Report - en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order

Report Overview

Submitted URL
en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
IP
172.67.202.34
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 17:30:09
Access
public
Website Title
(1) New Message!
Final URL
en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	874 B	850 B	52.29.105.35
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-03	417 B	327 B	192.243.59.20
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-04	1.5 kB	846 B	192.243.61.225
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-03	2.9 kB	300 kB	188.114.97.1
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29	2024-05-04	503 B	2.2 kB	104.26.6.19
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	909 B	3.2 kB	142.250.74.106
growingcastselling.com	unknown	2024-04-18	2024-04-27	2024-04-27	888 B	46 kB	192.243.61.225
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	676 B	1.9 kB	3.164.222.26
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	413 B	28 kB	188.114.96.1
en.yts-official.mx	unknown	2024-02-16	2024-02-22	2024-04-18	7.1 kB	401 kB	104.21.69.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	2.6 kB	98 kB	216.58.207.227
inconveniencemimic.com	unknown	2024-04-29	2024-04-30	2024-04-30	7.6 kB	12 kB	192.243.59.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	growingcastselling.com	Sinkholed
2024-05-04	medium	growingcastselling.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	inconveniencemimic.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	2.2 kB	2024-05-02	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 22:36:44 Last Seen2024-05-04 19:30:10 Times Seen2 Hash 9958e4a6b213dc7ea991f40054629844 c2ddc52fb84d694720eb15453d4228e8083b20ac a32f94c847b590ebc030e30bb7da331f5fa8670f090cfc55428fc33ad9a6e3d5 Loading...

	en.yts-official.mx/static/yts/style/modded1.js?yify=1	163 kB	2023-03-08	2024-05-18
Pretty URL en.yts-official.mx/static/yts/style/modded1.js?yify=1 IP 104.21.69.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05:18 Last Seen2024-05-18 10:19:59 Times Seen219 Hash 60de675fcd2844a3ffbb68550d303076 8a53cc2f554a8ef1f58f3fd1996a3c3552ea5472 1c821bdab262418e3742bfa3c295c3b668724f7e8898b45638958a898bd93d33 Loading...

	en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0	428 B	2024-04-18	2024-05-16
Pretty URL en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0 IP 104.21.69.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 12:10:15 Last Seen2024-05-16 01:33:51 Times Seen97 Hash 6dcff6572b90a25babb8be2e3703eb97 58ca34991d0315b9cef9bb1e9bd8ba547602e5b3 28f374670828d65e52a411c90ba6dd9017599b26eca5ef05eb3278c2f4f81982 Loading...

	growingcastselling.com/b1/27/0e/b1270e96b85c3dd200807d09a940c676.js	76 kB	2024-04-30	2024-05-04
Pretty URL growingcastselling.com/b1/27/0e/b1270e96b85c3dd200807d09a940c676.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 16:33:22 Last Seen2024-05-04 19:30:10 Times Seen6 Hash 46c620909d73ad9cc007f59b1ccb579a 036bbc99646c86e35e6f5d9a2c2ab827a3b9e1c1 493289139a58178bb8dfb725a74b50eac50f722b8998b2c38ebc163d1b7ec320 Loading...

	growingcastselling.com/0a/2f/9b/0a2f9bfefa2d59b6782f748beec9f30e.js	44 kB	2024-05-04	2024-05-04
Pretty URL growingcastselling.com/0a/2f/9b/0a2f9bfefa2d59b6782f748beec9f30e.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:30:10 Last Seen2024-05-04 19:30:10 Times Seen2 Hash 1cf97be881a456fab0565cde236cbde9 fc83fbc3e148859d3efa98181d5eb72904a989f7 cd8a418f17b2a3cae7fca9c57acdcd24a75ddeac17fda89ca845729523d55950 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 13:52:10 Times Seen37786313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (44)

URL IP Response Size

en.yts-official.mx/static/yts/fonts/fonts.css

104.21.69.3

200 OK

905 B

URL GET HTTP/3
en.yts-official.mx/static/yts/fonts/fonts.css
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
ASCII text, with very long lines (1316), with no line terminators
Size
905 B (905 bytes)
Hash
b482ea655a7bad066f5aacbcbd1f8ff9
7b48d2275fc5356ae4528275502bb520244e8a4b
38fe96c34e2d963f298b4827f2ddc5a13fa1bcbe420cbbd0b5b907d5613ad1bf

HTTP Headers

GET /static/yts/fonts/fonts.css HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:43 GMT
content-type: text/css
last-modified: Mon, 19 Feb 2024 03:18:39 GMT
vary: Accept-Encoding
etag: W/"65d2c88f-524"
expires: Sat, 04 May 2024 21:08:10 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 30092
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bv4WLmqoFoUY8EY9szvkaygNHTIRJKTHG9DnEUtkz%2Be6SWETl5E4lh1OtE%2B%2BKkLS7jjTanDIpA2aL7zHtq9JZkHBRwqMXeuAgBt1JgYzQjc5n3aNthvEJoPJVmAu9AyH%2BAAA3iY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36f169530afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

en.yts-official.mx/static/yts/fonts/icomoon.woff?fmg7s2

104.21.69.3

200 OK

3.6 kB

URL GET HTTP/3
en.yts-official.mx/static/yts/fonts/icomoon.woff?fmg7s2
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
Web Open Font Format, CFF, length 3560, version 0.0
Size
3.6 kB (3560 bytes)
Hash
4e54891305c71736de2da03f14b57434
fbf29db32b5514cad7a908167ce63c76a91a2f12
332ec1d337a38ad421deff49f3585da56563253756da3870b26b46bd025f96e4

HTTP Headers

GET /static/yts/fonts/icomoon.woff?fmg7s2 HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/static/yts/fonts/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: font/woff
content-length: 3560
last-modified: Mon, 19 Feb 2024 03:18:39 GMT
etag: "65d2c88f-de8"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3123
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhOsaRwIA5CG4NV%2FLsU2EWjNG%2BZ7p4JFyb%2BggYyzt%2Bj4dRnRBsh8Pzul%2FHU%2FIzHW87Z95vFhpxqQZCg%2Fxvy%2FMLmeJroIXzGztHz%2F82hoPnWDWt8BqGy1cwt0Pz5MKa1sSlYW9cE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36f2baf50afe-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Arimo:400,700,400italic,700italic&subset=latin,latin-ext

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Arimo:400,700,400italic,700italic&subset=latin,latin-ext
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.3 kB (1262 bytes)
Hash
7b043d063a6cac37cdf77e95b2d54e1d
705ae37a797a73f75445270eb20982ab5bb78d8e
a8773de8d45ffa399b5cb4ac5e35826064021d68ed6dcb573d89dd98c15c9d00

HTTP Headers

GET /css?family=Arimo:400,700,400italic,700italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 17:29:44 GMT
date: Sat, 04 May 2024 17:29:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20040, version 1.0
Size
20 kB (20040 bytes)
Hash
a61c670a24d6794a95a9712f0d12b656
c9b3114b27790109ec51508f51f1a033ccfe0812
a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6

HTTP Headers

GET /s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:08:55 GMT
expires: Fri, 02 May 2025 22:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:51:46 GMT
content-type: font/woff2
age: 156049
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20040, version 1.0
Size
20 kB (20040 bytes)
Hash
a61c670a24d6794a95a9712f0d12b656
c9b3114b27790109ec51508f51f1a033ccfe0812
a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6

HTTP Headers

GET /s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:08:55 GMT
expires: Fri, 02 May 2025 22:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:51:46 GMT
content-type: font/woff2
age: 156049
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/arimo/v29/P5sCzZCDf9_T_10c9CNkiA.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/arimo/v29/P5sCzZCDf9_T_10c9CNkiA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22052, version 1.0
Size
22 kB (22052 bytes)
Hash
f0e48ce2beda9e8cbd7d915bf1b1ae71
3dc1cfff1759b0959cc7fb17517651ec850d584d
b2504b3c20c2feb37e78773b788dd09a9cc43c9f36086bc1e2f83a6366ebaa34

HTTP Headers

GET /s/arimo/v29/P5sCzZCDf9_T_10c9CNkiA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:53:36 GMT
expires: Fri, 02 May 2025 01:53:36 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:00:24 GMT
content-type: font/woff2
age: 228968
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

en.yts-official.mx/movies/poster/debt-collectors-2020.jpg?v=1

104.21.69.3

200 OK

32 kB

URL GET HTTP/3
en.yts-official.mx/movies/poster/debt-collectors-2020.jpg?v=1
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 230x345, components 3
Size
32 kB (32408 bytes)
Hash
ae6d059ef98fba4b440228c5f08b58ec
c6143dd7e8ec49fd323d23fccd1276ba53480f2a
e414fd820c34194837b3ad2a46c6fb701697e40f620a4b5b6da40597d4e25b37

HTTP Headers

GET /movies/poster/debt-collectors-2020.jpg?v=1 HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: image/jpeg
content-length: 32408
last-modified: Fri, 29 Oct 2021 21:06:01 GMT
etag: "617c6239-7e98"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5u8ucOQgeQcezN3nxvOx7NVhvi%2B2Pm4hWPZyyJdDbwvdJHKGqoYs9OpzagqO4j8CvhhzqLfq8WLLbQYa6BpmbyXyWjKXkaE8Z7aOFtPPPAESXAIk5XKp0rWNXUxRCHU%2B9tayg0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36f179690afe-OSL
alt-svc: h3=":443"; ma=86400

growingcastselling.com/0a/2f/9b/0a2f9bfefa2d59b6782f748beec9f30e.js

192.243.61.225

200 OK

16 kB

URL GET HTTP/1.1
growingcastselling.com/0a/2f/9b/0a2f9bfefa2d59b6782f748beec9f30e.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectgrowingcastselling.com
Fingerprint3E:B6:D3:62:BC:57:AD:19:9E:FA:67:C4:B3:FA:10:7C:98:4A:71:2B
ValidityThu, 18 Apr 2024 13:01:11 GMT - Wed, 17 Jul 2024 13:01:10 GMT

File type
JavaScript source, ASCII text, with very long lines (44058), with no line terminators
Size
16 kB (15804 bytes)
Hash
1cf97be881a456fab0565cde236cbde9
fc83fbc3e148859d3efa98181d5eb72904a989f7
cd8a418f17b2a3cae7fca9c57acdcd24a75ddeac17fda89ca845729523d55950

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0a/2f/9b/0a2f9bfefa2d59b6782f748beec9f30e.js HTTP/1.1
Host: growingcastselling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 20:29:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 979ba270663faabb5017788da00a6401
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

growingcastselling.com/b1/27/0e/b1270e96b85c3dd200807d09a940c676.js

192.243.61.225

200 OK

28 kB

URL GET HTTP/1.1
growingcastselling.com/b1/27/0e/b1270e96b85c3dd200807d09a940c676.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectgrowingcastselling.com
Fingerprint3E:B6:D3:62:BC:57:AD:19:9E:FA:67:C4:B3:FA:10:7C:98:4A:71:2B
ValidityThu, 18 Apr 2024 13:01:11 GMT - Wed, 17 Jul 2024 13:01:10 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28356 bytes)
Hash
46c620909d73ad9cc007f59b1ccb579a
036bbc99646c86e35e6f5d9a2c2ab827a3b9e1c1
493289139a58178bb8dfb725a74b50eac50f722b8998b2c38ebc163d1b7ec320

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b1/27/0e/b1270e96b85c3dd200807d09a940c676.js HTTP/1.1
Host: growingcastselling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28b8a9889e5c3e65b4db346ea1915f26
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:29:44 GMT
Last-Modified: Sat, 04 May 2024 16:02:43 GMT
Server: ECAcc (ska/F77E)
X-Cache: Miss from cloudfront
Via: 1.1 47cc7d5981f182b935da67eb4606a37e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: wdO4ul_8p_4iE7fkS0JPKPQHWGE8QSIkTY8g37Y9Anitt5eR8Ph2hw==
Age: 5221

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:29:44 GMT
Last-Modified: Sat, 04 May 2024 16:31:49 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 b346b3370501b6371a77d76d7adba23e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: al14yF3Zb5dxkL23ZDtgFdMI1EjB142bo3K4DfSw53HeGuICknSPKQ==
Age: 3475

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
366c56be51d611f665eab66cd357a2e0
aa121439179fd940acdb1d5052e89d8c5ca9c37d
cc13845e1f48c4d6c660285445ddb8974df19cb635c3d9f0b2aae1c687fdf4a7

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://en.yts-official.mx
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a50aee4c-f811-4ad4-9f37-7139dc83e035:1:1; expires=Tue, 02 May 2034 17:29:44 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
064e070d4984bce3dae1ce86e90528d5
0fdd3b5dbc18f451949f9f2a0ffa07686549186f
b8e5ab4394fec7730695cdf298c97df3162370371a6bafea183e3975239bdab1

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://en.yts-official.mx
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=45f22466-8442-4df5-aa83-0ab023e883a6:2:1; expires=Tue, 02 May 2034 17:29:44 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

capaciousdrewreligion.com/advertisers.js

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:45 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6ec565a7f93fa2f6defe3e8453aa9142
Strict-Transport-Security: max-age=0; includeSubdomains

en.yts-official.mx/static/yts/image/apple-touch-icon-180x180.png

104.21.69.3

200 OK

7.0 kB

URL GET HTTP/3
en.yts-official.mx/static/yts/image/apple-touch-icon-180x180.png
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced
Size
7.0 kB (6973 bytes)
Hash
f87afcf11d459620ff02da6112365db2
d09e6d4e7db706569474bfb7ec93f31ccbd6ed69
a70913fad67537f16d871e4c456c8f4484106f6d4ef3e12fa3c3b2eceefee508

HTTP Headers

GET /static/yts/image/apple-touch-icon-180x180.png HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=45f22466-8442-4df5-aa83-0ab023e883a6%3A2%3A1; pp_main_b1270e96b85c3dd200807d09a940c676=1; sb_page_0a2f9bfefa2d59b6782f748beec9f30e=1; sb_onpage_0a2f9bfefa2d59b6782f748beec9f30e=1; sb_main_0a2f9bfefa2d59b6782f748beec9f30e=1; sb_count_0a2f9bfefa2d59b6782f748beec9f30e=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: image/png
content-length: 6973
last-modified: Mon, 19 Feb 2024 10:45:38 GMT
etag: "65d33152-1b3d"
expires: Thu, 30 May 2024 16:30:16 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 349169
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwN5o7aHacwkCaLxF4bYSxf2HOCqfqe%2FmM7t7nHsK3W4O4zg3lAo6YU53P1ds6yanUaEH4911DwzkgIvOCb8nDdGIcrqbBFmCPrZ%2F0bBczKrn7ljEzo%2BKuO8GwBVIDbInnS84mM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36fafd420afe-OSL
alt-svc: h3=":443"; ma=86400

en.yts-official.mx/static/yts/image/favicon-16x16.png

104.21.69.3

200 OK

619 B

URL GET HTTP/3
en.yts-official.mx/static/yts/image/favicon-16x16.png
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
Size
619 B (619 bytes)
Hash
ea830fdd4f9a6d19aa7455dabdac987a
b0d567d6b4d40959e1bd44032f6bc2331057b319
71148160c085a70d1af7708c1d52cfcf39f8ef6e4ce13f0f20c080b2e19195db

HTTP Headers

GET /static/yts/image/favicon-16x16.png HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=45f22466-8442-4df5-aa83-0ab023e883a6%3A2%3A1; pp_main_b1270e96b85c3dd200807d09a940c676=1; sb_page_0a2f9bfefa2d59b6782f748beec9f30e=1; sb_onpage_0a2f9bfefa2d59b6782f748beec9f30e=1; sb_main_0a2f9bfefa2d59b6782f748beec9f30e=1; sb_count_0a2f9bfefa2d59b6782f748beec9f30e=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: image/png
content-length: 619
last-modified: Mon, 19 Feb 2024 10:45:38 GMT
etag: "65d33152-26b"
expires: Thu, 30 May 2024 22:27:04 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 327761
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2i7qFGi04GkzefjKaV8L%2FLGcSZxR8Va157lAp4ccTLq9pVcwDtpl0XVMM%2FgOe7h3N%2F64sfDdnQmZaZcRPYEug1p17HF8u0nSuMTeGl3Z%2FwB5CmbESNjkcj64NwS2Mc4u3mK6IuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36fafd430afe-OSL
alt-svc: h3=":443"; ma=86400

inconveniencemimic.com/sbar.json?key=0a2f9bfefa2d59b6782f748beec9f30e&psid=CF-3448_0

192.243.59.13

200 OK

6.8 kB

URL GET HTTP/1.1
inconveniencemimic.com/sbar.json?key=0a2f9bfefa2d59b6782f748beec9f30e&psid=CF-3448_0
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type
JSON text data
Size
6.8 kB (6795 bytes)
Hash
d0c668082adf3b169c7a08549ee9404a
34f33790ff01c958e45a52532c31b76ff505584e
5b89ff53d7ffcf330a4ba7cb6e4d6f98e5b8a0bd5786c3dfb1aa2da604ca9202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=0a2f9bfefa2d59b6782f748beec9f30e&psid=CF-3448_0 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:45 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yts-official.mx
Access-Control-Allow-Origin: https://en.yts-official.mx
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16587847; expires=Sun, 05 May 2024 17:29:45 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 17:29:45 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 17:29:45 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 17:29:45 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 17:29:45 GMT; secure; SameSite=None
slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]; expires=Sat, 04 May 2024 17:29:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 228b686e65d11d67d65d829258c78ca6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

inconveniencemimic.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq2M8eRBlD4oKc1RYJ909k54Z97C4P7JE42bdVRQUluqu6kmZ6q6mfkxPgodgQNbbrJe9dr6TbFhdZP0D3JXJgoeAkPGUg7kI3gRB2JsiMxscfND9fnxfwee9qi933AkJ4ejxpffUppCSLizW%2FdrrHwfBudqKyF2%2F1m9HN6PmuZruvdWJ6v4btSs8WVcLoR%2F4fuAHtSWhear6CxMRorjfCeodv94M68FiE339%2F9w4D4Z6YL0T8iIEG88%2F9s5AJCPk2YNL3KxbVZy9nDlJrdLosf0P8%2FVclTmyWZhqD2m%2Bf9oNZY6WHkLle1NcqN5%2FjbEYE%2B%2Bnh4jz%2FVNIxL3dKWcswXPE7DmUvRG4HEHQERK1DcGOCJAwXF1Fnt29qnRJN56qdKKOyfyTvyDKMZn%2F9Qzy7LsLUvRrN5R0VqjcoJ9WEP0RRHeEwh3Abs5BlAdI7BcQ7Gey8GQFeba7aqSCYNV0diFGEOkIkg9AjQc3%2BYQHl3pwhYeMHdeSIAhaPkuo3%2B4kSYO1eBwxP6CtNKCBH7XhkgneALYYIJEDJHoLhd7Curh9tPgOtPsRZq2CYR6MHRPv%2FS30WIWSE5SGoKQEpSAoLUHZq%2FaYNKGp7jJpXByc%2BvDUN6qhst0duqdsl%2BcEVA%2BgWbVTnJAXpiv6%2B9UrWOfHNZ%2BGaSdOeUpDttiJo1Y7TFvNdsx50kkbPocR9y4uvdloNts3fQgzNx1%2FU4zJy8svoRBj8uydfxDTAxh5gER4oO410LICXauwme9vWFNXOQdTFQo7D7vh7cgT8sqUYnXbgieH5NSQ6AqFrvCZeEzQlbeG11VJdq%2Br0pDvVwsrMrFJJ5d4w1LLvW%2Fe5Rul0mz5khncezuZCJPw%2Fgfc2BWaM5F3Dfn2gmCM6yWlE05%2BWDYf8fiaM2sXnM5dsXLt4tJyVmhujFD5CFQcXb6DRIzJ848%2Bnb7Os5%2F8DqFH0K5C5makQh0gKbZgilnNKAItZ3lceChdNdRhPCtKQSD5LKdxBcMPz%2F%2F2%2BR%2B31%2FQDxPzw0Z9PtaGmk9NUVDvmFrp6DtRuI88q9HSFnqxA5QDGPTO0hT48%2F0tjaojl3DCWem43llp%2BPV3y5GdgxHGt1Wj4NOosBq0W5a24GbbTKGCUhs0ojCLagDXjNCq%2B%2BhcAAP%2F%2FAQAA%2F%2F9bg6kUdwQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
inconveniencemimic.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq2M8eRBlD4oKc1RYJ909k54Z97C4P7JE42bdVRQUluqu6kmZ6q6mfkxPgodgQNbbrJe9dr6TbFhdZP0D3JXJgoeAkPGUg7kI3gRB2JsiMxscfND9fnxfwee9qi933AkJ4ejxpffUppCSLizW%2FdrrHwfBudqKyF2%2F1m9HN6PmuZruvdWJ6v4btSs8WVcLoR%2F4fuAHtSWhear6CxMRorjfCeodv94M68FiE339%2F9w4D4Z6YL0T8iIEG88%2F9s5AJCPk2YNL3KxbVZy9nDlJrdLosf0P8%2FVclTmyWZhqD2m%2Bf9oNZY6WHkLle1NcqN5%2FjbEYE%2B%2Bnh4jz%2FVNIxL3dKWcswXPE7DmUvRG4HEHQERK1DcGOCJAwXF1Fnt29qnRJN56qdKKOyfyTvyDKMZn%2F9Qzy7LsLUvRrN5R0VqjcoJ9WEP0RRHeEwh3Abs5BlAdI7BcQ7Gey8GQFeba7aqSCYNV0diFGEOkIkg9AjQc3%2BYQHl3pwhYeMHdeSIAhaPkuo3%2B4kSYO1eBwxP6CtNKCBH7XhkgneALYYIJEDJHoLhd7Curh9tPgOtPsRZq2CYR6MHRPv%2FS30WIWSE5SGoKQEpSAoLUHZq%2FaYNKGp7jJpXByc%2BvDUN6qhst0duqdsl%2BcEVA%2BgWbVTnJAXpiv6%2B9UrWOfHNZ%2BGaSdOeUpDttiJo1Y7TFvNdsx50kkbPocR9y4uvdloNts3fQgzNx1%2FU4zJy8svoRBj8uydfxDTAxh5gER4oO410LICXauwme9vWFNXOQdTFQo7D7vh7cgT8sqUYnXbgieH5NSQ6AqFrvCZeEzQlbeG11VJdq%2Br0pDvVwsrMrFJJ5d4w1LLvW%2Fe5Rul0mz5khncezuZCJPw%2Fgfc2BWaM5F3Dfn2gmCM6yWlE05%2BWDYf8fiaM2sXnM5dsXLt4tJyVmhujFD5CFQcXb6DRIzJ848%2Bnb7Os5%2F8DqFH0K5C5makQh0gKbZgilnNKAItZ3lceChdNdRhPCtKQSD5LKdxBcMPz%2F%2F2%2BR%2B31%2FQDxPzw0Z9PtaGmk9NUVDvmFrp6DtRuI88q9HSFnqxA5QDGPTO0hT48%2F0tjaojl3DCWem43llp%2BPV3y5GdgxHGt1Wj4NOosBq0W5a24GbbTKGCUhs0ojCLagDXjNCq%2B%2BhcAAP%2F%2FAQAA%2F%2F9bg6kUdwQAAA%3D%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq2M8eRBlD4oKc1RYJ909k54Z97C4P7JE42bdVRQUluqu6kmZ6q6mfkxPgodgQNbbrJe9dr6TbFhdZP0D3JXJgoeAkPGUg7kI3gRB2JsiMxscfND9fnxfwee9qi933AkJ4ejxpffUppCSLizW%2FdrrHwfBudqKyF2%2F1m9HN6PmuZruvdWJ6v4btSs8WVcLoR%2F4fuAHtSWhear6CxMRorjfCeodv94M68FiE339%2F9w4D4Z6YL0T8iIEG88%2F9s5AJCPk2YNL3KxbVZy9nDlJrdLosf0P8%2FVclTmyWZhqD2m%2Bf9oNZY6WHkLle1NcqN5%2FjbEYE%2B%2Bnh4jz%2FVNIxL3dKWcswXPE7DmUvRG4HEHQERK1DcGOCJAwXF1Fnt29qnRJN56qdKKOyfyTvyDKMZn%2F9Qzy7LsLUvRrN5R0VqjcoJ9WEP0RRHeEwh3Abs5BlAdI7BcQ7Gey8GQFeba7aqSCYNV0diFGEOkIkg9AjQc3%2BYQHl3pwhYeMHdeSIAhaPkuo3%2B4kSYO1eBwxP6CtNKCBH7XhkgneALYYIJEDJHoLhd7Curh9tPgOtPsRZq2CYR6MHRPv%2FS30WIWSE5SGoKQEpSAoLUHZq%2FaYNKGp7jJpXByc%2BvDUN6qhst0duqdsl%2BcEVA%2BgWbVTnJAXpiv6%2B9UrWOfHNZ%2BGaSdOeUpDttiJo1Y7TFvNdsx50kkbPocR9y4uvdloNts3fQgzNx1%2FU4zJy8svoRBj8uydfxDTAxh5gER4oO410LICXauwme9vWFNXOQdTFQo7D7vh7cgT8sqUYnXbgieH5NSQ6AqFrvCZeEzQlbeG11VJdq%2Br0pDvVwsrMrFJJ5d4w1LLvW%2Fe5Rul0mz5khncezuZCJPw%2Fgfc2BWaM5F3Dfn2gmCM6yWlE05%2BWDYf8fiaM2sXnM5dsXLt4tJyVmhujFD5CFQcXb6DRIzJ848%2Bnb7Os5%2F8DqFH0K5C5makQh0gKbZgilnNKAItZ3lceChdNdRhPCtKQSD5LKdxBcMPz%2F%2F2%2BR%2B31%2FQDxPzw0Z9PtaGmk9NUVDvmFrp6DtRuI88q9HSFnqxA5QDGPTO0hT48%2F0tjaojl3DCWem43llp%2BPV3y5GdgxHGt1Wj4NOosBq0W5a24GbbTKGCUhs0ojCLagDXjNCq%2B%2BhcAAP%2F%2FAQAA%2F%2F9bg6kUdwQAAA%3D%3D HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:45 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13006d0bcbe3c78e1ba99980a7bcf749
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=45f22466-8442-4df5-aa83-0ab023e883a6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=b1270e96b85c3dd200807d09a940c676&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=45f22466-8442-4df5-aa83-0ab023e883a6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=b1270e96b85c3dd200807d09a940c676&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=45f22466-8442-4df5-aa83-0ab023e883a6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=b1270e96b85c3dd200807d09a940c676&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e7eb7eff0a6e7fde081ff9ac65e55614
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=45f22466-8442-4df5-aa83-0ab023e883a6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=0a2f9bfefa2d59b6782f748beec9f30e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=45f22466-8442-4df5-aa83-0ab023e883a6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=0a2f9bfefa2d59b6782f748beec9f30e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=45f22466-8442-4df5-aa83-0ab023e883a6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=0a2f9bfefa2d59b6782f748beec9f30e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c950b3600871b745a8aa4a92c9dbda03
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27461 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 194ed4c4842d06bcc85cdd997dac3740
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 17:29:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHFMUjmPOl7%2BhuDOGtb3o0WNp0IxLZbTuQYgJRtl6dDBjsjwMRQlTvG2MoI7VWX9V4cRyWcx961S8fjbazosgeoVSYKSsk7H8qWVBIPjfbOgQm7PAY%2BaltAHc9wOcsjkE1aNTTUjBfvtregZUazMfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36f5bd2d56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif

188.114.97.1

200 OK

206 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
GIF image data, version 89a, 480 x 360
Size
206 kB (206291 bytes)
Hash
0b33face774f2203446507ce5f075538
1dd3522529bce7739df0687f47f5bc84356698a0
ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:46 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 02 Feb 2024 15:33:57 GMT
etag: "65bd0b65-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 193360
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BHvAv8as%2BSnvb03eUmOsMC3Wsn%2FNddmGRCxSPVAj46GZm5af8Judqf75YIogvXsnIdI3w2fQzHVw3lkXDZEh3g35GNny4qEgnFwui1poZLTxmR6WU7byYW1qy9O2YKsogK%2FkiEjeboYK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36ff5cc8b512-OSL
alt-svc: h3=":443"; ma=86400

inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=50

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=50
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=50 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=56

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=56
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=56 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 28869
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 228886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=55

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=55
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=55 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

inconveniencemimic.com/pixel/sbs?c=1

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/pixel/sbs?c=1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

724 B

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
724 B (724 bytes)
Hash
e949f107146f80ef61a5f3d3a8ba72c3
135706ca8eceb5af199775e7827468377051e1c6
e211d6a233a3d6a04d6f4b079c172917eca909259edd7399eeebfb1098059640

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 17:29:46 GMT
date: Sat, 04 May 2024 17:29:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg

188.114.97.1

200 OK

1.3 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1279 bytes)
Hash
24937fd159a21f2e91207d5788e86c70
1b07e0334cc16c5cd659de56314bd2188e3a82f9
b38a482faa1471a520d231f954412ee0293b0401610af1392038be206dc51b8a

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:46 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Feb 2024 15:33:55 GMT
etag: W/"65bd0b63-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 193360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7OTfiywNH5AiKdh5%2FmsTHuGnzyIAcNiPpEVYqfxcgm2uh331pV0reKaMbvIHKoGO%2BsdUAWhmytYbb7qzNrphXJ0mk4v7d%2F%2F5D2aIHK1RIy1shsz8nHzZWkVw%2BKnlxr%2BYSHjkN3UXN1z6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36ff4cafb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

inconveniencemimic.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH74tx5UKULhQVZqlQJ%2B%2FN77GLYpqmRGNTW0VBodxfb3LNnXcf9747bxJcBANSd1M33b58J2moFql%2FgK1MCi4CQsZVFmYjuBMEoTtFZhocPPDe%2BfE9Fz7n3Pvlrj8lFXh6svSe2VJa04V6OSy9%2FnEUXSitqsT3S%2F1W42ajdqFke2%2B1G%2BXwjdIVyTfMQiWMwjAKo9KysjI2%2FYWJCJXeb0fldliuVcpRvYa%2B%2FX%2FufABHA4jeKXkRSoznHwfnoPgISffBknQbmUnPX%2B56TTNj0RMHHyYbickTdGdhbAPEycFZN4w7Xn4Ik%2BxPcWF6%2FzUyNSbBTw%2FBkoMzSLDe3pSTacgETDyHvDeC1CMoOgI3O1DimABc4Ooaku7dq8bmdPOpSifqmMw%2F%2BQsqH5P5X88h6X63qFW%2FdMNonymTOPTjAqo%2FguqMkPpDZFtzUPkhePYFlPiZLDxZRdLdW3PaQIliOrtSI6h4BC0HoC6An3wqgI8D%2BDRAV5yUeBRFzVBwGrbanFdFU7KGCCPajCMahY0WPJ%2FgDZClA3A9ALfbSO02NtTt4%2Fo7sP5HuPUCTgRw2ZgE72%2BjJwrkkiB3BDklyBVBnhHkvWJfaFdxxV2hnWfRma%2Bc%2BWoxNFlnl%2B6brCMTAmoHsKLYTU%2FJC9MV%2Ff3qFWzIk1JIK3GbxTKmFVFvs0azVYmbtRaTkrfjaijh1L1Ly29Wa7XWzRDKzU3H31Jj8vLKS0jVmDx75x8weginD8FVAOpfA80L0PUCW8nBZubKJpEQpkCazSPbDHb1KXllSrG2k0HyI3Jm4LZAagt8ph4TdPSt4XWTk73rJnfk%2B7U0U121RSeXeCOjmQy%2BeVdu5saKlSU3uPc2nwiT8P4H0mWrNBEq6Tjy7aISQtplY7kkP6y4jyS75t36oreJT1evXVpe6aZWOqdMMgJVx5fvgKsxef7Rp9PXef6T36HsCNYX6PoZqTKH4Ok2XDqrOUNg9SxnaYDcF0NbYbOiVgRaznLKCjh5dPG3z%2F%2B4vW4fgMmjR38%2B1YaWTk5TVey6W%2BjYOdBsB0m3QM8W6OkCVA%2Fg%2FDPDLLVHF3%2BpTg1Mzw2ZtnN7TFv99XTJk5%2BDUyelaiiaTMayyWStXoslF6xeZyGPOauKVosjc%2BO4kX71LwAAAP%2F%2FAQAA%2F%2F%2FbV3z8dwQAAA%3D%3D

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH74tx5UKULhQVZqlQJ%2B%2FN77GLYpqmRGNTW0VBodxfb3LNnXcf9747bxJcBANSd1M33b58J2moFql%2FgK1MCi4CQsZVFmYjuBMEoTtFZhocPPDe%2BfE9Fz7n3Pvlrj8lFXh6svSe2VJa04V6OSy9%2FnEUXSitqsT3S%2F1W42ajdqFke2%2B1G%2BXwjdIVyTfMQiWMwjAKo9KysjI2%2FYWJCJXeb0fldliuVcpRvYa%2B%2FX%2FufABHA4jeKXkRSoznHwfnoPgISffBknQbmUnPX%2B56TTNj0RMHHyYbickTdGdhbAPEycFZN4w7Xn4Ik%2BxPcWF6%2FzUyNSbBTw%2FBkoMzSLDe3pSTacgETDyHvDeC1CMoOgI3O1DimABc4Ooaku7dq8bmdPOpSifqmMw%2F%2BQsqH5P5X88h6X63qFW%2FdMNonymTOPTjAqo%2FguqMkPpDZFtzUPkhePYFlPiZLDxZRdLdW3PaQIliOrtSI6h4BC0HoC6An3wqgI8D%2BDRAV5yUeBRFzVBwGrbanFdFU7KGCCPajCMahY0WPJ%2FgDZClA3A9ALfbSO02NtTt4%2Fo7sP5HuPUCTgRw2ZgE72%2BjJwrkkiB3BDklyBVBnhHkvWJfaFdxxV2hnWfRma%2Bc%2BWoxNFlnl%2B6brCMTAmoHsKLYTU%2FJC9MV%2Ff3qFWzIk1JIK3GbxTKmFVFvs0azVYmbtRaTkrfjaijh1L1Ly29Wa7XWzRDKzU3H31Jj8vLKS0jVmDx75x8weginD8FVAOpfA80L0PUCW8nBZubKJpEQpkCazSPbDHb1KXllSrG2k0HyI3Jm4LZAagt8ph4TdPSt4XWTk73rJnfk%2B7U0U121RSeXeCOjmQy%2BeVdu5saKlSU3uPc2nwiT8P4H0mWrNBEq6Tjy7aISQtplY7kkP6y4jyS75t36oreJT1evXVpe6aZWOqdMMgJVx5fvgKsxef7Rp9PXef6T36HsCNYX6PoZqTKH4Ok2XDqrOUNg9SxnaYDcF0NbYbOiVgRaznLKCjh5dPG3z%2F%2B4vW4fgMmjR38%2B1YaWTk5TVey6W%2BjYOdBsB0m3QM8W6OkCVA%2Fg%2FDPDLLVHF3%2BpTg1Mzw2ZtnN7TFv99XTJk5%2BDUyelaiiaTMayyWStXoslF6xeZyGPOauKVosjc%2BO4kX71LwAAAP%2F%2FAQAA%2F%2F%2FbV3z8dwQAAA%3D%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH74tx5UKULhQVZqlQJ%2B%2FN77GLYpqmRGNTW0VBodxfb3LNnXcf9747bxJcBANSd1M33b58J2moFql%2FgK1MCi4CQsZVFmYjuBMEoTtFZhocPPDe%2BfE9Fz7n3Pvlrj8lFXh6svSe2VJa04V6OSy9%2FnEUXSitqsT3S%2F1W42ajdqFke2%2B1G%2BXwjdIVyTfMQiWMwjAKo9KysjI2%2FYWJCJXeb0fldliuVcpRvYa%2B%2FX%2FufABHA4jeKXkRSoznHwfnoPgISffBknQbmUnPX%2B56TTNj0RMHHyYbickTdGdhbAPEycFZN4w7Xn4Ik%2BxPcWF6%2FzUyNSbBTw%2FBkoMzSLDe3pSTacgETDyHvDeC1CMoOgI3O1DimABc4Ooaku7dq8bmdPOpSifqmMw%2F%2BQsqH5P5X88h6X63qFW%2FdMNonymTOPTjAqo%2FguqMkPpDZFtzUPkhePYFlPiZLDxZRdLdW3PaQIliOrtSI6h4BC0HoC6An3wqgI8D%2BDRAV5yUeBRFzVBwGrbanFdFU7KGCCPajCMahY0WPJ%2FgDZClA3A9ALfbSO02NtTt4%2Fo7sP5HuPUCTgRw2ZgE72%2BjJwrkkiB3BDklyBVBnhHkvWJfaFdxxV2hnWfRma%2Bc%2BWoxNFlnl%2B6brCMTAmoHsKLYTU%2FJC9MV%2Ff3qFWzIk1JIK3GbxTKmFVFvs0azVYmbtRaTkrfjaijh1L1Ly29Wa7XWzRDKzU3H31Jj8vLKS0jVmDx75x8weginD8FVAOpfA80L0PUCW8nBZubKJpEQpkCazSPbDHb1KXllSrG2k0HyI3Jm4LZAagt8ph4TdPSt4XWTk73rJnfk%2B7U0U121RSeXeCOjmQy%2BeVdu5saKlSU3uPc2nwiT8P4H0mWrNBEq6Tjy7aISQtplY7kkP6y4jyS75t36oreJT1evXVpe6aZWOqdMMgJVx5fvgKsxef7Rp9PXef6T36HsCNYX6PoZqTKH4Ok2XDqrOUNg9SxnaYDcF0NbYbOiVgRaznLKCjh5dPG3z%2F%2B4vW4fgMmjR38%2B1YaWTk5TVey6W%2BjYOdBsB0m3QM8W6OkCVA%2Fg%2FDPDLLVHF3%2BpTg1Mzw2ZtnN7TFv99XTJk5%2BDUyelaiiaTMayyWStXoslF6xeZyGPOauKVosjc%2BO4kX71LwAAAP%2F%2FAQAA%2F%2F%2FbV3z8dwQAAA%3D%3D HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13deae030af13d885b970b0db0cf19c0
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css

188.114.97.1

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78693 bytes)
Hash
5982c5377696d20476871062646b253f
8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242
4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: text/css
last-modified: Fri, 02 Feb 2024 15:33:52 GMT
etag: W/"65bd0b60-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 161606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zpVCDGslLFfVdqsITtQVkIHawyYSDwpJRCITWgv7eR1xlgI7e80ME641bDQjhvKow0s%2B1T9KBuTfqUlagsDiqtPwxlmKoohGMY47Ro65nnUqrgrXoXJWHaLCBIE%2Bvzpqrfp6VjzCuhwl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36fe4ab4b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg

188.114.97.1

200 OK

3.2 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:46 GMT
content-type: image/svg+xml
last-modified: Thu, 02 May 2024 09:24:12 GMT
etag: W/"66335bbc-c87"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 193360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sqhQ8N%2BLsFbbLqm2zgcOd02cpOyoPBbx4%2BLMKD%2FKEWe%2Fl%2B53IHHOK%2BZhjjluuOGVZuxuhFu%2BfnLbQaJVcEQT31MYqwLv50iz8bzyMCnRxAOvuMYIHXOCGEt1Re6xi3Fy8nPXnTS0Om2W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36ff5cccb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.yourwebbars.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html

104.26.6.19

200 OK

1.4 kB

URL GET HTTP/2
cdn.yourwebbars.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html
IP
104.26.6.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1503), with no line terminators
Size
1.4 kB (1423 bytes)
Hash
5bbc7454e20606860b6ef3c9ef609e1c
abeb6a396c5c197acf200e0f49e966bc68871f84
d264e4eec1faa09a8fc8058009d6a04e67132d9caaa7e7ccc0a4a327410b52df

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: text/html
last-modified: Thu, 02 May 2024 09:30:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 36540
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pdag%2FH8MW6IYo2aLn7XP5O98zaRitVHbd8xGSjigwkFYhpMCdZw8jVVai3s7EovzN%2Bn62Keg%2BiyTnWDHwe%2BDhd%2FhqEMOP2qzU7OO8Odd%2Fw8LQGcHlc%2FtC2cZhdmrnZ85rmO3u74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36fdce35b4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css

188.114.97.1

200 OK

3.8 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (4044), with no line terminators
Size
3.8 kB (3821 bytes)
Hash
56323b184b25c2b57812aa5b912181f9
afb759e4336deb21dfbb748697d2c822016f9a46
27a79b182eea9d8c755427f7529af66162dd9dc5c9fa7151ec99a1990bca2c97

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: text/css
last-modified: Thu, 02 May 2024 09:25:09 GMT
etag: W/"66335bf5-eed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 161606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3DP%2FaBsOsD0Z663O2jDoh3O6wuxAaGo8K%2FGDRpEpQctVnQkDv8M%2BC1H%2FSNB3%2Bf%2Fjs9HKlKOOSJmB1wr8Mv8oAhllPPljMucV5o%2BwJSMI%2F%2BRzPu6vGqfWbpb1H1khrdZ0uF0wp0hyE5Z%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36fe4ab5b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js

188.114.97.1

200 OK

2.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
Unicode text, UTF-8 text, with very long lines (2089), with no line terminators
Size
2.0 kB (1980 bytes)
Hash
e4c03f54a0a78634b5e2f23f1eec9018
7353e6fae5f14418a944ff8d6b6994c0932ce2f3
551e623132d553bed7d021b1cf20583cef3af7b8c34ccaf0fc54ac66ad672562

HTTP Headers

GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yts-official.mx
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:45 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 09:29:09 GMT
etag: W/"66335ce5-7bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 161606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EeMVnpkbsPupvtvnbDYFB%2BMT8gXNE9qkNqw9IDKWXWLVqaeqQfcJzo8OWk%2F6EcoaWu%2Bm7Q1mDqc1Am1uMXxc%2FLXHXRcelqCP0YPcVTGYyj%2F%2Bt9EsM2MAFLA6VEHrMfLtB%2BIqru6bLgpc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36fe4ab9b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0

104.21.69.3

200 OK

21 kB

URL User Request GET HTTP/2
en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
21 kB (20557 bytes)
Hash
959770633ef27e32d5b7fc1deed1444b
fc6c6d07a68a428e8b4a71c501b94c47d58352d1
31dec1c0ed7a9f47245558af6e6623262fbb5eed8f205dc45f28a3316cff76f4

HTTP Headers

GET /browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0 HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:29:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8EPekA5Nfaug8VluVydxlpiGGbMI2GKTkrlyMJd3P06KoVOVOKjya3FWrPRsnJ%2Biia%2BNqiRl7VIEnebvuaJiMcYJ2T%2Bvs8YwbvqhX0e1s9TkpgnaBsbI0p6xkbIJwtW4afP%2BDA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36edd82d5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

en.yts-official.mx/static/yts/images/website/select-arrows.svg

104.21.69.3

200 OK

615 B

URL GET HTTP/3
en.yts-official.mx/static/yts/images/website/select-arrows.svg
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
SVG Scalable Vector Graphics image
Size
615 B (615 bytes)
Hash
2380d25896bd0a9ef1f19fd67606323c
f67225bc11897e30f07c5dc6f3702035f8a193af
842f6e07aa5c466a76efdabfe4c271153511a29c8f49aa5b3ac5bdf4a77d8596

HTTP Headers

GET /static/yts/images/website/select-arrows.svg HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/static/yts/style/minified.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: image/svg+xml
last-modified: Mon, 19 Feb 2024 03:18:39 GMT
etag: W/"65d2c88f-267"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NCLFl9aYHduBovigpW1%2BstGmO9favStf7egLoEJktznLyVXOn17sXt%2BueDNqnseS%2FVmQ87MhitfJQFBYbI4p9ZCjk8pgMkn90vztu0Bouy3BU53Dnp5NLOhLY4dbToFYZ9SeG%2Bk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36f29acd0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0

104.21.69.3

200 OK

21 kB

URL GET HTTP/3
en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
21 kB (20557 bytes)
Hash
959770633ef27e32d5b7fc1deed1444b
fc6c6d07a68a428e8b4a71c501b94c47d58352d1
31dec1c0ed7a9f47245558af6e6623262fbb5eed8f205dc45f28a3316cff76f4

HTTP Headers

GET /browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0 HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HjxkjdawDPfKokU1bZGP%2BaBw1POZLawE3HIh7T%2BMdnxZdrExrvVqEqV29gEL9BcrD4AybLu3guMwq6JG%2FZQp261mnncCiMizghCp2rLGID5y%2F%2BHJskM4%2FLG%2F9P2tzinuspuIsTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36f59ef80afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

en.yts-official.mx/static/yts/image/logo-YTS.svg

104.21.69.3

200 OK

23 kB

URL GET HTTP/3
en.yts-official.mx/static/yts/image/logo-YTS.svg
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
SVG Scalable Vector Graphics image
Size
23 kB (23348 bytes)
Hash
fdd85bfbf80d872ea41b942cf21d1db9
6a2d54565cbffa3af342a63931e412ad8837f92d
2234cb288342eab0edfb65ebda4189cf47b40a4b639a25af62c57c03f7ace459

HTTP Headers

GET /static/yts/image/logo-YTS.svg HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:43 GMT
content-type: image/svg+xml
last-modified: Tue, 20 Feb 2024 02:51:28 GMT
etag: W/"65d413b0-5b34"
cache-control: max-age=14400
cf-cache-status: HIT
age: 212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WroQ%2FuQhgdVdFJKnmTlQXqoHw1qXATyIV9hBh1K%2BWjXh9%2BiYBy%2FjpeQAklH3WOhLguXYmoGDvNNsCIc8rE%2B949tOJdD4MprlmZol%2FZ3aZRF0hQ2bU2lOt1vBIKFl1TH%2BEjzcxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36f169620afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

en.yts-official.mx/static/yts/style/modded1.js?yify=1

104.21.69.3

200 OK

163 kB

URL GET HTTP/3
en.yts-official.mx/static/yts/style/modded1.js?yify=1
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
JavaScript source, ASCII text, with very long lines (65452)
Size
163 kB (162596 bytes)
Hash
60de675fcd2844a3ffbb68550d303076
8a53cc2f554a8ef1f58f3fd1996a3c3552ea5472
1c821bdab262418e3742bfa3c295c3b668724f7e8898b45638958a898bd93d33

HTTP Headers

GET /static/yts/style/modded1.js?yify=1 HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:43 GMT
content-type: application/javascript
last-modified: Mon, 19 Feb 2024 03:18:38 GMT
vary: Accept-Encoding
etag: W/"65d2c88e-27b24"
expires: Sat, 04 May 2024 18:04:33 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 41110
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULZnAVn3vuVvem3VUtujMz3TvFqnIWlrMkcGT30bkYNfzd8FfdP4EDIcnJqzyWzGaUWVvtRn9SGZwHC6iD9vCM5ReKl4cfTiBfaY9ELDYHwg%2BejbDtk3DuTL4sZPpkUUkpUseJE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36f1796c0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=40

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=40
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=40 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/
Cookie: u_pl=16587847; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0a2f9bfefa2d59b6782f748beec9f30e=[5210996,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 17:29:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

en.yts-official.mx/static/yts/style/minified.css

104.21.69.3

200 OK

120 kB

URL GET HTTP/3
en.yts-official.mx/static/yts/style/minified.css
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
ASCII text, with very long lines (57475)
Size
120 kB (119843 bytes)
Hash
a314b10e99529c56373ebff456f96618
89369052969ff4793a3c290593b5ded5d2d3e6d7
e043e009630de7fdb24141cd7e788e91a7978880af7730e0f8f97bf41c2cd549

HTTP Headers

GET /static/yts/style/minified.css HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:43 GMT
content-type: text/css
last-modified: Mon, 19 Feb 2024 08:38:28 GMT
vary: Accept-Encoding
etag: W/"65d31384-1d423"
expires: Sat, 04 May 2024 18:04:33 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 41110
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAwnEWKdztxZQBuhWQgJ7oVBWuUWsdSQl55Ii%2FGw%2FIGWI53G3tz6wZN5IQhVHieOZzdPSMtEujr1QIeyindRqYPk%2FKfCULwELJH4QzxaI4DCTdYk9WnExwkF%2FC%2BQ%2FMlf3P4fDCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea36f1695d0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

en.yts-official.mx/static/yts/images/website/icon-search.svg

104.21.69.3

200 OK

894 B

URL GET HTTP/3
en.yts-official.mx/static/yts/images/website/icon-search.svg
IP
104.21.69.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://en.yts-official.mx/browse-movies?genre=all&keyword=Debt+Collectors&order_by=latest&quality=all&rating=0&year=0
Certificate
IssuerGoogle Trust Services LLC
Subjectyts-official.mx
FingerprintFB:57:3A:12:D9:30:69:4A:59:BD:83:1C:79:E4:4E:DD:52:0F:73:62
ValidityThu, 18 Apr 2024 00:32:31 GMT - Wed, 17 Jul 2024 00:32:30 GMT

File type
SVG Scalable Vector Graphics image
Size
894 B (894 bytes)
Hash
9caad64a555d10c835c1e121b53743b0
5db8cc1d36d939a65725c4869ebec8cc0b5ce9e3
fa70e1614aed8ae3b0463b4d9884de60fd528951a068e6a13a60a329ef93face

HTTP Headers

GET /static/yts/images/website/icon-search.svg HTTP/1.1
Host: en.yts-official.mx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yts-official.mx/static/yts/style/minified.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:29:44 GMT
content-type: image/svg+xml
last-modified: Mon, 19 Feb 2024 03:18:39 GMT
etag: W/"65d2c88f-37e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6818
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzSuYShOzugM7TTC66qKDuODMkL25LIMriNI56XzqzsijjjqloV%2BLKxzCTHCIvuFAyz0SrTH67qLXeok3WmUdZCJKSKyYgDu%2FTQg1kjDIHWFzN2hwy9%2FLOGBjtOiQ6JF4HBp50A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea36f28ac10afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size