdzvdqiNCLW%2FQXP8%2BouZLbb8eodtx76da8Rom%2F%2Bv9vCgaUOeO%2BQPAbJJw%2Fu3gkh2Rhp8s0lYddynb38elIommuDHt95J11LdZkiOR1j4yBOd07Y0PZg8QfodPtIMHTvP2IkJ8T5%2FTdE6c6JSkS97WOhkYJIEfGHUPbGEGoMScdg%2BgYkPyAA47i6jDS5dVWbkq4fo3SGTsjc%2FXuQ5YTM%2FfoE0uTORSX7tRWtilzq1KIfV5D9MWR3jKzYQz44A1nugeUfQfK7ZOH%2BEtJka9kqDcmnLzRFJDzWbs6LFvXmQ58F8x0%2FYPMB7zDf7fiNsC2OHJJyDBmPocQQ1J5BYR0U0kEROygyBwmf1losbLd5u8GpYMyPYq8dh3HYocyNmRt0fBRs9och8mwIpoZgZgOZ2cCaHMIUP8GuVrDcgc0JerxCKQhKS1BSglISlDlB2au2ubK%2BrW5xZYvIO%2Bn%2BSQ%2Bqkc67m3Rb512Rks3skDw6M84596KHNTGtuc0gaDQ7UUO0ohYTvN1qsdj1eRg0m0HL82FlBWnPgFoHAzkhZ5%2BZQyYPHk8R0T1YtQcmHdDiWdBy1PJd0NVR2HYxSG%2FTQSaUtHWmE3BdIcvnkK87m%2BqQPHWU3uVzT0Ow%2FQt%2Fr%2Fxzd%2Frkp2CmQmYqfCh%2FJuiqm6PruiRb13VpybfLWS4TOaCzZFdymou5r98Q66U2%2FMolO%2FzqVTYDZuPu28LmSzTlMu1acvui5FyYRW2YIN9fse%2BK6FphVy8WJi2ypWuvLV5JMiOslTodg8oJIaN7YHJCHv7sg6OrPRs%2FAmnGMEWFpNgnJwWp98CyDdhs%2F8Jfz3331h8fPw%2BrCYw65USZg7KoRsaPTh%2BVJFDidKdRBStOTYjE%2Fo9%2FHmOb9ia6xgHNbyBNKvRMhZ6qQNUQtnhglGdm%2F8IvwVEhUs4oUsbZipRRnx%2Bba%2BW0xpgrqBe1PCG4aASMhU3WjppxELZEu8EbyO1EBF9%2B8S8AAAD%2F%2FwEAAP%2F%2F7VQksoIEAAA%3D

192.243.59.20

200 OK

7 B

URL GET HTTPS

postureunlikeagile.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8cRRydDa5AIPEhJMTXFaAECZ%2F3675IERGCowgThxgEHczOzJ4Hz%2B6sZnZvz1dZREAkmkPiD1i%2Fs2MgVgQdDR8601mK5KO6AhdIVDSgiNCisy0sfs3v95v3ijfv%2FT7ZLA6Ji4JOF9%2FUA6kUXWjU3dq59zzvfG1JpkW%2F1m8332%2BG52um94rnduruS7XLgq3pBd%2F1XNdzvdqiNCLW%2FQXP8%2BouZLbb8eodtx76da8Rom%2F%2Bv9vCgaUOeO%2BQPAbJJw%2Fu3gkh2Rhp8s0lYddynb38elIommuDHt95J11LdZkiOR1j4yBOd07Y0PZg8QfodPtIMHTvP2IkJ8T5%2FTdE6c6JSkS97WOhkYJIEfGHUPbGEGoMScdg%2BgYkPyAA47i6jDS5dVWbkq4fo3SGTsjc%2FXuQ5YTM%2FfoE0uTORSX7tRWtilzq1KIfV5D9MWR3jKzYQz44A1nugeUfQfK7ZOH%2BEtJka9kqDcmnLzRFJDzWbs6LFvXmQ58F8x0%2FYPMB7zDf7fiNsC2OHJJyDBmPocQQ1J5BYR0U0kEROygyBwmf1losbLd5u8GpYMyPYq8dh3HYocyNmRt0fBRs9och8mwIpoZgZgOZ2cCaHMIUP8GuVrDcgc0JerxCKQhKS1BSglISlDlB2au2ubK%2BrW5xZYvIO%2Bn%2BSQ%2Bqkc67m3Rb512Rks3skDw6M84596KHNTGtuc0gaDQ7UUO0ohYTvN1qsdj1eRg0m0HL82FlBWnPgFoHAzkhZ5%2BZQyYPHk8R0T1YtQcmHdDiWdBy1PJd0NVR2HYxSG%2FTQSaUtHWmE3BdIcvnkK87m%2BqQPHWU3uVzT0Ow%2FQt%2Fr%2Fxzd%2Frkp2CmQmYqfCh%2FJuiqm6PruiRb13VpybfLWS4TOaCzZFdymou5r98Q66U2%2FMolO%2FzqVTYDZuPu28LmSzTlMu1acvui5FyYRW2YIN9fse%2BK6FphVy8WJi2ypWuvLV5JMiOslTodg8oJIaN7YHJCHv7sg6OrPRs%2FAmnGMEWFpNgnJwWp98CyDdhs%2F8Jfz3331h8fPw%2BrCYw65USZg7KoRsaPTh%2BVJFDidKdRBStOTYjE%2Fo9%2FHmOb9ia6xgHNbyBNKvRMhZ6qQNUQtnhglGdm%2F8IvwVEhUs4oUsbZipRRnx%2Bba%2BW0xpgrqBe1PCG4aASMhU3WjppxELZEu8EbyO1EBF9%2B8S8AAAD%2F%2FwEAAP%2F%2F7VQksoIEAAA%3D

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-04-05

Last Seen2025-08-02

Times Seen19107

Size7 B (7 bytes)

MD5132d6af1b46048b45cf86cdee7991d31

SHA1eb7007d03d59b65bc6da7e098c4d38fc6dfb6285

SHA256ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSvW8cRRydDa5AIPEhJMTXFaAECZ%2F3675IERGCowgThxgEHczOzJ4Hz%2B6sZnZvz1dZREAkmkPiD1i%2Fs2MgVgQdDR8601mK5KO6AhdIVDSgiNCisy0sfs3v95v3ijfv%2FT7ZLA6Ji4JOF9%2FUA6kUXWjU3dq59zzvfG1JpkW%2F1m8332%2BG52um94rnduruS7XLgq3pBd%2F1XNdzvdqiNCLW%2FQXP8%2BouZLbb8eodtx76da8Rom%2F%2Bv9vCgaUOeO%2BQPAbJJw%2Fu3gkh2Rhp8s0lYddynb38elIommuDHt95J11LdZkiOR1j4yBOd07Y0PZg8QfodPtIMHTvP2IkJ8T5%2FTdE6c6JSkS97WOhkYJIEfGHUPbGEGoMScdg%2BgYkPyAA47i6jDS5dVWbkq4fo3SGTsjc%2FXuQ5YTM%2FfoE0uTORSX7tRWtilzq1KIfV5D9MWR3jKzYQz44A1nugeUfQfK7ZOH%2BEtJka9kqDcmnLzRFJDzWbs6LFvXmQ58F8x0%2FYPMB7zDf7fiNsC2OHJJyDBmPocQQ1J5BYR0U0kEROygyBwmf1losbLd5u8GpYMyPYq8dh3HYocyNmRt0fBRs9och8mwIpoZgZgOZ2cCaHMIUP8GuVrDcgc0JerxCKQhKS1BSglISlDlB2au2ubK%2BrW5xZYvIO%2Bn%2BSQ%2Bqkc67m3Rb512Rks3skDw6M84596KHNTGtuc0gaDQ7UUO0ohYTvN1qsdj1eRg0m0HL82FlBWnPgFoHAzkhZ5%2BZQyYPHk8R0T1YtQcmHdDiWdBy1PJd0NVR2HYxSG%2FTQSaUtHWmE3BdIcvnkK87m%2BqQPHWU3uVzT0Ow%2FQt%2Fr%2Fxzd%2Frkp2CmQmYqfCh%2FJuiqm6PruiRb13VpybfLWS4TOaCzZFdymou5r98Q66U2%2FMolO%2FzqVTYDZuPu28LmSzTlMu1acvui5FyYRW2YIN9fse%2BK6FphVy8WJi2ypWuvLV5JMiOslTodg8oJIaN7YHJCHv7sg6OrPRs%2FAmnGMEWFpNgnJwWp98CyDdhs%2F8Jfz3331h8fPw%2BrCYw65USZg7KoRsaPTh%2BVJFDidKdRBStOTYjE%2Fo9%2FHmOb9ia6xgHNbyBNKvRMhZ6qQNUQtnhglGdm%2F8IvwVEhUs4oUsbZipRRnx%2Bba%2BW0xpgrqBe1PCG4aASMhU3WjppxELZEu8EbyO1EBF9%2B8S8AAAD%2F%2FwEAAP%2F%2F7VQksoIEAAA%3D HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0633569b5e7b7ced877cf02d43663712=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:50 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6c9c66ccdfeea3135121cb26ed570571
Strict-Transport-Security: max-age=0; includeSubdomains

GET postureunlikeagile.com/pixel/sbs?c=1

192.243.61.225

200 OK

0 B

URL GET HTTPS

postureunlikeagile.com/pixel/sbs?c=1

IP / ASN

192.243.61.225

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691015

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0633569b5e7b7ced877cf02d43663712=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 10:31:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET flowhot.cc/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2

188.114.96.1

200 OK

16 kB

URL GET HTTPS

flowhot.cc/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (53449)

First Seen2023-08-08

Last Seen2025-08-06

Times Seen13406

Size16 kB (15622 bytes)

MD503c0f2128c8dd615b1691c168f1d4456

SHA1defa44bed1f35ec899cfd358ca911390bca53e67

SHA25667447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.3.2 HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Sun, 12 Nov 2023 05:45:20 GMT
last-modified: Wed, 09 Aug 2023 12:53:25 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 708385
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpAGTT3Ct%2BGK8h%2FigcrnSsQRl8V95AvvRmCuujpAeNzs7Jc6tutzLJK4vwIuOCotc%2Byci8saSMzScXsJ3bsaP8thINrrZdSHmdcXfov2VCJ%2BYNYmdBFYAKd%2F%2BRhe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8198d52f19afb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET postureunlikeagile.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F48%2F48%2Feb%2F4848ebd6f7295875a5d388ec2488aba3%2F1648542421.html&l=1538&fd=338

192.243.59.20

200 OK

0 B

URL GET HTTPS

postureunlikeagile.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F48%2F48%2Feb%2F4848ebd6f7295875a5d388ec2488aba3%2F1648542421.html&l=1538&fd=338

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691015

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F48%2F48%2Feb%2F4848ebd6f7295875a5d388ec2488aba3%2F1648542421.html&l=1538&fd=338 HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0633569b5e7b7ced877cf02d43663712=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTPS

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

IP / ASN

142.250.74.3

#15169 GOOGLE

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data

First Seen2023-04-05

Last Seen2025-08-06

Times Seen85202

Size16 kB (15860 bytes)

MD5e9f5aaf547f165386cd313b995dddd8e

SHA1acdef5603c2387b0e5bffd744b679a24a8bc1968

SHA256f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33

ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 10:05:24 GMT
expires: Sat, 19 Oct 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 87986
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET postureunlikeagile.com/sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e%3A2%3A1

192.243.61.225

200 OK

6.3 kB

URL GET HTTPS

postureunlikeagile.com/sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e%3A2%3A1

IP / ASN

192.243.61.225

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (6413), with no line terminators

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size6.3 kB (6330 bytes)

MD58357b20a6a4afbbe5daf4bbfb454bbdc

SHA1e30b19725857a3d1f3d5ec1398aae76324963b24

SHA2566b572a9f912c88c8275ed05dd67270071f87891a7e2ce555d6232c051408c10f

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=6ebe1c86-e7a1-42c3-923c-3d9c2092548e%3A2%3A1 HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 21 Oct 2023 10:31:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ito-gamy.flowhot.cc
Access-Control-Allow-Origin: https://ito-gamy.flowhot.cc
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19408177; expires=Sun, 22 Oct 2023 10:31:48 GMT; secure; SameSite=None
uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; expires=Sat, 28 Oct 2023 10:31:48 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 22 Oct 2023 10:31:48 GMT; secure; SameSite=None
uncs=1; expires=Sun, 22 Oct 2023 10:31:48 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 22 Oct 2023 10:31:48 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 22 Oct 2023 10:31:48 GMT; secure; SameSite=None
slec0633569b5e7b7ced877cf02d43663712=[4663323]; expires=Sat, 21 Oct 2023 10:31:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5c6bf3e049341d9254ab245b429f568d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET ito-gamy.flowhot.cc/favicon.ico

188.114.96.1

404 Not Found

1.3 kB

URL GET HTTPS

ito-gamy.flowhot.cc/favicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1336), with no line terminators

First Seen2023-04-17

Last Seen2023-12-10

Times Seen24

Size1.3 kB (1297 bytes)

MD5f524e65bd054ef4645f2613feecd62ba

SHA18f40c58021af38e48ca8cf873f8fc33016b8191f

SHA256519829523d799cdcf97fc3e589c7b8c0d21316df097951cf4108b95ff0a037cc

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ito-gamy.flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: _ga_Z7TJ1ZBHKC=GS1.1.1697884307.1.0.1697884307.0.0.0; _ga=GA1.1.1223841874.1697884307
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 21 Oct 2023 10:31:47 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6D6YTPiHzDfBVps2r1ymD5KVNwpS4CaD1BRzRXB7LuHWpZ3r389OZr7JNu5ETDylYlnl4yrbHL%2BTb072zGdF5U8BAtLPkyDLYV9PbiD8KlOiXX7u1yGUJBAeuGh94d3BkGJfF6tB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d53ad9cfb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET professionalswebcheck.com/stats

35.157.63.144

200 OK

40 B

URL GET HTTPS

professionalswebcheck.com/stats

IP / ASN

35.157.63.144

#16509 AMAZON-02

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size40 B (40 bytes)

MD54ff936ccfe96b0d929bbd09bda794b2d

SHA15d9a9d6bae337df43f8342603e8637e9e909c37a

SHA256a6cf74c1f0efcd4e1ac12e1fac216346c1d526639f5095fd1e7058abdd782b95

Certificate Info

IssuerAmazon

Subjectprofessionalswebcheck.com

Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C

ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:47 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ito-gamy.flowhot.cc
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; expires=Tue, 18 Oct 2033 10:31:47 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET postureunlikeagile.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8cRRydDa5AIPEhJMTXFaAECZ%2F36z6WFBEhOIowSUhA0MHszOxl8OzOamb39nKVRQREojkk%2FoD1OzsGYkXQ0fChM52lSD6qK3CBREUDiggtOtvC4tf8fr95r3jz3u%2BT9XKfuCjpbPlNPZRK0aVW022ces%2FzTjdWZFYOGoNu%2B%2F12eLph%2Bq94btR0X2qcF2xVL%2Fmu57qe6zWWpRGJHix5ntd0IfPtyGtGbjP0m14rxMD8f7elA0sd8P4%2BeQySTx%2FcvhNCsgmy9Jtzwq4WOn%2F59bRUtNAGfb71Traa6SpDejwmxkGSbR2xoe3e8g%2FQ2eaBYOj%2Bf8RYTonz%2B2%2BIs60jlYj7m4dCYwWRIeYPoepPINQEkk7A9A1IvkcAxnHxErL01kVtKnr9EKVzdEoW7t%2BDrKZk4dcnkKV3zio5aFzVqiykziwGSQ05mED2JsjLHRTDE5DVDljxESS%2FS5buryBLNy5ZpSH57IW2iIXHuu1F0aHeYuizYDHyA7YY8Ij5buS3wq44cEjKCWQygRIjUHsCpXVQSgdl4qDMHaR81uiwsNvl3RangjE%2FTrxuEiZhRJmbMDeIfJRs%2FocRinwEpkZgZg25WcOqHMGUP8Feq2G5A1sQ9HmNShBUlqCiBJUkqAqCql9vcmV9W9%2Fiypaxd9T9ox7UY1301ummLnoiI%2Bv5Pnl0bpxz6kUPq2LWcNtB0GpHcUt04g4TvNvpsMT1eRi020HH82FlDWlPgFoHQzklJ59ZQC73Hs8Q0x1YtQMmHdDyWdBq3PFd0GvjsOtimN2mw1woaZtMp%2BC6Rl4soLjurKt98tRBeudPPQ3Bds%2F8ffWfu7MnPwUzNXJT40P5M0FP3Rxf0RXZuKIrS769lBcylUM6T%2FZqQQux8PUb4nqlDb9wzo6%2BepXNgfm4%2FbawxQrNuMx6ltw%2BKzkXZlkbJsj3F%2By7Ir5c2mtnS5OV%2Bcrl15YvpLkR1kqdTUDllJDxPTA5JQ9%2F9sHB1Z5MHoE0E5iyRlrukqOC1Dtg%2BRpsvnvmr%2Be%2Be%2BuPj5%2BH1QRGHXPi3EFV1mPjx8ePShIocbzTuIYVxybEYvfHPw%2BxdXsTPeOAFjeQpTX6pkZf1aBqBFs%2BMC5ys3vml%2BCgECtnHCvjbMTKqM8PzbVy1hAd0Y6i0A073HXjkPu%2B1xKMBiGNqO8nHRR2KoIvv%2FgXAAD%2F%2FwEAAP%2F%2FEnOMooIEAAA%3D

192.243.59.20

200 OK

0 B

URL GET HTTPS

postureunlikeagile.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8cRRydDa5AIPEhJMTXFaAECZ%2F36z6WFBEhOIowSUhA0MHszOxl8OzOamb39nKVRQREojkk%2FoD1OzsGYkXQ0fChM52lSD6qK3CBREUDiggtOtvC4tf8fr95r3jz3u%2BT9XKfuCjpbPlNPZRK0aVW022ces%2FzTjdWZFYOGoNu%2B%2F12eLph%2Bq94btR0X2qcF2xVL%2Fmu57qe6zWWpRGJHix5ntd0IfPtyGtGbjP0m14rxMD8f7elA0sd8P4%2BeQySTx%2FcvhNCsgmy9Jtzwq4WOn%2F59bRUtNAGfb71Traa6SpDejwmxkGSbR2xoe3e8g%2FQ2eaBYOj%2Bf8RYTonz%2B2%2BIs60jlYj7m4dCYwWRIeYPoepPINQEkk7A9A1IvkcAxnHxErL01kVtKnr9EKVzdEoW7t%2BDrKZk4dcnkKV3zio5aFzVqiykziwGSQ05mED2JsjLHRTDE5DVDljxESS%2FS5buryBLNy5ZpSH57IW2iIXHuu1F0aHeYuizYDHyA7YY8Ij5buS3wq44cEjKCWQygRIjUHsCpXVQSgdl4qDMHaR81uiwsNvl3RangjE%2FTrxuEiZhRJmbMDeIfJRs%2FocRinwEpkZgZg25WcOqHMGUP8Feq2G5A1sQ9HmNShBUlqCiBJUkqAqCql9vcmV9W9%2Fiypaxd9T9ox7UY1301ummLnoiI%2Bv5Pnl0bpxz6kUPq2LWcNtB0GpHcUt04g4TvNvpsMT1eRi020HH82FlDWlPgFoHQzklJ59ZQC73Hs8Q0x1YtQMmHdDyWdBq3PFd0GvjsOtimN2mw1woaZtMp%2BC6Rl4soLjurKt98tRBeudPPQ3Bds%2F8ffWfu7MnPwUzNXJT40P5M0FP3Rxf0RXZuKIrS769lBcylUM6T%2FZqQQux8PUb4nqlDb9wzo6%2BepXNgfm4%2FbawxQrNuMx6ltw%2BKzkXZlkbJsj3F%2By7Ir5c2mtnS5OV%2Bcrl15YvpLkR1kqdTUDllJDxPTA5JQ9%2F9sHB1Z5MHoE0E5iyRlrukqOC1Dtg%2BRpsvnvmr%2Be%2Be%2BuPj5%2BH1QRGHXPi3EFV1mPjx8ePShIocbzTuIYVxybEYvfHPw%2BxdXsTPeOAFjeQpTX6pkZf1aBqBFs%2BMC5ys3vml%2BCgECtnHCvjbMTKqM8PzbVy1hAd0Y6i0A073HXjkPu%2B1xKMBiGNqO8nHRR2KoIvv%2FgXAAD%2F%2FwEAAP%2F%2FEnOMooIEAAA%3D

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691015

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpostureunlikeagile.com

Fingerprint2D:C2:0C:06:71:E2:4C:42:4A:BE:A1:54:93:05:12:F7:F6:FE:36:DD

ValidityTue, 10 Oct 2023 08:42:14 GMT - Mon, 08 Jan 2024 08:42:13 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8cRRydDa5AIPEhJMTXFaAECZ%2F36z6WFBEhOIowSUhA0MHszOxl8OzOamb39nKVRQREojkk%2FoD1OzsGYkXQ0fChM52lSD6qK3CBREUDiggtOtvC4tf8fr95r3jz3u%2BT9XKfuCjpbPlNPZRK0aVW022ces%2FzTjdWZFYOGoNu%2B%2F12eLph%2Bq94btR0X2qcF2xVL%2Fmu57qe6zWWpRGJHix5ntd0IfPtyGtGbjP0m14rxMD8f7elA0sd8P4%2BeQySTx%2FcvhNCsgmy9Jtzwq4WOn%2F59bRUtNAGfb71Traa6SpDejwmxkGSbR2xoe3e8g%2FQ2eaBYOj%2Bf8RYTonz%2B2%2BIs60jlYj7m4dCYwWRIeYPoepPINQEkk7A9A1IvkcAxnHxErL01kVtKnr9EKVzdEoW7t%2BDrKZk4dcnkKV3zio5aFzVqiykziwGSQ05mED2JsjLHRTDE5DVDljxESS%2FS5buryBLNy5ZpSH57IW2iIXHuu1F0aHeYuizYDHyA7YY8Ij5buS3wq44cEjKCWQygRIjUHsCpXVQSgdl4qDMHaR81uiwsNvl3RangjE%2FTrxuEiZhRJmbMDeIfJRs%2FocRinwEpkZgZg25WcOqHMGUP8Feq2G5A1sQ9HmNShBUlqCiBJUkqAqCql9vcmV9W9%2Fiypaxd9T9ox7UY1301ummLnoiI%2Bv5Pnl0bpxz6kUPq2LWcNtB0GpHcUt04g4TvNvpsMT1eRi020HH82FlDWlPgFoHQzklJ59ZQC73Hs8Q0x1YtQMmHdDyWdBq3PFd0GvjsOtimN2mw1woaZtMp%2BC6Rl4soLjurKt98tRBeudPPQ3Bds%2F8ffWfu7MnPwUzNXJT40P5M0FP3Rxf0RXZuKIrS769lBcylUM6T%2FZqQQux8PUb4nqlDb9wzo6%2BepXNgfm4%2FbawxQrNuMx6ltw%2BKzkXZlkbJsj3F%2By7Ir5c2mtnS5OV%2Bcrl15YvpLkR1kqdTUDllJDxPTA5JQ9%2F9sHB1Z5MHoE0E5iyRlrukqOC1Dtg%2BRpsvnvmr%2Be%2Be%2BuPj5%2BH1QRGHXPi3EFV1mPjx8ePShIocbzTuIYVxybEYvfHPw%2BxdXsTPeOAFjeQpTX6pkZf1aBqBFs%2BMC5ys3vml%2BCgECtnHCvjbMTKqM8PzbVy1hAd0Y6i0A073HXjkPu%2B1xKMBiGNqO8nHRR2KoIvv%2FgXAAD%2F%2FwEAAP%2F%2FEnOMooIEAAA%3D HTTP/1.1
Host: postureunlikeagile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: u_pl=19408177; uid_id2=6ebe1c86-e7a1-42c3-923c-3d9c2092548e:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0633569b5e7b7ced877cf02d43663712=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 21 Oct 2023 10:31:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ebb8398d50fae96d85d1f0026ee9456c
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.102.10

200 OK

4.2 kB

URL GET HTTPS

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

IP / ASN

172.64.102.10

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (4404), with no line terminators

First Seen2023-04-05

Last Seen2024-08-21

Times Seen591

Size4.2 kB (4168 bytes)

MD568b1992666e9738c9fe476446c9554c6

SHA17ed918e75115fd3be8bd1df1f6106d3f53129c78

SHA256c3ca1c3bc15dfab20c6c3733049214afc18b2deaba8d9685c57cc3f238b687d8

Certificate Info

IssuerGoogle Trust Services LLC

Subjectcreative-bars1.com

Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87

ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dy%2FW8uOTUUFPqAB4kEyLsqdOseT8i%2BsfT4e28UtA5RCWcn9XJP6viGRkHEogIpfT7Ytzys%2FB1iliKKZUGydiXlVLnCpQMdAFBEpelDP6sI4odNxuCOCjQ1ZNrkX6nycGHuSNptVnxJNm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8198d5470c602403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ito-gamy.flowhot.cc/wp-content/themes/flowhot/views.php?id=

188.114.96.1

404 Not Found

1.2 kB

URL GET HTTPS

ito-gamy.flowhot.cc/wp-content/themes/flowhot/views.php?id=

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1276), with no line terminators

First Seen2023-04-05

Last Seen2025-04-06

Times Seen23462

Size1.2 kB (1238 bytes)

MD524b426fea67958554911ff4c943fdfe4

SHA1b92889146d4c1bbddccabe58ca15c814ea066f72

SHA256335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /wp-content/themes/flowhot/views.php?id= HTTP/1.1
Host: ito-gamy.flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Cookie: _ga_Z7TJ1ZBHKC=GS1.1.1697884307.1.0.1697884307.0.0.0; _ga=GA1.1.1223841874.1697884307
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 21 Oct 2023 10:31:47 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W149%2FhfG1OuMqKxQMxFXjazsjMDQ3DJrAjzEHFvBLanuWVMVZq4rAP9GmaRbeNlTRfMPzwRQQaCIZ2WtTxVsHcOLzyWPD44LZUlpMo%2BFVDP6TqT5AkcfnYe3eDe6VxJMtFJu1dTd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8198d53c8af0b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.10.207

200 OK

31 kB

URL GET HTTPS

maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

IP / ASN

104.18.10.207

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (30837)

First Seen2023-04-05

Last Seen2025-08-06

Times Seen114282

Size31 kB (31000 bytes)

MD5269550530cc127b6aa5a35925a7de6ce

SHA1512c7d79033e3028a9be61b540cf1a6870c896f8

SHA256799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 05/01/2023 15:40:29
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: b9f68144baab9564a7e8739a4135280d
cdn-cache: HIT
cf-cache-status: HIT
age: 8142303
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8198d52f1ec156a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.4

200 OK

1.5 kB

URL GET HTTPS

cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

IP / ASN

45.133.44.4

#39572 DataWeb Global Group B.V.

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeHTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators

First Seen2023-04-05

Last Seen2025-03-09

Times Seen612

Size1.5 kB (1538 bytes)

MD597b357c624104a8e915d01424dfe16ce

SHA16bd7fcedfb7986b149601b1bc840f525b67a8f06

SHA2568d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

Certificate Info

IssuerLet's Encrypt

Subjectcdn.barscreative1.com

FingerprintCB:0F:87:85:B0:83:8B:5C:86:E5:81:91:9D:F5:ED:C4:A2:B6:B1:BE

ValidityTue, 12 Sep 2023 01:01:21 GMT - Mon, 11 Dec 2023 01:01:20 GMT

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ito-gamy.flowhot.cc
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Oct 2023 10:31:49 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 21 Oct 2023 11:31:49 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.4.1.js

151.101.194.137

200 OK

280 kB

URL GET HTTPS

code.jquery.com/jquery-3.4.1.js

IP / ASN

151.101.194.137

#54113 FASTLY

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text

First Seen2023-03-07

Last Seen2025-08-05

Times Seen976

Size280 kB (280364 bytes)

MD511c05eb286ed576526bf4543760785b9

SHA17faa15a054093f3b5d674e63b6567c835a6fa217

SHA2565a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.4.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-4472c"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 21 Oct 2023 10:31:45 GMT
age: 3082104
x-served-by: cache-lga21923-LGA, cache-bma1630-BMA
x-cache: HIT, HIT
x-cache-hits: 18, 32492
x-timer: S1697884306.826485,VS0,VE0
vary: Accept-Encoding
content-length: 82889
X-Firefox-Spdy: h2

GET flowhot.cc/wp-content/themes/flowhot/style.css?ver=1697884298

188.114.96.1

200 OK

20 kB

URL GET HTTPS

flowhot.cc/wp-content/themes/flowhot/style.css?ver=1697884298

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://ito-gamy.flowhot.cc/

Resource Info

File typeASCII text, with very long lines (4468)

First Seen2023-04-17

Last Seen2025-07-12

Times Seen35

Size20 kB (20304 bytes)

MD54c1717ce0a000bdbf8af2b620be2b465

SHA19398d9ac4a1f37374cc187f5a1e3d6dc69f2a208

SHA25625f469c98011ebbf04fe876c4a5732b88c74bf48dfc6b03f8fa7d68b34657404

Certificate Info

IssuerGoogle Trust Services LLC

Subjectflowhot.cc

FingerprintCD:8B:0B:C8:A6:57:11:77:4E:2E:BE:0E:93:82:51:03:F4:15:BE:C7

ValidityFri, 20 Oct 2023 08:03:26 GMT - Thu, 18 Jan 2024 08:03:25 GMT

HTTP Headers

GET /wp-content/themes/flowhot/style.css?ver=1697884298 HTTP/1.1
Host: flowhot.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ito-gamy.flowhot.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 21 Oct 2023 10:31:45 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Mon, 20 Nov 2023 10:31:45 GMT
last-modified: Fri, 19 Jun 2020 18:37:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YOHT1Ex%2BCl194OStksgieZSPC%2FPCvASX9k9icJzTvqxwFIi%2FC8ieJSX2gmMQ92uiSZQs3Jp9%2FWvew%2Br0A9qgIWu7YYG2qrtTyIedTMJXkk5GSwOoDo5xgPSza3QY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8198d52f19b0b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400