pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gg.gg/1b5m7v
Effective URL:
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Submission: On June 21 via api (June 21st 2024, 9:35:48 am UTC) from US — Scanned from DE

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 10 domains to perform 30 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.

This is the only time pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dropbox (Consumer) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 8	91.215.42.31 91.215.42.31	57724 (DDOS-GUARD) (DDOS-GUARD)
2	185.129.100.100 185.129.100.100	57724 (DDOS-GUARD) (DDOS-GUARD)
1 6	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
4	78.46.22.25 78.46.22.25	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:ec80:300... 2a02:ec80:300:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3037::ac43:8ef5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.211.242.198 23.211.242.198	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
30	11

8 91.215.42.31 (Russian Federation) 1 redirects

ASN57724 (DDOS-GUARD, RU)

gg.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.129.100.100 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

check.ddos-guard.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:223 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.22.25 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.25.22.46.78.clients.your-server.de

www.freepnglogos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:ec80:300:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.211.242.198 (Silverdale, New Zealand)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-211-242-198.deploy.static.akamaitechnologies.com

sm.pcmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	gg.gg 1 redirects gg.gg — Cisco Umbrella Rank: 789816	191 KB
6	r2.dev 1 redirects pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev	81 KB
5	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1381 fontawesome.com Failed	85 KB
4	freepnglogos.com www.freepnglogos.com — Cisco Umbrella Rank: 248053	1 MB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1286	38 KB
2	ddos-guard.net check.ddos-guard.net — Cisco Umbrella Rank: 181864	742 B
1	pcmag.com sm.pcmag.com — Cisco Umbrella Rank: 407607	26 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 268	7 KB
1	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 3915	23 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 816	31 KB
30	10

	Domain	Requested by
8	gg.gg	1 redirects gg.gg
6	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev	1 redirects gg.gg pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
5	use.fontawesome.com	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev use.fontawesome.com
4	www.freepnglogos.com	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
2	maxcdn.bootstrapcdn.com	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
2	check.ddos-guard.net	gg.gg
1	sm.pcmag.com	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
1	cdnjs.cloudflare.com	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
1	upload.wikimedia.org	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
1	code.jquery.com	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
0	fontawesome.com Failed	pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
30	11

This site contains no links.

Subject Issuer	Validity	Valid
gg.gg R3	`2024-05-30` - `2024-08-28`	3 months	crt.sh
*.ddos-guard.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-04` - `2024-07-30`	a year	crt.sh
*.r2.dev E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
freepnglogos.com R3	`2024-05-12` - `2024-08-10`	3 months	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-10-18` - `2024-10-16`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
www.ziffdavis.com COMODO RSA Organization Validation Secure Server CA	`2023-07-27` - `2024-07-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Frame ID: 77739736B1DA78EEB59E8D80E0DB85A1
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dropbox - Get your files anytime anywhere

Page URL History Show full URLs

http://gg.gg/1b5m7v HTTP 307
https://gg.gg/1b5m7v Page URL
https://gg.gg/1b5m7v HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/phish-bypass?atok=Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-171896... HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

97 %
HTTPS

40 %
IPv6

10
Domains

11
Subdomains

11
IPs

5
Countries

1723 kB
Transfer

1972 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gg.gg/1b5m7v HTTP 307
https://gg.gg/1b5m7v Page URL
https://gg.gg/1b5m7v HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/phish-bypass?atok=Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-1718962538-0.0.1.1-%2Fthefilw.html HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://gg.gg/1b5m7v HTTP 307
https://gg.gg/1b5m7v

Request Chain 12

https://gg.gg/1b5m7v HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Request Chain 27

https://cdn.fontawesome.com/js/stats.js HTTP 301
https://fontawesome.com/

30 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

1b5m7v Show response
gg.gg/
Redirect Chain

http://gg.gg/1b5m7v
https://gg.gg/1b5m7v

747 B
1 KB

152ms
52ms

Document
text/html

91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash: 62d7de601e108ea0e4c50e165872efa95fef735c7a51481d513bb5b36a568cde

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 747
content-type: text/html; charset=UTF-8
date: Fri, 21 Jun 2024 09:35:35 GMT
server: ddos-guard

Redirect headers

Location: https://gg.gg/1b5m7v
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 index.css
gg.gg/.well-known/ddos-guard/js-challenge/ 3 KB
3 KB 43ms
42ms Stylesheet
text/css 91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://gg.gg/.well-known/ddos-guard/js-challenge/index.css
Requested by: Host: gg.gg
URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash: 3bcbb22ed60fc8cac1887b4f7adbc62e578dc7c5e814768b9a8192decdc55137

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/1b5m7v
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: text/css
date: Fri, 21 Jun 2024 09:35:35 GMT
server: ddos-guard
content-length: 2961
expires: Fri, 21 Jun 2024 10:35:35 GMT

GET
H2 200 view.js Show response
gg.gg/.well-known/ddos-guard/js-challenge/ 43 KB
43 KB 62ms
61ms Script
application/javascript 91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://gg.gg/.well-known/ddos-guard/js-challenge/view.js
Requested by: Host: gg.gg
URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash: 71158fa7308057865c78415e48ae462926774b56656c99bff642a0788ed5370f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/1b5m7v
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: application/javascript
date: Fri, 21 Jun 2024 09:35:35 GMT
server: ddos-guard
content-length: 44401
expires: Fri, 21 Jun 2024 10:35:35 GMT

GET
H2 200 index.js Show response
gg.gg/.well-known/ddos-guard/js-challenge/ 141 KB
141 KB 52ms
52ms Script
application/javascript 91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://gg.gg/.well-known/ddos-guard/js-challenge/index.js
Requested by: Host: gg.gg
URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash: 1178bdeab6cbf37326ade037d83cca061c27e1a1ae463dedea7141702f526008

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/1b5m7v
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: application/javascript
date: Fri, 21 Jun 2024 09:35:35 GMT
server: ddos-guard
content-length: 144676
expires: Fri, 21 Jun 2024 10:35:35 GMT

GET
H2 200 check.js Show response
check.ddos-guard.net/ 152 B
490 B 193ms
47ms Script
application/javascript 185.129.100.100
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://check.ddos-guard.net/check.js
Requested by: Host: gg.gg
URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.129.100.100 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS: ddos-guard.net
Software: ddos-guard /
Resource Hash: 633db3e2a35ba367ca8f5912d246dd625ec4727e3b937c717c08589282591c78

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:35 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: ddos-guard
etag: 0eWsYeGCa0jrDOZv
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: application/javascript
cache-control: private, s-maxage=0, max-age=31536000
content-length: 152
expires: Sat, 21 Jun 2025 09:35:35 GMT

GET
H2 200 0eWsYeGCa0jrDOZv
gg.gg/.well-known/ddos-guard/id/ 68 B
211 B 48ms
47ms Image
image/png 91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gg.gg/.well-known/ddos-guard/id/0eWsYeGCa0jrDOZv
Requested by: Host: gg.gg
URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash: f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/1b5m7v
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/png
date: Fri, 21 Jun 2024 09:35:35 GMT
cache-control: no-cache
server: ddos-guard
content-length: 68
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 0eWsYeGCa0jrDOZv
check.ddos-guard.net/set/id/ 68 B
252 B 44ms
44ms Image
image/png 185.129.100.100
DDOS-GUARD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://check.ddos-guard.net/set/id/0eWsYeGCa0jrDOZv
Requested by: Host: gg.gg
URL: https://gg.gg/1b5m7v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.129.100.100 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS: ddos-guard.net
Software: ddos-guard /
Resource Hash: f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 21 Jun 2024 09:35:35 GMT
server: ddos-guard
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png
cache-control: no-cache
content-length: 68
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7aef33eaeca96404d97e03fbbbf2484d298711c0312b87f282e120cb409d7b70

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46de0b42e2dc03ba6d16b37e3e864f0eef8f328f6eebbdd4f472bfa560009f33

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 555 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 781f9640521a0e58c8bfa567d0b6646fd227fb85ff3530f737ebec5998633ce0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 403 favicon.ico
gg.gg/ 747 B
799 B 51ms
50ms Other
text/html 91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://gg.gg/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash: 62d7de601e108ea0e4c50e165872efa95fef735c7a51481d513bb5b36a568cde

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://gg.gg/1b5m7v
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:36 GMT
cache-control: no-cache, no-store, must-revalidate
server: ddos-guard
content-length: 747
content-type: text/html; charset=UTF-8

POST
H2 200 /
gg.gg/.well-known/ddos-guard/mark/ 0
0 129ms
85ms Fetch 91.215.42.31
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://gg.gg/.well-known/ddos-guard/mark/
Requested by: Host: gg.gg
URL: https://gg.gg/.well-known/ddos-guard/js-challenge/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
Software: ddos-guard /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://gg.gg/1b5m7v
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 21 Jun 2024 09:35:36 GMT
content-length: 0
server: ddos-guard

GET
H/1.1

200
OK

thefilw.html Show response
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Redirect Chain

https://gg.gg/1b5m7v
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

4 KB
5 KB

330ms
53ms

Document
text/html

2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Requested by

Host: gg.gg
URL: https://gg.gg/.well-known/ddos-guard/js-challenge/index.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5650434f7dcd51ed3f49deae8ee95bba6e9de21c57bce6bc005c611b0232e0af

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://gg.gg/1b5m7v
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

CF-RAY: 8973027c7f2b6abb-FRA
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 21 Jun 2024 09:35:38 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

Redirect headers

cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 21 Jun 2024 09:35:38 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 21 Jun 2024 09:35:38 GMT
location: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
pragma: no-cache
server: ddos-guard
vary: Accept-Encoding
x-powered-by: PHP/5.3.3

GET
H/1.1 200
OK cf.errors.css
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 46ms
46ms Stylesheet
text/css 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 21 Jun 2024 09:35:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 14 Jun 2024 12:45:45 GMT
Server: cloudflare
ETag: W/"666c3b79-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 8973027d48326abb-FRA
Expires: Fri, 21 Jun 2024 11:35:39 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/images/ 452 B
889 B 43ms
43ms Image
image/png 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 21 Jun 2024 09:35:39 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 14 Jun 2024 12:45:45 GMT
Server: cloudflare
ETag: "666c3b79-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8973027e49386abb-FRA
Content-Length: 452
Expires: Fri, 21 Jun 2024 11:35:39 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/ 27 KB
27 KB 513ms
512ms Other
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 21 Jun 2024 09:35:39 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8973027eb9c66abb-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request thefilw.html Show response
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Redirect Chain

https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/phish-bypass?atok=Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-1718962538-0.0.1.1-%2Fthefilw.html
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

44 KB
44 KB

240ms
239ms

Document
text/html

2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bb6e2b52ebd0bb36ba61aba050fed74814a6cf36a629a69558a55a23201130b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 89730286bbdf6abb-FRA
Connection: keep-alive
Content-Length: 44551
Content-Type: text/html
Date: Fri, 21 Jun 2024 09:35:40 GMT
ETag: "32e7d88cc9d7c8d216643b9ff3373322"
Last-Modified: Mon, 17 Jun 2024 15:52:22 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 897302860ab76abb-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Fri, 21 Jun 2024 09:35:40 GMT
Location: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/ 122 KB
23 KB 172ms
71ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 865
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3829629
cdn-cachedat: 10/31/2023 18:55:58
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"3ffbab350748e841d3768b5d1ca48933"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 0a3562f0f7e343abff9522057709719f
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 897302897b1f70c2-WAW
cdn-requestpullsuccess: True

GET
H2 200 jquery-3.6.1.min.js Show response
code.jquery.com/ 88 KB
31 KB 156ms
40ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.1.min.js
Requested by: Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4818731
x-cache: HIT, HIT
content-length: 30957
x-served-by: cache-lga13629-LGA, cache-cph2320055-CPH
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1718962541.036206,VS0,VE0
etag: W/"28feccc0-15e40"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 42, 13850

GET
H2 200 transparent-outlook-icon-2.png
www.freepnglogos.com/uploads/logo-outlook/ 82 KB
82 KB 221ms
86ms Image
image/png 78.46.22.25
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.freepnglogos.com/uploads/logo-outlook/transparent-outlook-icon-2.png
Requested by: Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 78.46.22.25 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.25.22.46.78.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 7ea09b560f4ee78eef3bd17346ad544176f524866ebc3d4a954f554afa50d149

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
last-modified: Sat, 20 Aug 2022 14:09:53 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6300eb31-1480d"
content-type: image/png
cache-control: no-cache, must-revalidate
accept-ranges: bytes
content-length: 83981

GET
H2 200 microsoft-office-2013-symbol-logo-png-6.png
www.freepnglogos.com/uploads/microsoft-office-png-logo/ 12 KB
12 KB 281ms
146ms Image
image/png 78.46.22.25
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.freepnglogos.com/uploads/microsoft-office-png-logo/microsoft-office-2013-symbol-logo-png-6.png
Requested by: Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 78.46.22.25 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.25.22.46.78.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1b0e467247b9dab100ff77807af502e4277f72f721241c3f5b2eb483971aa9fa

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
last-modified: Sat, 20 Aug 2022 14:09:56 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6300eb34-30d5"
content-type: image/png
cache-control: no-cache, must-revalidate
accept-ranges: bytes
content-length: 12501

GET
H2 200 1599px-AOL_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b6/AOL_logo.svg/ 22 KB
23 KB 250ms
104ms Image
image/png 2a02:ec80:300:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/b/b6/AOL_logo.svg/1599px-AOL_logo.svg.png

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

envoy /

Resource Hash

eb8487a513bc473ada8e9a2876531d18d81108d0982a81c1476484094c3a6aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 20 Jun 2024 21:04:08 GMT
strict-transport-security: max-age=106384710; includeSubDomains; preload
x-content-type-options: nosniff
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 45094
x-cache-status: hit-local
x-cache: cp3075 hit, cp3075 miss
content-disposition: inline;filename*=UTF-8''AOL_logo.svg.png
server-timing: cache;desc="hit-local", host;desc="cp3075"
content-length: 22531
x-client-ip: 2a01:4a0:1338:93::9
last-modified: Tue, 11 Jul 2023 15:23:30 GMT
server: envoy
etag: 83fa484e18358506167a9bb624702cb1
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 yahoo-logo-png-free-download-3.png
www.freepnglogos.com/uploads/yahoo-logo-png/ 118 KB
118 KB 280ms
147ms Image
image/png 78.46.22.25
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.freepnglogos.com/uploads/yahoo-logo-png/yahoo-logo-png-free-download-3.png
Requested by: Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 78.46.22.25 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.25.22.46.78.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5dceec0355eda7880dead5e13d22d394b8a1e79101a93bf96447557997d93e86

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
last-modified: Sat, 20 Aug 2022 14:09:51 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6300eb2f-1d621"
content-type: image/png
cache-control: no-cache, must-revalidate
accept-ranges: bytes
content-length: 120353

GET
H2 200 email-logo-png-33.png
www.freepnglogos.com/uploads/ 1 MB
1 MB 280ms
147ms Image
image/png 78.46.22.25
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.freepnglogos.com/uploads/email-logo-png-33.png
Requested by: Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 78.46.22.25 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.25.22.46.78.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d9a3473ec58a884a38a3356602b33d053692a1e821a3f14b5b6e27d97d575ff7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
last-modified: Sat, 20 Aug 2022 14:09:47 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6300eb2b-100d85"
content-type: image/png
cache-control: no-cache, must-revalidate
accept-ranges: bytes
content-length: 1052037

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/ 19 KB
7 KB 170ms
75ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 657913
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6098
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4a59"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y1I0nVTvbl6gosPqYnFtW3SGCNrJhov9CJgjdaR7cDXgKVoBVFXKgA1KXT5hMa5%2Bwwk%2Bhe83tHPDWkW2aAgUa3mu1jVIh6NjDCWMQFbu%2B5lE9S%2BUjphhdvgx%2BjC3ylVXqd8D0glH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8973028969e51db3-FRA
expires: Wed, 11 Jun 2025 09:35:41 GMT

GET
H3 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/ 50 KB
16 KB 217ms
123ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1029
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 801522
cdn-cachedat: 02/09/2024 22:50:56
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"baaadea4492b059f284187d75af46063"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 01f5074efccb5736e2a813e13802ea8a
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 897302897b2070c2-WAW
cdn-requestpullsuccess: True

GET
H2 200 b9bdbd120a.js Show response
use.fontawesome.com/ 4 KB
2 KB 313ms
197ms Script
text/javascript 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/b9bdbd120a.js
Requested by: Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1693f38122d60b07323f33e1cb24e3488d291eefbce95f1d144efadcb512b4b1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Sep 2023 01:18:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"db26306464ae227fbe50207468bde9b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HVtSASjzZhiMdNqAtMUO3hoZ1CuAAvYBmeMG0tC%2FzDfZHRbbmOaB%2BBQPefgj2pxAGa7d86cA5N1bdWHLkxyLMrNJTojwJLm81h7QanXxKqreQ260MqePbQzUghAAgJ9CYvwYtuwO8Jj78tLviues%2FO2u"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=1800
cf-ray: 897302898b8465ce-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 dropbox_nzhw.1200.png
sm.pcmag.com/t/pcmag_au/gallery/d/dropbox/ 26 KB
26 KB 1409ms
337ms Image
image/webp 23.211.242.198
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sm.pcmag.com/t/pcmag_au/gallery/d/dropbox/dropbox_nzhw.1200.png

Requested by

Host: pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.211.242.198 Silverdale, New Zealand, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-211-242-198.deploy.static.akamaitechnologies.com

Software

Resource Hash

20145c74297de3c73dabe61765a3eba939c9ffb572b6fb6df5a7a1f105af2adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:42 GMT
strict-transport-security: max-age=86400 ; preload
last-modified: Wed, 23 Sep 2020 20:04:53 GMT
etag: "6eda20284eec75db437f86b9a10eabf3"
content-type: image/webp
cache-control: private, max-age=30813161
accept-ranges: bytes
x-webp: /im.ziffdavisinternational.com/t/pcmag_au/gallery/d/dropbox/dropbox_nzhw.1200.png.webp
alt-svc: h3=":443"; ma=93600
content-length: 26564
expires: Fri, 13 Jun 2025 00:48:23 GMT

GET

/
fontawesome.com/
Redirect Chain

https://cdn.fontawesome.com/js/stats.js
https://fontawesome.com/

0
0

GET
H2 200 webfontloader.js Show response
use.fontawesome.com/webfontloader/1.6.24/ 12 KB
5 KB 59ms
58ms Script
application/x-javascript 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/webfontloader/1.6.24/webfontloader.js
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/b9bdbd120a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:46:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3428
etag: W/"9064ce12d2c81f68123c93bc1a8b0cad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yZV1xdjcgLpbYgnnHSxztqCUOAkARO01380PwNy%2FF4WmldJwr%2Fc7ODSDJfALg%2Brzps8xtp96pPMKdoKK1vpBJj5mXJWcN6bEeyaEdlySQhB%2Fq1QHVf4CT%2FiPDnVHiYgL%2BXVeXs%2F2yN9yYlzaDYHme23t"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31556926
cf-ray: 8973028aed9c65ce-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 b9bdbd120a.css
use.fontawesome.com/ 1 KB
683 B 82ms
82ms Stylesheet
text/css 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/b9bdbd120a.css
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/webfontloader/1.6.24/webfontloader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 129576009d7636639b5d851ad8b7456b31d9082a015f6dbf606345e54f6a3de7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:18:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3217
etag: W/"6935c7bbafe5de4ba1ef4cf6ef1e9f53"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMlWa0BTFJNijVWwqvTvABmmJ4mPgpOPv8zAN5OOhdSuVXHKASvdxRdyvmqbqfxtAAvJmeWeIDUP16Cnx0%2BS3ZJkHzs9F5EWhPnRdRXo6MEVUw3wDddzicl4x19xWl8hM%2BCv5yyj1MnQ63IB385YVhe1"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 8973028bbee865ce-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 font-awesome-css.min.css
use.fontawesome.com/releases/v4.6.3/css/ 28 KB
7 KB 55ms
55ms Stylesheet
text/css 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/b9bdbd120a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61f7de13520a14ec37ba246b4846f5850ab87ffbc0d5b366709509c1d97d83b5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.fontawesome.com/b9bdbd120a.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2474864
etag: W/"7937bc10f6c59ceed1ff6e6bbebfcd8d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=brp8dTYyFoTgG4iAzyks8%2FMOUPTpjlUHiwSgY%2FzKRgqk3QJabKjHoovm9Xo9QMGjp8naiSPuzt1Eg6QldGcMEUVXXJeEM98UM5BUaPxB1VJKeqx%2F6Cxo%2Ft3tHNQF7sC9w75vqRLQu9L%2Feqjnfkpw4Guw"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 8973028c4ff265ce-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.6.3/fonts/ 70 KB
71 KB 324ms
236ms Font
application/octet-stream 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.6.3/fonts/fontawesome-webfont.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/b9bdbd120a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.fontawesome.com/b9bdbd120a.css
Origin: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 09:35:41 GMT
cf-cache-status: MISS
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "e6cf7c6ec7c2d6f670ae9d762604cb0b"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DzG1pEFsMzFiPhcmKaNu59uaQIOokEd49t76UoF8qErT7KNKD%2BMLa%2Fv%2Bbt%2FgQvQa9co%2FXt35%2Fc3gvySkUlSLrnmo2SRkDzmNd0C2HUBpBsYdBOezv5ll6526frZsOCFZKkfsUSoSBru%2FZwDSKzPQjMso"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 8973028d3d19a01e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 71896

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fontawesome.com
URL: https://fontawesome.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dropbox (Consumer) Generic Cloudflare (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gg.gg/	1970-01-21 06:14:58	Name: __ddgid_ Value: oifLjtT0CLYVtrkC
.gg.gg/	1970-01-20 21:30:48	Name: __ddgmark_ Value: U4fCWsW0CPGKC5Do
.gg.gg/	1970-01-20 21:29:33	Name: __ddg5_ Value: dgxANH0PQXi8CI0U
.check.ddos-guard.net/	1970-01-21 06:14:58	Name: __ddg2 Value: 0eWsYeGCa0jrDOZv
.gg.gg/	1970-01-21 06:14:58	Name: __ddg2_ Value: 0eWsYeGCa0jrDOZv
.gg.gg/	1970-01-21 06:14:58	Name: __ddg1_ Value: VUogcgws4RcNtOH3wQpR
gg.gg/	1970-01-20 21:29:29	Name: ci_session Value: a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22b4cac432933bb716acdfce98a6019712%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22186.2.160.14%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A111%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F126.0.0.0+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1718962538%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D6d922ffe0992aa6594b152b4cf9f904c
.gg.gg/	1970-01-20 23:38:58	Name: gg_token Value: 01230a77b5e64989f2f23591f1b32c876675496a975dd6.87262815
.pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/	1970-01-20 21:30:48	Name: __cf_mw_byp Value: Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-1718962538-0.0.1.1-/thefilw.html

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://gg.gg/1b5m7v Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://gg.gg/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://use.fontawesome.com/b9bdbd120a.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	warning	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Message: [DOM] Found 2 elements with non-unique id #recipient-name: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
check.ddos-guard.net
code.jquery.com
fontawesome.com
gg.gg
maxcdn.bootstrapcdn.com
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
sm.pcmag.com
upload.wikimedia.org
use.fontawesome.com
www.freepnglogos.com
fontawesome.com
104.17.24.14
104.18.10.207
185.129.100.100
23.211.242.198
2606:4700:3037::ac43:8ef5
2606:4700::6812:223
2a02:ec80:300:ed1a::2:b
2a04:4e42:400::649
78.46.22.25
91.215.42.31
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
1178bdeab6cbf37326ade037d83cca061c27e1a1ae463dedea7141702f526008
129576009d7636639b5d851ad8b7456b31d9082a015f6dbf606345e54f6a3de7
1693f38122d60b07323f33e1cb24e3488d291eefbce95f1d144efadcb512b4b1
1b0e467247b9dab100ff77807af502e4277f72f721241c3f5b2eb483971aa9fa
20145c74297de3c73dabe61765a3eba939c9ffb572b6fb6df5a7a1f105af2adb
2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac
2bb6e2b52ebd0bb36ba61aba050fed74814a6cf36a629a69558a55a23201130b
3bcbb22ed60fc8cac1887b4f7adbc62e578dc7c5e814768b9a8192decdc55137
46de0b42e2dc03ba6d16b37e3e864f0eef8f328f6eebbdd4f472bfa560009f33
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
5650434f7dcd51ed3f49deae8ee95bba6e9de21c57bce6bc005c611b0232e0af
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
5dceec0355eda7880dead5e13d22d394b8a1e79101a93bf96447557997d93e86
61f7de13520a14ec37ba246b4846f5850ab87ffbc0d5b366709509c1d97d83b5
62d7de601e108ea0e4c50e165872efa95fef735c7a51481d513bb5b36a568cde
633db3e2a35ba367ca8f5912d246dd625ec4727e3b937c717c08589282591c78
71158fa7308057865c78415e48ae462926774b56656c99bff642a0788ed5370f
781f9640521a0e58c8bfa567d0b6646fd227fb85ff3530f737ebec5998633ce0
7aef33eaeca96404d97e03fbbbf2484d298711c0312b87f282e120cb409d7b70
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7ea09b560f4ee78eef3bd17346ad544176f524866ebc3d4a954f554afa50d149
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
d9a3473ec58a884a38a3356602b33d053692a1e821a3f14b5b6e27d97d575ff7
eb8487a513bc473ada8e9a2876531d18d81108d0982a81c1476484094c3a6aa6
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

97 %HTTPS

40 %IPv6

10 Domains

11 Subdomains

11 IPs

5 Countries

1723 kBTransfer

1972 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

97 %
HTTPS

40 %
IPv6

10
Domains

11
Subdomains

11
IPs

5
Countries

1723 kB
Transfer

1972 kB
Size

9
Cookies

30 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!