Report - mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth

Report Overview

Submitted URL
mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth
IP
185.11.100.204
ASN
#29522 Cyber_Folks S.A.
Submitted
2024-03-28 23:57:03
Access
public
Website Title
(1) New Message!
Final URL
bitly.ws/?banned=1
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-03-27	2.0 kB	106 kB	172.64.131.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-03-28	2.6 kB	261 kB	216.58.207.227
mp.org.pl	unknown	2013-07-08	2013-09-07	2024-03-21	972 B	839 B	185.11.100.204
pl22826180.profitablegatecpm.com	unknown	unknown	No data	No data	442 B	10 kB	172.240.127.234
sellerignateignate.com	unknown	unknown	No data	No data	3.7 kB	6.0 kB	192.243.61.225
liarcram.com	unknown	unknown	No data	No data	8.0 kB	43 kB	172.240.253.132
permissionfence.com	unknown	unknown	No data	No data	15 kB	24 kB	172.240.108.84
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-03-26	2.8 kB	306 kB	45.133.44.9
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-03-27	1.5 kB	846 B	192.243.59.12
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-03-28	415 B	89 kB	142.250.74.168
handshakesexyconquer.com	unknown	unknown	No data	No data	2.4 kB	5.7 kB	192.243.59.13
www.paypalobjects.com	1467	2005-05-12	2012-05-30	2024-03-26	433 B	705 B	192.229.221.25
bitly.ws	365777	2018-01-01	2018-04-13	2024-03-26	4.4 kB	29 kB	185.11.100.204
pl22826256.profitablegatecpm.com	unknown	2024-02-05	2024-03-19	2024-03-19	444 B	17 kB	172.240.108.68
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-03-28	338 B	942 B	143.204.53.97
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-03-27	1.8 kB	574 kB	216.58.211.14
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-03-26	870 B	25 kB	172.240.108.68
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-03-28	834 B	830 B	18.196.50.62
landings-cdn.adsterratech.com	unknown	2015-03-02	2022-07-07	2024-03-24	460 B	91 kB	142.0.204.220
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-03-27	417 B	172 kB	172.64.205.21
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-03-28	1.3 kB	83 kB	142.250.74.106
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29	2024-03-24	498 B	2.3 kB	104.26.7.19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	downstairsnegotiatebarren.com	Sinkholed
2024-03-28	medium	unseenreport.com	Sinkholed
2024-03-28	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX	246 kB	2024-03-29	2024-03-29
Pretty URL www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:12 Last Seen2024-03-29 00:57:13 Times Seen2 Hash a362f682f7d119fa79f022ce771d729b 17c5deef69e37d4599f996319f2dc1e8e265ef3c 8c8046daeb60bc3778d55ce2d72799aafd72f07cf7e6d06646e9f5425b184449 Loading...

	pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js	27 kB	2024-03-29	2024-03-29
Pretty URL pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:12 Last Seen2024-03-29 00:57:13 Times Seen2 Hash f676d88ba684537d663cb59b8901958e 9289a90c2182977950867b1579a7f16079dace68 2eed9ac79e281fd314a6ac145774154e155790ec121073ff9182ba5fc84db88e Loading...

	unknown	145 B	2024-03-26	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-27 10:24:41 Times Seen9 Hash f21e79189dbf24bcfc96766c51c39b95 c3ca59be0bfb49b8dae005a1682a16ab256c7560 7a3f523acb8306f5748e772f8ce97105abf172ca8f0c904f33f6987e3e5e3198 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2023-11-23	2024-03-29
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.64.205.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35:39 Last Seen2024-03-29 19:41:27 Times Seen10518 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	bitly.ws/?banned=1	158 B	2023-12-29	2024-04-27
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-04-27 10:24:40 Times Seen19 Hash e2171717aacde6f9cef85e4e87f10e62 43ba3696cdc3c063250c6a1355b58c2e5ddeb388 0b92cbfe6dce4f0f76ed2d385a9009f91ba7d37faecdca9fa7735095cc166ac0 Loading...

	bitly.ws/?banned=1	162 B	2023-12-29	2024-04-27
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-04-27 10:24:40 Times Seen19 Hash 56462d0b896d498b410c38451babc53b ac4fabda549e9c2299c8871c724e7c20fe98267f 68b133d98713866d41cc2a4b2e8a779041106fd7be66bd34844bf825028f4f0f Loading...

	bitly.ws/?banned=1	429 B	2023-03-07	2024-04-27
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02:48 Last Seen2024-04-27 10:24:41 Times Seen1440 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	www.topcreativeformat.com/01342f2500c7a5569dba15c1ffe2e76f/invoke.js	31 kB	2024-03-29	2024-03-29
Pretty URL www.topcreativeformat.com/01342f2500c7a5569dba15c1ffe2e76f/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:12 Last Seen2024-03-29 00:57:13 Times Seen2 Hash f575eb44d2e5550d348c59ed577aef34 dbeb4cd5cd8610982e6c8130d3c81861d2541e40 b38813ff0586db2c2704508e518fb59b585571e2fdae38acbcd6656c4471b598 Loading...

	pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js	44 kB	2024-03-29	2024-03-29
Pretty URL pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen2 Hash 7a18c784cad9e07b953e399346a252f3 a60563a82ac2deb2649b47eb36db28756f56c5ab cb3b503ea6adf3aeb012943c1bebea5cc598e8d3eb7ceca588b00c926324f80d Loading...

	bitly.ws/?banned=1	25 B	2023-03-08	2024-04-27
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-04-27 10:24:41 Times Seen94 Hash 1427fb2f549ac96d4f0e885993d3b40f 6a355726d3939081aa39ce7eb406a55d45181f24 0fbaf8209057a6df7d107a22189b5892bc1edc1f73b1f5428a8977e66e3f95e4 Loading...

	bitly.ws/?banned=1	139 B	2023-03-08	2024-04-27
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-04-27 10:24:41 Times Seen91 Hash 823be5a9c0f24749f43b86566f77a14b bf5f7bd2719df6c9e0f947ab6aedda322f4146e7 b8a0d1db414563caff84583ba167c841e703ad08f909b38f852e6c3e29212749 Loading...

	bitly.ws/?banned=1	288 B	2024-03-26	2024-04-27
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-27 10:24:41 Times Seen9 Hash 144182c3ec7831d18e2c274c89447882 bad8ff287f93bfbb5fcc4460e4cb0513f57bfe29 cd479d93f5a86092e83334d5798624273bd64dc22669c535d13975fb9f4c8f08 Loading...

	unknown	3.3 kB	2024-03-29	2024-03-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen1 Hash 08e4bb2f3a7ac4404b346460bff80f3d 863e6745e839092bb16d060ac35ebdbbde1bcdb3 2063da3d33c1d1b8ca9e9d3709a22c3ac57ca7fc4d40a6d7424a16c36c04f8eb Loading...

	bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Ryno4FD9iTE.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMy7cSXtGgaSzwhyAa1SgDG3tjt8eQ/m=web_iab_tcf_v2_wall_executable	381 kB	2024-03-29	2024-03-29
Pretty URL bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Ryno4FD9iTE.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMy7cSXtGgaSzwhyAa1SgDG3tjt8eQ/m=web_iab_tcf_v2_wall_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen1 Hash 4a2c331f540e7f71ca5f15d2afa74f04 06f4f47acb345f4c83afdb3afe1156ef0dc312a8 13f87ec46e0af80648c426a4a50d82cbdf0d105ca2ab06749baf895d0ce0397d Loading...

	bitly.ws/js/adframe.js	16 B	2023-03-07	2024-04-27
Pretty URL bitly.ws/js/adframe.js IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:41 Last Seen2024-04-27 10:24:41 Times Seen347 Hash 760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828 Loading...

	liarcram.com/bb/a7/4d/bba74d00371ae27522681ed91f8a7ee9.js	81 kB	2024-03-29	2024-03-29
Pretty URL liarcram.com/bb/a7/4d/bba74d00371ae27522681ed91f8a7ee9.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen2 Hash ea0868b2499fdf9efdf7d8b2636294e0 78f3f8dd508dd8552f5c73dd7899c784042fc01e 2ec868194c703b68196aab4873286009d22924e0b631469beb17c1c7e1b37d96 Loading...

	unknown	601 B	2024-03-29	2024-03-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen2 Hash 1f44a4f266de6bf15049807cb46ca7c0 95260c065c8dc36fd5f97dc7964cf11f3bcb3513 349bb810c2fee8f7d7af22bb024bdd426d7fbbf120c499616daf75fed0c188a3 Loading...

	www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js	31 kB	2024-03-29	2024-03-29
Pretty URL www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen2 Hash ac78e40675092d0587ab47e2ca181f0b ed138786139ad52c1e6f409615967a5e344bd635 4d68ab0db6499da94ae0956c819953bd4fde1ce826b09c1190a51a5b10253acd Loading...

	unknown	196 B	2024-03-26	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:31 Last Seen2024-04-27 10:24:41 Times Seen7 Hash 8613f227c34a344219873f805fd1f3d0 9e9db017a412162287aa13af94fd24141452fb4c 64c2845767e6b7cdd73807f7fbfc5f6ef1bb7f9ed3e07a067b6a0defbc6435d2 Loading...

	unknown	3.3 kB	2024-03-29	2024-03-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen1 Hash 6fedc35a6da9d3c82f900bb361623fa2 6374e764f189d436ef8784d6ec1ba30063e73944 9e8f8e813120e0a2e21eb24b70db8fc7e9bf2555843d5142f65d845b00d8bf91 Loading...

	bitly.ws/?banned=1	287 B	2024-03-26	2024-03-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-26 01:45:32 Last Seen2024-03-29 00:57:13 Times Seen4 Hash e9d86970b56571a35f9c898b603d415f fc3f6cb6ae9a775afcda29687f287b346c0a7752 3e7042faa804136835b574216dae1f6f28680e11670a9863004c219224b1062d Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-04-27
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-27 16:35:28 Times Seen21113 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	unknown	145 B	2024-03-26	2024-03-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:31 Last Seen2024-03-29 00:57:13 Times Seen4 Hash d3f57e50d0455c76d917eca261bd61f9 f93013579996e623771a4e10572cb197f77db1fe 92b7d3d384658029c35a1901edb48c9eaf328b6cf63a4d1c4e336cd4b0b7806f Loading...

	bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Ryno4FD9iTE.es5.O/am=wA/d=1/rs=AJlcJMygUW-hTmjeTqHhjIHLU9V1nfH0FA/m=kernel_loader,loader_js_executable	187 kB	2024-03-29	2024-03-29
Pretty URL bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Ryno4FD9iTE.es5.O/am=wA/d=1/rs=AJlcJMygUW-hTmjeTqHhjIHLU9V1nfH0FA/m=kernel_loader,loader_js_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:14 Times Seen2 Hash e1a65201b5d92adc113a1ae9e5b45b95 c2e37770046208a5506e04cd07039aa311bf4c99 ef021e6edfa0bd9d947b8ffb6024edc1ff8d5ee0dafe43b4a62b958a0e9c9da3 Loading...

	bitly.ws/sandbox%20eval%20code	128 B	2023-05-06	2024-04-27
Pretty URL bitly.ws/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-27 16:35:28 Times Seen21251 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	bitly.ws/?banned=1	502 B	2024-03-29	2024-03-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen2 Hash fa1f203507f16b0e3ec898109e70003a ea600a4d337234fa97f6b27ac8a7c781fb921273 ba9eb8a9bad77b1f28f6c67d9de852074c424f6a4cbc0e5bcd014ec4a352b69c Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8560461d0c20a9ae8cdf89db533b3af6	2.1 kB	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen1 Hash 8560461d0c20a9ae8cdf89db533b3af6 07f6acdd5b6401130835d3aecc8810b2779b4ae6 d06270dec774377702c29607e21ecc031850d70039be6108f8bf48604c34c1aa Loading...

	#2 Eval - 6c4fe5647408f12f3cc698faeb7dd16f	2.1 kB	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 00:57:13 Last Seen2024-03-29 00:57:13 Times Seen1 Hash 6c4fe5647408f12f3cc698faeb7dd16f 6f3aa30ce233479bbbe34f1a19dd8d063b862948 ec471a90ea5f9a2806798bd420e8c48c1a3bf67b6b000f2ec2d1fff3431e091a Loading...

		Size	First Seen	Last Seen
	#1 Write - 04c29f6703f2211413850b120776a8a2	117 B	2024-03-26	2024-04-27
Pretty Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-27 10:24:41 Times Seen9 Hash 04c29f6703f2211413850b120776a8a2 6dd9403c30602b5ae12d2d04a63c2f416a7e41f1 4abede4ad4c2b996ff0b13f8289a58b996c0914d3ec1491877da44fc3cc3e573 Loading...

	#2 Write - d252587608294820893ca5525e202274	117 B	2024-03-26	2024-03-29
Pretty Observations First Seen2024-03-26 01:45:32 Last Seen2024-03-29 00:57:13 Times Seen4 Hash d252587608294820893ca5525e202274 8f120a1353a008dd61b3b68ca133190d9c90ba4b b22d0cd9421b3e01e6c7d15f96191cd2ebb6bd472f244deafc8ca0a0f4c5a3d8 Loading...

HTTP Transactions (68)

URL IP Response Size

mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth

185.11.100.204

302 Moved Temporarily

265 B

URL User Request GET HTTP/1.1
mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth
IP
185.11.100.204:80
ASN
#29522 Cyber_Folks S.A.

File type
HTML document, ASCII text
Size
265 B (265 bytes)
Hash
97012f2b2bdb0e1fad081be189f08eb8
c5cfe1760d2ae036d23725810c860adf78103d42
c3c4dc8015d8eabe63585e9823155e7771f853f00f401f104b0e20b0892015dc

HTTP Headers

GET /yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 28 Mar 2024 23:56:36 GMT
server: Apache
location: http://mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth
cache-control: max-age=0
expires: Thu, 28 Mar 2024 23:56:36 GMT
content-length: 265
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth

185.11.100.204

302 Moved Temporarily

0 B

URL User Request GET HTTP/1.1
mp.org.pl/yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth
IP
185.11.100.204:80
ASN
#29522 Cyber_Folks S.A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /yt-redirect.php?banurl=srv210064.hoster-test.ru/coresinfo33/auth HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
date: Thu, 28 Mar 2024 23:56:36 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Thu, 28 Mar 2024 23:56:36 GMT
content-length: 0
content-type: text/html

bitly.ws/?banned=1

185.11.100.204

200 OK

4.7 kB

URL User Request GET HTTP/2
bitly.ws/?banned=1
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
gzip compressed data, from Unix
Size
4.7 kB (4696 bytes)
Hash
926823217255a227472b449d510a0b2f
5c6a7dd6e825645da2d39ccf031eaf8a6daca660
08c243da98e5e8ade9002e4203558ad437179d7cf88e4811673b7b3c278f2f31

HTTP Headers

GET /?banned=1 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:36 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Thu, 28 Mar 2024 23:56:36 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2

bitly.ws/gfx/stripe.png

185.11.100.204

200 OK

1.4 kB

URL GET HTTP/2
bitly.ws/gfx/stripe.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 91 x 60, 8-bit colormap, non-interlaced
Size
1.4 kB (1359 bytes)
Hash
17aaa9dc48a895306b06de8ae9a8b104
f75e086497b3743ac83d85dc4ca456e8bb556e55
b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a

HTTP Headers

GET /gfx/stripe.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Fri, 28 Mar 2025 23:56:37 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/js/adframe.js

185.11.100.204

200 OK

16 B

URL GET HTTP/2
bitly.ws/js/adframe.js
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
760222d2e529d3e84eb01378cfc46e2e
f789f3c0007640b5549fca2710cf3da500b95e86
0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828

HTTP Headers

GET /js/adframe.js HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Thu, 28 Mar 2024 23:56:37 GMT
content-type: application/javascript
X-Firefox-Spdy: h2

bitly.ws/gfx/bmac.png

185.11.100.204

200 OK

3.2 kB

URL GET HTTP/2
bitly.ws/gfx/bmac.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 214 x 60, 8-bit colormap, non-interlaced
Size
3.2 kB (3206 bytes)
Hash
781860bb7eb619aa3b173144c6d29646
6ba3a103709f121cf9f5ab214610d0215dab93e9
54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657

HTTP Headers

GET /gfx/bmac.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Fri, 28 Mar 2025 23:56:37 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/bitly-chart.png

185.11.100.204

200 OK

210 B

URL GET HTTP/2
bitly.ws/gfx/bitly-chart.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 200, 1-bit colormap, non-interlaced
Size
210 B (210 bytes)
Hash
0f7081ab57097da4c3f76c5a4fcf3174
1aa09d97610e3ad42e25577468864aacaa26eeee
c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d

HTTP Headers

GET /gfx/bitly-chart.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "d2-561cab088ec59"
accept-ranges: bytes
content-length: 210
cache-control: max-age=31536000
expires: Fri, 28 Mar 2025 23:56:37 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/css/style.css

185.11.100.204

200 OK

2.5 kB

URL GET HTTP/2
bitly.ws/css/style.css
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
2.5 kB (2516 bytes)
Hash
e03d65f864a0c7420e9aa630e8dacfa5
b4acfcfea55d62f8ec820ebb442497101ae17250
b11dc47889de3326bebc34326b08c225799df4a275b28db686c6e3482b3f4bd7

HTTP Headers

GET /css/style.css HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Wed, 27 Dec 2023 14:06:38 GMT
etag: "2a1c-60d7e4eba09c9-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Thu, 28 Mar 2024 23:56:37 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2516
content-type: text/css
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX

142.250.74.168

200 OK

88 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
88 kB (87984 bytes)
Hash
a362f682f7d119fa79f022ce771d729b
17c5deef69e37d4599f996319f2dc1e8e265ef3c
8c8046daeb60bc3778d55ce2d72799aafd72f07cf7e6d06646e9f5425b184449

HTTP Headers

GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 28 Mar 2024 23:56:37 GMT
expires: Thu, 28 Mar 2024 23:56:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87984
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bitly.ws/gfx/paypal.png

185.11.100.204

200 OK

5.5 kB

URL GET HTTP/2
bitly.ws/gfx/paypal.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 150, 8-bit colormap, non-interlaced
Size
5.5 kB (5516 bytes)
Hash
164e7543a819062962815f4bd99b8419
0355f9dad012daa6adf4bae4e47e44d4b2c51888
675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea

HTTP Headers

GET /gfx/paypal.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Fri, 28 Mar 2025 23:56:37 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/paypal.jpg

185.11.100.204

200 OK

8.7 kB

URL GET HTTP/2
bitly.ws/gfx/paypal.jpg
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 380 x 130, 8-bit colormap, non-interlaced
Size
8.7 kB (8708 bytes)
Hash
eeb10183dfe4b9ec6bcfea9aa6fa07f6
b55d89bc1ead011821dd3371f2885996fe99785a
1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c

HTTP Headers

GET /gfx/paypal.jpg HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Fri, 28 Mar 2025 23:56:37 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2

www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js

172.240.108.68

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31313), with no line terminators
Size
12 kB (11849 bytes)
Hash
ac78e40675092d0587ab47e2ca181f0b
ed138786139ad52c1e6f409615967a5e344bd635
4d68ab0db6499da94ae0956c819953bd4fde1ce826b09c1190a51a5b10253acd

HTTP Headers

GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e12e77619d7d00af13bd5dcf4d6f3717
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js

172.240.127.234

200 OK

9.8 kB

URL GET HTTP/1.1
pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint36:46:92:AF:08:F4:24:63:89:19:91:4A:4B:F7:89:31:A2:09:27:10
ValidityMon, 05 Feb 2024 13:08:41 GMT - Sun, 05 May 2024 13:08:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26587), with no line terminators
Size
9.8 kB (9792 bytes)
Hash
f676d88ba684537d663cb59b8901958e
9289a90c2182977950867b1579a7f16079dace68
2eed9ac79e281fd314a6ac145774154e155790ec121073ff9182ba5fc84db88e

HTTP Headers

GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a923ef3065c50dfc6a201dcec710c57a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js

172.240.108.68

200 OK

16 kB

URL GET HTTP/1.1
pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint36:46:92:AF:08:F4:24:63:89:19:91:4A:4B:F7:89:31:A2:09:27:10
ValidityMon, 05 Feb 2024 13:08:41 GMT - Sun, 05 May 2024 13:08:40 GMT

File type
JavaScript source, ASCII text, with very long lines (44064), with no line terminators
Size
16 kB (15835 bytes)
Hash
7a18c784cad9e07b953e399346a252f3
a60563a82ac2deb2649b47eb36db28756f56c5ab
cb3b503ea6adf3aeb012943c1bebea5cc598e8d3eb7ceca588b00c926324f80d

HTTP Headers

GET /33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js HTTP/1.1
Host: pl22826256.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d62ddbf4a0189846724720bb6412ecd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e0720567b89e85a074c0401003b4b7fb
4c9bd983308c50da9266d2d5a4a5e010b6736408
520b6f66e6827aed3facc07d0cdeb0f06ac5785dbf68439e82a20face8555e5c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 28 Mar 2024 23:56:37 GMT
Last-Modified: Thu, 28 Mar 2024 22:42:16 GMT
Server: ECAcc (ska/F757)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Kiujsj7bQiHCuWV3ig15avJp2ARdCnWLMwIAZipM9IekCP7AmbaGoQ==
Age: 4462

proftrafficcounter.com/stats

18.196.50.62

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.196.50.62:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
08afe3ba7ff17dd48a9aafc30567b4e1
938f764e858a1d575e4eba17d2031bccad8fb39e
b74302c06a935d5708dcaf581f7a8726e2117ab5ad89638abb43a08779684134

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; expires=Sun, 26 Mar 2034 23:56:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.topcreativeformat.com/01342f2500c7a5569dba15c1ffe2e76f/invoke.js

172.240.108.68

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/01342f2500c7a5569dba15c1ffe2e76f/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31307), with no line terminators
Size
12 kB (11842 bytes)
Hash
f575eb44d2e5550d348c59ed577aef34
dbeb4cd5cd8610982e6c8130d3c81861d2541e40
b38813ff0586db2c2704508e518fb59b585571e2fdae38acbcd6656c4471b598

HTTP Headers

GET /01342f2500c7a5569dba15c1ffe2e76f/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e37b970390f79acba4439c2798e05e69
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png

142.0.204.220

200 OK

90 kB

URL GET HTTP/1.1
landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png
IP
142.0.204.220:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectlandings-cdn.adsterratech.com
Fingerprint71:9A:2B:CA:BF:A3:77:2A:CA:C2:19:7D:85:23:4A:2A:CB:E9:F3:E1
ValidityWed, 28 Feb 2024 06:50:41 GMT - Tue, 28 May 2024 06:50:40 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
90 kB (90409 bytes)
Hash
a28902cd41b26954be2c97eea41089a1
c69d00be80adbcba05b788d2dcf7967d0d15a65f
5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61

HTTP Headers

GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:37 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes

proftrafficcounter.com/stats

18.196.50.62

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.196.50.62:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2264d67fb3e8fb4b5279e6a21e7bf97a
19e2ce0e70bf160f5bc047fcf984d50b548b6d66
0676c585e8f26f99694f689b02307d70c26cf6c252990a8b81dd71ba4c35d052

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ca08c0a8-ff5a-4e50-a441-81f8348af504:1:1; expires=Sun, 26 Mar 2034 23:56:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

handshakesexyconquer.com/watch.1705483771236.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
handshakesexyconquer.com/watch.1705483771236.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecthandshakesexyconquer.com
Fingerprint1C:6C:6C:56:F3:AC:D1:C3:FE:01:98:29:3C:7C:A5:D1:E3:7F:7B:8E
ValidityThu, 28 Mar 2024 19:04:16 GMT - Wed, 26 Jun 2024 19:04:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.1705483771236.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1 HTTP/1.1
Host: handshakesexyconquer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://handshakesexyconquer.com/watch.1705483771236.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=5ca583dd34077b3f5d549705e46071a52ed81edb770021b67c0eba31f8cfeea3f3bf056b2b85765431a0363befcede2ce96ab0e0f4c535a3ce67b98186f57b4df5183c550602ec93ed53ba3f4b52392a82181d1c8c974b0de91ccfa0977508&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
Set-Cookie: u_pl=22735548; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; expires=Thu, 28 Mar 2024 23:57:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d06bf3416e87a3a36cf01e51733f85c6
Strict-Transport-Security: max-age=0; includeSubdomains

sellerignateignate.com/watch.21752728205.js?key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1

192.243.61.225

307 Temporary Redirect

0 B

URL GET HTTP/1.1
sellerignateignate.com/watch.21752728205.js?key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectsellerignateignate.com
Fingerprint6B:AA:A7:78:2A:F4:F4:26:BE:D2:92:E6:4B:0F:88:05:2E:29:7B:74
ValidityThu, 28 Mar 2024 19:41:05 GMT - Wed, 26 Jun 2024 19:41:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.21752728205.js?key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1 HTTP/1.1
Host: sellerignateignate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://sellerignateignate.com/watch.21752728205.js?dev=e&key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=cdbbd2d4e5e72c7b82e50d33227ed236fcf9b5dbbb7a515dbdb76809861412e7ecb48601da6de8a72110845eb0f2dfb50f4f5a8442335e73aaa0b2a991437bbf67644c1f6fc9f7aabae652a2d5388770e0be68fbb5b03a13e4a608535f&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
Set-Cookie: u_pl=22735779; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTc3OSwiayI6IjAxMzQyZjI1MDBjN2E1NTY5ZGJhMTVjMWZmZTJlNzZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ4cjdpcXQ0ZyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2JpdGx5LndzLz9iYW5uZWQ9MSIsImFyIjpbXX19.X-_ClUw7u-njUHD4QEUMXY6Bczhw8f-tQkAwMYinAQY; expires=Thu, 28 Mar 2024 23:57:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81abd16cad51b3d37d18233131543b52
Strict-Transport-Security: max-age=0; includeSubdomains

liarcram.com/bb/a7/4d/bba74d00371ae27522681ed91f8a7ee9.js

172.240.253.132

200 OK

30 kB

URL GET HTTP/1.1
liarcram.com/bb/a7/4d/bba74d00371ae27522681ed91f8a7ee9.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29781 bytes)
Hash
ea0868b2499fdf9efdf7d8b2636294e0
78f3f8dd508dd8552f5c73dd7899c784042fc01e
2ec868194c703b68196aab4873286009d22924e0b631469beb17c1c7e1b37d96

HTTP Headers

GET /bb/a7/4d/bba74d00371ae27522681ed91f8a7ee9.js HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3363_new=1; expires=Mon, 01 Apr 2024 23:56:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3c73594135513a8cded2f9dfb749af9a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

handshakesexyconquer.com/watch.1705483771236.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=5ca583dd34077b3f5d549705e46071a52ed81edb770021b67c0eba31f8cfeea3f3bf056b2b85765431a0363befcede2ce96ab0e0f4c535a3ce67b98186f57b4df5183c550602ec93ed53ba3f4b52392a82181d1c8c974b0de91ccfa0977508&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1

192.243.59.13

200 OK

2.1 kB

URL GET HTTP/1.1
handshakesexyconquer.com/watch.1705483771236.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=5ca583dd34077b3f5d549705e46071a52ed81edb770021b67c0eba31f8cfeea3f3bf056b2b85765431a0363befcede2ce96ab0e0f4c535a3ce67b98186f57b4df5183c550602ec93ed53ba3f4b52392a82181d1c8c974b0de91ccfa0977508&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecthandshakesexyconquer.com
Fingerprint1C:6C:6C:56:F3:AC:D1:C3:FE:01:98:29:3C:7C:A5:D1:E3:7F:7B:8E
ValidityThu, 28 Mar 2024 19:04:16 GMT - Wed, 26 Jun 2024 19:04:15 GMT

File type
JavaScript source, ASCII text, with very long lines (2650)
Size
2.1 kB (2101 bytes)
Hash
1e70640da457ffd8f10d58a5301ff5e4
3795a1ab213f4b36ae6ef7660323ae1bdc3db1fb
0de174a8c6dbfcca82cfd18dd0ea1c56ae1defd1ff304cac4d991de86a88252d

HTTP Headers

GET /watch.1705483771236.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=5ca583dd34077b3f5d549705e46071a52ed81edb770021b67c0eba31f8cfeea3f3bf056b2b85765431a0363befcede2ce96ab0e0f4c535a3ce67b98186f57b4df5183c550602ec93ed53ba3f4b52392a82181d1c8c974b0de91ccfa0977508&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1 HTTP/1.1
Host: handshakesexyconquer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; expires=Thu, 04 Apr 2024 23:56:38 GMT; secure; SameSite=None
iprcd03f26f3e96c07f37bb2456a0a59cffb=3569806; expires=Fri, 29 Mar 2024 03:56:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23a04cb2a653edf768261ea5d7f9efb2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

sellerignateignate.com/watch.21752728205.js?dev=e&key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=cdbbd2d4e5e72c7b82e50d33227ed236fcf9b5dbbb7a515dbdb76809861412e7ecb48601da6de8a72110845eb0f2dfb50f4f5a8442335e73aaa0b2a991437bbf67644c1f6fc9f7aabae652a2d5388770e0be68fbb5b03a13e4a608535f&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1

192.243.61.225

200 OK

2.0 kB

URL GET HTTP/1.1
sellerignateignate.com/watch.21752728205.js?dev=e&key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=cdbbd2d4e5e72c7b82e50d33227ed236fcf9b5dbbb7a515dbdb76809861412e7ecb48601da6de8a72110845eb0f2dfb50f4f5a8442335e73aaa0b2a991437bbf67644c1f6fc9f7aabae652a2d5388770e0be68fbb5b03a13e4a608535f&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectsellerignateignate.com
Fingerprint6B:AA:A7:78:2A:F4:F4:26:BE:D2:92:E6:4B:0F:88:05:2E:29:7B:74
ValidityThu, 28 Mar 2024 19:41:05 GMT - Wed, 26 Jun 2024 19:41:04 GMT

File type
JavaScript source, ASCII text, with very long lines (2464)
Size
2.0 kB (2016 bytes)
Hash
b7dabcbcb559c6eb861156d86dc007f5
dadb40b08ef04a0420723106c55d071d79f8a319
c481a423154bc60d384fea460d5d9e0ee721823ba9eb39435e42b08875b3f1f9

HTTP Headers

GET /watch.21752728205.js?dev=e&key=01342f2500c7a5569dba15c1ffe2e76f&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1711670258&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=cdbbd2d4e5e72c7b82e50d33227ed236fcf9b5dbbb7a515dbdb76809861412e7ecb48601da6de8a72110845eb0f2dfb50f4f5a8442335e73aaa0b2a991437bbf67644c1f6fc9f7aabae652a2d5388770e0be68fbb5b03a13e4a608535f&tz=0&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1 HTTP/1.1
Host: sellerignateignate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735779; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTc3OSwiayI6IjAxMzQyZjI1MDBjN2E1NTY5ZGJhMTVjMWZmZTJlNzZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ4cjdpcXQ0ZyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2JpdGx5LndzLz9iYW5uZWQ9MSIsImFyIjpbXX19.X-_ClUw7u-njUHD4QEUMXY6Bczhw8f-tQkAwMYinAQY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; expires=Thu, 04 Apr 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv27=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs27=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b014965722138557511a38715ff5406
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

liarcram.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1

172.240.253.132

200 OK

6.9 kB

URL GET HTTP/1.1
liarcram.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type
JSON text data
Size
6.9 kB (6926 bytes)
Hash
dc86535d7019a1c293e897d6aa22fe49
0e610500dc4d7dc89e1a4e9c662b47bfb84f3110
af8f90aa0347505a0074b87ca5841a78286c51073dd55d41c3785799b3c9b01b

HTTP Headers

GET /sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=b411db74-9da7-4ee7-95dc-193db77e8635%3A2%3A1 HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725757; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; expires=Thu, 04 Apr 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dee166b6fc559709ce8c1a1626a21707
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

permissionfence.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4

172.240.108.84

200 OK

17 kB

URL GET HTTP/1.1
permissionfence.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
JSON text data
Size
17 kB (17088 bytes)
Hash
f672f7884ed6213b878d1e939c3ccfa6
aa1de871cb2fe78541f69ebd0ea008a3ca01196d
e18e3ac9fc7bd8fea6230b46ea1576df8a42c35c78f8c26d08cf5969f90c71f3

HTTP Headers

GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: application/json
Content-Length: 17088
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
pdhtkv49=true; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
uncs49=1; expires=Fri, 29 Mar 2024 23:56:38 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]; expires=Thu, 28 Mar 2024 23:56:43 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ddef7fc25e05b2ad0f600321a98c744
Strict-Transport-Security: max-age=0; includeSubdomains

sellerignateignate.com/pixel/purst?dl=0&th=0&sc=0&rs=2062&rd=2062&fd=529&bv=24.3.5296&tmpl=136

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
sellerignateignate.com/pixel/purst?dl=0&th=0&sc=0&rs=2062&rd=2062&fd=529&bv=24.3.5296&tmpl=136
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectsellerignateignate.com
Fingerprint6B:AA:A7:78:2A:F4:F4:26:BE:D2:92:E6:4B:0F:88:05:2E:29:7B:74
ValidityThu, 28 Mar 2024 19:41:05 GMT - Wed, 26 Jun 2024 19:41:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2062&rd=2062&fd=529&bv=24.3.5296&tmpl=136 HTTP/1.1
Host: sellerignateignate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735779; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTc3OSwiayI6IjAxMzQyZjI1MDBjN2E1NTY5ZGJhMTVjMWZmZTJlNzZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ4cjdpcXQ0ZyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2JpdGx5LndzLz9iYW5uZWQ9MSIsImFyIjpbXX19.X-_ClUw7u-njUHD4QEUMXY6Bczhw8f-tQkAwMYinAQY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

liarcram.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuniy5%2FOAHSvAiwiAeVNzZ7vnonjYHMcaVkDWJieLHRaq6ambLqe5qqrqmZxeExYDkOATEa%2B8zu1mMi%2BglN4PMLngICDueFnT%2FBC9CzjLj4uh7qPd53ucteOp968tdd0aacPT06rt6WypF1zoNv%2F7yR0Fwub4hMzeqj7rhp2H7ct0MX4%2FDhv9K%2FR2RDPRa0w98P%2FCD%2Bro0oqdHa3MRMj%2BMg0bsN9rNRtBpY2T%2By63zYKkHPjwjz0Ly2cqxdwkymSJLv78q7KDQ%2BWtvp07RQhsM%2BcEH2SDTZYZ0CXvGQy87OO%2BGtifrj6Gz%2FYVd6OE%2FjUzOiPfzY7Ds4Nwk2HBv4ZMpiAyM%2Fw%2FlcAqhppB0ikTfheQnBEg4btxElj64oU1Jt%2F5W6VydkZWnf0KWM7Ly%2ByVk6XdXlBzV72jlCqkzi1GvghxNIftT5O4IxbYHWR4hKb6A5L%2BQtacbyNK9m1ZpSH76EmsHAWdRezXmNFptCxGtxh2erAZxi7MoEt2w1VkMSMopZG8KJcagtgZnPTjpwfU8uNxDyk%2FrSRAEkc8T6nfjJGnxSLCQ%2BwGNegEN%2FLALl8zfMEaRj5GoMRKzg9zsYCDHMO4n2M0Kltdgixnx3tvBkFcoBUFpCUpKUEqCsiAoh9U%2BV7ZpqwdcWceC89w8z61qoov%2BLt3XRV9kBNSMYXi1m5%2BRZ%2BZD9D45%2FhwDcVpvtRIRizhOAtabI9bk7S6Ngw5nnbDZTmBlBWlroNbDtpyR7nO%2FIZ8vdlCB0SNYdYREvgjqXgAtK9DNCtvZYSGzLWdUI9VMgusKebGCYsvbVWfk%2BcUar3%2F9ECJ5Qs4DiamQmwqfyWOCvro3ua1Lsndbl5b8cDMvZCq36XzFdwpaiIsPr4utUht%2B7aodf%2FNmMhfm8PB9YYsNmnGZ9S359orkXJh1bRJBfrxmPxTslrObV5zJXL5x6631a2luhLVSZ1NQefLxfSRyRv7%2FaGPxd1%2Bt%2FwFppjCuQuqWTqWeIsl3YPNlzWoCo5ac5R5KV01Mky2LShIoseSUVbD%2F4myJJ4bOb1NZ7dp76JsaaHEXWVphaCoMVQWqxrDuwqTIzZM3fm0tAkzVJkyZ2h5TRt1fDHl%2BfAUrT%2BtRq%2BXTMO4EUURFxNrNbi8MOKXNdtgMQ9pCYWe9ixce%2FQUAAP%2F%2FAQAA%2F%2F%2FyVc87lQQAAA%3D%3D

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
liarcram.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuniy5%2FOAHSvAiwiAeVNzZ7vnonjYHMcaVkDWJieLHRaq6ambLqe5qqrqmZxeExYDkOATEa%2B8zu1mMi%2BglN4PMLngICDueFnT%2FBC9CzjLj4uh7qPd53ucteOp968tdd0aacPT06rt6WypF1zoNv%2F7yR0Fwub4hMzeqj7rhp2H7ct0MX4%2FDhv9K%2FR2RDPRa0w98P%2FCD%2Bro0oqdHa3MRMj%2BMg0bsN9rNRtBpY2T%2By63zYKkHPjwjz0Ly2cqxdwkymSJLv78q7KDQ%2BWtvp07RQhsM%2BcEH2SDTZYZ0CXvGQy87OO%2BGtifrj6Gz%2FYVd6OE%2FjUzOiPfzY7Ds4Nwk2HBv4ZMpiAyM%2Fw%2FlcAqhppB0ikTfheQnBEg4btxElj64oU1Jt%2F5W6VydkZWnf0KWM7Ly%2ByVk6XdXlBzV72jlCqkzi1GvghxNIftT5O4IxbYHWR4hKb6A5L%2BQtacbyNK9m1ZpSH76EmsHAWdRezXmNFptCxGtxh2erAZxi7MoEt2w1VkMSMopZG8KJcagtgZnPTjpwfU8uNxDyk%2FrSRAEkc8T6nfjJGnxSLCQ%2BwGNegEN%2FLALl8zfMEaRj5GoMRKzg9zsYCDHMO4n2M0Kltdgixnx3tvBkFcoBUFpCUpKUEqCsiAoh9U%2BV7ZpqwdcWceC89w8z61qoov%2BLt3XRV9kBNSMYXi1m5%2BRZ%2BZD9D45%2FhwDcVpvtRIRizhOAtabI9bk7S6Ngw5nnbDZTmBlBWlroNbDtpyR7nO%2FIZ8vdlCB0SNYdYREvgjqXgAtK9DNCtvZYSGzLWdUI9VMgusKebGCYsvbVWfk%2BcUar3%2F9ECJ5Qs4DiamQmwqfyWOCvro3ua1Lsndbl5b8cDMvZCq36XzFdwpaiIsPr4utUht%2B7aodf%2FNmMhfm8PB9YYsNmnGZ9S359orkXJh1bRJBfrxmPxTslrObV5zJXL5x6631a2luhLVSZ1NQefLxfSRyRv7%2FaGPxd1%2Bt%2FwFppjCuQuqWTqWeIsl3YPNlzWoCo5ac5R5KV01Mky2LShIoseSUVbD%2F4myJJ4bOb1NZ7dp76JsaaHEXWVphaCoMVQWqxrDuwqTIzZM3fm0tAkzVJkyZ2h5TRt1fDHl%2BfAUrT%2BtRq%2BXTMO4EUURFxNrNbi8MOKXNdtgMQ9pCYWe9ixce%2FQUAAP%2F%2FAQAA%2F%2F%2FyVc87lQQAAA%3D%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuniy5%2FOAHSvAiwiAeVNzZ7vnonjYHMcaVkDWJieLHRaq6ambLqe5qqrqmZxeExYDkOATEa%2B8zu1mMi%2BglN4PMLngICDueFnT%2FBC9CzjLj4uh7qPd53ucteOp968tdd0aacPT06rt6WypF1zoNv%2F7yR0Fwub4hMzeqj7rhp2H7ct0MX4%2FDhv9K%2FR2RDPRa0w98P%2FCD%2Bro0oqdHa3MRMj%2BMg0bsN9rNRtBpY2T%2By63zYKkHPjwjz0Ly2cqxdwkymSJLv78q7KDQ%2BWtvp07RQhsM%2BcEH2SDTZYZ0CXvGQy87OO%2BGtifrj6Gz%2FYVd6OE%2FjUzOiPfzY7Ds4Nwk2HBv4ZMpiAyM%2Fw%2FlcAqhppB0ikTfheQnBEg4btxElj64oU1Jt%2F5W6VydkZWnf0KWM7Ly%2ByVk6XdXlBzV72jlCqkzi1GvghxNIftT5O4IxbYHWR4hKb6A5L%2BQtacbyNK9m1ZpSH76EmsHAWdRezXmNFptCxGtxh2erAZxi7MoEt2w1VkMSMopZG8KJcagtgZnPTjpwfU8uNxDyk%2FrSRAEkc8T6nfjJGnxSLCQ%2BwGNegEN%2FLALl8zfMEaRj5GoMRKzg9zsYCDHMO4n2M0Kltdgixnx3tvBkFcoBUFpCUpKUEqCsiAoh9U%2BV7ZpqwdcWceC89w8z61qoov%2BLt3XRV9kBNSMYXi1m5%2BRZ%2BZD9D45%2FhwDcVpvtRIRizhOAtabI9bk7S6Ngw5nnbDZTmBlBWlroNbDtpyR7nO%2FIZ8vdlCB0SNYdYREvgjqXgAtK9DNCtvZYSGzLWdUI9VMgusKebGCYsvbVWfk%2BcUar3%2F9ECJ5Qs4DiamQmwqfyWOCvro3ua1Lsndbl5b8cDMvZCq36XzFdwpaiIsPr4utUht%2B7aodf%2FNmMhfm8PB9YYsNmnGZ9S359orkXJh1bRJBfrxmPxTslrObV5zJXL5x6631a2luhLVSZ1NQefLxfSRyRv7%2FaGPxd1%2Bt%2FwFppjCuQuqWTqWeIsl3YPNlzWoCo5ac5R5KV01Mky2LShIoseSUVbD%2F4myJJ4bOb1NZ7dp76JsaaHEXWVphaCoMVQWqxrDuwqTIzZM3fm0tAkzVJkyZ2h5TRt1fDHl%2BfAUrT%2BtRq%2BXTMO4EUURFxNrNbi8MOKXNdtgMQ9pCYWe9ixce%2FQUAAP%2F%2FAQAA%2F%2F%2FyVc87lQQAAA%3D%3D HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c936c3eb595ca613a7eea255489a566e
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSudgcPEQR18SLIsCCoyKS7Z6ZnxkUWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENohdvLjIJLBIQMxcJaP4JYfEoPQ6O%2B6Dej%2FpewffeV5%2FvmQviw9Dz1ffkDheCLjdrbvXlDz3vanWDp2ZYHbaDT4LG1aoavN4Jau4r1XfiqC%2BXfddzXc%2F1qmtcxV05XC5B8Oyo49U6bq3h17xmA0P1eK2NA00dsMEFeRacTSsnzmXwaII0%2BX411v1cZq%2B9nRhBc6kwYId30n4qixTJIu0qB930cN4Nqc%2FWHkCmBzO6kIP%2FGkM%2BJc7DBwjTwzlJhIP9Gc9QIE4RsqdQDCaIxQScThDJu%2BDsjAARw%2FVNpMn961IVdPtflJbolFQe%2FQVeTEnlz8tIk%2B9WBB9Wb0thci5TjWHXgg8n4L0JMnOMfMcBL44R5Z%2BBs1%2FJ8qMNpMn%2BphYSnNnZ7JxPwLsTiHgEqh2Y8nAHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkZestCMwc6nxLn5i4GzKKICQpNUFCCghMUOUExsAdMaF%2Fb%2B0xoE3rz6M9j3Y5l3tujBzLvxSkBVSMoZveyC%2FJMuR%2Fn4xMP%2Ffi86rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbh%2BYjbyDp%2BS9vN%2FICs161uE9BhaHCPiV0CNB1pY0C2LnfQo5%2Bm2UaKWyJCDSYssryDfdvbEBXlhptCLvzUQR6fXHi69kY1%2FX0KkLDJl8Sk%2FIeiJe%2BNbsiD7t2ShyQ%2BbWc4TvkNL9W7nNI8vffNuvF1IxdZX9ejrN6MSKNOj92Odb9CU8bSnybcrnLFYrUkVxeSndf1BHN4wemvFqNRkGzfeWltPMhVrzWU6AeVnm38j4lNSeem52bd8%2BuxVcDWBMhaJOSVzA5fHiLJd6GzBXksCJRY9YeagMHas%2FHBxKTiBiBc1DS30%2F%2BpwkY8VLV9Tbvf0PfRUBTS%2FizSxGCiLgbCgYgRtlsZ5pk6v%2FfJlaV8hFJVxKFRlPxRKfDFb8pRcqdwp3UeluwnNz6utet2lQafptVo0boUNv90NPEap3wj8IKB15HraffLSj%2F8AAAD%2F%2FwEAAP%2F%2FExvSEnoEAAA%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSudgcPEQR18SLIsCCoyKS7Z6ZnxkUWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENohdvLjIJLBIQMxcJaP4JYfEoPQ6O%2B6Dej%2FpewffeV5%2FvmQviw9Dz1ffkDheCLjdrbvXlDz3vanWDp2ZYHbaDT4LG1aoavN4Jau4r1XfiqC%2BXfddzXc%2F1qmtcxV05XC5B8Oyo49U6bq3h17xmA0P1eK2NA00dsMEFeRacTSsnzmXwaII0%2BX411v1cZq%2B9nRhBc6kwYId30n4qixTJIu0qB930cN4Nqc%2FWHkCmBzO6kIP%2FGkM%2BJc7DBwjTwzlJhIP9Gc9QIE4RsqdQDCaIxQScThDJu%2BDsjAARw%2FVNpMn961IVdPtflJbolFQe%2FQVeTEnlz8tIk%2B9WBB9Wb0thci5TjWHXgg8n4L0JMnOMfMcBL44R5Z%2BBs1%2FJ8qMNpMn%2BphYSnNnZ7JxPwLsTiHgEqh2Y8nAHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkZestCMwc6nxLn5i4GzKKICQpNUFCCghMUOUExsAdMaF%2Fb%2B0xoE3rz6M9j3Y5l3tujBzLvxSkBVSMoZveyC%2FJMuR%2Fn4xMP%2Ffi86rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbh%2BYjbyDp%2BS9vN%2FICs161uE9BhaHCPiV0CNB1pY0C2LnfQo5%2Bm2UaKWyJCDSYssryDfdvbEBXlhptCLvzUQR6fXHi69kY1%2FX0KkLDJl8Sk%2FIeiJe%2BNbsiD7t2ShyQ%2BbWc4TvkNL9W7nNI8vffNuvF1IxdZX9ejrN6MSKNOj92Odb9CU8bSnybcrnLFYrUkVxeSndf1BHN4wemvFqNRkGzfeWltPMhVrzWU6AeVnm38j4lNSeem52bd8%2BuxVcDWBMhaJOSVzA5fHiLJd6GzBXksCJRY9YeagMHas%2FHBxKTiBiBc1DS30%2F%2BpwkY8VLV9Tbvf0PfRUBTS%2FizSxGCiLgbCgYgRtlsZ5pk6v%2FfJlaV8hFJVxKFRlPxRKfDFb8pRcqdwp3UeluwnNz6utet2lQafptVo0boUNv90NPEap3wj8IKB15HraffLSj%2F8AAAD%2F%2FwEAAP%2F%2FExvSEnoEAAA%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSudgcPEQR18SLIsCCoyKS7Z6ZnxkUWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENohdvLjIJLBIQMxcJaP4JYfEoPQ6O%2B6Dej%2FpewffeV5%2FvmQviw9Dz1ffkDheCLjdrbvXlDz3vanWDp2ZYHbaDT4LG1aoavN4Jau4r1XfiqC%2BXfddzXc%2F1qmtcxV05XC5B8Oyo49U6bq3h17xmA0P1eK2NA00dsMEFeRacTSsnzmXwaII0%2BX411v1cZq%2B9nRhBc6kwYId30n4qixTJIu0qB930cN4Nqc%2FWHkCmBzO6kIP%2FGkM%2BJc7DBwjTwzlJhIP9Gc9QIE4RsqdQDCaIxQScThDJu%2BDsjAARw%2FVNpMn961IVdPtflJbolFQe%2FQVeTEnlz8tIk%2B9WBB9Wb0thci5TjWHXgg8n4L0JMnOMfMcBL44R5Z%2BBs1%2FJ8qMNpMn%2BphYSnNnZ7JxPwLsTiHgEqh2Y8nAHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkZestCMwc6nxLn5i4GzKKICQpNUFCCghMUOUExsAdMaF%2Fb%2B0xoE3rz6M9j3Y5l3tujBzLvxSkBVSMoZveyC%2FJMuR%2Fn4xMP%2Ffi86rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbh%2BYjbyDp%2BS9vN%2FICs161uE9BhaHCPiV0CNB1pY0C2LnfQo5%2Bm2UaKWyJCDSYssryDfdvbEBXlhptCLvzUQR6fXHi69kY1%2FX0KkLDJl8Sk%2FIeiJe%2BNbsiD7t2ShyQ%2BbWc4TvkNL9W7nNI8vffNuvF1IxdZX9ejrN6MSKNOj92Odb9CU8bSnybcrnLFYrUkVxeSndf1BHN4wemvFqNRkGzfeWltPMhVrzWU6AeVnm38j4lNSeem52bd8%2BuxVcDWBMhaJOSVzA5fHiLJd6GzBXksCJRY9YeagMHas%2FHBxKTiBiBc1DS30%2F%2BpwkY8VLV9Tbvf0PfRUBTS%2FizSxGCiLgbCgYgRtlsZ5pk6v%2FfJlaV8hFJVxKFRlPxRKfDFb8pRcqdwp3UeluwnNz6utet2lQafptVo0boUNv90NPEap3wj8IKB15HraffLSj%2F8AAAD%2F%2FwEAAP%2F%2FExvSEnoEAAA%3D HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2ccfa942f11ea2784aa31861d0546f70
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg

45.133.44.9

200 OK

23 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
23 kB (22757 bytes)
Hash
9a2dc4fe2ebb70df2dfb1566d22970b8
b85a5f4ef7bd68b834d03d8b9a552e2e546e8701
1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd

HTTP Headers

GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Sat, 30 Mar 2024 23:56:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg

45.133.44.9

200 OK

24 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
24 kB (24518 bytes)
Hash
d71c872fb9f50bd9383abc0721d1d51e
1f69b40ef2f95798b4e0fd738d630ad4319cd739
6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08

HTTP Headers

GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Sat, 30 Mar 2024 23:56:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg

45.133.44.9

200 OK

28 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
28 kB (27832 bytes)
Hash
1dcde64d47d24d151a1433ecf4403dd7
443d6704b5a294e000084d7a8ac823e526093928
d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376

HTTP Headers

GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Sat, 30 Mar 2024 23:56:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg

45.133.44.9

200 OK

32 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3
Size
32 kB (32471 bytes)
Hash
3528385dd0c31dbd2e5bfc4af7a6bec5
832c580ffd7711115d6c036ab4232f5bd88480a4
bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75

HTTP Headers

GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Sat, 30 Mar 2024 23:56:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/8c/c1/d4/8cc1d4d8fa50b9b61375d1c98405ec9e/1708270450.jpg

45.133.44.9

200 OK

52 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/8c/c1/d4/8cc1d4d8fa50b9b61375d1c98405ec9e/1708270450.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:18 15:23:29], progressive, precision 8, 468x60, components 3
Size
52 kB (52040 bytes)
Hash
122313104b628391cc2c56154df50b40
4139adb8baa674e07234ef21c8ae2efbc0a91544
1a9b8f5993d3d7b60eeff885e09e9433568c037ac97f6be0767f683d3b0505a5

HTTP Headers

GET /cti/8c/c1/d4/8cc1d4d8fa50b9b61375d1c98405ec9e/1708270450.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: image/jpeg
content-length: 52040
server: nginx/1.21.6
last-modified: Sun, 18 Feb 2024 15:34:19 GMT
etag: "65d2237b-cb48"
expires: Sat, 30 Mar 2024 23:56:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

172.64.205.21

200 OK

172 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.64.205.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
172 kB (171501 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d568f288cb2ec7258138e6041badd582
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 28 Mar 2024 23:56:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3ZSY0%2BVZzdimyDa2Wis%2BcVWk%2F4wBqexHfjmtdxKcwGnS5kuOCfywNBuY9EWdikCTWaEeHoFxtKIXhNSaEkKQ%2Bo0iIM%2F77m7B5H1MFdS5KwLIiDw7wY0UJWD25%2BuwxFb9ihZM922psjlw6Pmns%2BlPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bb8ed3b918531a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu%2Fu3wO8SLH4sXQYYFQUEm3T0zPTMushhjJBg3%2B%2BHix0Wqu3om5VR3NVVd05Ocgguyxzl40VPlmWSDGkQv3lxkElgkKGYuEtD8B56ExaP07ODoC93v%2B9bzFjzv89Qne%2BaC%2BDD0fPVtucOFoMvNmlt98T3Pu1rd4KkZVoft4MOgcbWqBq90gpr7UvXNOOrLZd%2F1XNdzveoaV3FXDpdLEDw76ni1jltr%2BDWv2cBQ%2FbfXxoGmDtjggjwNzqaVE%2BcyeDRBmnyzGut%2BLrOX30iMoLlUGLDDO2k%2FlUWKZFF2lYNuejifhtRnaw8g04MZXcjBP4MhnxLn4QOE6eGcJMLB%2FoxnKBCnCNkTKAYTxGICTieI5F1wdkaAiOH6JtLk%2FnWpCrr9GKUlOiWVR3%2BCF1NS%2Bf0y0uTrFcGH1dtSmJzLVGPYteDDCXhvgswcI99xwItjRPnH4OxnsvxoA2myv6mFBGd2tjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMr8AL1loZkDnU%2BJc3MXA2ZRxASFJigoQcEJipygGNgDJrSv7X0mtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5qtTH%2BeDEQz8%2Br3otn3WCtus3ms1mPW67TZ%2FSbhh7IQsa1KtDcwuu%2FzdbeYdPSfvZ35CVnvUtQnoMLY4R8SugxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8N3PoSuUm4uj02sOlV7Pxr0uIlEWmLD7iJwQ9cW98SxZk%2F5YsNPl2M8t5wndo6d7tnObxpS%2FfircLqdj6qh598VpUAmV59E6s8w2aMp72NPlqhTMWqzWpoph8v67fjcMbRm%2BtGJWabOPG62vrSaZirblMJ6D8bPMvRHxKKi88M3uWT%2F70B7iaQBmLxJySeYDLY0TZLnS2YK8lgRKLmTCroDB2rPxwcSg4gYgXPQ0t9L%2F6cFGPFS1vU2739D30VAU0v4s0sRgoi4GwoGIEbZbGeaZOr%2F34WRmfIxSVcShUZT8USnw6Jc%2F%2F0iiVvlP%2B3n%2Bsuebn1Va97tKg0%2FRaLRq3wobf7gYeo9RvBH4Q0DpyPe3%2B%2F9J3fwMAAP%2F%2FAQAA%2F%2F9Xi9BlegQAAA%3D%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu%2Fu3wO8SLH4sXQYYFQUEm3T0zPTMushhjJBg3%2B%2BHix0Wqu3om5VR3NVVd05Ocgguyxzl40VPlmWSDGkQv3lxkElgkKGYuEtD8B56ExaP07ODoC93v%2B9bzFjzv89Qne%2BaC%2BDD0fPVtucOFoMvNmlt98T3Pu1rd4KkZVoft4MOgcbWqBq90gpr7UvXNOOrLZd%2F1XNdzveoaV3FXDpdLEDw76ni1jltr%2BDWv2cBQ%2FbfXxoGmDtjggjwNzqaVE%2BcyeDRBmnyzGut%2BLrOX30iMoLlUGLDDO2k%2FlUWKZFF2lYNuejifhtRnaw8g04MZXcjBP4MhnxLn4QOE6eGcJMLB%2FoxnKBCnCNkTKAYTxGICTieI5F1wdkaAiOH6JtLk%2FnWpCrr9GKUlOiWVR3%2BCF1NS%2Bf0y0uTrFcGH1dtSmJzLVGPYteDDCXhvgswcI99xwItjRPnH4OxnsvxoA2myv6mFBGd2tjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMr8AL1loZkDnU%2BJc3MXA2ZRxASFJigoQcEJipygGNgDJrSv7X0mtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5qtTH%2BeDEQz8%2Br3otn3WCtus3ms1mPW67TZ%2FSbhh7IQsa1KtDcwuu%2FzdbeYdPSfvZ35CVnvUtQnoMLY4R8SugxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8N3PoSuUm4uj02sOlV7Pxr0uIlEWmLD7iJwQ9cW98SxZk%2F5YsNPl2M8t5wndo6d7tnObxpS%2FfircLqdj6qh598VpUAmV59E6s8w2aMp72NPlqhTMWqzWpoph8v67fjcMbRm%2BtGJWabOPG62vrSaZirblMJ6D8bPMvRHxKKi88M3uWT%2F70B7iaQBmLxJySeYDLY0TZLnS2YK8lgRKLmTCroDB2rPxwcSg4gYgXPQ0t9L%2F6cFGPFS1vU2739D30VAU0v4s0sRgoi4GwoGIEbZbGeaZOr%2F34WRmfIxSVcShUZT8USnw6Jc%2F%2F0iiVvlP%2B3n%2Bsuebn1Va97tKg0%2FRaLRq3wobf7gYeo9RvBH4Q0DpyPe3%2B%2F9J3fwMAAP%2F%2FAQAA%2F%2F9Xi9BlegQAAA%3D%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu%2Fu3wO8SLH4sXQYYFQUEm3T0zPTMushhjJBg3%2B%2BHix0Wqu3om5VR3NVVd05Ocgguyxzl40VPlmWSDGkQv3lxkElgkKGYuEtD8B56ExaP07ODoC93v%2B9bzFjzv89Qne%2BaC%2BDD0fPVtucOFoMvNmlt98T3Pu1rd4KkZVoft4MOgcbWqBq90gpr7UvXNOOrLZd%2F1XNdzveoaV3FXDpdLEDw76ni1jltr%2BDWv2cBQ%2FbfXxoGmDtjggjwNzqaVE%2BcyeDRBmnyzGut%2BLrOX30iMoLlUGLDDO2k%2FlUWKZFF2lYNuejifhtRnaw8g04MZXcjBP4MhnxLn4QOE6eGcJMLB%2FoxnKBCnCNkTKAYTxGICTieI5F1wdkaAiOH6JtLk%2FnWpCrr9GKUlOiWVR3%2BCF1NS%2Bf0y0uTrFcGH1dtSmJzLVGPYteDDCXhvgswcI99xwItjRPnH4OxnsvxoA2myv6mFBGd2tjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMr8AL1loZkDnU%2BJc3MXA2ZRxASFJigoQcEJipygGNgDJrSv7X0mtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5qtTH%2BeDEQz8%2Br3otn3WCtus3ms1mPW67TZ%2FSbhh7IQsa1KtDcwuu%2FzdbeYdPSfvZ35CVnvUtQnoMLY4R8SugxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8N3PoSuUm4uj02sOlV7Pxr0uIlEWmLD7iJwQ9cW98SxZk%2F5YsNPl2M8t5wndo6d7tnObxpS%2FfircLqdj6qh598VpUAmV59E6s8w2aMp72NPlqhTMWqzWpoph8v67fjcMbRm%2BtGJWabOPG62vrSaZirblMJ6D8bPMvRHxKKi88M3uWT%2F70B7iaQBmLxJySeYDLY0TZLnS2YK8lgRKLmTCroDB2rPxwcSg4gYgXPQ0t9L%2F6cFGPFS1vU2739D30VAU0v4s0sRgoi4GwoGIEbZbGeaZOr%2F34WRmfIxSVcShUZT8USnw6Jc%2F%2F0iiVvlP%2B3n%2Bsuebn1Va97tKg0%2FRaLRq3wobf7gYeo9RvBH4Q0DpyPe3%2B%2F9J3fwMAAP%2F%2FAQAA%2F%2F9Xi9BlegQAAA%3D%3D HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 56c475c4f4d2df4490b22b22d394b8c8
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2sk1Re%2B9Zvmt4gbH4MbQZoBQUE6Vf2OgwzGGAnGyTwcfGzkvqpz7Vt1i3urujpZBQdklr1wo6vK18kENYhu3DlIJzBIUExvJKD5D1wJg0upnmDrgapzzv3Ohe983%2F1kNzsndWT0bOVts620poutml998b0guFpdV3E2rA677Q%2FbzatVO3hlqV3zX6q%2BKXnfLNb9wPcDP6iuKitDM1wsQajkcCmoLfm1Zr0WtJoY2v%2F2LvPgqAcxOCdPQ4lp5di7DMUniKNvVqTrpyZ5%2BY0o0zQ1FgNxcCfuxyaPEc3L0HoI44OLaRh3uvoAJt6f0YUZ%2FDPI1JR4Dx%2BAxQcXJMEGezOeTEPGYOIJ5IMJpJ5A0Qm4uQslTgnABa5vII7uXzc2p1uPUVqiU1J59CdUPiWV3y8jjr5e1mpYvW10lioTOwzDAmo4gepNkGRHSLc9qPwIPP0YSvxMFh%2BtI472Npw2UKKY7a7UBCqcQMsRqPOQlZ%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsBbrOAEx5cOiXezR0MRIFcEuSOIKcEuSLIU4J8UOwL7equuC%2B0y1hwkesXuVGMTdrbpfsm7cmYgNoRrCh2k3PyVKmP98FxgL48qwadulhqd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWU%2B99s5W01Jd1nf0NSetYvwOgRnD4CV1dAswA0L0A3C2zHh6mKtzKra5FhCsIUSNIK0i1vV5%2BT52YOXanchOQn1x4uvJqMf10AtwUSW%2BAjdUzQ0%2FfGt0xO9m6Z3JFvN5JURWqblu7dTmkqL335ltzKjRVrK270xWu8BMry8B3p0nUaCxX3HPlqWQkh7aqxXJLv19y7kt3I3OZyZuMsWb%2Fx%2BupalFjpnDLxBFSdbvwFrqak8sIzs2f55E9%2FQNkJbFYgyk7IRUCZI%2FBkBy6Zs3eGwOr5DEsqyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77h56tgKa3kUcFRjYAgNdgOoRXLYwThN7cu3Hz8r4HExXxkzbyh7TVn86Jc%2F%2F0iyVvlP%2B3n%2BsuVNn1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3XT8P%2BXvvsbAAD%2F%2FwEAAP%2F%2F118FjXoEAAA%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2sk1Re%2B9Zvmt4gbH4MbQZoBQUE6Vf2OgwzGGAnGyTwcfGzkvqpz7Vt1i3urujpZBQdklr1wo6vK18kENYhu3DlIJzBIUExvJKD5D1wJg0upnmDrgapzzv3Ohe983%2F1kNzsndWT0bOVts620poutml998b0guFpdV3E2rA677Q%2FbzatVO3hlqV3zX6q%2BKXnfLNb9wPcDP6iuKitDM1wsQajkcCmoLfm1Zr0WtJoY2v%2F2LvPgqAcxOCdPQ4lp5di7DMUniKNvVqTrpyZ5%2BY0o0zQ1FgNxcCfuxyaPEc3L0HoI44OLaRh3uvoAJt6f0YUZ%2FDPI1JR4Dx%2BAxQcXJMEGezOeTEPGYOIJ5IMJpJ5A0Qm4uQslTgnABa5vII7uXzc2p1uPUVqiU1J59CdUPiWV3y8jjr5e1mpYvW10lioTOwzDAmo4gepNkGRHSLc9qPwIPP0YSvxMFh%2BtI472Npw2UKKY7a7UBCqcQMsRqPOQlZ%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsBbrOAEx5cOiXezR0MRIFcEuSOIKcEuSLIU4J8UOwL7equuC%2B0y1hwkesXuVGMTdrbpfsm7cmYgNoRrCh2k3PyVKmP98FxgL48qwadulhqd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWU%2B99s5W01Jd1nf0NSetYvwOgRnD4CV1dAswA0L0A3C2zHh6mKtzKra5FhCsIUSNIK0i1vV5%2BT52YOXanchOQn1x4uvJqMf10AtwUSW%2BAjdUzQ0%2FfGt0xO9m6Z3JFvN5JURWqblu7dTmkqL335ltzKjRVrK270xWu8BMry8B3p0nUaCxX3HPlqWQkh7aqxXJLv19y7kt3I3OZyZuMsWb%2Fx%2BupalFjpnDLxBFSdbvwFrqak8sIzs2f55E9%2FQNkJbFYgyk7IRUCZI%2FBkBy6Zs3eGwOr5DEsqyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77h56tgKa3kUcFRjYAgNdgOoRXLYwThN7cu3Hz8r4HExXxkzbyh7TVn86Jc%2F%2F0iyVvlP%2B3n%2BsuVNn1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3XT8P%2BXvvsbAAD%2F%2FwEAAP%2F%2F118FjXoEAAA%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy2sk1Re%2B9Zvmt4gbH4MbQZoBQUE6Vf2OgwzGGAnGyTwcfGzkvqpz7Vt1i3urujpZBQdklr1wo6vK18kENYhu3DlIJzBIUExvJKD5D1wJg0upnmDrgapzzv3Ohe983%2F1kNzsndWT0bOVts620poutml998b0guFpdV3E2rA677Q%2FbzatVO3hlqV3zX6q%2BKXnfLNb9wPcDP6iuKitDM1wsQajkcCmoLfm1Zr0WtJoY2v%2F2LvPgqAcxOCdPQ4lp5di7DMUniKNvVqTrpyZ5%2BY0o0zQ1FgNxcCfuxyaPEc3L0HoI44OLaRh3uvoAJt6f0YUZ%2FDPI1JR4Dx%2BAxQcXJMEGezOeTEPGYOIJ5IMJpJ5A0Qm4uQslTgnABa5vII7uXzc2p1uPUVqiU1J59CdUPiWV3y8jjr5e1mpYvW10lioTOwzDAmo4gepNkGRHSLc9qPwIPP0YSvxMFh%2BtI472Npw2UKKY7a7UBCqcQMsRqPOQlZ%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsBbrOAEx5cOiXezR0MRIFcEuSOIKcEuSLIU4J8UOwL7equuC%2B0y1hwkesXuVGMTdrbpfsm7cmYgNoRrCh2k3PyVKmP98FxgL48qwadulhqd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWU%2B99s5W01Jd1nf0NSetYvwOgRnD4CV1dAswA0L0A3C2zHh6mKtzKra5FhCsIUSNIK0i1vV5%2BT52YOXanchOQn1x4uvJqMf10AtwUSW%2BAjdUzQ0%2FfGt0xO9m6Z3JFvN5JURWqblu7dTmkqL335ltzKjRVrK270xWu8BMry8B3p0nUaCxX3HPlqWQkh7aqxXJLv19y7kt3I3OZyZuMsWb%2Fx%2BupalFjpnDLxBFSdbvwFrqak8sIzs2f55E9%2FQNkJbFYgyk7IRUCZI%2FBkBy6Zs3eGwOr5DEsqyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77h56tgKa3kUcFRjYAgNdgOoRXLYwThN7cu3Hz8r4HExXxkzbyh7TVn86Jc%2F%2F0iyVvlP%2B3n%2BsuVNn1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3XT8P%2BXvvsbAAD%2F%2FwEAAP%2F%2F118FjXoEAAA%3D HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 914ec3a10f8ed3a5d0995a19f5d6e12b
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3h1%2Bh%2FwufixeBBkWBAWZdPfM9My4yGKMkWDc7IeLHxep7uqZlFPd1VR1TU9yCi7IHufgRU%2BVZ5INahC9eHORSWCRoJi5SEDzJ3gRFo%2FS4%2BDoC%2FV%2B1PMWPO%2F71Md75oL4MPR89S25w4Wgy82aW33hXc%2B7Vt3gqRlWh%2B3gg6BxraoGL3eCmvti9Y046stl3%2FVc13O96hpXcVcOl0sQPDvqeLWOW2v4Na%2FZwFD9t9bGgaYO2OCCPAXOppUT5wp4NEGafL0a634us5deT4yguVQYsMO7aT%2BVRYpkkXaVg256OO%2BG1GdrDyHTgxldyME%2FjSGfEufRQ4Tp4ZwkwsH%2BjGcoEKcI2f9RDCaIxQScThDJe%2BDsjAARw41NpMmDG1IVdPtvlJbolFQe%2FwFeTEnltytIk69WBB9W70hhci5TjWHXgg8n4L0JMnOMfMcBL44R5R%2BBs5%2FI8uMNpMn%2BphYSnNnZ7JxPwLsTiHgEqh2Y8nAHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkeestCMwc6nxLn1i4GzKKICQpNUFCCghMUOUExsAdMaF%2FbB0xoE3rz6M9j3Y5l3tujBzLvxSkBVSMoZveyC%2FJkuR%2Fn%2FRMP%2Ffi86rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbi%2BNBt5h09J%2B5lfkZWa9S1CegwtjhHxq6DGAy0s6JbFTnqU83TbKFFLZMjBpEWWV5BvO3vigjw7U%2Bhq5S7i6PT6o6VXsvEvS4iURaYsPuQnBD1xf3xbFmT%2Ftiw0%2BWYzy3nCd2ip3p2c5vHlL96Mtwup2PqqHn3%2BalQCZXr0dqzzDZoynvY0%2BXKFMxarNamimHy3rt%2BJw5tGb60YlZps4%2BZra%2BtJpmKtuUwnoPxs809EfEoqzz89%2B5ZP%2FPg7uJpAGYvEnJK5gctjRNkudLZgryWBEoueMLuEwtix8sPFpeAEIl7UNLTQ%2F6rDRT5WtHxNud3T99FTFdD8HtLEYqAsBsKCihG0WRrnmTq9%2FsOnpX2GUFTGoVCV%2FVAo8cmUPPdzY7bp0r1XulvQ%2FLzaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR66n3f9d%2FvYvAAAA%2F%2F8BAAD%2F%2F8E4CRJ6BAAA

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3h1%2Bh%2FwufixeBBkWBAWZdPfM9My4yGKMkWDc7IeLHxep7uqZlFPd1VR1TU9yCi7IHufgRU%2BVZ5INahC9eHORSWCRoJi5SEDzJ3gRFo%2FS4%2BDoC%2FV%2B1PMWPO%2F71Md75oL4MPR89S25w4Wgy82aW33hXc%2B7Vt3gqRlWh%2B3gg6BxraoGL3eCmvti9Y046stl3%2FVc13O96hpXcVcOl0sQPDvqeLWOW2v4Na%2FZwFD9t9bGgaYO2OCCPAXOppUT5wp4NEGafL0a634us5deT4yguVQYsMO7aT%2BVRYpkkXaVg256OO%2BG1GdrDyHTgxldyME%2FjSGfEufRQ4Tp4ZwkwsH%2BjGcoEKcI2f9RDCaIxQScThDJe%2BDsjAARw41NpMmDG1IVdPtvlJbolFQe%2FwFeTEnltytIk69WBB9W70hhci5TjWHXgg8n4L0JMnOMfMcBL44R5R%2BBs5%2FI8uMNpMn%2BphYSnNnZ7JxPwLsTiHgEqh2Y8nAHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkeestCMwc6nxLn1i4GzKKICQpNUFCCghMUOUExsAdMaF%2FbB0xoE3rz6M9j3Y5l3tujBzLvxSkBVSMoZveyC%2FJkuR%2Fn%2FRMP%2Ffi86rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbi%2BNBt5h09J%2B5lfkZWa9S1CegwtjhHxq6DGAy0s6JbFTnqU83TbKFFLZMjBpEWWV5BvO3vigjw7U%2Bhq5S7i6PT6o6VXsvEvS4iURaYsPuQnBD1xf3xbFmT%2Ftiw0%2BWYzy3nCd2ip3p2c5vHlL96Mtwup2PqqHn3%2BalQCZXr0dqzzDZoynvY0%2BXKFMxarNamimHy3rt%2BJw5tGb60YlZps4%2BZra%2BtJpmKtuUwnoPxs809EfEoqzz89%2B5ZP%2FPg7uJpAGYvEnJK5gctjRNkudLZgryWBEoueMLuEwtix8sPFpeAEIl7UNLTQ%2F6rDRT5WtHxNud3T99FTFdD8HtLEYqAsBsKCihG0WRrnmTq9%2FsOnpX2GUFTGoVCV%2FVAo8cmUPPdzY7bp0r1XulvQ%2FLzaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR66n3f9d%2FvYvAAAA%2F%2F8BAAD%2F%2F8E4CRJ6BAAA
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3h1%2Bh%2FwufixeBBkWBAWZdPfM9My4yGKMkWDc7IeLHxep7uqZlFPd1VR1TU9yCi7IHufgRU%2BVZ5INahC9eHORSWCRoJi5SEDzJ3gRFo%2FS4%2BDoC%2FV%2B1PMWPO%2F71Md75oL4MPR89S25w4Wgy82aW33hXc%2B7Vt3gqRlWh%2B3gg6BxraoGL3eCmvti9Y046stl3%2FVc13O96hpXcVcOl0sQPDvqeLWOW2v4Na%2FZwFD9t9bGgaYO2OCCPAXOppUT5wp4NEGafL0a634us5deT4yguVQYsMO7aT%2BVRYpkkXaVg256OO%2BG1GdrDyHTgxldyME%2FjSGfEufRQ4Tp4ZwkwsH%2BjGcoEKcI2f9RDCaIxQScThDJe%2BDsjAARw41NpMmDG1IVdPtvlJbolFQe%2FwFeTEnltytIk69WBB9W70hhci5TjWHXgg8n4L0JMnOMfMcBL44R5R%2BBs5%2FI8uMNpMn%2BphYSnNnZ7JxPwLsTiHgEqh2Y8nAHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkeestCMwc6nxLn1i4GzKKICQpNUFCCghMUOUExsAdMaF%2FbB0xoE3rz6M9j3Y5l3tujBzLvxSkBVSMoZveyC%2FJkuR%2Fn%2FRMP%2Ffi86rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbi%2BNBt5h09J%2B5lfkZWa9S1CegwtjhHxq6DGAy0s6JbFTnqU83TbKFFLZMjBpEWWV5BvO3vigjw7U%2Bhq5S7i6PT6o6VXsvEvS4iURaYsPuQnBD1xf3xbFmT%2Ftiw0%2BWYzy3nCd2ip3p2c5vHlL96Mtwup2PqqHn3%2BalQCZXr0dqzzDZoynvY0%2BXKFMxarNamimHy3rt%2BJw5tGb60YlZps4%2BZra%2BtJpmKtuUwnoPxs809EfEoqzz89%2B5ZP%2FPg7uJpAGYvEnJK5gctjRNkudLZgryWBEoueMLuEwtix8sPFpeAEIl7UNLTQ%2F6rDRT5WtHxNud3T99FTFdD8HtLEYqAsBsKCihG0WRrnmTq9%2FsOnpX2GUFTGoVCV%2FVAo8cmUPPdzY7bp0r1XulvQ%2FLzaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR66n3f9d%2FvYvAAAA%2F%2F8BAAD%2F%2F8E4CRJ6BAAA HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b77627836a109185b10e4386c900e9c
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3h1%2Bh%2FwufixeBBkWBAWZdM93XGQxxkgwbvbDxY%2BL1FdPyqnuaqq6pyc5BRdkj3PwoqfOM8kGNYhevLnIJLBIUMxcJKD5E7wIi0fpMTj6Qr0f9bwFz%2Fs%2B9fFudk7qyOjZyltmW2lNF1s1v%2FrCu0Fwrbqu4mxYHXbbH7Sb16p28PJSu%2Ba%2FWH1D8r5ZrPuB7wd%2BUF1VVoZmuFiCUMnhUlBb8mvNei1oNTG0%2F61d5sFRD2JwTp6CEtPKsXcFik8QR1%2BvSNdPTfLS61GmaWosBuLgbtyPTR4jmqeh9RDGBxfdMO509SFMvD%2BjCzP4p5GpKfEePQSLDy5Igg32ZjyZhozBxP%2BRDyaQegJFJ%2BDmHpQ4JQAXuLGBOHpww9icbv2N0hKdksrjP6DyKan8dgVx9NWyVsPqHaOzVJnYYRgWUMMJVG%2BCJDtCuu1B5Ufg6UdQ4iey%2BHgdcbS34bSBEsVsdqUmUOEEWo5AnYesPMpDFnrIEg%2BROKvyIAg6vuDU7y5x3hAdydrCD2gnDGjgt7vIeElvhDQZgesRuN1BYnfQVyPY7Hu4zQJOeHDplHi3djAQBXJJkDuCnBLkiiBPCfJBsS%2B0q7vigdAuY8FFrF%2FERjE2aW%2BX7pu0J2MCakewothNzsmT5X68948D9OVZNejUxVK769ebrVarIbt%2Bq05pyGTARLtJgwacKqDcpdnI22pKus%2F8iqTUrF%2BA0SM4fQSuroJmAWhegG4W2I4PUxVvZVbXIsMUhCmQpBWkW96uPifPzhS6WrkLyU%2BuP1p4JRn%2FsgBuCyS2wIfqmKCn749vm5zs3Ta5I99sJKmK1DYt1buT0lRe%2FuJNuZUbK9ZW3OjzV3kJlOnh29Kl6zQWKu458uWyEkLaVWO5JN%2BtuXcku5m5zeXMxlmyfvO11bUosdI5ZeIJqDrd%2BBNcTUnl%2Badn3%2FKJH3%2BHshPYrECUnZALgzJH4MkOXDJn7wyB1fMellxCnhVjW2fzS60ItJzXlBVw%2F6rZPB9bWr6mqth199GzFdD0HuKowMAWGOgCVI%2FgsoVxmtiT6z98WtpnYLoyZtpW9pi2%2BpMpee7n5mzTpXuvdLfg1Fm14YsOk6HsMNlsNUPJBWu1mM9Dzhqi2%2BVI3TT83%2BVv%2FwIAAP%2F%2FAQAA%2F%2F9B7Nz6egQAAA%3D%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3h1%2Bh%2FwufixeBBkWBAWZdM93XGQxxkgwbvbDxY%2BL1FdPyqnuaqq6pyc5BRdkj3PwoqfOM8kGNYhevLnIJLBIUMxcJKD5E7wIi0fpMTj6Qr0f9bwFz%2Fs%2B9fFudk7qyOjZyltmW2lNF1s1v%2FrCu0Fwrbqu4mxYHXbbH7Sb16p28PJSu%2Ba%2FWH1D8r5ZrPuB7wd%2BUF1VVoZmuFiCUMnhUlBb8mvNei1oNTG0%2F61d5sFRD2JwTp6CEtPKsXcFik8QR1%2BvSNdPTfLS61GmaWosBuLgbtyPTR4jmqeh9RDGBxfdMO509SFMvD%2BjCzP4p5GpKfEePQSLDy5Igg32ZjyZhozBxP%2BRDyaQegJFJ%2BDmHpQ4JQAXuLGBOHpww9icbv2N0hKdksrjP6DyKan8dgVx9NWyVsPqHaOzVJnYYRgWUMMJVG%2BCJDtCuu1B5Ufg6UdQ4iey%2BHgdcbS34bSBEsVsdqUmUOEEWo5AnYesPMpDFnrIEg%2BROKvyIAg6vuDU7y5x3hAdydrCD2gnDGjgt7vIeElvhDQZgesRuN1BYnfQVyPY7Hu4zQJOeHDplHi3djAQBXJJkDuCnBLkiiBPCfJBsS%2B0q7vigdAuY8FFrF%2FERjE2aW%2BX7pu0J2MCakewothNzsmT5X68948D9OVZNejUxVK769ebrVarIbt%2Bq05pyGTARLtJgwacKqDcpdnI22pKus%2F8iqTUrF%2BA0SM4fQSuroJmAWhegG4W2I4PUxVvZVbXIsMUhCmQpBWkW96uPifPzhS6WrkLyU%2BuP1p4JRn%2FsgBuCyS2wIfqmKCn749vm5zs3Ta5I99sJKmK1DYt1buT0lRe%2FuJNuZUbK9ZW3OjzV3kJlOnh29Kl6zQWKu458uWyEkLaVWO5JN%2BtuXcku5m5zeXMxlmyfvO11bUosdI5ZeIJqDrd%2BBNcTUnl%2Badn3%2FKJH3%2BHshPYrECUnZALgzJH4MkOXDJn7wyB1fMellxCnhVjW2fzS60ItJzXlBVw%2F6rZPB9bWr6mqth199GzFdD0HuKowMAWGOgCVI%2FgsoVxmtiT6z98WtpnYLoyZtpW9pi2%2BpMpee7n5mzTpXuvdLfg1Fm14YsOk6HsMNlsNUPJBWu1mM9Dzhqi2%2BVI3TT83%2BVv%2FwIAAP%2F%2FAQAA%2F%2F9B7Nz6egQAAA%3D%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3h1%2Bh%2FwufixeBBkWBAWZdM93XGQxxkgwbvbDxY%2BL1FdPyqnuaqq6pyc5BRdkj3PwoqfOM8kGNYhevLnIJLBIUMxcJKD5E7wIi0fpMTj6Qr0f9bwFz%2Fs%2B9fFudk7qyOjZyltmW2lNF1s1v%2FrCu0Fwrbqu4mxYHXbbH7Sb16p28PJSu%2Ba%2FWH1D8r5ZrPuB7wd%2BUF1VVoZmuFiCUMnhUlBb8mvNei1oNTG0%2F61d5sFRD2JwTp6CEtPKsXcFik8QR1%2BvSNdPTfLS61GmaWosBuLgbtyPTR4jmqeh9RDGBxfdMO509SFMvD%2BjCzP4p5GpKfEePQSLDy5Igg32ZjyZhozBxP%2BRDyaQegJFJ%2BDmHpQ4JQAXuLGBOHpww9icbv2N0hKdksrjP6DyKan8dgVx9NWyVsPqHaOzVJnYYRgWUMMJVG%2BCJDtCuu1B5Ufg6UdQ4iey%2BHgdcbS34bSBEsVsdqUmUOEEWo5AnYesPMpDFnrIEg%2BROKvyIAg6vuDU7y5x3hAdydrCD2gnDGjgt7vIeElvhDQZgesRuN1BYnfQVyPY7Hu4zQJOeHDplHi3djAQBXJJkDuCnBLkiiBPCfJBsS%2B0q7vigdAuY8FFrF%2FERjE2aW%2BX7pu0J2MCakewothNzsmT5X68948D9OVZNejUxVK769ebrVarIbt%2Bq05pyGTARLtJgwacKqDcpdnI22pKus%2F8iqTUrF%2BA0SM4fQSuroJmAWhegG4W2I4PUxVvZVbXIsMUhCmQpBWkW96uPifPzhS6WrkLyU%2BuP1p4JRn%2FsgBuCyS2wIfqmKCn749vm5zs3Ta5I99sJKmK1DYt1buT0lRe%2FuJNuZUbK9ZW3OjzV3kJlOnh29Kl6zQWKu458uWyEkLaVWO5JN%2BtuXcku5m5zeXMxlmyfvO11bUosdI5ZeIJqDrd%2BBNcTUnl%2Badn3%2FKJH3%2BHshPYrECUnZALgzJH4MkOXDJn7wyB1fMellxCnhVjW2fzS60ItJzXlBVw%2F6rZPB9bWr6mqth199GzFdD0HuKowMAWGOgCVI%2FgsoVxmtiT6z98WtpnYLoyZtpW9pi2%2BpMpee7n5mzTpXuvdLfg1Fm14YsOk6HsMNlsNUPJBWu1mM9Dzhqi2%2BVI3TT83%2BVv%2FwIAAP%2F%2FAQAA%2F%2F9B7Nz6egQAAA%3D%3D HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2371048ce8b4e392c2647874486519dd
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSudgcP68UfixdBhgVBQSbdPTM9My4SjDFLMG72h4s%2FLlLd1TMpp7qrqeqanoyX4ILscQ5e9FT5JtmghkUv3lxkElgkKGYuEtCAf4EHYfEoPQajD7rfe%2FW9gu99X32ybU6JD0NPlt%2BSIy4EXWjW3OqL73releoaT82wOmwHHwSNK1U1eKUT1NyXqlfjqC8XfNdzXc%2F1qitcxV05XChB8Gy%2F49U6bq3h17xmA0P1%2F14bB5o6YINT8jQ4m1UOnUvg0RRp8vVyrPu5zF5%2BIzGC5lJhwPZup%2F1UFimS87KrHHTTvbNpSH288gAy3Z3ThRz8OxjyGXEePkCY7p2RRDjYmfMMBeIUIXsCxWCKWEzB6RSRvAPOjgkQMVxbR5rcuyZVQTf%2FQWmJzkjl0Z%2FgxYxUfruENLm%2FJPiweksKk3OZagy7Fnw4Be9NkZkD5CMHvDhAlH8Mzn4iC4%2FWkCY761pIcGbnu3M%2BBe9OIeIxqHZgyo87MF0HJnOQsJNq5Hley2URddudKKqzVhwGzPVoq%2BtRzw3aMFFJb4w8GyMSY0RqC5naQp%2BPocz30BsWmjnQ%2BYw4N7YwYBZFTFBogoISFJygyAmKgd1lQvva3mNCm9A7y%2F5ZrtuJzHvbdFfmvTgloGoMxex2dkqeKvVx3j%2F00I9Pql7LZ52g7fqNZrNZj9tu06e0G8ZeyIIG9erQ3ILrx%2BYrj%2FiMtJ%2F9FVnpWd8ipAfQ4gARvwxqPNDCgm5YjNL9nKebRolaIkMOJi2yvIJ809kWp%2BS5uUOXK%2B8hjo4WH158NZv8chGRssiUxYf8kKAn7k5uyoLs3JSFJt%2BsZzlP%2BIiW7t3KaR5f%2BPLNeLOQiq0u6%2FEXr0UlUJb7b8c6X6Mp42lPk6%2BWOGOxWpEqisl3q%2FqdOLxu9MaSUanJ1q6%2FvrKaZCrWmst0CsqP1%2F9CxGek8sIz82f55I9%2FgKsplLFIzBE5C3B5gCjbgs6OFvPR71fvX%2FoIWhIocT4TZhdQGDtRfnh%2BKDiBiM97Glro%2F%2FTheT1RtLxNud3Wd9FTFdD8DtLEYqAsBsKCijG0uTjJM3W0%2BMNnZXyOUFQmoVCVnVAo8emMPP9zo1T69lzu8ncDmp9UW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1rPv4hW%2F%2FBgAA%2F%2F8BAAD%2F%2Fxc126d6BAAA

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSudgcP68UfixdBhgVBQSbdPTM9My4SjDFLMG72h4s%2FLlLd1TMpp7qrqeqanoyX4ILscQ5e9FT5JtmghkUv3lxkElgkKGYuEtCAf4EHYfEoPQajD7rfe%2FW9gu99X32ybU6JD0NPlt%2BSIy4EXWjW3OqL73releoaT82wOmwHHwSNK1U1eKUT1NyXqlfjqC8XfNdzXc%2F1qitcxV05XChB8Gy%2F49U6bq3h17xmA0P1%2F14bB5o6YINT8jQ4m1UOnUvg0RRp8vVyrPu5zF5%2BIzGC5lJhwPZup%2F1UFimS87KrHHTTvbNpSH288gAy3Z3ThRz8OxjyGXEePkCY7p2RRDjYmfMMBeIUIXsCxWCKWEzB6RSRvAPOjgkQMVxbR5rcuyZVQTf%2FQWmJzkjl0Z%2FgxYxUfruENLm%2FJPiweksKk3OZagy7Fnw4Be9NkZkD5CMHvDhAlH8Mzn4iC4%2FWkCY761pIcGbnu3M%2BBe9OIeIxqHZgyo87MF0HJnOQsJNq5Hley2URddudKKqzVhwGzPVoq%2BtRzw3aMFFJb4w8GyMSY0RqC5naQp%2BPocz30BsWmjnQ%2BYw4N7YwYBZFTFBogoISFJygyAmKgd1lQvva3mNCm9A7y%2F5ZrtuJzHvbdFfmvTgloGoMxex2dkqeKvVx3j%2F00I9Pql7LZ52g7fqNZrNZj9tu06e0G8ZeyIIG9erQ3ILrx%2BYrj%2FiMtJ%2F9FVnpWd8ipAfQ4gARvwxqPNDCgm5YjNL9nKebRolaIkMOJi2yvIJ809kWp%2BS5uUOXK%2B8hjo4WH158NZv8chGRssiUxYf8kKAn7k5uyoLs3JSFJt%2BsZzlP%2BIiW7t3KaR5f%2BPLNeLOQiq0u6%2FEXr0UlUJb7b8c6X6Mp42lPk6%2BWOGOxWpEqisl3q%2FqdOLxu9MaSUanJ1q6%2FvrKaZCrWmst0CsqP1%2F9CxGek8sIz82f55I9%2FgKsplLFIzBE5C3B5gCjbgs6OFvPR71fvX%2FoIWhIocT4TZhdQGDtRfnh%2BKDiBiM97Glro%2F%2FTheT1RtLxNud3Wd9FTFdD8DtLEYqAsBsKCijG0uTjJM3W0%2BMNnZXyOUFQmoVCVnVAo8emMPP9zo1T69lzu8ncDmp9UW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1rPv4hW%2F%2FBgAA%2F%2F8BAAD%2F%2Fxc126d6BAAA
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSudgcP68UfixdBhgVBQSbdPTM9My4SjDFLMG72h4s%2FLlLd1TMpp7qrqeqanoyX4ILscQ5e9FT5JtmghkUv3lxkElgkKGYuEtCAf4EHYfEoPQajD7rfe%2FW9gu99X32ybU6JD0NPlt%2BSIy4EXWjW3OqL73releoaT82wOmwHHwSNK1U1eKUT1NyXqlfjqC8XfNdzXc%2F1qitcxV05XChB8Gy%2F49U6bq3h17xmA0P1%2F14bB5o6YINT8jQ4m1UOnUvg0RRp8vVyrPu5zF5%2BIzGC5lJhwPZup%2F1UFimS87KrHHTTvbNpSH288gAy3Z3ThRz8OxjyGXEePkCY7p2RRDjYmfMMBeIUIXsCxWCKWEzB6RSRvAPOjgkQMVxbR5rcuyZVQTf%2FQWmJzkjl0Z%2FgxYxUfruENLm%2FJPiweksKk3OZagy7Fnw4Be9NkZkD5CMHvDhAlH8Mzn4iC4%2FWkCY761pIcGbnu3M%2BBe9OIeIxqHZgyo87MF0HJnOQsJNq5Hley2URddudKKqzVhwGzPVoq%2BtRzw3aMFFJb4w8GyMSY0RqC5naQp%2BPocz30BsWmjnQ%2BYw4N7YwYBZFTFBogoISFJygyAmKgd1lQvva3mNCm9A7y%2F5ZrtuJzHvbdFfmvTgloGoMxex2dkqeKvVx3j%2F00I9Pql7LZ52g7fqNZrNZj9tu06e0G8ZeyIIG9erQ3ILrx%2BYrj%2FiMtJ%2F9FVnpWd8ipAfQ4gARvwxqPNDCgm5YjNL9nKebRolaIkMOJi2yvIJ809kWp%2BS5uUOXK%2B8hjo4WH158NZv8chGRssiUxYf8kKAn7k5uyoLs3JSFJt%2BsZzlP%2BIiW7t3KaR5f%2BPLNeLOQiq0u6%2FEXr0UlUJb7b8c6X6Mp42lPk6%2BWOGOxWpEqisl3q%2FqdOLxu9MaSUanJ1q6%2FvrKaZCrWmst0CsqP1%2F9CxGek8sIz82f55I9%2FgKsplLFIzBE5C3B5gCjbgs6OFvPR71fvX%2FoIWhIocT4TZhdQGDtRfnh%2BKDiBiM97Glro%2F%2FTheT1RtLxNud3Wd9FTFdD8DtLEYqAsBsKCijG0uTjJM3W0%2BMNnZXyOUFQmoVCVnVAo8emMPP9zo1T69lzu8ncDmp9UW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1rPv4hW%2F%2FBgAA%2F%2F8BAAD%2F%2Fxc126d6BAAA HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da13bc1d0f6db0bc51c741a5bd610913
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivdgcPEQR18SLIsCCoyKR73nGRxRgjwbjZh4uPi9SrJ%2BVUdzVV3dOTnIILssc5eNFT5zfJBjWIXry5yCSwSEDMXCSg%2BSeExaP0GBz3g%2Foe9fsKft%2F3q893s3NSR0bPVt4z20prutiq%2BdWXPwyCq9V1FWfD6rDb%2FqTdvFq1g9eX2jX%2Fleo7kvfNYt0PfD%2Fwg%2BqqsjI0w8UShEoOl4Lakl9r1mtBq4mhfbx2mQdHPYjBOXkWSkwrx95lKD5BHH2%2FIl0%2FNclrb0eZpqmxGIiDO3E%2FNnmMaJ6G1kMYH1x0w7jT1Qcw8f6MLszgv0ampsR7%2BAAsPrggCTbYm%2FFkGjIGE08hH0wg9QSKTsDNXShxSgAucH0DcXT%2FurE53foXpSU6JZVHf0HlU1L58zLi6LtlrYbV20ZnqTKxwzAsoIYTqN4ESXaEdNuDyo%2FA08%2BgxK9k8dE64mhvw2kDJYrZ7EpNoMIJtByBOg9ZeZSHLPSQJR4icVblQRB0fMGp313ivCE6krWFH9BOGNDAb3eR8ZLeCGkyAtcjcLuDxO6gr0aw2c9wmwWc8ODSKfFu7mAgCuSSIHcEOSXIFUGeEuSDYl9oV3fFfaFdxoKLWL%2BIjWJs0t4u3TdpT8YE1I5gRbGbnJNnyv14Hx8H6MuzatCpi6V21683W61WQ3b9Vp3SkMmAiXaTBg04VUC5J2Yjb6sp6T7%2FB5JSs34BRo%2Fg9BG4ugKaBaB5AbpZYDs%2BTFW8lVldiwxTEKZAklaQbnm7%2Bpy8MFPoxd%2BakPzk2sOFN5Lx7wvgtkBiC3yqjgl6%2Bt74lsnJ3i2TO%2FLDRpKqSG3TUr3bKU3lpW%2FelVu5sWJtxY2%2BfpOXQJkevi9duk5joeKeI98uKyGkXTWWS%2FLTmvtAshuZ21zObJwl6zfeWl2LEiudUyaegKrTjb%2FB1ZRUXnpu9i2fPn0Vyk5gswJRdkIuDMocgSc7cMmcvTMEVs97WOIhz4qxrbP5pVYEWs5rygq4%2F9Vsno8tLV9TVey6e%2BjZCmh6F3FUYGALDHQBqkdw2cI4TezJtV%2B%2BLO0rMF0ZM20re0xb%2FcVsyVNypXKndB%2BV7iacOqs2fNFhMpQdJputZii5YK0W83nIWUN0uxypm4ZPXvrxHwAAAP%2F%2FAQAA%2F%2F%2BTzwf6egQAAA%3D%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivdgcPEQR18SLIsCCoyKR73nGRxRgjwbjZh4uPi9SrJ%2BVUdzVV3dOTnIILssc5eNFT5zfJBjWIXry5yCSwSEDMXCSg%2BSeExaP0GBz3g%2Foe9fsKft%2F3q893s3NSR0bPVt4z20prutiq%2BdWXPwyCq9V1FWfD6rDb%2FqTdvFq1g9eX2jX%2Fleo7kvfNYt0PfD%2Fwg%2BqqsjI0w8UShEoOl4Lakl9r1mtBq4mhfbx2mQdHPYjBOXkWSkwrx95lKD5BHH2%2FIl0%2FNclrb0eZpqmxGIiDO3E%2FNnmMaJ6G1kMYH1x0w7jT1Qcw8f6MLszgv0ampsR7%2BAAsPrggCTbYm%2FFkGjIGE08hH0wg9QSKTsDNXShxSgAucH0DcXT%2FurE53foXpSU6JZVHf0HlU1L58zLi6LtlrYbV20ZnqTKxwzAsoIYTqN4ESXaEdNuDyo%2FA08%2BgxK9k8dE64mhvw2kDJYrZ7EpNoMIJtByBOg9ZeZSHLPSQJR4icVblQRB0fMGp313ivCE6krWFH9BOGNDAb3eR8ZLeCGkyAtcjcLuDxO6gr0aw2c9wmwWc8ODSKfFu7mAgCuSSIHcEOSXIFUGeEuSDYl9oV3fFfaFdxoKLWL%2BIjWJs0t4u3TdpT8YE1I5gRbGbnJNnyv14Hx8H6MuzatCpi6V21683W61WQ3b9Vp3SkMmAiXaTBg04VUC5J2Yjb6sp6T7%2FB5JSs34BRo%2Fg9BG4ugKaBaB5AbpZYDs%2BTFW8lVldiwxTEKZAklaQbnm7%2Bpy8MFPoxd%2BakPzk2sOFN5Lx7wvgtkBiC3yqjgl6%2Bt74lsnJ3i2TO%2FLDRpKqSG3TUr3bKU3lpW%2FelVu5sWJtxY2%2BfpOXQJkevi9duk5joeKeI98uKyGkXTWWS%2FLTmvtAshuZ21zObJwl6zfeWl2LEiudUyaegKrTjb%2FB1ZRUXnpu9i2fPn0Vyk5gswJRdkIuDMocgSc7cMmcvTMEVs97WOIhz4qxrbP5pVYEWs5rygq4%2F9Vsno8tLV9TVey6e%2BjZCmh6F3FUYGALDHQBqkdw2cI4TezJtV%2B%2BLO0rMF0ZM20re0xb%2FcVsyVNypXKndB%2BV7iacOqs2fNFhMpQdJputZii5YK0W83nIWUN0uxypm4ZPXvrxHwAAAP%2F%2FAQAA%2F%2F%2BTzwf6egQAAA%3D%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivdgcPEQR18SLIsCCoyKR73nGRxRgjwbjZh4uPi9SrJ%2BVUdzVV3dOTnIILssc5eNFT5zfJBjWIXry5yCSwSEDMXCSg%2BSeExaP0GBz3g%2Foe9fsKft%2F3q893s3NSR0bPVt4z20prutiq%2BdWXPwyCq9V1FWfD6rDb%2FqTdvFq1g9eX2jX%2Fleo7kvfNYt0PfD%2Fwg%2BqqsjI0w8UShEoOl4Lakl9r1mtBq4mhfbx2mQdHPYjBOXkWSkwrx95lKD5BHH2%2FIl0%2FNclrb0eZpqmxGIiDO3E%2FNnmMaJ6G1kMYH1x0w7jT1Qcw8f6MLszgv0ampsR7%2BAAsPrggCTbYm%2FFkGjIGE08hH0wg9QSKTsDNXShxSgAucH0DcXT%2FurE53foXpSU6JZVHf0HlU1L58zLi6LtlrYbV20ZnqTKxwzAsoIYTqN4ESXaEdNuDyo%2FA08%2BgxK9k8dE64mhvw2kDJYrZ7EpNoMIJtByBOg9ZeZSHLPSQJR4icVblQRB0fMGp313ivCE6krWFH9BOGNDAb3eR8ZLeCGkyAtcjcLuDxO6gr0aw2c9wmwWc8ODSKfFu7mAgCuSSIHcEOSXIFUGeEuSDYl9oV3fFfaFdxoKLWL%2BIjWJs0t4u3TdpT8YE1I5gRbGbnJNnyv14Hx8H6MuzatCpi6V21683W61WQ3b9Vp3SkMmAiXaTBg04VUC5J2Yjb6sp6T7%2FB5JSs34BRo%2Fg9BG4ugKaBaB5AbpZYDs%2BTFW8lVldiwxTEKZAklaQbnm7%2Bpy8MFPoxd%2BakPzk2sOFN5Lx7wvgtkBiC3yqjgl6%2Bt74lsnJ3i2TO%2FLDRpKqSG3TUr3bKU3lpW%2FelVu5sWJtxY2%2BfpOXQJkevi9duk5joeKeI98uKyGkXTWWS%2FLTmvtAshuZ21zObJwl6zfeWl2LEiudUyaegKrTjb%2FB1ZRUXnpu9i2fPn0Vyk5gswJRdkIuDMocgSc7cMmcvTMEVs97WOIhz4qxrbP5pVYEWs5rygq4%2F9Vsno8tLV9TVey6e%2BjZCmh6F3FUYGALDHQBqkdw2cI4TezJtV%2B%2BLO0rMF0ZM20re0xb%2FcVsyVNypXKndB%2BV7iacOqs2fNFhMpQdJputZii5YK0W83nIWUN0uxypm4ZPXvrxHwAAAP%2F%2FAQAA%2F%2F%2BTzwf6egQAAA%3D%3D HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 649a0c85128fdbd868b015373342a8e5
Strict-Transport-Security: max-age=0; includeSubdomains

permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2B5TQuxo2PwY0gzYCgIJ2qfsdBBseYIRgn83DwsZH7qs61b9Ut7q3q6rSb4IDMshdudFX5OpmghkE37hykExgkKKY3EtCAv8CFMLiUaoPRA1XnnPudC9%2F5vvvJVnZC6sjo8dJbZqS0pgutml998d0guFRdVXE2rA677Q%2FazUtVO3hlsV3zX6pelbxvFup%2B4PuBH1SXlZWhGS6UIFSytxjUFv1as14LWk0M7f97l3lw1IMYnJCnocSscuBdgOJTxNHXS9L1U5O8%2FEaUaZoai4HYvR33Y5PHiM7K0HoI493TaRh3tPwAJt6Z04UZ%2FDvI1Ix4Dx%2BAxbunJMEG23OeTEPGYOIJ5IMppJ5C0Sm4uQMljgjABa6tIY7uXTM2pxv%2FoLREZ6Ty6E%2BofEYqv11AHN2%2FotWwesvoLFUmdhiGBdRwCtWbIsn2kY48qHwfPP0YSvxEFh6tIo6215w2UKKY767UFCqcQssxqPOQlZ%2FykIUessRDJI6rPAiCji849buLnDdER7K28APaCQMa%2BO0uMl7SGyNNxuB6DG43kdhN9NUYNvsebr2AEx5cOiPejU0MRIFcEuSOIKcEuSLIU4J8UOwI7equuCe0y1hwmuunuVFMTNrbojsm7cmYgNoxrCi2khPyVKmP9%2F5BgL48rgadulhsd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWUe2y%2B8kjNSPfZX5GUnvULMLoPp%2FfB1UXQLADNC9D1AqN4L1XxRmZ1LTJMQZgCSVpBuuFt6RPy3Nyhi5X3IPnh5YfnX00mv5wHtwUSW%2BBDdUDQ03cnN01Otm%2Ba3JFv1pJURWpES%2FdupTSV5758U27kxoqVJTf%2B4jVeAmW597Z06SqNhYp7jnx1RQkh7bKxXJLvVtw7kl3P3PqVzMZZsnr99eWVKLHSOWXiKag6WvsLXM1I5YVn5s%2FyyR%2F%2FgLJT2KxAlB2S04Ay%2B%2BDJJlxyeDkd%2FX71%2FoWP4AyB1WczLDmHPCsmts7ODrUi0PKsp6yA%2B0%2FPzuqJpeVtqootdxc9WwFN7yCOCgxsgYEuQPUYLjs%2FSRN7ePmHz8r4HExXJkzbyjbTVn86I8%2F%2F3CyVvj2Xu%2FzdgFPH1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3Wz8PFz3%2F4NAAD%2F%2FwEAAP%2F%2Fl%2BEOT3oEAAA%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
permissionfence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2B5TQuxo2PwY0gzYCgIJ2qfsdBBseYIRgn83DwsZH7qs61b9Ut7q3q6rSb4IDMshdudFX5OpmghkE37hykExgkKKY3EtCAv8CFMLiUaoPRA1XnnPudC9%2F5vvvJVnZC6sjo8dJbZqS0pgutml998d0guFRdVXE2rA677Q%2FazUtVO3hlsV3zX6pelbxvFup%2B4PuBH1SXlZWhGS6UIFSytxjUFv1as14LWk0M7f97l3lw1IMYnJCnocSscuBdgOJTxNHXS9L1U5O8%2FEaUaZoai4HYvR33Y5PHiM7K0HoI493TaRh3tPwAJt6Z04UZ%2FDvI1Ix4Dx%2BAxbunJMEG23OeTEPGYOIJ5IMppJ5C0Sm4uQMljgjABa6tIY7uXTM2pxv%2FoLREZ6Ty6E%2BofEYqv11AHN2%2FotWwesvoLFUmdhiGBdRwCtWbIsn2kY48qHwfPP0YSvxEFh6tIo6215w2UKKY767UFCqcQssxqPOQlZ%2FykIUessRDJI6rPAiCji849buLnDdER7K28APaCQMa%2BO0uMl7SGyNNxuB6DG43kdhN9NUYNvsebr2AEx5cOiPejU0MRIFcEuSOIKcEuSLIU4J8UOwI7equuCe0y1hwmuunuVFMTNrbojsm7cmYgNoxrCi2khPyVKmP9%2F5BgL48rgadulhsd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWUe2y%2B8kjNSPfZX5GUnvULMLoPp%2FfB1UXQLADNC9D1AqN4L1XxRmZ1LTJMQZgCSVpBuuFt6RPy3Nyhi5X3IPnh5YfnX00mv5wHtwUSW%2BBDdUDQ03cnN01Otm%2Ba3JFv1pJURWpES%2FdupTSV5758U27kxoqVJTf%2B4jVeAmW597Z06SqNhYp7jnx1RQkh7bKxXJLvVtw7kl3P3PqVzMZZsnr99eWVKLHSOWXiKag6WvsLXM1I5YVn5s%2FyyR%2F%2FgLJT2KxAlB2S04Ay%2B%2BDJJlxyeDkd%2FX71%2FoWP4AyB1WczLDmHPCsmts7ODrUi0PKsp6yA%2B0%2FPzuqJpeVtqootdxc9WwFN7yCOCgxsgYEuQPUYLjs%2FSRN7ePmHz8r4HExXJkzbyjbTVn86I8%2F%2F3CyVvj2Xu%2FzdgFPH1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3Wz8PFz3%2F4NAAD%2F%2FwEAAP%2F%2Fl%2BEOT3oEAAA%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectpermissionfence.com
Fingerprint0B:C0:3C:F7:B9:E4:07:59:E7:05:EF:EC:E2:3F:B2:61:BE:40:16:69
ValidityTue, 26 Mar 2024 08:19:42 GMT - Mon, 24 Jun 2024 08:19:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2B5TQuxo2PwY0gzYCgIJ2qfsdBBseYIRgn83DwsZH7qs61b9Ut7q3q6rSb4IDMshdudFX5OpmghkE37hykExgkKKY3EtCAv8CFMLiUaoPRA1XnnPudC9%2F5vvvJVnZC6sjo8dJbZqS0pgutml998d0guFRdVXE2rA677Q%2FazUtVO3hlsV3zX6pelbxvFup%2B4PuBH1SXlZWhGS6UIFSytxjUFv1as14LWk0M7f97l3lw1IMYnJCnocSscuBdgOJTxNHXS9L1U5O8%2FEaUaZoai4HYvR33Y5PHiM7K0HoI493TaRh3tPwAJt6Z04UZ%2FDvI1Ix4Dx%2BAxbunJMEG23OeTEPGYOIJ5IMppJ5C0Sm4uQMljgjABa6tIY7uXTM2pxv%2FoLREZ6Ty6E%2BofEYqv11AHN2%2FotWwesvoLFUmdhiGBdRwCtWbIsn2kY48qHwfPP0YSvxEFh6tIo6215w2UKKY767UFCqcQssxqPOQlZ%2FykIUessRDJI6rPAiCji849buLnDdER7K28APaCQMa%2BO0uMl7SGyNNxuB6DG43kdhN9NUYNvsebr2AEx5cOiPejU0MRIFcEuSOIKcEuSLIU4J8UOwI7equuCe0y1hwmuunuVFMTNrbojsm7cmYgNoxrCi2khPyVKmP9%2F5BgL48rgadulhsd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWUe2y%2B8kjNSPfZX5GUnvULMLoPp%2FfB1UXQLADNC9D1AqN4L1XxRmZ1LTJMQZgCSVpBuuFt6RPy3Nyhi5X3IPnh5YfnX00mv5wHtwUSW%2BBDdUDQ03cnN01Otm%2Ba3JFv1pJURWpES%2FdupTSV5758U27kxoqVJTf%2B4jVeAmW597Z06SqNhYp7jnx1RQkh7bKxXJLvVtw7kl3P3PqVzMZZsnr99eWVKLHSOWXiKag6WvsLXM1I5YVn5s%2FyyR%2F%2FgLJT2KxAlB2S04Ay%2B%2BDJJlxyeDkd%2FX71%2FoWP4AyB1WczLDmHPCsmts7ODrUi0PKsp6yA%2B0%2FPzuqJpeVtqootdxc9WwFN7yCOCgxsgYEuQPUYLjs%2FSRN7ePmHz8r4HExXJkzbyjbTVn86I8%2F%2F3CyVvj2Xu%2FzdgFPH1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3Wz8PFz3%2F4NAAD%2F%2FwEAAP%2F%2Fl%2BEOT3oEAAA%3D HTTP/1.1
Host: permissionfence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229333,2229337,2229329]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 76f116420dc083ce3b842c8795f0e99f
Strict-Transport-Security: max-age=0; includeSubdomains

bitly.ws/gfx/favicon.png

185.11.100.204

200 OK

371 B

URL GET HTTP/2
bitly.ws/gfx/favicon.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
371 B (371 bytes)
Hash
1ad91e68e2537d1c92097e86a19d99e3
f06bb8d949114d472ee1474c2fe1e5081c0cc54a
f69a4ac6f3627581783d278a0d692fef7116f11dbcfb8622725aceae87a69260

HTTP Headers

GET /gfx/favicon.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1711670197.1.0.1711670197.0.0.0; _ga=GA1.1.670461101.1711670197; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ca08c0a8-ff5a-4e50-a441-81f8348af504%3A1%3A1; sb_main_33ce9e99c1bfce9eb2d48a915db5624c=1; sb_count_33ce9e99c1bfce9eb2d48a915db5624c=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=liarcram.com; m5a4xojbcp2nx3gptmm633qal3gzmadn=permissionfence.com; pp_main_bba74d00371ae27522681ed91f8a7ee9=1; pp_idelay_bba74d00371ae27522681ed91f8a7ee9=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:39 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "173-561cab088ec59"
accept-ranges: bytes
content-length: 371
cache-control: max-age=31536000
expires: Fri, 28 Mar 2025 23:56:39 GMT
content-type: image/png
X-Firefox-Spdy: h2

liarcram.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Findex.html&l=1571&fd=606

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
liarcram.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Findex.html&l=1571&fd=606
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Findex.html&l=1571&fd=606 HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/img/1.jpg

172.64.131.3

200 OK

22 kB

URL GET HTTP/2
cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/img/1.jpg
IP
172.64.131.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint10:69:48:04:3B:B6:11:3A:D4:D0:E1:5F:B2:F9:B4:75:BB:EE:39:22
ValidityFri, 16 Feb 2024 15:25:59 GMT - Thu, 16 May 2024 15:25:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x320, components 3
Size
22 kB (21597 bytes)
Hash
7bcc800a4957dac955e91ce1ee3b73cd
b1fae2cacecc790a22f91e2320077f89707473b1
760783cbcd04b3b7ef5f6b10a24878869d061709e4511ccada113b532833243d

HTTP Headers

GET //sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/img/1.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:39 GMT
content-type: image/jpeg
content-length: 21597
last-modified: Thu, 01 Feb 2024 14:55:47 GMT
etag: "65bbb0f3-545d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 523778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8HUUGYKAVGUj8qw%2F4o1b%2FNKABAN3uV8DJRSHKAt%2BGTzpwJnWY%2BPvVrN7M2TkLxAXF6La8hmFXdwN5ZXVrE2KG7FndSBmiAaSiVcT%2FJb4ujN4fJ%2FrmWk3qobRozMkbTYUqGAiOETdi5aM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bb8ed97f6963fc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

liarcram.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fjs%2Fscript.js&l=386&fd=298

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
liarcram.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fjs%2Fscript.js&l=386&fd=298
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fjs%2Fscript.js&l=386&fd=298 HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
liarcram.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fcss%2Fanimate.css&l=79245&fd=310
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fcss%2Fanimate.css&l=79245&fd=310 HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/css/style.css

172.64.131.3

200 OK

1.0 kB

URL GET HTTP/2
cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/css/style.css
IP
172.64.131.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint10:69:48:04:3B:B6:11:3A:D4:D0:E1:5F:B2:F9:B4:75:BB:EE:39:22
ValidityFri, 16 Feb 2024 15:25:59 GMT - Thu, 16 May 2024 15:25:58 GMT

File type
ASCII text
Size
1.0 kB (1006 bytes)
Hash
9b388680bb9d9cf0d8e7e4dad7b39ac5
393a2393f3b96b727a3114d249fffb35bf34d9f5
758934b1fbbad9e578664b4efbb5ee3303482d0d37ec7837b4bb2fa4915be70f

HTTP Headers

GET //sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:39 GMT
content-type: text/css
last-modified: Thu, 01 Feb 2024 14:55:46 GMT
etag: W/"65bbb0f2-e2e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RhwNNxUV2LhZ0E0ytRLbMQGyv%2BRbezi6dwd8rvAvWseCR1sfhzWeoO5Kd4WhxMBxGrXyVlLqNuZJ1k1ziYVQPWTzbUOJyXlYAT0Xi6WPSZ0%2BKzE9TAo4NoeXUJkkdjTANip18Gt749Ci"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bb8ed91f2763fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:37:50 GMT
expires: Fri, 28 Mar 2025 17:37:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 22729
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:35:00 GMT
expires: Fri, 28 Mar 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 76899
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.106

200 OK

5.6 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
gzip compressed data, max compression
Size
5.6 kB (5574 bytes)
Hash
e61a52bd2a18e76de954ce36576f221d
0767662da500c7e105e1b1c55a485099b26d8ef9
e74b070e10ae4e2ff2b86d8d019ba017ca063968f692f7fa4fbd3d57410aa1c0

HTTP Headers

GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 28 Mar 2024 23:56:39 GMT
date: Thu, 28 Mar 2024 23:56:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 02:35:00 GMT
expires: Fri, 28 Mar 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 76899
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

liarcram.com/pixel/sbs?c=1

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
liarcram.com/pixel/sbs?c=1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

216.58.207.227

200 OK

128 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:35:47 GMT
expires: Fri, 28 Mar 2025 17:35:47 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
content-type: font/woff2
age: 22852
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

76 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
gzip compressed data, max compression
Size
76 kB (75975 bytes)
Hash
857fa6483043c84c3ba694c82e11b7f0
a5567635eea2efead6a89458a4a290963206a176
a4387bd5a408a8ecfacd8826c8f478b08cb2150f21fd8912b50e093fc35bbe9a

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 28 Mar 2024 23:56:39 GMT
date: Thu, 28 Mar 2024 23:56:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/el/AGSKWxVrgCXGqsKSDTpYAGCTIfMnuMnAC8R6P4hYQn6pvTnkieQUbXxgZgl0aOEIvmoyfthCK4TqEsNrfU1xgwdf5wpi7mDJus_7QKSp4Eu5b4gT-xbCb087so4XsZG1tFruAh1HynpsKA==

216.58.211.14

204 No Content

0 B

URL POST HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxVrgCXGqsKSDTpYAGCTIfMnuMnAC8R6P4hYQn6pvTnkieQUbXxgZgl0aOEIvmoyfthCK4TqEsNrfU1xgwdf5wpi7mDJus_7QKSp4Eu5b4gT-xbCb087so4XsZG1tFruAh1HynpsKA==
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint23:75:5E:3D:EA:9F:A0:42:86:8D:14:AE:43:04:F0:B2:91:0B:DA:CF
ValidityMon, 26 Feb 2024 08:03:58 GMT - Mon, 20 May 2024 08:03:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxVrgCXGqsKSDTpYAGCTIfMnuMnAC8R6P4hYQn6pvTnkieQUbXxgZgl0aOEIvmoyfthCK4TqEsNrfU1xgwdf5wpi7mDJus_7QKSp4Eu5b4gT-xbCb087so4XsZG1tFruAh1HynpsKA== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 92
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://bitly.ws
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 28 Mar 2024 23:56:39 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
content-security-policy: script-src 'nonce-4dfNHTHV70jKC2jm0iS6LQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0ZBiqGV4xtQKxE7pM1hDgFiIh2N7-4wNbAIzNuzczwwAwjML7A"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

unseenreport.com/pxf.gif?uuid=ca08c0a8-ff5a-4e50-a441-81f8348af504&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=ca08c0a8-ff5a-4e50-a441-81f8348af504&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=ca08c0a8-ff5a-4e50-a441-81f8348af504&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 28 Mar 2024 23:56:40 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45f29ab87b3ffb5cbca894e90f331d55
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=ca08c0a8-ff5a-4e50-a441-81f8348af504&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=bba74d00371ae27522681ed91f8a7ee9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=ca08c0a8-ff5a-4e50-a441-81f8348af504&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=bba74d00371ae27522681ed91f8a7ee9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=ca08c0a8-ff5a-4e50-a441-81f8348af504&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=bba74d00371ae27522681ed91f8a7ee9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 28 Mar 2024 23:56:40 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 11bee5d7482dd4c9851c057a58c6f1fe
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/css/animate.css

172.64.131.3

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/css/animate.css
IP
172.64.131.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint10:69:48:04:3B:B6:11:3A:D4:D0:E1:5F:B2:F9:B4:75:BB:EE:39:22
ValidityFri, 16 Feb 2024 15:25:59 GMT - Thu, 16 May 2024 15:25:58 GMT

File type
ASCII text
Size
79 kB (79245 bytes)
Hash
80047eaa13ebd50c50e8a9753621e430
9c503e07d130572a0eaf51f7c02cbd4cf6213fe3
3f831a59615f8d5d40b4340b2836f91438c876f8dbce75f78e38360d6fe0f429

HTTP Headers

GET //sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:39 GMT
content-type: text/css
last-modified: Thu, 01 Feb 2024 14:55:44 GMT
etag: W/"65bbb0f0-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8I83yJkhFqBTwHgukdFfNW6h79kYf9%2FnxfG7oUsvzwwUNvVgWx571iJdm2ekaZi5WvsxdvvYaMctslAor94B77OVqSh54oomXja4YLPBDT39kKx9Sk9M4zg%2FLqmZPSSPhPlH0%2FpdTXWs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bb8ed90f1c63fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/js/script.js

172.64.131.3

200 OK

386 B

URL GET HTTP/2
cdn.creative-bars1.com//sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/js/script.js
IP
172.64.131.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint10:69:48:04:3B:B6:11:3A:D4:D0:E1:5F:B2:F9:B4:75:BB:EE:39:22
ValidityFri, 16 Feb 2024 15:25:59 GMT - Thu, 16 May 2024 15:25:58 GMT

File type
ASCII text, with very long lines (399), with no line terminators
Size
386 B (386 bytes)
Hash
022602a468da44628060800173771da2
9be813fbfebbcb2aa46d8c6b8abec68b3d16c89c
6742c376e658c34d09b2dc5772bd798e3cd52bb265758bac5bce184f8ee7b5cc

HTTP Headers

GET //sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:39 GMT
content-type: application/javascript
last-modified: Thu, 01 Feb 2024 14:55:49 GMT
etag: W/"65bbb0f5-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVB4eIJaOtv3PbysFyOicK9Qk91dNFTCmxJ9uIpURbrr79RKRtP3ttQh1ZlH9sBZMEaBtspIPOwCJAk%2FlCsjvetjEarBrvTdTCDzC785g0ezdYH75Qpw6UwLqQn3wfWQIY%2BW6sOOiLCh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bb8ed91f1e63fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
liarcram.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fcss%2Fstyle.css&l=3630&fd=313
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2F%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Fecorious%2Fmessage_redcircle2%2Fjan24%2F4%2Fcss%2Fstyle.css&l=3630&fd=313 HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fundingchoicesmessages.google.com/f/AGSKWxXANWYkN6qottYYNwK_5uwTAxpnKo7hV9UgL-_KKx8Rql0bgoW8i8IuWrWVDH-uA9CoBPq1XLIFMm1B9enhjBLq79Hy_Dgj99m6xtSPIwRD7yGUShDz9TTj0RlooPzdMmd24ubGUg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzExNjcwMTk5LDQ4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJSeW5vNEZEOWlURSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0

216.58.211.14

200 OK

381 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/f/AGSKWxXANWYkN6qottYYNwK_5uwTAxpnKo7hV9UgL-_KKx8Rql0bgoW8i8IuWrWVDH-uA9CoBPq1XLIFMm1B9enhjBLq79Hy_Dgj99m6xtSPIwRD7yGUShDz9TTj0RlooPzdMmd24ubGUg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzExNjcwMTk5LDQ4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJSeW5vNEZEOWlURSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint23:75:5E:3D:EA:9F:A0:42:86:8D:14:AE:43:04:F0:B2:91:0B:DA:CF
ValidityMon, 26 Feb 2024 08:03:58 GMT - Mon, 20 May 2024 08:03:57 GMT

File type

Size
381 kB (380972 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f/AGSKWxXANWYkN6qottYYNwK_5uwTAxpnKo7hV9UgL-_KKx8Rql0bgoW8i8IuWrWVDH-uA9CoBPq1XLIFMm1B9enhjBLq79Hy_Dgj99m6xtSPIwRD7yGUShDz9TTj0RlooPzdMmd24ubGUg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzExNjcwMTk5LDQ4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJSeW5vNEZEOWlURSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 28 Mar 2024 23:56:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
content-security-policy: script-src 'nonce-dh6ird97sQvUQsIOTvMp-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmJw0JBiOHnrNtNFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaBry-ZJIBYC4j51k1nVQFiw_XTWSOBOOb5dNYUIHZKn8EaAsQ-9TNY44C49eY51ulAfHLBedaLQCzEw7G9fcYGNoEPzR1dTAAqZzW_"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1

216.58.211.14

200 OK

187 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint23:75:5E:3D:EA:9F:A0:42:86:8D:14:AE:43:04:F0:B2:91:0B:DA:CF
ValidityMon, 26 Feb 2024 08:03:58 GMT - Mon, 20 May 2024 08:03:57 GMT

File type
JavaScript source, ASCII text, with very long lines (3096)
Size
187 kB (187406 bytes)
Hash
e1a65201b5d92adc113a1ae9e5b45b95
c2e37770046208a5506e04cd07039aa311bf4c99
ef021e6edfa0bd9d947b8ffb6024edc1ff8d5ee0dafe43b4a62b958a0e9c9da3

HTTP Headers

GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 28 Mar 2024 23:56:39 GMT
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-R3UUhSPAdA2Y2RFdFjogmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmII1pBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJoGvL5kkgFgLiPnWTWdVAWLD9dNZI4E45vl01hQgdkqfwRoCxD71M1jjgLj15jnW6UB8csF51otALMTDsb19xgY2gR1Xv7QzAgDjqTFE"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:29:44 GMT
expires: Fri, 28 Mar 2025 17:29:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 23215
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/index.html

104.26.7.19

200 OK

1.6 kB

URL GET HTTP/2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/index.html
IP
104.26.7.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1660), with no line terminators
Size
1.6 kB (1571 bytes)
Hash
0029b7cb4d5550c5233f931c816165ea
31298b092158bb9ce60a8e9bf497c5bd1f562a11
26ba2ea9cf182d890d03039af9052b75e71a92a6f3a9a386e955428677907062

HTTP Headers

GET /sb/notifications/utility/default/us/blog/ecorious/message_redcircle2/jan24/4/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:39 GMT
content-type: text/html
last-modified: Thu, 01 Feb 2024 14:55:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eUIuwcUz3eYEwD9mVnH5geXjDygMEzboPWWpj39aZqMKL6hckqAy3lJFGP8yGx9RzNoX4mK1%2BjCcbzKJh2ksRjS%2FEnlIU6retfjGQc0v4z%2Fg8KcAncL%2Fj3L40a%2F77dnz8jx%2BYjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bb8ed50d28b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 23:56:38 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sat, 30 Mar 2024 23:56:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.paypalobjects.com/pl_PL/i/scr/pixel.gif

192.229.221.25

200 OK

43 B

URL GET HTTP/2
www.paypalobjects.com/pl_PL/i/scr/pixel.gif
IP
192.229.221.25:443
ASN
#15133 EDGECAST

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerDigiCert Inc
Subjectwww.paypal.com
Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Thu, 28 Mar 2024 23:56:37 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Fri, 29 Mar 2024 00:56:37 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2

liarcram.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYtcxRet1xmy%2BcEPlOBGhEZcqDg97%2FV3m4UY40jImMRE8WMj9fV6yq736lH1ql%2FPgDAYkCybgLh9c3omg3EQ3WRnkJ4BFwFh2tWAzp%2FgRshauh1svYu659xzC07dW1%2Fu%2BjNSh6enV98120prutaqhdWXP4qiy9UNlfpRddRtf9puXq7a4eu9di18pfqO5AOzVg%2BjMIzCqLqurIzNaG0uQmWHvajWC2vNei1qNTGy%2F%2BXOB3A0gBiekWehxGzlOLgExadIk%2B%2BvSjfITfba24nXNDcWQ3HwQTpITZEiWcLYBojTg%2FNuGHey%2Fhgm3V%2FYhRn%2B08jUjAQ%2FPwZLD85Ngg33Fj6ZhkzBxP9QDKeQegpFp%2BDmLpQ4IQAXuHETafLghrEF3fpbpXN1Rlae%2FglVzMjK75eQJt9d0WpUvWO0z5VJHUZxCTWaQvWnyPwR8u0AqjgCz7%2BAEr%2BQtacbSJO9m04bKHH6EmtGkWCd5mpP0M5qU8rOaq8l%2BGrUawjW6chuu9FaDEipKVQ8hZZjUFeBdwG8CuDjAD4LkIjTKo%2BiqBMKTsNuj%2FOG6EjWFmFEO3FEo7DdhefzN4yRZ2NwPQa3O8jsDgZqDOt%2Fgtss4UQFLp%2BR4L0dDEWJQhIUjqCgBIUiKHKCYljuC%2B3qrnwgtPMsOs%2F189woJybv79J9k%2FdlSkDtGFaUu9kZeWY%2BxOCT488xkKfVRoPLnuz1eMTiOWJ10ezSXtQSrNWuNzmcKqFcBdQF2FYz0n3uN2TzxQ5KMHoEp4%2FA1Yug%2FgXQogTdLLGdHuYq3fJW1xLDFIQpkeUryLeCXX1Gnl%2Bs8frXDyH5E3Ie4LZEZkt8po4J%2Bvre5LYpyN5tUzjyw80sV4napvMV38lpLi8%2BvC63CmPFtatu%2FM2bfC7M4eH70uUbNBUq7Tvy7RUlhLTrxnJJfrzmPpTslnebV7xNfbZx6631a0lmpXPKpFNQdfLxfXA1I%2F9%2FtLH4u69W%2F4CyU1hfIvFLp8pMwbMduGxZc4bA6iVnWYDClxNbZ8uiVgRaLjllJdy%2FOFviiaXz21SVu%2B4e%2BrYCmt9FmpQY2hJDXYLqMZy%2FMMkz%2B%2BSNXxuLANOVCdO2sse01fcXQ54fX8Gp02ojFB0mY9lhstlqxpIL1mqxkMecNUS3y5G7WXzxwqO%2FAAAA%2F%2F8BAAD%2F%2F3KBGtOVBAAA

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
liarcram.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYtcxRet1xmy%2BcEPlOBGhEZcqDg97%2FV3m4UY40jImMRE8WMj9fV6yq736lH1ql%2FPgDAYkCybgLh9c3omg3EQ3WRnkJ4BFwFh2tWAzp%2FgRshauh1svYu659xzC07dW1%2Fu%2BjNSh6enV98120prutaqhdWXP4qiy9UNlfpRddRtf9puXq7a4eu9di18pfqO5AOzVg%2BjMIzCqLqurIzNaG0uQmWHvajWC2vNei1qNTGy%2F%2BXOB3A0gBiekWehxGzlOLgExadIk%2B%2BvSjfITfba24nXNDcWQ3HwQTpITZEiWcLYBojTg%2FNuGHey%2Fhgm3V%2FYhRn%2B08jUjAQ%2FPwZLD85Ngg33Fj6ZhkzBxP9QDKeQegpFp%2BDmLpQ4IQAXuHETafLghrEF3fpbpXN1Rlae%2FglVzMjK75eQJt9d0WpUvWO0z5VJHUZxCTWaQvWnyPwR8u0AqjgCz7%2BAEr%2BQtacbSJO9m04bKHH6EmtGkWCd5mpP0M5qU8rOaq8l%2BGrUawjW6chuu9FaDEipKVQ8hZZjUFeBdwG8CuDjAD4LkIjTKo%2BiqBMKTsNuj%2FOG6EjWFmFEO3FEo7DdhefzN4yRZ2NwPQa3O8jsDgZqDOt%2Fgtss4UQFLp%2BR4L0dDEWJQhIUjqCgBIUiKHKCYljuC%2B3qrnwgtPMsOs%2F189woJybv79J9k%2FdlSkDtGFaUu9kZeWY%2BxOCT488xkKfVRoPLnuz1eMTiOWJ10ezSXtQSrNWuNzmcKqFcBdQF2FYz0n3uN2TzxQ5KMHoEp4%2FA1Yug%2FgXQogTdLLGdHuYq3fJW1xLDFIQpkeUryLeCXX1Gnl%2Bs8frXDyH5E3Ie4LZEZkt8po4J%2Bvre5LYpyN5tUzjyw80sV4napvMV38lpLi8%2BvC63CmPFtatu%2FM2bfC7M4eH70uUbNBUq7Tvy7RUlhLTrxnJJfrzmPpTslnebV7xNfbZx6631a0lmpXPKpFNQdfLxfXA1I%2F9%2FtLH4u69W%2F4CyU1hfIvFLp8pMwbMduGxZc4bA6iVnWYDClxNbZ8uiVgRaLjllJdy%2FOFviiaXz21SVu%2B4e%2BrYCmt9FmpQY2hJDXYLqMZy%2FMMkz%2B%2BSNXxuLANOVCdO2sse01fcXQ54fX8Gp02ojFB0mY9lhstlqxpIL1mqxkMecNUS3y5G7WXzxwqO%2FAAAA%2F%2F8BAAD%2F%2F3KBGtOVBAAA
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectliarcram.com
Fingerprint36:2A:5F:96:36:B0:9D:47:2B:C3:C2:62:98:90:5F:00:EC:89:EA:57
ValidityThu, 28 Mar 2024 19:55:23 GMT - Wed, 26 Jun 2024 19:55:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYtcxRet1xmy%2BcEPlOBGhEZcqDg97%2FV3m4UY40jImMRE8WMj9fV6yq736lH1ql%2FPgDAYkCybgLh9c3omg3EQ3WRnkJ4BFwFh2tWAzp%2FgRshauh1svYu659xzC07dW1%2Fu%2BjNSh6enV98120prutaqhdWXP4qiy9UNlfpRddRtf9puXq7a4eu9di18pfqO5AOzVg%2BjMIzCqLqurIzNaG0uQmWHvajWC2vNei1qNTGy%2F%2BXOB3A0gBiekWehxGzlOLgExadIk%2B%2BvSjfITfba24nXNDcWQ3HwQTpITZEiWcLYBojTg%2FNuGHey%2Fhgm3V%2FYhRn%2B08jUjAQ%2FPwZLD85Ngg33Fj6ZhkzBxP9QDKeQegpFp%2BDmLpQ4IQAXuHETafLghrEF3fpbpXN1Rlae%2FglVzMjK75eQJt9d0WpUvWO0z5VJHUZxCTWaQvWnyPwR8u0AqjgCz7%2BAEr%2BQtacbSJO9m04bKHH6EmtGkWCd5mpP0M5qU8rOaq8l%2BGrUawjW6chuu9FaDEipKVQ8hZZjUFeBdwG8CuDjAD4LkIjTKo%2BiqBMKTsNuj%2FOG6EjWFmFEO3FEo7DdhefzN4yRZ2NwPQa3O8jsDgZqDOt%2Fgtss4UQFLp%2BR4L0dDEWJQhIUjqCgBIUiKHKCYljuC%2B3qrnwgtPMsOs%2F189woJybv79J9k%2FdlSkDtGFaUu9kZeWY%2BxOCT488xkKfVRoPLnuz1eMTiOWJ10ezSXtQSrNWuNzmcKqFcBdQF2FYz0n3uN2TzxQ5KMHoEp4%2FA1Yug%2FgXQogTdLLGdHuYq3fJW1xLDFIQpkeUryLeCXX1Gnl%2Bs8frXDyH5E3Ie4LZEZkt8po4J%2Bvre5LYpyN5tUzjyw80sV4napvMV38lpLi8%2BvC63CmPFtatu%2FM2bfC7M4eH70uUbNBUq7Tvy7RUlhLTrxnJJfrzmPpTslnebV7xNfbZx6631a0lmpXPKpFNQdfLxfXA1I%2F9%2FtLH4u69W%2F4CyU1hfIvFLp8pMwbMduGxZc4bA6iVnWYDClxNbZ8uiVgRaLjllJdy%2FOFviiaXz21SVu%2B4e%2BrYCmt9FmpQY2hJDXYLqMZy%2FMMkz%2B%2BSNXxuLANOVCdO2sse01fcXQ54fX8Gp02ojFB0mY9lhstlqxpIL1mqxkMecNUS3y5G7WXzxwqO%2FAAAA%2F%2F8BAAD%2F%2F3KBGtOVBAAA HTTP/1.1
Host: liarcram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=b411db74-9da7-4ee7-95dc-193db77e8635:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 28 Mar 2024 23:56:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 99aa005d193efe810b2ddfc0fc2c471a
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL