| gitus.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 | 78.135.87.2 | 200 OK | 14 kB |
URL GET HTTP/3gitus.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeASCII text, with very long lines (59701) Hash51a8390b47aa0582cf2d9c96c5addee2 b16a640874025d085c38119a1a02a3460f83f2de 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 21:57:56 GMT
content-type: text/css
last-modified: Sat, 06 Apr 2024 01:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14071
date: Wed, 08 May 2024 21:57:56 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
|
|
| gitus.net/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 | 78.135.87.2 | 200 OK | 4.4 kB |
URL GET HTTP/3gitus.net/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeASCII text, with very long lines (19564), with no line terminators Hash867585929ee8b21749cdefa675d9aa11 afbd7bc967068d4e804641f4b1df78ab37417144 bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d
GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 21:57:56 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 18:24:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4416
date: Wed, 08 May 2024 21:57:56 GMT
|
|
| gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 | 78.135.87.2 | 200 OK | 1.5 kB |
URL GET HTTP/3gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeJavaScript source, ASCII text, with very long lines (6957), with no line terminators Hash70bb4fab119eb133cae33105b69f65cb 0c78a77e06be020674ca82d28b02a712615f7b35 395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936
GET /wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 21:57:56 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 18:24:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1546
date: Wed, 08 May 2024 21:57:56 GMT
|
|
| gitus.net/play.png | 78.135.87.2 | 200 OK | 40 kB |
IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typePNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced Hash1548e0a529c859d60164557c1619a60e 773b667e66c8a712673e5f26e3e0f10483edfaaa f9ed0ce815f22787aa1ad1abc0fb9988aa6e6b66200ca6146f1585883a40a10d
GET /play.png HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 21:57:56 GMT
content-type: image/png
last-modified: Mon, 22 Apr 2024 18:17:44 GMT
accept-ranges: bytes
content-length: 39992
date: Wed, 08 May 2024 21:57:56 GMT
|
|
| gitus.net/wp-content/uploads/2023/05/telegram-channel-300x96.webp | 78.135.87.2 | 200 OK | 5.8 kB |
URL GET HTTP/3gitus.net/wp-content/uploads/2023/05/telegram-channel-300x96.webp IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x96, Scaling: [none]x[none], YUV color, decoders should clamp Hash19927eb618d6d8a5f00c81509a1ab3b0 21316c888dafe934f19c4d010c71c6c2a22ab26d 246018f0503266eae1b1dfe2a1a3ab030c78a5d52d954eea666ac5dc3546b311
GET /wp-content/uploads/2023/05/telegram-channel-300x96.webp HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 21:57:56 GMT
content-type: image/webp
last-modified: Sun, 28 May 2023 09:41:28 GMT
accept-ranges: bytes
content-length: 5792
date: Wed, 08 May 2024 21:57:56 GMT
|
|
| continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js IP172.240.127.234:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectcontinentalfinishdislike.com FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31310), with no line terminators Hash8716253ef07b6b34a3ff28b751447239 cce669afa940481ee06a0b58ba27e4fe31a845b8 c224cd9fd9253f80bad77422b7859d8bc70eec81c6867ca7b819e3d3f2e97f02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /0628c4627ca50d7aec78b63c9d6947bc/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:57:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fee84ab095a118208c107b95885cc4ab
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash17d83a6a1ce5ec032b9d0be6c8c68106 9b412e1c9f9694753b73daa262811ec4c420e7d1 935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 21:57:59 GMT
Last-Modified: Wed, 08 May 2024 20:24:43 GMT
Server: ECAcc (ska/F77E)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WA0gti3h7qEDvOdO5Ql01ezsZsieZncSTHdwIO1wQY0e6ea5OEgaJQ==
Age: 5596
|
|
| proftrafficcounter.com/stats | 52.57.164.94 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.57.164.94:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hasha5190635db3aec581850193936154f09 072d5274f7579c02c9d97419752327c2ea123b14 be34ed17a3bb822a04126049acae37d0682b6d5d4b205bd8e02f208b5d4ce936
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:57:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitus.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; expires=Sat, 06 May 2034 21:57:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js IP172.240.127.234:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectcontinentalfinishdislike.com FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31284), with no line terminators Hash47f10a934aabd55e1e6c686ff1f7a104 8befd6db8c7b4d59e56d5f9186201ba5da975c60 5761df6293ac66f32ce752bed1668dee4c4bfc113ae362cceda29659752439f7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /b11545e588bb39ae3149b6e82aed3eb2/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:57:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e28832c7ebabe8ac2f1dcecf252f8087
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js IP172.240.127.234:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectcontinentalfinishdislike.com FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31298), with no line terminators Hash6fefd7945dbd968a24cd0152190ef4bf 9844c13d37386b5b7ca56f1d7129a20a8136c5d7 6ba2cacd74de78fc0f30278ca72e8c926da9855a353eb385150f4ad71999acf5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /871902a25f4f75ff642515ce6baf163b/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:57:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c19d9d343773ed052ccd1b722c4990b5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 | 78.135.87.2 | 200 OK | 4.7 kB |
URL GET HTTP/3gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeJavaScript source, ASCII text, with very long lines (15752) Hashb976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 15 May 2024 21:57:57 GMT
content-type: application/javascript
last-modified: Sat, 06 Apr 2024 01:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4676
date: Wed, 08 May 2024 21:57:57 GMT
|
|
| astronomybreathlessmisunderstand.com/watch.1039790154200.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.108.76 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1astronomybreathlessmisunderstand.com/watch.1039790154200.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.108.76:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectastronomybreathlessmisunderstand.com FingerprintDB:F1:11:8A:FD:9C:37:6B:1C:13:3D:8D:D7:1D:F5:09:0E:2B:DD:48 ValidityMon, 06 May 2024 12:49:33 GMT - Sun, 04 Aug 2024 12:49:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1039790154200.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: astronomybreathlessmisunderstand.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://astronomybreathlessmisunderstand.com/watch.1039790154200.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=d983eaec20ca802cd50b8056bbb4ea330dc77d28e942b77324078803b5c72dae6f75857623fe39fef3e57c13d36ae2299c4bcd4c2a2f8ad349268f21746af07db3d2d038ccc39c543dc64a0f41ec907a047bcd0fb3ecbd60890256108580&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1
Set-Cookie: u_pl=18294299; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI5OSwiayI6IjA2MjhjNDYyN2NhNTBkN2FlYzc4YjYzYzlkNjk0N2JjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ0bnNkcjBweGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz1UMDMwNDI0IiwiYXIiOltdfX0.nJQS-a-86aOIwAjzhF9xZgRvfjglRniGLpLWxh-VMac; expires=Wed, 08 May 2024 21:59:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5a6187479fbfdbeed29067dfa7126af6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| feudalplastic.com/watch.405841556071.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.127.234 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1feudalplastic.com/watch.405841556071.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.127.234:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectfeudalplastic.com Fingerprint1D:80:AF:E2:81:A7:77:93:2F:DE:4D:9D:B6:42:F5:8B:EA:BB:0F:A7 ValidityMon, 06 May 2024 08:13:24 GMT - Sun, 04 Aug 2024 08:13:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.405841556071.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: feudalplastic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://feudalplastic.com/watch.405841556071.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=1b9e09cd329ffa52e4b3db0a122334ce1d6314a6f03b9fdd0087391f509eb742526327da06135e52d666fac35c2e511a632c9b5f79d3a538d19b4751e7f6c625ddf08b5a6cfe86ff3e3ba064a667a06a789dda2e6d62d65cfe6dd8dcc2d9&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1
Set-Cookie: u_pl=18294265; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI2NSwiayI6ImIxMTU0NWU1ODhiYjM5YWUzMTQ5YjZlODJhZWQzZWIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im01NzlqYWpoaCIsImNwa3MiOnsiMjkiOiI5MjYzZTBjYThmMjhmMDIzMzQwYzE0NmMxMmY2YjU0NCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz1UMDMwNDI0IiwiYXIiOltdfX0.pB1u8bwFwSXFFbeVdq4ZyxdUp40xpn500BcbCxQBYGI; expires=Wed, 08 May 2024 21:59:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f32a6c9c3ddb6d1554b5f25fb5595579
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| feudalplastic.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js | 172.240.127.234 | 200 OK | 16 kB |
URL GET HTTP/1.1feudalplastic.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js IP172.240.127.234:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectfeudalplastic.com Fingerprint1D:80:AF:E2:81:A7:77:93:2F:DE:4D:9D:B6:42:F5:8B:EA:BB:0F:A7 ValidityMon, 06 May 2024 08:13:24 GMT - Sun, 04 Aug 2024 08:13:23 GMT
File typeJavaScript source, ASCII text, with very long lines (44040), with no line terminators Hashb1bc13c531b53882414a1114a9640d3f 78aac00bece1f55fb872375f827973b6cc769286 eca667546949788e49381fc91b8c3cbaf3082a2dfb5a5c217480189aade77d69
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /92/63/e0/9263e0ca8f28f023340c146c12f6b544.js HTTP/1.1
Host: feudalplastic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f67817b36e5bc314754e332ebc2b1def
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| lifetimeagriculturalproducer.com/watch.104355296092.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1lifetimeagriculturalproducer.com/watch.104355296092.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectlifetimeagriculturalproducer.com FingerprintB1:00:CB:CF:6F:C1:E3:CD:FA:E3:5B:47:C8:D6:55:01:F7:14:93:83 ValidityMon, 06 May 2024 12:50:20 GMT - Sun, 04 Aug 2024 12:50:19 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.104355296092.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&tz=0&dev=e&res=14.2071&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: lifetimeagriculturalproducer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://lifetimeagriculturalproducer.com/watch.104355296092.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=49568a70a0e9f94a439ca01a04c2654689d21de8ef2fba16df90910d811c9b158234385843734c6167cecca87c94cc7cc21b5b3ca81674c763020520d98a0786aa4b70db57a9db294ea6e0303b78d5ac42f46e8c5a0f226ea48aad277c1e306692&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1
Set-Cookie: u_pl=18366955; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2Njk1NSwiayI6Ijg3MTkwMmEyNWY0Zjc1ZmY2NDI1MTVjZTZiYWYxNjNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiOW5uZzA3a2ViIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0dXMubmV0L3dhdGNoLz89VDAzMDQyNCIsImFyIjpbXX19.mMZMDrCExInGeoDHdDFLOAG9GKwyLvC4_mQqRDFX7pU; expires=Wed, 08 May 2024 21:59:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 443f739b1a06792b76cdd734567c90ac
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| feudalplastic.com/watch.405841556071.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=1b9e09cd329ffa52e4b3db0a122334ce1d6314a6f03b9fdd0087391f509eb742526327da06135e52d666fac35c2e511a632c9b5f79d3a538d19b4751e7f6c625ddf08b5a6cfe86ff3e3ba064a667a06a789dda2e6d62d65cfe6dd8dcc2d9&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.127.234 | 200 OK | 2.1 kB |
URL GET HTTP/1.1feudalplastic.com/watch.405841556071.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=1b9e09cd329ffa52e4b3db0a122334ce1d6314a6f03b9fdd0087391f509eb742526327da06135e52d666fac35c2e511a632c9b5f79d3a538d19b4751e7f6c625ddf08b5a6cfe86ff3e3ba064a667a06a789dda2e6d62d65cfe6dd8dcc2d9&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.127.234:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectfeudalplastic.com Fingerprint1D:80:AF:E2:81:A7:77:93:2F:DE:4D:9D:B6:42:F5:8B:EA:BB:0F:A7 ValidityMon, 06 May 2024 08:13:24 GMT - Sun, 04 Aug 2024 08:13:23 GMT
File typeJavaScript source, ASCII text, with very long lines (2635) Hash5704eeb2ab6fd25df074d568f5c8b376 8a2c8c65882adac9ac83916adde316fafcd0e530 8258cad9cbe073784091bb56fc6a8a040c9e14e312ac0c45d4bc0b1c759c4695
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.405841556071.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=1b9e09cd329ffa52e4b3db0a122334ce1d6314a6f03b9fdd0087391f509eb742526327da06135e52d666fac35c2e511a632c9b5f79d3a538d19b4751e7f6c625ddf08b5a6cfe86ff3e3ba064a667a06a789dda2e6d62d65cfe6dd8dcc2d9&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: feudalplastic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18294265; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI2NSwiayI6ImIxMTU0NWU1ODhiYjM5YWUzMTQ5YjZlODJhZWQzZWIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im01NzlqYWpoaCIsImNwa3MiOnsiMjkiOiI5MjYzZTBjYThmMjhmMDIzMzQwYzE0NmMxMmY2YjU0NCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz1UMDMwNDI0IiwiYXIiOltdfX0.pB1u8bwFwSXFFbeVdq4ZyxdUp40xpn500BcbCxQBYGI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; expires=Wed, 15 May 2024 21:58:00 GMT; secure; SameSite=None
iprce2aaf70d5269c1ab133ddaf9bdbb1ab8=3569806; expires=Thu, 09 May 2024 01:58:00 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fbe1da5a0f3c91288590fa79e8e4f1a5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| my.rtmark.net/gid.js?userId=00805660901c4debfe5f997c866649be | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=00805660901c4debfe5f997c866649be IP139.45.195.8:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashfbc45b1611eaf29695911a5fc9def61d 328aeade98d6170ed55d2122bf20325599424c79 c650bafc783decf6337afe1d04226f91d8596da500f2997cc141e3db8d1c05ac
GET /gid.js?userId=00805660901c4debfe5f997c866649be HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:58:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://gitus.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00805660901c4debfe5f997c866649be; expires=Thu, 08 May 2025 21:58:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| astronomybreathlessmisunderstand.com/watch.1039790154200.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=d983eaec20ca802cd50b8056bbb4ea330dc77d28e942b77324078803b5c72dae6f75857623fe39fef3e57c13d36ae2299c4bcd4c2a2f8ad349268f21746af07db3d2d038ccc39c543dc64a0f41ec907a047bcd0fb3ecbd60890256108580&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.108.76 | 200 OK | 2.0 kB |
URL GET HTTP/1.1astronomybreathlessmisunderstand.com/watch.1039790154200.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=d983eaec20ca802cd50b8056bbb4ea330dc77d28e942b77324078803b5c72dae6f75857623fe39fef3e57c13d36ae2299c4bcd4c2a2f8ad349268f21746af07db3d2d038ccc39c543dc64a0f41ec907a047bcd0fb3ecbd60890256108580&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.108.76:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectastronomybreathlessmisunderstand.com FingerprintDB:F1:11:8A:FD:9C:37:6B:1C:13:3D:8D:D7:1D:F5:09:0E:2B:DD:48 ValidityMon, 06 May 2024 12:49:33 GMT - Sun, 04 Aug 2024 12:49:32 GMT
File typeJavaScript source, ASCII text, with very long lines (2454) Hash909cfe964fa3b4721119f243f94e3314 c54125449d7ce225a429e475f3ec85188d1378a4 4505287111c4f8a832f7c95f3af4e61641e3e4a15d23d7f3c46532d9e2620c67
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1039790154200.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=d983eaec20ca802cd50b8056bbb4ea330dc77d28e942b77324078803b5c72dae6f75857623fe39fef3e57c13d36ae2299c4bcd4c2a2f8ad349268f21746af07db3d2d038ccc39c543dc64a0f41ec907a047bcd0fb3ecbd60890256108580&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: astronomybreathlessmisunderstand.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18294299; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI5OSwiayI6IjA2MjhjNDYyN2NhNTBkN2FlYzc4YjYzYzlkNjk0N2JjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ0bnNkcjBweGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz1UMDMwNDI0IiwiYXIiOltdfX0.nJQS-a-86aOIwAjzhF9xZgRvfjglRniGLpLWxh-VMac
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; expires=Wed, 15 May 2024 21:58:00 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
pdhtkv27=true; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
uncs27=1; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 399a1f539988180bf11adf7e15f506c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| glakaits.net/5/7156415/?oo=1&js_build=iclick-v1.790.0 | 139.45.197.242 | 200 OK | 35 kB |
URL GET HTTP/2glakaits.net/5/7156415/?oo=1&js_build=iclick-v1.790.0 IP139.45.197.242:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectglakaits.net Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02 ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT
File typegzip compressed data, max speed, from Unix Hashfe2268ac1ad622e83200f16f3864204a 26fbaf12fed97d43e9717cc5e078babd499ef5a0 8fa270c42922cd0e98e9d3f943d578de138ba84b0b5f27cfc630a43031db49f8
GET /5/7156415/?oo=1&js_build=iclick-v1.790.0 HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:58:00 GMT
content-type: application/json
x-trace-id: 498ddcdd33eb9a5f83227d62fedac9ee
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://gitus.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805660901c4debfe5f997c866649be; expires=Thu, 08 May 2025 21:58:00 GMT; path=/; secure; SameSite=None
oaidts=1715205480; expires=Thu, 08 May 2025 21:58:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.10 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:00 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Fri, 10 May 2024 21:58:00 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| lifetimeagriculturalproducer.com/watch.104355296092.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=49568a70a0e9f94a439ca01a04c2654689d21de8ef2fba16df90910d811c9b158234385843734c6167cecca87c94cc7cc21b5b3ca81674c763020520d98a0786aa4b70db57a9db294ea6e0303b78d5ac42f46e8c5a0f226ea48aad277c1e306692&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.108.84 | 200 OK | 2.0 kB |
URL GET HTTP/1.1lifetimeagriculturalproducer.com/watch.104355296092.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=49568a70a0e9f94a439ca01a04c2654689d21de8ef2fba16df90910d811c9b158234385843734c6167cecca87c94cc7cc21b5b3ca81674c763020520d98a0786aa4b70db57a9db294ea6e0303b78d5ac42f46e8c5a0f226ea48aad277c1e306692&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectlifetimeagriculturalproducer.com FingerprintB1:00:CB:CF:6F:C1:E3:CD:FA:E3:5B:47:C8:D6:55:01:F7:14:93:83 ValidityMon, 06 May 2024 12:50:20 GMT - Sun, 04 Aug 2024 12:50:19 GMT
File typeJavaScript source, ASCII text, with very long lines (2477) Hash582d72e4c14152e082032defd94d80b1 b3c5aead1b49b99c24225817e7cdc70534b34fdc 75c6aff7d844c5828ac830d69ce789099720dbb86198d384656513056e8a1727
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.104355296092.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715205540&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&res=14.2071&rmtc=t&shu=49568a70a0e9f94a439ca01a04c2654689d21de8ef2fba16df90910d811c9b158234385843734c6167cecca87c94cc7cc21b5b3ca81674c763020520d98a0786aa4b70db57a9db294ea6e0303b78d5ac42f46e8c5a0f226ea48aad277c1e306692&tz=0&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: lifetimeagriculturalproducer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18366955; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2Njk1NSwiayI6Ijg3MTkwMmEyNWY0Zjc1ZmY2NDI1MTVjZTZiYWYxNjNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiOW5uZzA3a2ViIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0dXMubmV0L3dhdGNoLz89VDAzMDQyNCIsImFyIjpbXX19.mMZMDrCExInGeoDHdDFLOAG9GKwyLvC4_mQqRDFX7pU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; expires=Wed, 15 May 2024 21:58:00 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
pdhtkv32=true; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
uncs32=1; expires=Thu, 09 May 2024 21:58:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4adb7dbe65426be807e21e8e97a5518e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| gitus.net/favicon.ico | 78.135.87.2 | 404 Not Found | 708 B |
IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash2382378378c002d88b9a507c712c3349 2e894db3808b554abadc8b144338ad9e2ea937ba 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
GET /favicon.ico HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=T030424
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1; prefetchAd_7156415=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Wed, 08 May 2024 21:57:58 GMT
|
|
| downstairsnegotiatebarren.com/sfp.js | 104.21.35.227 | 200 OK | 46 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP104.21.35.227:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f18e6b20f46d5eb4b05f4d16b91a64b8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 May 2024 21:57:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nvwlqH58w15etPcq86mF6pbj0iGYxEnWYds%2B4oH%2BuGUVLSubjjkbVk5oCtOHVcPetWyGrYNP7Z47xJBXRJr6XYFr1TPWN7yIee%2F9ZFNVKwBGykEg4OLy%2FB%2FI1BimFVThh0U01c2Ir4Xc0zpjYtYQ0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb56b6f6f56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21 | 192.243.59.20 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 21:58:01 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6bc7e3b32a235d8d4c664f9f783c5a15
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| restlessidea.com/sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 | 172.240.108.84 | 200 OK | 8.1 kB |
URL GET HTTP/1.1restlessidea.com/sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hash2cf67194a07edebb2325ec24cc145c8a da1622104daffb0a1f35766149656ed35ed350f6 1d6895e66edaf8ea6c8f270bbcee246042105061c6b256e250f99d30a2be29c0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7%3A3%3A1 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18829199; expires=Thu, 09 May 2024 21:58:15 GMT; secure; SameSite=None
uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; expires=Wed, 15 May 2024 21:58:15 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 21:58:15 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 21:58:15 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 May 2024 21:58:15 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 May 2024 21:58:15 GMT; secure; SameSite=None
slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]; expires=Wed, 08 May 2024 21:58:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81227ba74ed59593245a48ba2bcc184e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| restlessidea.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3sztd%2FihRBBUHMGDQna2u6ene8YcQmKyElyz%2BeM%2FUJDqqupJuTVdbVX39OyelixIPDnoQfDU%2B81ultUgetdEZgM5LAg7nvbggh7EoyDmLDNZXHyHeu%2FV9xV89b338WZxRHwU9PDiG3pNKkUXWg23%2FtK7nne2viTTYlAftMMPwuBs3fRf6YQN9%2BX6a4Kt6AXf9VzXc736ojQi0YOFKQiZ3e14jY7bCPyG1wowMP%2FtbeHAUge8f0SehOST2gPnNCQbI%2B19e1HYlVxnZy71CkVzbdDnO2%2BlK6kuU%2FROysQ4SNKdYza0PVi8B51uz%2BRC9%2F8lxnJCnIf3EKc7xyIR97dmOmMFkSLm%2F0PZH0OoMSQdg%2BkNSH5AAMZxZRlp784VbUq6%2BhilU3RCao%2F%2BgiwnpPbLaaS9by4oOajf0KrIpU4tBkkFORhDdsfIij3ka3OQ5R5YfguS%2F0QWHi0h7W0tW6Uh%2BeGLPgt4EAk2zyJPzAcRc%2Bc7LG7N81YzEVEz6vA4mhkk5RgyGUOJIag9hcI6KKSDInFQZA56%2FLDOPM%2BLXM6o2%2B4w1uSRiEPuejRKPOq5YRsFm%2F5hiDwbgqkhmFlHZtaxIocwxY%2BwNytYfgo2nxDn2kfo8wqlICgtQUkJSklQ5gRlv9rmyvq2usOVLWLvOPvHuVmNdN7dpNs674qUgJohDK82syPyxNRE5%2FnlT7EiDusdP2wKl9F24rcT1282A5d5Qcg8PwnjVhDAygrSzoFaB2tyQl7Y%2FRKZPDj%2FB2K6B6v2wORToMVzoGUFerPCWrrblXlhG6nIwXWFLK8hX3U21RF5ZjbB5Y0cgu2f%2B%2B3t2tOf59%2BDmQqZqfChfEDQVbdH13VJtq7r0pLvlrNc9uQanU73Rk5zUfvqdbFaasMvX7TD3fNsCkzLu28Kmy%2FRlMu0a8nXFyTnwixqwwT54bJ9R8RXC3vzQmHSIlu6%2Buri5V5mhLVSp2NQeXDpCzA5If%2B%2F%2F%2F5sbc%2B89zukGcMUFXrFPjkOSL0Hlq3DZvvnfn347CejW9dgNYFRJ5w4c1AW1cj48cmlkgRKnPQ0rmDFiQWx2L%2F%2F52NsZOj0NZXVpr2NrpkDzTeQ9ir0TYW%2BqkDVELY4Ncozs3%2Fu5%2BYsEKu5UazM3FasjPpsZvL0MLDysB41my4NOy0viqiI4sBvJ6HHKfWD0A9D2kRuJ8nZv8t%2FAAAA%2F%2F8BAAD%2F%2F7%2F44C2QBAAA | 172.240.108.84 | 200 OK | 7 B |
URL GET HTTP/1.1restlessidea.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3sztd%2FihRBBUHMGDQna2u6ene8YcQmKyElyz%2BeM%2FUJDqqupJuTVdbVX39OyelixIPDnoQfDU%2B81ultUgetdEZgM5LAg7nvbggh7EoyDmLDNZXHyHeu%2FV9xV89b338WZxRHwU9PDiG3pNKkUXWg23%2FtK7nne2viTTYlAftMMPwuBs3fRf6YQN9%2BX6a4Kt6AXf9VzXc736ojQi0YOFKQiZ3e14jY7bCPyG1wowMP%2FtbeHAUge8f0SehOST2gPnNCQbI%2B19e1HYlVxnZy71CkVzbdDnO2%2BlK6kuU%2FROysQ4SNKdYza0PVi8B51uz%2BRC9%2F8lxnJCnIf3EKc7xyIR97dmOmMFkSLm%2F0PZH0OoMSQdg%2BkNSH5AAMZxZRlp784VbUq6%2BhilU3RCao%2F%2BgiwnpPbLaaS9by4oOajf0KrIpU4tBkkFORhDdsfIij3ka3OQ5R5YfguS%2F0QWHi0h7W0tW6Uh%2BeGLPgt4EAk2zyJPzAcRc%2Bc7LG7N81YzEVEz6vA4mhkk5RgyGUOJIag9hcI6KKSDInFQZA56%2FLDOPM%2BLXM6o2%2B4w1uSRiEPuejRKPOq5YRsFm%2F5hiDwbgqkhmFlHZtaxIocwxY%2BwNytYfgo2nxDn2kfo8wqlICgtQUkJSklQ5gRlv9rmyvq2usOVLWLvOPvHuVmNdN7dpNs674qUgJohDK82syPyxNRE5%2FnlT7EiDusdP2wKl9F24rcT1282A5d5Qcg8PwnjVhDAygrSzoFaB2tyQl7Y%2FRKZPDj%2FB2K6B6v2wORToMVzoGUFerPCWrrblXlhG6nIwXWFLK8hX3U21RF5ZjbB5Y0cgu2f%2B%2B3t2tOf59%2BDmQqZqfChfEDQVbdH13VJtq7r0pLvlrNc9uQanU73Rk5zUfvqdbFaasMvX7TD3fNsCkzLu28Kmy%2FRlMu0a8nXFyTnwixqwwT54bJ9R8RXC3vzQmHSIlu6%2Buri5V5mhLVSp2NQeXDpCzA5If%2B%2F%2F%2F5sbc%2B89zukGcMUFXrFPjkOSL0Hlq3DZvvnfn347CejW9dgNYFRJ5w4c1AW1cj48cmlkgRKnPQ0rmDFiQWx2L%2F%2F52NsZOj0NZXVpr2NrpkDzTeQ9ir0TYW%2BqkDVELY4Ncozs3%2Fu5%2BYsEKu5UazM3FasjPpsZvL0MLDysB41my4NOy0viqiI4sBvJ6HHKfWD0A9D2kRuJ8nZv8t%2FAAAA%2F%2F8BAAD%2F%2F7%2F44C2QBAAA IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReu3sztd%2FihRBBUHMGDQna2u6ene8YcQmKyElyz%2BeM%2FUJDqqupJuTVdbVX39OyelixIPDnoQfDU%2B81ultUgetdEZgM5LAg7nvbggh7EoyDmLDNZXHyHeu%2FV9xV89b338WZxRHwU9PDiG3pNKkUXWg23%2FtK7nne2viTTYlAftMMPwuBs3fRf6YQN9%2BX6a4Kt6AXf9VzXc736ojQi0YOFKQiZ3e14jY7bCPyG1wowMP%2FtbeHAUge8f0SehOST2gPnNCQbI%2B19e1HYlVxnZy71CkVzbdDnO2%2BlK6kuU%2FROysQ4SNKdYza0PVi8B51uz%2BRC9%2F8lxnJCnIf3EKc7xyIR97dmOmMFkSLm%2F0PZH0OoMSQdg%2BkNSH5AAMZxZRlp784VbUq6%2BhilU3RCao%2F%2BgiwnpPbLaaS9by4oOajf0KrIpU4tBkkFORhDdsfIij3ka3OQ5R5YfguS%2F0QWHi0h7W0tW6Uh%2BeGLPgt4EAk2zyJPzAcRc%2Bc7LG7N81YzEVEz6vA4mhkk5RgyGUOJIag9hcI6KKSDInFQZA56%2FLDOPM%2BLXM6o2%2B4w1uSRiEPuejRKPOq5YRsFm%2F5hiDwbgqkhmFlHZtaxIocwxY%2BwNytYfgo2nxDn2kfo8wqlICgtQUkJSklQ5gRlv9rmyvq2usOVLWLvOPvHuVmNdN7dpNs674qUgJohDK82syPyxNRE5%2FnlT7EiDusdP2wKl9F24rcT1282A5d5Qcg8PwnjVhDAygrSzoFaB2tyQl7Y%2FRKZPDj%2FB2K6B6v2wORToMVzoGUFerPCWrrblXlhG6nIwXWFLK8hX3U21RF5ZjbB5Y0cgu2f%2B%2B3t2tOf59%2BDmQqZqfChfEDQVbdH13VJtq7r0pLvlrNc9uQanU73Rk5zUfvqdbFaasMvX7TD3fNsCkzLu28Kmy%2FRlMu0a8nXFyTnwixqwwT54bJ9R8RXC3vzQmHSIlu6%2Buri5V5mhLVSp2NQeXDpCzA5If%2B%2F%2F%2F5sbc%2B89zukGcMUFXrFPjkOSL0Hlq3DZvvnfn347CejW9dgNYFRJ5w4c1AW1cj48cmlkgRKnPQ0rmDFiQWx2L%2F%2F52NsZOj0NZXVpr2NrpkDzTeQ9ir0TYW%2BqkDVELY4Ncozs3%2Fu5%2BYsEKu5UazM3FasjPpsZvL0MLDysB41my4NOy0viqiI4sBvJ6HHKfWD0A9D2kRuJ8nZv8t%2FAAAA%2F%2F8BAAD%2F%2F7%2F44C2QBAAA HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:15 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 60bdcdb6b1b87762e265989d10840889
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=643 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=643 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Findex.html&l=1421&fd=643 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif | 188.114.97.1 | 200 OK | 206 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeGIF image data, version 89a, 480 x 360 Size206 kB (206291 bytes) Hash0b33face774f2203446507ce5f075538 1dd3522529bce7739df0687f47f5bc84356698a0 ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 02 Feb 2024 15:33:57 GMT
etag: "65bd0b65-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 555070
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNNLmrb44KxZSh5gyrH%2FIro0j%2B%2B%2BUrYxIWxEiLhNdzhPjMsZzOjRdQdturgN7%2BGHDGv4USBOMgOwCk9iOgwaFVDMFdkcNuv4%2FGeDfZwvBTEW8eHYdVFCO68QE1vh0Y6qWdGpEyuD9HkP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5d19bcd5691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css | 188.114.97.1 | 200 OK | 4.9 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash5982c5377696d20476871062646b253f 8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242 4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: text/css
last-modified: Fri, 02 Feb 2024 15:33:52 GMT
etag: W/"65bd0b60-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7uMtJzlz2kHzIaXgEMXmQ6yrMZL%2Fusa5Wv%2F9rayvcXDtgP6oq0Ph7Dt7Kr%2FEPJlO9yN9cJY5g8MzflY42kkhlFbQIsiOdmdT1QhooGTxbUqCkwHz1Oac8ANL7CngfmKnRhwqKnA5tb%2BS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5d14b875691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash8ad348dfd1ff674a3e5d2d000a2e1480 e2140b067fc1a2bd278a9cc8ddb064a3eb9ac4a6 c5d367d9f52b99eeccb55a25220687fe1e5600c6bfd6ed854cab0b1c71aa28b6
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 21:58:16 GMT
date: Wed, 08 May 2024 21:58:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=353 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=353 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fjs%2Fscript.js&l=1974&fd=353 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=379 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=379 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fstyle.css&l=3821&fd=379 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeSVG Scalable Vector Graphics image Hashb3011bde2653e373d1150594a8bbd06d e47948cdb4d6ecf6257106805e690e3bf0211317 6499ec40e3f2ac55bf1b5c9a2dbbc212adb74114645bccac0373074f98ef8a01
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Feb 2024 15:33:55 GMT
etag: W/"65bd0b63-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 555070
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YHbHmGLYFVjt5rCcbyvWWKTCiCV5kBc7o5KIrQpNkYSdaHW7ivl5RWENxty5X0I4HobvRb3NxELxEREZ0O61R6h75cpCOtjp20rATMwR4oWKGktiT8FASnuRZHgPL%2F9CjWsNJfEXIjmK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5d19bc95691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.yourwebbars.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html | 104.26.7.19 | 200 OK | 16 kB |
URL GET HTTP/2cdn.yourwebbars.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html IP104.26.7.19:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49 ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text Hashcf1a8fca3908d54a23e90ecff0495a94 5ea9f042a953c2c73d6f822ecc1a362b579b6b45 ba1c5918f0ad2a1bf7852b8dd9403b17be4c069cf862768cb05812a97ce0a6c2
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: text/html
last-modified: Thu, 02 May 2024 09:30:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FCJ7ZQ0dNQgGdAp6kWC%2BNgFq8pszxHJ1W4t7wXFeZj8cbrKRMAMFsWGJOJabNqD5IWcyCnX3kUdaIUunK69Mgm8bjl%2F3QUydvlV%2FgtbafUV59KwbYjsj%2F37veUNvGgW%2FdDBB5xY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5ccc8c0712b-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg | 188.114.97.1 | 200 OK | 998 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeSVG Scalable Vector Graphics image Hash730e6377072b77d80bca30d96fb63b27 64bf5fa49e24ff2f79ad9152f3ef7bd7baab5ad0 bb461ad12e6f931815042b57a447b64e8d3a06d1576c1f7c79b9c7e5a42a8b34
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/img/logo.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: image/svg+xml
last-modified: Thu, 02 May 2024 09:24:12 GMT
etag: W/"66335bbc-c87"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 555070
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LYHRgziDWUQddYp2iActex0Ov0KLWvSual1fCYENO02cU51Kra4eDt3q8307sEGDtcsCrL6087LxWkJqypM6VfOI2II7CX6FVkdYR09SrGogfZlRMUL%2FtlxLnF8nFgKZQj8hS4bnrB9C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5d19bd45691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| restlessidea.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzs7td%2FihrCCoOIIHhc2ke6bnn3tYNmYjwbjZP%2F4DBal%2FPSlT09VWdU9PcgobkPXkoAfBU%2BebZEN0Eb3rrkwW9hAQMp5yMKAH8SiIe5aZDQbfod579X0FX33vfbydnZAqMnq88IbZUFrTuXrFL7%2F0bhBcLC%2BrOOuX%2B63GB43wYtn2Xmk3Kv7L5dckXzNzVT%2Fw%2FcAPyovKysj05yYgVHK3HVTafiWsVoJ6iL79b%2B8yD456EL0T8iSUGJceeOeh%2BAhx99sF6dZSk1y40s00TY1FT%2By9Fa%2FFJo%2FRPSsj6yGK907ZMO5o8R5MvDuVC9P7l8jUmHgP74HFe6ciwXo7U51MQ8Zg4n%2FIeyNIPYKiI3CzBSWOCMAFrq4g7t65amxO1x%2BjdIKOSenRX1D5mJR%2BOY%2B4%2B828Vv3yTaOzVJnYoR8VUP0RVGeEJDtAujEDlR%2BAp7egxE9k7tEy4u7OitMGShy%2FWOWhCJuSz%2FJmIGfDJvdn25zVZ0W9FslmrdkWrDk1SKkRVDSClgNQdw6Z85ApD1nkIUs8dMVxmQdB0PQFp36rzXlNNCVrCD%2BgzSiggd9oIeOTPwyQJgNwPQC3m0jsJtbUADb7EW61gBPn4NIx8a5%2FhJ4okEuC3BHklCBXBHlKkPeKXaFd1RV3hHYZC05z9TTXiqFJO9t016QdGRNQO4AVxXZyQp6YmOg9v%2FIp1uRxuV1t1KTPaSuqtiK%2FWquFPg%2FCBg%2BqUYPVwxBOFVBuBtR52FBj8sL%2Bl0jU0eU%2FwOgBnD4AV0%2BBZs%2BB5gXoaoGNeL%2Bj0sxVYplCmAJJWkK67m3rE%2FLMdIIrWykkP7z029ulpz9Pvwe3BRJb4EP1gKCjbw9vmJzs3DC5I9%2BtJKnqqg06me7NlKay9NXrcj03ViwtuMH%2BZT4BJuXdN6VLl2ksVNxx5Ot5JYS0i8ZySX5Ycu9Idi1zq%2FOZjbNk%2Bdqri0vdxErnlIlHoOroyhfgakz%2Bf%2F%2F96dpeeO93KDuCzQp0s0NyGlDmADzZhEsOL%2F368NlPhreuwxkCq884LPGQZ8XQVtnZpVYEWp71lBVw8swCJg%2Fv%2F%2FkYG1o6eU1Vse1uo2NnQNMtxN0CPVugpwtQPYDLzg3TxB5e%2Brk2DTA9M2TazuwwbfVnU5Mnh4VTx%2BWaL5pMRrLJZFgPI8kFq9eZzyPOaqLV4kjdOLr4d%2F4PAAAA%2F%2F8BAAD%2F%2Fz8sNcWQBAAA | 172.240.108.68 | 200 OK | 7 B |
URL GET HTTP/1.1restlessidea.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzs7td%2FihrCCoOIIHhc2ke6bnn3tYNmYjwbjZP%2F4DBal%2FPSlT09VWdU9PcgobkPXkoAfBU%2BebZEN0Eb3rrkwW9hAQMp5yMKAH8SiIe5aZDQbfod579X0FX33vfbydnZAqMnq88IbZUFrTuXrFL7%2F0bhBcLC%2BrOOuX%2B63GB43wYtn2Xmk3Kv7L5dckXzNzVT%2Fw%2FcAPyovKysj05yYgVHK3HVTafiWsVoJ6iL79b%2B8yD456EL0T8iSUGJceeOeh%2BAhx99sF6dZSk1y40s00TY1FT%2By9Fa%2FFJo%2FRPSsj6yGK907ZMO5o8R5MvDuVC9P7l8jUmHgP74HFe6ciwXo7U51MQ8Zg4n%2FIeyNIPYKiI3CzBSWOCMAFrq4g7t65amxO1x%2BjdIKOSenRX1D5mJR%2BOY%2B4%2B828Vv3yTaOzVJnYoR8VUP0RVGeEJDtAujEDlR%2BAp7egxE9k7tEy4u7OitMGShy%2FWOWhCJuSz%2FJmIGfDJvdn25zVZ0W9FslmrdkWrDk1SKkRVDSClgNQdw6Z85ApD1nkIUs8dMVxmQdB0PQFp36rzXlNNCVrCD%2BgzSiggd9oIeOTPwyQJgNwPQC3m0jsJtbUADb7EW61gBPn4NIx8a5%2FhJ4okEuC3BHklCBXBHlKkPeKXaFd1RV3hHYZC05z9TTXiqFJO9t016QdGRNQO4AVxXZyQp6YmOg9v%2FIp1uRxuV1t1KTPaSuqtiK%2FWquFPg%2FCBg%2BqUYPVwxBOFVBuBtR52FBj8sL%2Bl0jU0eU%2FwOgBnD4AV0%2BBZs%2BB5gXoaoGNeL%2Bj0sxVYplCmAJJWkK67m3rE%2FLMdIIrWykkP7z029ulpz9Pvwe3BRJb4EP1gKCjbw9vmJzs3DC5I9%2BtJKnqqg06me7NlKay9NXrcj03ViwtuMH%2BZT4BJuXdN6VLl2ksVNxx5Ot5JYS0i8ZySX5Ycu9Idi1zq%2FOZjbNk%2Bdqri0vdxErnlIlHoOroyhfgakz%2Bf%2F%2F96dpeeO93KDuCzQp0s0NyGlDmADzZhEsOL%2F368NlPhreuwxkCq884LPGQZ8XQVtnZpVYEWp71lBVw8swCJg%2Fv%2F%2FkYG1o6eU1Vse1uo2NnQNMtxN0CPVugpwtQPYDLzg3TxB5e%2Brk2DTA9M2TazuwwbfVnU5Mnh4VTx%2BWaL5pMRrLJZFgPI8kFq9eZzyPOaqLV4kjdOLr4d%2F4PAAAA%2F%2F8BAAD%2F%2Fz8sNcWQBAAA IP172.240.108.68:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzs7td%2FihrCCoOIIHhc2ke6bnn3tYNmYjwbjZP%2F4DBal%2FPSlT09VWdU9PcgobkPXkoAfBU%2BebZEN0Eb3rrkwW9hAQMp5yMKAH8SiIe5aZDQbfod579X0FX33vfbydnZAqMnq88IbZUFrTuXrFL7%2F0bhBcLC%2BrOOuX%2B63GB43wYtn2Xmk3Kv7L5dckXzNzVT%2Fw%2FcAPyovKysj05yYgVHK3HVTafiWsVoJ6iL79b%2B8yD456EL0T8iSUGJceeOeh%2BAhx99sF6dZSk1y40s00TY1FT%2By9Fa%2FFJo%2FRPSsj6yGK907ZMO5o8R5MvDuVC9P7l8jUmHgP74HFe6ciwXo7U51MQ8Zg4n%2FIeyNIPYKiI3CzBSWOCMAFrq4g7t65amxO1x%2BjdIKOSenRX1D5mJR%2BOY%2B4%2B828Vv3yTaOzVJnYoR8VUP0RVGeEJDtAujEDlR%2BAp7egxE9k7tEy4u7OitMGShy%2FWOWhCJuSz%2FJmIGfDJvdn25zVZ0W9FslmrdkWrDk1SKkRVDSClgNQdw6Z85ApD1nkIUs8dMVxmQdB0PQFp36rzXlNNCVrCD%2BgzSiggd9oIeOTPwyQJgNwPQC3m0jsJtbUADb7EW61gBPn4NIx8a5%2FhJ4okEuC3BHklCBXBHlKkPeKXaFd1RV3hHYZC05z9TTXiqFJO9t016QdGRNQO4AVxXZyQp6YmOg9v%2FIp1uRxuV1t1KTPaSuqtiK%2FWquFPg%2FCBg%2BqUYPVwxBOFVBuBtR52FBj8sL%2Bl0jU0eU%2FwOgBnD4AV0%2BBZs%2BB5gXoaoGNeL%2Bj0sxVYplCmAJJWkK67m3rE%2FLMdIIrWykkP7z029ulpz9Pvwe3BRJb4EP1gKCjbw9vmJzs3DC5I9%2BtJKnqqg06me7NlKay9NXrcj03ViwtuMH%2BZT4BJuXdN6VLl2ksVNxx5Ot5JYS0i8ZySX5Ycu9Idi1zq%2FOZjbNk%2Bdqri0vdxErnlIlHoOroyhfgakz%2Bf%2F%2F96dpeeO93KDuCzQp0s0NyGlDmADzZhEsOL%2F368NlPhreuwxkCq884LPGQZ8XQVtnZpVYEWp71lBVw8swCJg%2Fv%2F%2FkYG1o6eU1Vse1uo2NnQNMtxN0CPVugpwtQPYDLzg3TxB5e%2Brk2DTA9M2TazuwwbfVnU5Mnh4VTx%2BWaL5pMRrLJZFgPI8kFq9eZzyPOaqLV4kjdOLr4d%2F4PAAAA%2F%2F8BAAD%2F%2Fz8sNcWQBAAA HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd18a1d5c4f396b5bd99ded7567c4b14
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| gitus.net/watch/?=T030424 | 78.135.87.2 | 200 OK | 112 kB |
URL User Request GET HTTP/2gitus.net/watch/?=T030424 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeHTML document, ASCII text, with very long lines (8903), with CRLF, LF line terminators Size112 kB (111828 bytes) Hash7446bd3d609318ced151ab292ff348c3 8d99af93fe7b0a2d3e65ab5b7be0835a727389a8 d9e132eefd9e7be2bbe3864ec5d2901d72283a9a6cfe1306098c9c2247a1d1ba
GET /watch/?=T030424 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
x-ua-compatible: IE=edge
link: <https://gitus.net/wp-json/>; rel="https://api.w.org/", <https://gitus.net/wp-json/wp/v2/pages/34>; rel="alternate"; type="application/json", <https://gitus.net/?p=34>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 21:57:55 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| restlessidea.com/pixel/sbs?c=1 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1restlessidea.com/pixel/sbs?c=1 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 390580
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=230 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1restlessidea.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=230 IP172.240.108.84:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fandroid_bigsystem-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=230 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=2c4d47ec-c71e-47c0-9cb5-d53fe7379db7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9263e0ca8f28f023340c146c12f6b544=[5210996,5210994]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 21:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css | 188.114.97.1 | 200 OK | 3.8 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (4044), with no line terminators Hash56323b184b25c2b57812aa5b912181f9 afb759e4336deb21dfbb748697d2c822016f9a46 27a79b182eea9d8c755427f7529af66162dd9dc5c9fa7151ec99a1990bca2c97
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: text/css
last-modified: Thu, 02 May 2024 09:25:09 GMT
etag: W/"66335bf5-eed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQfETKAnGWosGGF6lrEL8loijercHiD5H5C4y4cn1YSnbL4VN38JYIY9t0zjwFBgFJk4zwlAJOR0%2Ffanr94ZaSzaNTyyWKAtRYAYEshmPQcr%2Bz7kyPHWwBt9%2B%2BO9hiZZ5VtJOuSrqHYo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5d15b8b5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js | 188.114.97.1 | 200 OK | 2.0 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeUnicode text, UTF-8 text, with very long lines (2089), with no line terminators Hashe4c03f54a0a78634b5e2f23f1eec9018 7353e6fae5f14418a944ff8d6b6994c0932ce2f3 551e623132d553bed7d021b1cf20583cef3af7b8c34ccaf0fc54ac66ad672562
GET /sb/notifications/gambling/unibet/android_bigsystem-confetti/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:16 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 09:29:09 GMT
etag: W/"66335ce5-7bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUgUpVs4mtOjv4dysEx%2Fo5RY1tIwQK0lx%2BnwU1C5b6NwFedoCVnHVGN7f1p4AXj%2Bg2v0P9LKGZpzjhmxxQd6fPqFEXPJDo5pNDDB3nRL6hdiEkqd5WzPVRD%2Fwh9sFpoz7YkQqkEUPgfe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb5d14b845691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| arvigorothan.com/tag.min.js | 172.67.150.119 | 200 OK | 90 kB |
URL GET HTTP/2arvigorothan.com/tag.min.js IP172.67.150.119:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subjectarvigorothan.com Fingerprint3A:2D:B5:82:D0:74:59:F6:A0:25:BC:11:72:CE:92:28:1A:77:F7:F3 ValiditySat, 13 Apr 2024 22:48:55 GMT - Fri, 12 Jul 2024 22:48:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash76c2a69970c22493395c731940cfe07c c009ced71ef13eccbca3583729ede2e58156894e 0cd441d1f29495f38b588ddb04e10283e04ea626e2c5b79783710998031576d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: arvigorothan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:57:59 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 432ea3f91c8b45bc0d7fd769b5d1152a
cache-control: max-age=86400
last-modified: Wed, 08 May 2024 11:49:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 May 2024 13:59:04 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 28735
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dQH8q1XKgZxgaOfdxRqjhQSd8W0IRecjfNvaAB23SEMWG8CK1oek0W6H7kpP9gwnvGyo7SyC6tQMs6BcSPwhrWifLCxR%2F7c90NJtzhGdYiZbijtqTW0pXQZ4oNNCMxgDzmCU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cb568c9cb5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| glakaits.net/?rb=JoWXSVXhb9d0lbDfeFq9EiNNR9LK3Wv0OjhojjFeYjkmJVenjbSplexN4D0OAPQZ__eP3ETo6So9p5dYBWsI8gGmUfdDPk46yEAG9XduPS5CvyNSpsnVrmlCRyrIRLh1oR85TEIuhW19GyKHOtDzTauzwQ7kTDkaVaPIqVfkxfMCHfO7IL9vcxZCv7S4IkFbHdiqOVJ0cqYWr348mN_mshDA9ZJoHYUJLcO7ge8DdY2mInzTmom5ucmaMqmP7auUQF5skw%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=2ee234f0-18ac-4c80-8e84-368e15ac9656&wasm=1&userId=00805660901c4debfe5f997c866649be&m=link | 139.45.197.242 | 200 OK | 2.7 kB |
URL GET HTTP/2glakaits.net/?rb=JoWXSVXhb9d0lbDfeFq9EiNNR9LK3Wv0OjhojjFeYjkmJVenjbSplexN4D0OAPQZ__eP3ETo6So9p5dYBWsI8gGmUfdDPk46yEAG9XduPS5CvyNSpsnVrmlCRyrIRLh1oR85TEIuhW19GyKHOtDzTauzwQ7kTDkaVaPIqVfkxfMCHfO7IL9vcxZCv7S4IkFbHdiqOVJ0cqYWr348mN_mshDA9ZJoHYUJLcO7ge8DdY2mInzTmom5ucmaMqmP7auUQF5skw%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=2ee234f0-18ac-4c80-8e84-368e15ac9656&wasm=1&userId=00805660901c4debfe5f997c866649be&m=link IP139.45.197.242:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectglakaits.net Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02 ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2704), with no line terminators Hashc8e328954ac9fad62fbf8838b6c82f78 b6d334170d6324d1896ebe4b33af2cfb622b88f7 ad60d53ab7decc78b04f298b6eb102fc021ec65a0b6a6e55ceb300eb8029ec83
GET /?rb=JoWXSVXhb9d0lbDfeFq9EiNNR9LK3Wv0OjhojjFeYjkmJVenjbSplexN4D0OAPQZ__eP3ETo6So9p5dYBWsI8gGmUfdDPk46yEAG9XduPS5CvyNSpsnVrmlCRyrIRLh1oR85TEIuhW19GyKHOtDzTauzwQ7kTDkaVaPIqVfkxfMCHfO7IL9vcxZCv7S4IkFbHdiqOVJ0cqYWr348mN_mshDA9ZJoHYUJLcO7ge8DdY2mInzTmom5ucmaMqmP7auUQF5skw%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3DT030424&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=2ee234f0-18ac-4c80-8e84-368e15ac9656&wasm=1&userId=00805660901c4debfe5f997c866649be&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gitus.net/
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Cookie: OAID=00805660901c4debfe5f997c866649be; oaidts=1715205480
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:58:00 GMT
content-type: application/json
x-trace-id: 476c630f82f557bc615cf5310b7d13ef
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://gitus.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00805660901c4debfe5f997c866649be; expires=Thu, 08 May 2025 21:58:00 GMT; path=/; secure; SameSite=None
oaidts=1715205480; expires=Thu, 08 May 2025 21:58:00 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 May 2024 21:58:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/33/1e/7d/331e7df06ed34c5dadcb95c6ac145c28/1707725978.png | 45.133.44.10 | 200 OK | 18 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/33/1e/7d/331e7df06ed34c5dadcb95c6ac145c28/1707725978.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced Hash03ea96877f5ff89c5fcdd891e178c1e5 321ce89fc61bbf8b1ace7152944e30fb12f4f09e 1d66da0681b3e4376468c15d364105602fd2d29b907bfeb3775a700f38f4ba98
GET /cti/33/1e/7d/331e7df06ed34c5dadcb95c6ac145c28/1707725978.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:00 GMT
content-type: image/png
content-length: 18094
server: nginx/1.21.6
last-modified: Mon, 12 Feb 2024 08:19:47 GMT
etag: "65c9d4a3-46ae"
expires: Fri, 10 May 2024 21:58:00 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d3/92/14/d39214d9ce22b91f42ca0c079367d213/1627917082.png | 45.133.44.10 | 200 OK | 34 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d3/92/14/d39214d9ce22b91f42ca0c079367d213/1627917082.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 468 x 60, 8-bit/color RGB, non-interlaced Hash8d010b6c281ac44b529ab59df03d8977 84d440a69ed93508d16e3de05b1a73532b22411a 50f87323468e422ee83e428cccdeb09593b803a53eaccc05c04c0b26d591e303
GET /cti/d3/92/14/d39214d9ce22b91f42ca0c079367d213/1627917082.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:58:00 GMT
content-type: image/png
content-length: 33594
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:11:31 GMT
etag: "61080b23-833a"
expires: Fri, 10 May 2024 21:58:00 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://gitus.net/watch/?=T030424 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 590597
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|