Report - bitly.ws/VeKF

Report Overview

Submitted URL
bitly.ws/VeKF
IP
185.11.100.204
ASN
#29522 Cyber_Folks S.A.
Submitted
2024-04-18 11:52:48
Access
public
Website Title
(1) New Message!
Final URL
bitly.ws/?banned=1
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
52

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	1.3 kB	64 kB	142.250.74.138
mp.org.pl	unknown	2013-07-08	2013-09-07	2024-04-11	942 B	15 kB	185.11.100.204
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-04-06	870 B	25 kB	172.240.127.234
thongtechnicality.com	unknown	unknown	No data	No data	2.4 kB	5.7 kB	192.243.61.225
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-04-17	3.3 kB	295 kB	45.133.44.9
decidedlyenjoyableannihilation.com	unknown	unknown	No data	No data	7.5 kB	13 kB	172.240.253.132
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-04-16	2.2 kB	74 kB	172.67.141.24
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-04-17	1.8 kB	567 kB	142.250.74.142
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-18	415 B	87 kB	142.250.74.168
pl22826180.profitablegatecpm.com	unknown	2024-02-05	2024-03-26	2024-04-16	442 B	11 kB	172.240.108.68
diabeteprecursor.com	unknown	unknown	No data	No data	2.4 kB	5.7 kB	192.243.61.227
faintjump.com	unknown	unknown	No data	No data	16 kB	55 kB	192.243.59.13
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-04-17	474 B	1.3 kB	45.133.44.4
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	2.1 kB	212 kB	142.250.74.99
www.paypalobjects.com	1467	2005-05-12	2012-05-30	2024-04-17	431 B	703 B	192.229.221.25
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-18	1.3 kB	1.1 kB	18.196.110.226
landings-cdn.adsterratech.com	unknown	2015-03-02	2022-07-07	2024-03-24	460 B	91 kB	142.0.204.220
universitypermanentlyhusk.com	unknown	unknown	No data	No data	489 B	467 B	172.240.253.132
bitly.ws	365777	2018-01-01	2018-04-13	2024-03-26	6.0 kB	58 kB	185.11.100.204
pl22826256.profitablegatecpm.com	unknown	2024-02-05	2024-03-19	2024-03-19	444 B	17 kB	172.240.253.132
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-17	417 B	28 kB	188.114.97.1
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-18	1.5 kB	846 B	192.243.61.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-09-21	medium	bitly.ws/VeKF	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	thongtechnicality.com	Sinkholed
2024-04-18	medium	diabeteprecursor.com	Sinkholed
2024-04-18	medium	thongtechnicality.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	diabeteprecursor.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed
2024-04-18	medium	universitypermanentlyhusk.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	decidedlyenjoyableannihilation.com	Sinkholed
2024-04-18	medium	unseenreport.com	Sinkholed
2024-04-18	medium	unseenreport.com	Sinkholed
2024-04-18	medium	faintjump.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	bitly.ws/js/adframe.js	16 B	2023-03-07	2024-04-30
Pretty URL bitly.ws/js/adframe.js IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:41 Last Seen2024-04-30 08:43:51 Times Seen353 Hash 760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828 Loading...

	www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX	241 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:55 Last Seen2024-04-18 13:52:56 Times Seen2 Hash c9bbfd254cbc28d3c19fdcaf6293f5c7 c3010ff264ac543cd2b30cd3f26f01fd8cc65855 12d02541e47f1115e1b684b5c3bc7493b18348ec0beaa153077d83c2f162a26c Loading...

	bitly.ws/?banned=1	158 B	2023-12-29	2024-04-30
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-04-30 08:43:51 Times Seen22 Hash e2171717aacde6f9cef85e4e87f10e62 43ba3696cdc3c063250c6a1355b58c2e5ddeb388 0b92cbfe6dce4f0f76ed2d385a9009f91ba7d37faecdca9fa7735095cc166ac0 Loading...

	bitly.ws/?banned=1	162 B	2023-12-29	2024-04-30
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-04-30 08:43:51 Times Seen22 Hash 56462d0b896d498b410c38451babc53b ac4fabda549e9c2299c8871c724e7c20fe98267f 68b133d98713866d41cc2a4b2e8a779041106fd7be66bd34844bf825028f4f0f Loading...

	bitly.ws/?banned=1	429 B	2023-03-07	2024-05-01
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02:48 Last Seen2024-05-01 09:08:29 Times Seen1451 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	faintjump.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js	80 kB	2024-04-18	2024-04-18
Pretty URL faintjump.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen2 Hash d258596d1bd417dba55d3a6f7ec9c9e9 087a6639a2b8f64bc35603a4eed707c0935680f4 c3b34562bd2c06f26e100fe7efc2e992f350a425ce8dd2b4c46c46ea040cf61c Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	84 kB	2023-03-07	2024-05-01
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 172.67.141.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-01 10:56:57 Times Seen15838 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	bitly.ws/?banned=1	25 B	2023-03-08	2024-04-30
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-04-30 08:43:51 Times Seen97 Hash 1427fb2f549ac96d4f0e885993d3b40f 6a355726d3939081aa39ce7eb406a55d45181f24 0fbaf8209057a6df7d107a22189b5892bc1edc1f73b1f5428a8977e66e3f95e4 Loading...

	bitly.ws/?banned=1	139 B	2023-03-08	2024-04-30
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-04-30 08:43:51 Times Seen94 Hash 823be5a9c0f24749f43b86566f77a14b bf5f7bd2719df6c9e0f947ab6aedda322f4146e7 b8a0d1db414563caff84583ba167c841e703ad08f909b38f852e6c3e29212749 Loading...

	unknown	3.3 kB	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen1 Hash cd0d303d69564c5c5afeadd193964a87 cb1b11657bc3f91c6d9ca839d747a81f6bd447b5 007dad9b9bbbfbb490327b622dd5e3376932ff40371779c177b266bd25b24546 Loading...

	unknown	1.3 kB	2024-03-26	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-18 13:52:56 Times Seen4 Hash 07c0c19a5b42ef6c9ef576f61153d069 8c168376fe7f7a921e34f0c24013b1487c9c28cf 7008007868fe50a1de2e5156a32e2976d801d8c49c1a99954001cf3950432ca7 Loading...

	bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.VKDwDKd-RxM.es5.O/am=wA/d=1/rs=AJlcJMzOjbTkAfEou0cWh3KdDll1gGdHjA/m=kernel_loader,loader_js_executable	184 kB	2024-04-18	2024-04-18
Pretty URL bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.VKDwDKd-RxM.es5.O/am=wA/d=1/rs=AJlcJMzOjbTkAfEou0cWh3KdDll1gGdHjA/m=kernel_loader,loader_js_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:57 Times Seen2 Hash 73f7952292bcb0c0986fc5960dcedf11 86df3769fe75f9a6d10c3e650772885fb0ea8ca5 a1d8900276c8bcf87e3f200621d06ce16c565e37a89bf6177e71c45f0439d73d Loading...

	bitly.ws/sandbox%20eval%20code	128 B	2023-05-06	2024-05-01
Pretty URL bitly.ws/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-01 13:26:02 Times Seen21304 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js	31 kB	2024-04-18	2024-04-18
Pretty URL www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen2 Hash eab430f761b381c0567bc87f0a030d22 75ff65b1e877bb12acbc69855b2e00c92615749c de62842e662c7176d578d20f1be139afb67ccc9d2bbe2a2e21e8951ce4b759e0 Loading...

	pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js	27 kB	2024-04-18	2024-04-18
Pretty URL pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen2 Hash 3c74f440ea2be72c0f095fb8fb86074f 39dc77247d46ee4d4fa890e8bd2b97e5afd968c3 402b54fa3df231888ce7d085c7313bd54f057ec1cd91d487e2d6cce4ccdf14cb Loading...

	unknown	145 B	2024-03-26	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-30 08:43:51 Times Seen12 Hash f21e79189dbf24bcfc96766c51c39b95 c3ca59be0bfb49b8dae005a1682a16ab256c7560 7a3f523acb8306f5748e772f8ce97105abf172ca8f0c904f33f6987e3e5e3198 Loading...

	unknown	196 B	2024-04-16	2024-04-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:44 Last Seen2024-04-28 20:24:07 Times Seen5 Hash 9d1e7befddc07d8f8470fe8baeb8e5f4 4b2476acac084b9d5ca1161c4fec54689bd71273 4e1942df509e84b6c09608fab2b70199d500981449f7e4ac6ee68d637f9de91a Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-01
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-01 12:30:02 Times Seen1483 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	bitly.ws/?banned=1	288 B	2024-03-26	2024-04-30
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-30 08:43:51 Times Seen12 Hash 144182c3ec7831d18e2c274c89447882 bad8ff287f93bfbb5fcc4460e4cb0513f57bfe29 cd479d93f5a86092e83334d5798624273bd64dc22669c535d13975fb9f4c8f08 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-01
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-01 13:26:01 Times Seen21167 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js	31 kB	2024-04-18	2024-04-18
Pretty URL www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen2 Hash 1ca44521a9d9d0a7b58392640d074891 670dc1211a398662ae1f5f309465c9b9fee09800 13d6ac39ffd5f0bc9e5f51dc22e08ff20817a812feef4219b8ed031356bd8f2a Loading...

	bitly.ws/?banned=1	287 B	2024-04-16	2024-04-30
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-30 08:43:51 Times Seen8 Hash c476dfcc7ccffbc3b926b30bd70864e8 4ff18fad8515676c7479993924ce1c8a1879d752 611dbbba80df17837ab416c027716f42b87c22097db100d6d542ad9bcf9fa246 Loading...

	unknown	145 B	2024-04-16	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-30 08:43:51 Times Seen8 Hash daf8d2c9b90ad6cec0ebb9349b91a45c 0642a4a6468012dd728122226d2eb14adf1116eb 249557d780ab8f0d4d5d3c5fc2c39cf39b060ed6687d822937669fc6b738f25e Loading...

	bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.VKDwDKd-RxM.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMxT59pu6xg4Z1Wq5txZSLQwnANDNQ/m=web_iab_tcf_v2_wall_executable	378 kB	2024-04-18	2024-04-18
Pretty URL bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.VKDwDKd-RxM.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMxT59pu6xg4Z1Wq5txZSLQwnANDNQ/m=web_iab_tcf_v2_wall_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen1 Hash 6dbe0cbface7d496ebf4982d3c601f1b 4cf8ff13803a64fff9deeef6d789788543b9c853 2962df97fb425a3ec5bb6b92385850ebb8c0be5034c6e4680d1b88040f58016b Loading...

	bitly.ws/?banned=1	502 B	2024-04-18	2024-04-18
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen1 Hash 50896030120018022cf928d653ab5b0f b8608f9ac47952682a99dc426f1143ac981a53b9 89bf0927f135549689942a9a555e52c1129756634de27db8b603754c1ff58fc2 Loading...

	pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js	44 kB	2024-04-18	2024-04-18
Pretty URL pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen2 Hash 10c805751ac96603c45d091636ea2469 fffbc12a39b5e51e77d03daa508c45c3e142a3d2 78d76338d70fcb9d32a1d619ff45fd67dab6748052589c34a6c17cad8f41db73 Loading...

	unknown	196 B	2024-03-26	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:31 Last Seen2024-04-30 08:43:51 Times Seen10 Hash 8613f227c34a344219873f805fd1f3d0 9e9db017a412162287aa13af94fd24141452fb4c 64c2845767e6b7cdd73807f7fbfc5f6ef1bb7f9ed3e07a067b6a0defbc6435d2 Loading...

	unknown	3.3 kB	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen1 Hash 8e67f38d20624d412f120fd547714b25 e00b376e46c664505170b144a71bf4e4a030a2de dc7aedf3b9d33c4d5cdd6eeeb29b323069e771ea7daecc1444153372d1e05a1a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8c72c1f9974917918012568185a6fd3f	2.1 kB	2024-04-18	2024-04-18
Pretty Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen1 Hash 8c72c1f9974917918012568185a6fd3f 53445bf24ea94f839ff502632943d7b215e5925b 6ba6f82db78599fffa1519fbaa8ca39cc6f0d5051773e8d6130633e2a15cbfa5 Loading...

	#2 Eval - bb002956f56f3534759e17672ba0f3aa	2.1 kB	2024-04-18	2024-04-18
Pretty Observations First Seen2024-04-18 13:52:56 Last Seen2024-04-18 13:52:56 Times Seen1 Hash bb002956f56f3534759e17672ba0f3aa e2c6081a1f4d826a0711450789a704cd1d2c6f9d 4e3bf48ce6b4e25d41a1959a28811209b2f8fea92ba4b482ba3bbe7d358cf298 Loading...

		Size	First Seen	Last Seen
	#1 Write - 04c29f6703f2211413850b120776a8a2	117 B	2024-03-26	2024-04-30
Pretty Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-30 08:43:51 Times Seen12 Hash 04c29f6703f2211413850b120776a8a2 6dd9403c30602b5ae12d2d04a63c2f416a7e41f1 4abede4ad4c2b996ff0b13f8289a58b996c0914d3ec1491877da44fc3cc3e573 Loading...

	#2 Write - 7162f4f4a6377b3d138be45535f1a62d	117 B	2024-04-16	2024-04-30
Pretty Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-30 08:43:51 Times Seen8 Hash 7162f4f4a6377b3d138be45535f1a62d aab5d1c55fd1cd149f081f3de2d407db3a798516 50ff35d6b03598970774c8d6102eea07cdec9fccd625c594a26b0df5e8d83a09 Loading...

HTTP Transactions (73)

URL IP Response Size

bitly.ws/VeKF

185.11.100.204

301 Moved Permanently

239 B

URL User Request GET HTTP/2
bitly.ws/VeKF
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
HTML document, ASCII text
Size
239 B (239 bytes)
Hash
b3594ad480a73c6aeaf50b1d9411190d
22ef920fc9593a7448a0843d13dce25442ee0d31
8f0f98ca065e0d387e2886c039801eada70191d82c7e9718cd053f10930e66e5

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other

HTTP Headers

GET /VeKF HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 18 Apr 2024 11:52:20 GMT
server: Apache
location: https://bitly.ws/?redirect=VeKF
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:20 GMT
content-length: 239
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

bitly.ws/

185.11.100.204

225 B

URL
bitly.ws/
IP
185.11.100.204:0
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
HTML document, ASCII text
Size
225 B (225 bytes)
Hash
898a67dfd1538747526dd6e26ca9751f
91d45a3ef97e1f923e9da56db7e628547c0d7271
8f79b9dc8dcc4d4925121c5cab66969b4bd9f756d1716f6b031f9634eb7cb897

HTTP Headers

GET / HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
date: Thu, 18 Apr 2024 11:52:23 GMT
server: Apache
location: https://bitly.ws/
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:23 GMT
content-length: 225
content-type: text/html; charset=iso-8859-1

bitly.ws/?redirect=VeKF

185.11.100.204

301 Moved Permanently

295 B

URL User Request GET HTTP/2
bitly.ws/?redirect=VeKF
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
295 B (295 bytes)
Hash
fec185a9bfd0f49cb5baa231ff3e298a
1666b43695cae25f3696cd25a1b88fe0284151af
d0e82d07a75635f0171541c98880d1be2ead41296f28355aadd747db898d4bdb

HTTP Headers

GET /?redirect=VeKF HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Thu, 18 Apr 2024 11:52:20 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:20 GMT
content-type: text/html
X-Firefox-Spdy: h2

mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009

185.11.100.204

302 Found

0 B

URL User Request GET HTTP/2
mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectmp.org.pl
Fingerprint57:DA:09:4B:84:35:ED:47:0C:F1:15:D5:2E:AE:2C:51:82:64:3A:AC
ValiditySun, 18 Feb 2024 08:00:38 GMT - Sat, 18 May 2024 08:00:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
content-length: 0
content-type: text/html

bitly.ws/js/adframe.js

185.11.100.204

200 OK

16 B

URL GET HTTP/2
bitly.ws/js/adframe.js
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
760222d2e529d3e84eb01378cfc46e2e
f789f3c0007640b5549fca2710cf3da500b95e86
0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828

HTTP Headers

GET /js/adframe.js HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
content-type: application/javascript
X-Firefox-Spdy: h2

bitly.ws/css/style.css

185.11.100.204

200 OK

2.8 kB

URL GET HTTP/2
bitly.ws/css/style.css
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
assembler source, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.8 kB (2763 bytes)
Hash
eeee0a4d84ff512093277dcc29852c8d
8cdc89abbf41ad34513b14144d235e215110a600
7b7fa3cffc3403b893b3d6816de290ad101c9f93ff2b06bd91151aed5cd78d35

HTTP Headers

GET /css/style.css HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Thu, 04 Apr 2024 03:49:30 GMT
etag: "2d16-6153d39fcf8a2-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2763
content-type: text/css
X-Firefox-Spdy: h2

bitly.ws/gfx/stripe.png

185.11.100.204

200 OK

1.4 kB

URL GET HTTP/2
bitly.ws/gfx/stripe.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 91 x 60, 8-bit colormap, non-interlaced
Size
1.4 kB (1359 bytes)
Hash
17aaa9dc48a895306b06de8ae9a8b104
f75e086497b3743ac83d85dc4ca456e8bb556e55
b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a

HTTP Headers

GET /gfx/stripe.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/bmac.png

185.11.100.204

200 OK

3.2 kB

URL GET HTTP/2
bitly.ws/gfx/bmac.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 214 x 60, 8-bit colormap, non-interlaced
Size
3.2 kB (3206 bytes)
Hash
781860bb7eb619aa3b173144c6d29646
6ba3a103709f121cf9f5ab214610d0215dab93e9
54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657

HTTP Headers

GET /gfx/bmac.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/bitly-chart.png

185.11.100.204

200 OK

210 B

URL GET HTTP/2
bitly.ws/gfx/bitly-chart.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 200, 1-bit colormap, non-interlaced
Size
210 B (210 bytes)
Hash
0f7081ab57097da4c3f76c5a4fcf3174
1aa09d97610e3ad42e25577468864aacaa26eeee
c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d

HTTP Headers

GET /gfx/bitly-chart.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "d2-561cab088ec59"
accept-ranges: bytes
content-length: 210
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/adsterra2.png

185.11.100.204

200 OK

15 kB

URL GET HTTP/2
bitly.ws/gfx/adsterra2.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
15 kB (15266 bytes)
Hash
5d4aab7e8b7267e1876143c7bd308318
5e1827fa8442e7b1e06cfbdec4c52bdec22c9063
f9b415d80dc86d44446a312e855460fb4ac16207f5b2caa0620e69013598bde6

HTTP Headers

GET /gfx/adsterra2.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 30 Mar 2024 10:55:14 GMT
etag: "3ba2-614de974dba8f"
accept-ranges: bytes
content-length: 15266
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2

www.paypalobjects.com/pl_PL/i/scr/pixel.gif

192.229.221.25

200 OK

43 B

URL GET HTTP/2
www.paypalobjects.com/pl_PL/i/scr/pixel.gif
IP
192.229.221.25:443
ASN
#15133 EDGECAST

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerDigiCert Inc
Subjectwww.paypal.com
Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Thu, 18 Apr 2024 11:52:26 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Thu, 18 Apr 2024 12:52:26 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2

bitly.ws/gfx/paypal.jpg

185.11.100.204

200 OK

8.7 kB

URL GET HTTP/2
bitly.ws/gfx/paypal.jpg
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 380 x 130, 8-bit colormap, non-interlaced
Size
8.7 kB (8708 bytes)
Hash
eeb10183dfe4b9ec6bcfea9aa6fa07f6
b55d89bc1ead011821dd3371f2885996fe99785a
1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c

HTTP Headers

GET /gfx/paypal.jpg HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2

bitly.ws/gfx/paypal.png

185.11.100.204

200 OK

5.5 kB

URL GET HTTP/2
bitly.ws/gfx/paypal.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 150, 8-bit colormap, non-interlaced
Size
5.5 kB (5516 bytes)
Hash
164e7543a819062962815f4bd99b8419
0355f9dad012daa6adf4bae4e47e44d4b2c51888
675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea

HTTP Headers

GET /gfx/paypal.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX

142.250.74.168

200 OK

86 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
86 kB (86187 bytes)
Hash
c9bbfd254cbc28d3c19fdcaf6293f5c7
c3010ff264ac543cd2b30cd3f26f01fd8cc65855
12d02541e47f1115e1b684b5c3bc7493b18348ec0beaa153077d83c2f162a26c

HTTP Headers

GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 11:52:26 GMT
expires: Thu, 18 Apr 2024 11:52:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31304), with no line terminators
Size
12 kB (11845 bytes)
Hash
1ca44521a9d9d0a7b58392640d074891
670dc1211a398662ae1f5f309465c9b9fee09800
13d6ac39ffd5f0bc9e5f51dc22e08ff20817a812feef4219b8ed031356bd8f2a

HTTP Headers

GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6de36cee9cc523fee50ecf8ab0ce8ded
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js

172.240.253.132

200 OK

16 kB

URL GET HTTP/1.1
pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (44188), with no line terminators
Size
16 kB (15872 bytes)
Hash
10c805751ac96603c45d091636ea2469
fffbc12a39b5e51e77d03daa508c45c3e142a3d2
78d76338d70fcb9d32a1d619ff45fd67dab6748052589c34a6c17cad8f41db73

HTTP Headers

GET /33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js HTTP/1.1
Host: pl22826256.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69138067889d280f2dac2e026fcc05fd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31301), with no line terminators
Size
12 kB (11842 bytes)
Hash
eab430f761b381c0567bc87f0a030d22
75ff65b1e877bb12acbc69855b2e00c92615749c
de62842e662c7176d578d20f1be139afb67ccc9d2bbe2a2e21e8951ce4b759e0

HTTP Headers

GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b8d6ddca52cd99368c8d0da770c461c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.196.110.226

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.196.110.226:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
904ec974214c3e69a3b0ee0e2ac98ffc
d811f63e7e8e781c375b2b04de70bf41db0affc6
ba5cdcf2f58d0698d3cf99f6c1246b1dcdda822462c192e7fa440b0a0ba227f4

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=dd5bc680-6c35-41be-a9b1-0e58cc90cafd:2:1; expires=Sun, 16 Apr 2034 11:52:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.196.110.226

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.196.110.226:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
01a994d2c95cd81fa7d3ece60c129740
e8a05d83d03457f1dfa5134664788e0005d29fde
3cff104db5924ae40a9a460fa357cc94484743960f0f35c449e3abe2d7644a87

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Sun, 16 Apr 2034 11:52:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.196.110.226

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.196.110.226:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
01a994d2c95cd81fa7d3ece60c129740
e8a05d83d03457f1dfa5134664788e0005d29fde
3cff104db5924ae40a9a460fa357cc94484743960f0f35c449e3abe2d7644a87

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js

172.240.108.68

200 OK

9.8 kB

URL GET HTTP/1.1
pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26582), with no line terminators
Size
9.8 kB (9816 bytes)
Hash
3c74f440ea2be72c0f095fb8fb86074f
39dc77247d46ee4d4fa890e8bd2b97e5afd968c3
402b54fa3df231888ce7d085c7313bd54f057ec1cd91d487e2d6cce4ccdf14cb

HTTP Headers

GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9972de726c954d5f9bea76773db03636
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png

142.0.204.220

200 OK

90 kB

URL GET HTTP/1.1
landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png
IP
142.0.204.220:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectlandings-cdn.adsterratech.com
Fingerprint71:9A:2B:CA:BF:A3:77:2A:CA:C2:19:7D:85:23:4A:2A:CB:E9:F3:E1
ValidityWed, 28 Feb 2024 06:50:41 GMT - Tue, 28 May 2024 06:50:40 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
90 kB (90409 bytes)
Hash
a28902cd41b26954be2c97eea41089a1
c69d00be80adbcba05b788d2dcf7967d0d15a65f
5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61

HTTP Headers

GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes

thongtechnicality.com/watch.1321286929578.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1

192.243.61.225

307 Temporary Redirect

0 B

URL GET HTTP/1.1
thongtechnicality.com/watch.1321286929578.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectthongtechnicality.com
Fingerprint5F:19:69:4B:44:97:7E:74:F5:5A:F1:90:25:DE:C7:11:5E:DD:9F:15
ValidityTue, 16 Apr 2024 13:46:58 GMT - Mon, 15 Jul 2024 13:46:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1321286929578.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 HTTP/1.1
Host: thongtechnicality.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://thongtechnicality.com/watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1
Set-Cookie: u_pl=22735548; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; expires=Thu, 18 Apr 2024 11:53:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de91c95257d16fe7bef5298bd042c433
Strict-Transport-Security: max-age=0; includeSubdomains

diabeteprecursor.com/watch.991580067608.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
diabeteprecursor.com/watch.991580067608.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdiabeteprecursor.com
Fingerprint1C:22:64:65:CD:8F:40:2B:A3:ED:A2:2E:A4:63:1D:A2:32:AB:B3:82
ValidityTue, 16 Apr 2024 13:58:08 GMT - Mon, 15 Jul 2024 13:58:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.991580067608.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 HTTP/1.1
Host: diabeteprecursor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://diabeteprecursor.com/watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1
Set-Cookie: u_pl=22829219; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk; expires=Thu, 18 Apr 2024 11:53:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 579fc5b5e2504a87a9a8c549a481d654
Strict-Transport-Security: max-age=0; includeSubdomains

thongtechnicality.com/watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1

192.243.61.225

200 OK

2.1 kB

URL GET HTTP/1.1
thongtechnicality.com/watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectthongtechnicality.com
Fingerprint5F:19:69:4B:44:97:7E:74:F5:5A:F1:90:25:DE:C7:11:5E:DD:9F:15
ValidityTue, 16 Apr 2024 13:46:58 GMT - Mon, 15 Jul 2024 13:46:57 GMT

File type
JavaScript source, ASCII text, with very long lines (2655)
Size
2.1 kB (2108 bytes)
Hash
4a412c09c40e90c19ed569265989d56f
55a4a69d4ac376a9d656d84b2a3dc0f6163f3aee
492e099e6d0790c7e857cb3295b67b7e198e00456296335b0a7416804a9fd31e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 HTTP/1.1
Host: thongtechnicality.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd5bc680-6c35-41be-a9b1-0e58cc90cafd:2:1; expires=Thu, 25 Apr 2024 11:52:27 GMT; secure; SameSite=None
iprc0dd152cdf2f1296c28ccc3becd4a1e33=3569806; expires=Thu, 18 Apr 2024 15:52:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 31113819070eb292a533b09e55871dc7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

faintjump.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js

192.243.59.13

200 OK

30 kB

URL GET HTTP/1.1
faintjump.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29681 bytes)
Hash
d258596d1bd417dba55d3a6f7ec9c9e9
087a6639a2b8f64bc35603a4eed707c0935680f4
c3b34562bd2c06f26e100fe7efc2e992f350a425ce8dd2b4c46c46ea040cf61c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f5cd618c9aa86a2649e11934b7e4748
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

diabeteprecursor.com/watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
diabeteprecursor.com/watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdiabeteprecursor.com
Fingerprint1C:22:64:65:CD:8F:40:2B:A3:ED:A2:2E:A4:63:1D:A2:32:AB:B3:82
ValidityTue, 16 Apr 2024 13:58:08 GMT - Mon, 15 Jul 2024 13:58:07 GMT

File type
JavaScript source, ASCII text, with very long lines (2637)
Size
2.1 kB (2095 bytes)
Hash
1346aaaba61ee6757e6c332cc86e8e7f
3bfd5a4d50ebd80368bceaf87906b6df64853ca8
a58f5dde2bd313e22e00f77b64b40b275c89f10685472ee0b4396a80307ebcf1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 HTTP/1.1
Host: diabeteprecursor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Thu, 25 Apr 2024 11:52:27 GMT; secure; SameSite=None
iprc2aa4b93e3e4f312b9659d3698d6ae139=3570421; expires=Thu, 18 Apr 2024 15:52:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
pdhtkv32=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs32=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f05e606de3fc3e5e258adbbd59f63ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

faintjump.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22a%22%7D

192.243.59.13

200 OK

18 kB

URL GET HTTP/1.1
faintjump.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22a%22%7D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
JSON text data
Size
18 kB (17798 bytes)
Hash
db2e074e447ce23c148f9509276006e9
09b899db93fd740d0208ea0a253c25a3ddc8d738
912f40c3e82aed0f34fc72d348e5291ba27034a48060a7d83541a08b7e46bcb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22a%22%7D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: application/json
Content-Length: 17798
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Thu, 25 Apr 2024 11:52:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
pdhtkv49=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs49=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]; expires=Thu, 18 Apr 2024 11:52:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f13a5190c6707fe8ef46d6a122fad7c
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.9

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg

45.133.44.9

200 OK

24 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
24 kB (24518 bytes)
Hash
d71c872fb9f50bd9383abc0721d1d51e
1f69b40ef2f95798b4e0fd738d630ad4319cd739
6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08

HTTP Headers

GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg

45.133.44.9

200 OK

28 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
28 kB (27832 bytes)
Hash
1dcde64d47d24d151a1433ecf4403dd7
443d6704b5a294e000084d7a8ac823e526093928
d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376

HTTP Headers

GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg

45.133.44.9

200 OK

32 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3
Size
32 kB (32471 bytes)
Hash
3528385dd0c31dbd2e5bfc4af7a6bec5
832c580ffd7711115d6c036ab4232f5bd88480a4
bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75

HTTP Headers

GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg

45.133.44.9

200 OK

23 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
23 kB (22757 bytes)
Hash
9a2dc4fe2ebb70df2dfb1566d22970b8
b85a5f4ef7bd68b834d03d8b9a552e2e546e8701
1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd

HTTP Headers

GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5sd09P94xBgjFuCK7ZmBj8uEh1V%2FWknOqupqp7enb0EA1IjnPwoqeeZzaJHyHoH2CQ2YUgi%2BLORRZ0wX%2FAixA8So%2BLq%2B%2Fh%2FajnLXjqeerjaXFAXBR0%2F%2BxraiykpKudlt189i3HOdVcF2kxao66%2Fru%2Bd6qphy%2F0%2FJb9XPMcjwZq1bUd23Zsp7kmNI%2FVaLUGIbI7PafVs1ue23I6Hkb6v7MpLBhqgQ0PyKMQbNHYsU5ARHOkyddnuRnkKnv%2BlaSQNFcaQ3b7SjpIVZkiOWpjbSFObx9uQ5m9tXtQ6c0lXajhP4uhWBDr%2Fj2E6e1DkgiHW0ueoQRPEbKHUA7n4HIOQeeI1HUItkeAiOHCBtLk1gWlS7r5N0prdEEaD%2F6AKBek8esJpMndM1KMmpeVLHKhUoNRXEGM5hD9ObJiG%2Fn4GES5jSj%2FCIL9SFYfrCNNtjaMVBBs%2F2kvjOJu1AtXWNRpr3hd313pBd14pc3djm0HvtdzgqVAQswh4jkkn4CaYyiMhUJYKGILRWYhYfvNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrfMEGeTRDJCSJ9DZn%2B8HPWDng7jLwpxUBMoIvvYK5WMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4yaVxT3WLSFKFzWN3D2q5mKu9P6U2V93lKQPUEmlXT7IA8UmtpvbPjYMD3m07gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsIcAzUWxmJBuo%2F%2Fgqz2d1AhpNswchuROAlaOKBlBXq1wji9k4t0s9CylahQgKkKWd5AvmlN5QF5YunmycYV8Gj39P3jL2azn48j0hUyXeE9sUPQlzdml1RJti6p0pBvNrJcJGJMa6cv5zTn%2F%2FvyVb5ZKs3OnzWTL16KaqBu77zBTb5OUybSviFfnRGMcb2mdMTJt%2BfNmzy8WJirZwqdFtn6xZfXzieZ5sYIlc5Bxd7Gn4jEgjSeeWz5hR%2F%2B4XcIPYcuKiTFLjkMCLWNKLsGk%2B2ezse%2Fnbt74n0YRaDl0U6YWSiLaqbd8OhQCgLJj2YaVjD%2FmsOjfqZpfZuKampuoK8boPl1pEmFoa4wlBWonMAUx2d5pndPf%2F9pHZ8hlI1ZKHVjK5RafrIUuU5v1%2Bn1BXnyJw9G7DeDdtumfq%2FjBAHlQei53dh3GKWu57u%2BT9vIzSJ%2B6v8f%2FAUAAP%2F%2FAQAA%2F%2F9MrNYEpgQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5sd09P94xBgjFuCK7ZmBj8uEh1V%2FWknOqupqp7enb0EA1IjnPwoqeeZzaJHyHoH2CQ2YUgi%2BLORRZ0wX%2FAixA8So%2BLq%2B%2Fh%2FajnLXjqeerjaXFAXBR0%2F%2BxraiykpKudlt189i3HOdVcF2kxao66%2Fru%2Bd6qphy%2F0%2FJb9XPMcjwZq1bUd23Zsp7kmNI%2FVaLUGIbI7PafVs1ue23I6Hkb6v7MpLBhqgQ0PyKMQbNHYsU5ARHOkyddnuRnkKnv%2BlaSQNFcaQ3b7SjpIVZkiOWpjbSFObx9uQ5m9tXtQ6c0lXajhP4uhWBDr%2Fj2E6e1DkgiHW0ueoQRPEbKHUA7n4HIOQeeI1HUItkeAiOHCBtLk1gWlS7r5N0prdEEaD%2F6AKBek8esJpMndM1KMmpeVLHKhUoNRXEGM5hD9ObJiG%2Fn4GES5jSj%2FCIL9SFYfrCNNtjaMVBBs%2F2kvjOJu1AtXWNRpr3hd313pBd14pc3djm0HvtdzgqVAQswh4jkkn4CaYyiMhUJYKGILRWYhYfvNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrfMEGeTRDJCSJ9DZn%2B8HPWDng7jLwpxUBMoIvvYK5WMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4yaVxT3WLSFKFzWN3D2q5mKu9P6U2V93lKQPUEmlXT7IA8UmtpvbPjYMD3m07gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsIcAzUWxmJBuo%2F%2Fgqz2d1AhpNswchuROAlaOKBlBXq1wji9k4t0s9CylahQgKkKWd5AvmlN5QF5YunmycYV8Gj39P3jL2azn48j0hUyXeE9sUPQlzdml1RJti6p0pBvNrJcJGJMa6cv5zTn%2F%2FvyVb5ZKs3OnzWTL16KaqBu77zBTb5OUybSviFfnRGMcb2mdMTJt%2BfNmzy8WJirZwqdFtn6xZfXzieZ5sYIlc5Bxd7Gn4jEgjSeeWz5hR%2F%2B4XcIPYcuKiTFLjkMCLWNKLsGk%2B2ezse%2Fnbt74n0YRaDl0U6YWSiLaqbd8OhQCgLJj2YaVjD%2FmsOjfqZpfZuKampuoK8boPl1pEmFoa4wlBWonMAUx2d5pndPf%2F9pHZ8hlI1ZKHVjK5RafrIUuU5v1%2Bn1BXnyJw9G7DeDdtumfq%2FjBAHlQei53dh3GKWu57u%2BT9vIzSJ%2B6v8f%2FAUAAP%2F%2FAQAA%2F%2F9MrNYEpgQAAA%3D%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5sd09P94xBgjFuCK7ZmBj8uEh1V%2FWknOqupqp7enb0EA1IjnPwoqeeZzaJHyHoH2CQ2YUgi%2BLORRZ0wX%2FAixA8So%2BLq%2B%2Fh%2FajnLXjqeerjaXFAXBR0%2F%2BxraiykpKudlt189i3HOdVcF2kxao66%2Fru%2Bd6qphy%2F0%2FJb9XPMcjwZq1bUd23Zsp7kmNI%2FVaLUGIbI7PafVs1ue23I6Hkb6v7MpLBhqgQ0PyKMQbNHYsU5ARHOkyddnuRnkKnv%2BlaSQNFcaQ3b7SjpIVZkiOWpjbSFObx9uQ5m9tXtQ6c0lXajhP4uhWBDr%2Fj2E6e1DkgiHW0ueoQRPEbKHUA7n4HIOQeeI1HUItkeAiOHCBtLk1gWlS7r5N0prdEEaD%2F6AKBek8esJpMndM1KMmpeVLHKhUoNRXEGM5hD9ObJiG%2Fn4GES5jSj%2FCIL9SFYfrCNNtjaMVBBs%2F2kvjOJu1AtXWNRpr3hd313pBd14pc3djm0HvtdzgqVAQswh4jkkn4CaYyiMhUJYKGILRWYhYfvNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrfMEGeTRDJCSJ9DZn%2B8HPWDng7jLwpxUBMoIvvYK5WMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4yaVxT3WLSFKFzWN3D2q5mKu9P6U2V93lKQPUEmlXT7IA8UmtpvbPjYMD3m07gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsIcAzUWxmJBuo%2F%2Fgqz2d1AhpNswchuROAlaOKBlBXq1wji9k4t0s9CylahQgKkKWd5AvmlN5QF5YunmycYV8Gj39P3jL2azn48j0hUyXeE9sUPQlzdml1RJti6p0pBvNrJcJGJMa6cv5zTn%2F%2FvyVb5ZKs3OnzWTL16KaqBu77zBTb5OUybSviFfnRGMcb2mdMTJt%2BfNmzy8WJirZwqdFtn6xZfXzieZ5sYIlc5Bxd7Gn4jEgjSeeWz5hR%2F%2B4XcIPYcuKiTFLjkMCLWNKLsGk%2B2ezse%2Fnbt74n0YRaDl0U6YWSiLaqbd8OhQCgLJj2YaVjD%2FmsOjfqZpfZuKampuoK8boPl1pEmFoa4wlBWonMAUx2d5pndPf%2F9pHZ8hlI1ZKHVjK5RafrIUuU5v1%2Bn1BXnyJw9G7DeDdtumfq%2FjBAHlQei53dh3GKWu57u%2BT9vIzSJ%2B6v8f%2FAUAAP%2F%2FAQAA%2F%2F9MrNYEpgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67c23c02234f3d1a9da9f583e6e67479
Strict-Transport-Security: max-age=0; includeSubdomains

faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t9cfvHiR%2FAiyBgUFNzZ7p6e7hmDBGNcCa7ZmBj8uEh1V%2FWknOqupqp7enbxEA1IjnPwoqeeZzaJH4voH2CQ2YUgi%2BLORRZ0%2FwUPQvAoPS6Ovod%2B37efp%2BCp56mPJ8UxcVHQowuvq20hJV3rtOzms287ztnmhkiLUXPU9d%2FzvbNNPXyh57fs55qv8mig1lzbsW3HdprrQvNYjdZqECLb7Tmtnt3y3JbT8TDS%2F91NYcFQC2x4TB6FYPPGvnUaIpohTb65wM0gV9nzrySFpLnSGLK719JBqsoUyXKMtYU4vXvChjKH6%2Feg0tsLuVDDf4ihmBPr%2Fj2E6d0TkQiHOwudoQRPEbKHUA5n4HIGQWeI1E0IdkiAiOHSJtLkziWlS7r1N0prdE4aD%2F6AKOek8dtppMnX56UYNa8qWeRCpQajuIIYzSD6M2TFHvLtFYhyD1H%2BEQT7iaw92ECa7GwaqSDY0dNeGMXdqBeusqjTXvW6vrvaC7rxapu7HdsOfK%2FnBAuDhJhBxDNIPgY1KyiMhUJYKGILRWYhYUfNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrvMEaejRHJMSJ9A5n%2B8HPWDng7jLwJxUCMoYvvYa5XMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4zaVxT3WHSFKFz0t2T3q6mKu9P6G2V93lKQPUYmlWT7Jg8UntpvbvvYMCPmk7gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsKsgBoL22JOuo%2F%2FiqzOd1AhpHswcg%2BROANaOKBlBXq9wna6m4t0q9CylahQgKkKWd5AvmVN5DF5YpHmmcY74NHBufunXsymv5xCpCtkusL7Yp%2BgL29Nr6iS7FxRpSHfbma5SMQ2rZO%2BmtOc%2F%2B%2FL1%2FhWqTS7eMGMv3gpqoF63H2Tm3yDpkykfUO%2BOi8Y43pd6YiT7y6at3h4uTDXzxc6LbKNyy%2BvX0wyzY0RKp2BisPNPxGJOWk889jiCT%2F84%2B8QegZdVEiKA3JSEGoPUXYDJluqN4pAyyUnzFZQFtVUu%2BHypxQEki93GlYw%2F9rD5TzVtD5NRTUxt9DXDdD8JtKkwlBXGMoKVI5hilPTPNMH5374tK7PEMrGNJS6sRNKLT%2BpTb62cLr%2BvDEnT%2F7swYijZtBu29TvdZwgoDwIPbcb%2Bw6j1PV81%2FdpG7mZx0%2F9%2F4O%2FAAAA%2F%2F8BAAD%2F%2F3aJ636mBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t9cfvHiR%2FAiyBgUFNzZ7p6e7hmDBGNcCa7ZmBj8uEh1V%2FWknOqupqp7enbxEA1IjnPwoqeeZzaJH4voH2CQ2YUgi%2BLORRZ0%2FwUPQvAoPS6Ovod%2B37efp%2BCp56mPJ8UxcVHQowuvq20hJV3rtOzms287ztnmhkiLUXPU9d%2FzvbNNPXyh57fs55qv8mig1lzbsW3HdprrQvNYjdZqECLb7Tmtnt3y3JbT8TDS%2F91NYcFQC2x4TB6FYPPGvnUaIpohTb65wM0gV9nzrySFpLnSGLK719JBqsoUyXKMtYU4vXvChjKH6%2Feg0tsLuVDDf4ihmBPr%2Fj2E6d0TkQiHOwudoQRPEbKHUA5n4HIGQWeI1E0IdkiAiOHSJtLkziWlS7r1N0prdE4aD%2F6AKOek8dtppMnX56UYNa8qWeRCpQajuIIYzSD6M2TFHvLtFYhyD1H%2BEQT7iaw92ECa7GwaqSDY0dNeGMXdqBeusqjTXvW6vrvaC7rxapu7HdsOfK%2FnBAuDhJhBxDNIPgY1KyiMhUJYKGILRWYhYUfNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrvMEaejRHJMSJ9A5n%2B8HPWDng7jLwJxUCMoYvvYa5XMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4zaVxT3WHSFKFz0t2T3q6mKu9P6G2V93lKQPUYmlWT7Jg8UntpvbvvYMCPmk7gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsKsgBoL22JOuo%2F%2FiqzOd1AhpHswcg%2BROANaOKBlBXq9wna6m4t0q9CylahQgKkKWd5AvmVN5DF5YpHmmcY74NHBufunXsymv5xCpCtkusL7Yp%2BgL29Nr6iS7FxRpSHfbma5SMQ2rZO%2BmtOc%2F%2B%2FL1%2FhWqTS7eMGMv3gpqoF63H2Tm3yDpkykfUO%2BOi8Y43pd6YiT7y6at3h4uTDXzxc6LbKNyy%2BvX0wyzY0RKp2BisPNPxGJOWk889jiCT%2F84%2B8QegZdVEiKA3JSEGoPUXYDJluqN4pAyyUnzFZQFtVUu%2BHypxQEki93GlYw%2F9rD5TzVtD5NRTUxt9DXDdD8JtKkwlBXGMoKVI5hilPTPNMH5374tK7PEMrGNJS6sRNKLT%2BpTb62cLr%2BvDEnT%2F7swYijZtBu29TvdZwgoDwIPbcb%2Bw6j1PV81%2FdpG7mZx0%2F9%2F4O%2FAAAA%2F%2F8BAAD%2F%2F3aJ636mBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t9cfvHiR%2FAiyBgUFNzZ7p6e7hmDBGNcCa7ZmBj8uEh1V%2FWknOqupqp7enbxEA1IjnPwoqeeZzaJH4voH2CQ2YUgi%2BLORRZ0%2FwUPQvAoPS6Ovod%2B37efp%2BCp56mPJ8UxcVHQowuvq20hJV3rtOzms287ztnmhkiLUXPU9d%2FzvbNNPXyh57fs55qv8mig1lzbsW3HdprrQvNYjdZqECLb7Tmtnt3y3JbT8TDS%2F91NYcFQC2x4TB6FYPPGvnUaIpohTb65wM0gV9nzrySFpLnSGLK719JBqsoUyXKMtYU4vXvChjKH6%2Feg0tsLuVDDf4ihmBPr%2Fj2E6d0TkQiHOwudoQRPEbKHUA5n4HIGQWeI1E0IdkiAiOHSJtLkziWlS7r1N0prdE4aD%2F6AKOek8dtppMnX56UYNa8qWeRCpQajuIIYzSD6M2TFHvLtFYhyD1H%2BEQT7iaw92ECa7GwaqSDY0dNeGMXdqBeusqjTXvW6vrvaC7rxapu7HdsOfK%2FnBAuDhJhBxDNIPgY1KyiMhUJYKGILRWYhYUfNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrvMEaejRHJMSJ9A5n%2B8HPWDng7jLwJxUCMoYvvYa5XMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4zaVxT3WHSFKFz0t2T3q6mKu9P6G2V93lKQPUYmlWT7Jg8UntpvbvvYMCPmk7gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsKsgBoL22JOuo%2F%2FiqzOd1AhpHswcg%2BROANaOKBlBXq9wna6m4t0q9CylahQgKkKWd5AvmVN5DF5YpHmmcY74NHBufunXsymv5xCpCtkusL7Yp%2BgL29Nr6iS7FxRpSHfbma5SMQ2rZO%2BmtOc%2F%2B%2FL1%2FhWqTS7eMGMv3gpqoF63H2Tm3yDpkykfUO%2BOi8Y43pd6YiT7y6at3h4uTDXzxc6LbKNyy%2BvX0wyzY0RKp2BisPNPxGJOWk889jiCT%2F84%2B8QegZdVEiKA3JSEGoPUXYDJluqN4pAyyUnzFZQFtVUu%2BHypxQEki93GlYw%2F9rD5TzVtD5NRTUxt9DXDdD8JtKkwlBXGMoKVI5hilPTPNMH5374tK7PEMrGNJS6sRNKLT%2BpTb62cLr%2BvDEnT%2F7swYijZtBu29TvdZwgoDwIPbcb%2Bw6j1PV81%2FdpG7mZx0%2F9%2F4O%2FAAAA%2F%2F8BAAD%2F%2F3aJ636mBAAA HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe2d6c6524a71aa4b9222aad5153495f
Strict-Transport-Security: max-age=0; includeSubdomains

decidedlyenjoyableannihilation.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1

172.240.253.132

200 OK

8.3 kB

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type
JSON text data
Size
8.3 kB (8288 bytes)
Hash
c18fe4e6d6a65532ec56f0eff09ff295
cbb35077c159c247f3af4f3255aafa6357ac6f46
bf466f1f04eedb2e9525e0f7071bb800d4d590ca608a9de14b60727d713d3e53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725757; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Thu, 25 Apr 2024 11:52:28 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f6fda46bf913c64ba0f2613d86f2c875
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuZivPgjeBFkDAoK7mx3T0%2F3jEGCMa4E12xMDP64SHVX9aSc6q6mqnt6dvEQDUiOc%2FCip543m8Qfi%2BgfYJDZhSCL4s5FFnT%2FA09C8Cg9Lo5%2Bh%2F6%2Br98rePVefTIpjoiLgh5eeENtCSnpaqdlN597x3HONtdFWoyao67%2Fvu%2Bdberhiz2%2FZT%2FffI1HA7Xq2o5tO7bTXBOax2q0WoMQ2U7PafXslue2nI6Hkf7%2FbgoLhlpgwyPyGASbN%2Fas0xDRDGny7QVuBrnKXng1KSTNlcaQ3b2WDlJVpkiWY6wtxOndYzaUOVi7B5XeXsiFGv5LDMWcWPfvIUzvHotEONxe6AwleIqQPYxyOAOXMwg6Q6RuQrADAkQMlzaQJncuKV3SzX9QWqNz0njwJ0Q5J43fTyNNvjkvxah5VckiFyo1GMUVxGgG0Z8hK3aRb52AKHcR5R9DsJ%2FJ6oN1pMn2hpEKgh0%2B44VR3I164QqLOu0Vr%2Bu7K72gG6%2B0udux7cD3ek6wMEiIGUQ8g%2BRjUHMChbFQCAtFbKHILCTssBk5jhPYLKJ2txdFbRbw0Ge2Q4PYoY7td1FE9R3GyLMxIjlGpG8g0x99wdoBb4eRN6EYiDF08QPM9QqGWTA5wZBVKDlBaQhKSlAKgjInKIfVbSaNa6o7TJoidI67e9zb1VTl%2FQm9rfI%2BTwmoHkOzapIdkUdrL6339hwM%2BGHTCVzW87u263U6nTbv2h2X0jjkTsh8jzptGFFBmBOgxsKWmJPuE78hq%2FMdVAjpLozcRSTOgBYOaFmBXq%2Bwle7kIt0stGwlKhRgqkKWN5BvWhN5RJ5cpHmm8SZ4tH%2Fu%2FqmXsumvpxDpCpmu8IHYI%2BjLW9MrqiTbV1RpyHcbWS4SsUXrpK%2FmNOcnv3qdb5ZKs4sXzPjLl6MaqMedt7jJ12nKRNo35OvzgjGu15SOOPn%2Bonmbh5cLc%2F18odMiW7%2F8ytrFJNPcGKHSGag42PgLkZiTxrOPL57wIz%2F9AaFn0EWFpNgnxwWhdhFlN2CypXqjCLRccsLsJMqimmo3XP6UgkDy5U7DCuY%2Fe7icp5rWp6moJuYW%2BroBmt9EmlQY6gpDWYHKMUxxappnev%2Fcj5%2FV9TlC2ZiGUje2Q6nlp7XJ1%2BrPuwu75%2BSpXzwYcdgM2m2b%2Br2OEwSUB6HndmPfYZS6nu%2F6Pm0jN%2FP46Yc%2B%2FBsAAP%2F%2FAQAA%2F%2F8pSXG1pgQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuZivPgjeBFkDAoK7mx3T0%2F3jEGCMa4E12xMDP64SHVX9aSc6q6mqnt6dvEQDUiOc%2FCip543m8Qfi%2BgfYJDZhSCL4s5FFnT%2FA09C8Cg9Lo5%2Bh%2F6%2Br98rePVefTIpjoiLgh5eeENtCSnpaqdlN597x3HONtdFWoyao67%2Fvu%2Bdberhiz2%2FZT%2FffI1HA7Xq2o5tO7bTXBOax2q0WoMQ2U7PafXslue2nI6Hkf7%2FbgoLhlpgwyPyGASbN%2Fas0xDRDGny7QVuBrnKXng1KSTNlcaQ3b2WDlJVpkiWY6wtxOndYzaUOVi7B5XeXsiFGv5LDMWcWPfvIUzvHotEONxe6AwleIqQPYxyOAOXMwg6Q6RuQrADAkQMlzaQJncuKV3SzX9QWqNz0njwJ0Q5J43fTyNNvjkvxah5VckiFyo1GMUVxGgG0Z8hK3aRb52AKHcR5R9DsJ%2FJ6oN1pMn2hpEKgh0%2B44VR3I164QqLOu0Vr%2Bu7K72gG6%2B0udux7cD3ek6wMEiIGUQ8g%2BRjUHMChbFQCAtFbKHILCTssBk5jhPYLKJ2txdFbRbw0Ge2Q4PYoY7td1FE9R3GyLMxIjlGpG8g0x99wdoBb4eRN6EYiDF08QPM9QqGWTA5wZBVKDlBaQhKSlAKgjInKIfVbSaNa6o7TJoidI67e9zb1VTl%2FQm9rfI%2BTwmoHkOzapIdkUdrL6339hwM%2BGHTCVzW87u263U6nTbv2h2X0jjkTsh8jzptGFFBmBOgxsKWmJPuE78hq%2FMdVAjpLozcRSTOgBYOaFmBXq%2Bwle7kIt0stGwlKhRgqkKWN5BvWhN5RJ5cpHmm8SZ4tH%2Fu%2FqmXsumvpxDpCpmu8IHYI%2BjLW9MrqiTbV1RpyHcbWS4SsUXrpK%2FmNOcnv3qdb5ZKs4sXzPjLl6MaqMedt7jJ12nKRNo35OvzgjGu15SOOPn%2Bonmbh5cLc%2F18odMiW7%2F8ytrFJNPcGKHSGag42PgLkZiTxrOPL57wIz%2F9AaFn0EWFpNgnxwWhdhFlN2CypXqjCLRccsLsJMqimmo3XP6UgkDy5U7DCuY%2Fe7icp5rWp6moJuYW%2BroBmt9EmlQY6gpDWYHKMUxxappnev%2Fcj5%2FV9TlC2ZiGUje2Q6nlp7XJ1%2BrPuwu75%2BSpXzwYcdgM2m2b%2Br2OEwSUB6HndmPfYZS6nu%2F6Pm0jN%2FP46Yc%2B%2FBsAAP%2F%2FAQAA%2F%2F8pSXG1pgQAAA%3D%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuZivPgjeBFkDAoK7mx3T0%2F3jEGCMa4E12xMDP64SHVX9aSc6q6mqnt6dvEQDUiOc%2FCip543m8Qfi%2BgfYJDZhSCL4s5FFnT%2FA09C8Cg9Lo5%2Bh%2F6%2Br98rePVefTIpjoiLgh5eeENtCSnpaqdlN597x3HONtdFWoyao67%2Fvu%2Bdberhiz2%2FZT%2FffI1HA7Xq2o5tO7bTXBOax2q0WoMQ2U7PafXslue2nI6Hkf7%2FbgoLhlpgwyPyGASbN%2Fas0xDRDGny7QVuBrnKXng1KSTNlcaQ3b2WDlJVpkiWY6wtxOndYzaUOVi7B5XeXsiFGv5LDMWcWPfvIUzvHotEONxe6AwleIqQPYxyOAOXMwg6Q6RuQrADAkQMlzaQJncuKV3SzX9QWqNz0njwJ0Q5J43fTyNNvjkvxah5VckiFyo1GMUVxGgG0Z8hK3aRb52AKHcR5R9DsJ%2FJ6oN1pMn2hpEKgh0%2B44VR3I164QqLOu0Vr%2Bu7K72gG6%2B0udux7cD3ek6wMEiIGUQ8g%2BRjUHMChbFQCAtFbKHILCTssBk5jhPYLKJ2txdFbRbw0Ge2Q4PYoY7td1FE9R3GyLMxIjlGpG8g0x99wdoBb4eRN6EYiDF08QPM9QqGWTA5wZBVKDlBaQhKSlAKgjInKIfVbSaNa6o7TJoidI67e9zb1VTl%2FQm9rfI%2BTwmoHkOzapIdkUdrL6339hwM%2BGHTCVzW87u263U6nTbv2h2X0jjkTsh8jzptGFFBmBOgxsKWmJPuE78hq%2FMdVAjpLozcRSTOgBYOaFmBXq%2Bwle7kIt0stGwlKhRgqkKWN5BvWhN5RJ5cpHmm8SZ4tH%2Fu%2FqmXsumvpxDpCpmu8IHYI%2BjLW9MrqiTbV1RpyHcbWS4SsUXrpK%2FmNOcnv3qdb5ZKs4sXzPjLl6MaqMedt7jJ12nKRNo35OvzgjGu15SOOPn%2Bonmbh5cLc%2F18odMiW7%2F8ytrFJNPcGKHSGag42PgLkZiTxrOPL57wIz%2F9AaFn0EWFpNgnxwWhdhFlN2CypXqjCLRccsLsJMqimmo3XP6UgkDy5U7DCuY%2Fe7icp5rWp6moJuYW%2BroBmt9EmlQY6gpDWYHKMUxxappnev%2Fcj5%2FV9TlC2ZiGUje2Q6nlp7XJ1%2BrPuwu75%2BSpXzwYcdgM2m2b%2Br2OEwSUB6HndmPfYZS6nu%2F6Pm0jN%2FP46Yc%2B%2FBsAAP%2F%2FAQAA%2F%2F8pSXG1pgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7357598ccefd3559f4f4cc33ad497917
Strict-Transport-Security: max-age=0; includeSubdomains

faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2e6bnyyDBGFeCazYmBj8uUl89Kae6q6nqnp5dPEQDkuMcvOip55lN4kcQ%2FQMMMrsQZEHcuciC7j8hBI%2FSm8XR9%2FB%2B1PMWPPU89dk0PyRN5PTg%2FFtmS2lNV9sNv%2F78e0Fwpr6uknxcH%2Fc6H3bCM3U7ernfafgv1N%2BQfGhWm37g%2B4Ef1NeUlZEZr1YgVHq3HzT6fiNsNoJ2iLH97%2BxyD456EKND8jiUWNR2vVNQfI4k%2Fv68dMPMpC%2B9HueaZsZiJO5cTYaJKRLEyzayHqLkzvE2jNtfuweT3DqiCzP6Z5GpBfHu3wNL7hyTBBttH%2FFkGjIBE4%2BgGM0h9RyKzsHNDSixTwAucHEDSXz7orEF3XyI0gpdkNqDP6GKBan9cQpJ%2FN05rcb1K0bnmTKJwzgqocZzqMEcab6DbOsEVLEDnn0KJX4hqw%2FWkcTbG04bKHHwbMh41ON9tiJ4u7US9jrNlX63F620ZLPt%2B91O2A%2B6RwIpNYeK5tByAupOIHcecuUhjzzkqYdYHNR5EARdX3Dq9%2Fqct0RXso7wA9qNAhr4nR5yXr1hgiydgOsJuL2O1H7ylWh1ZYvxcEoxVBPY%2FCe4ayWc8OAygpEoUUiCwhEUlKBQBEVGUIzKW0K7pitvC%2B1yFhzX5nFtlTOTDab0lskGMiGgdgIryml6SB6rtPQ%2B2A0wlAf1oNsU%2FU7Pb4btdrsle367SWnEZMBEJ6RBC06VUO4EqPOwpRak9%2BTvSCt%2FhyUY3YHTO%2BDqNGgegBYl6LUSW8ndTCWbudWN2DAFYUqkWQ3ZpjfVh%2BSpIzef%2FjWE5Htn7598JZ39dhLclkhtiY%2FULsFA35xdNgXZvmwKR37YSDMVqy1aOX0lo5n83zdvys3CWHHhvJt8%2FSqvgKq9%2B4502TpNhEoGjnx7Tgkh7ZqxXJIfL7h3JbuUu2vncpvk6fql19YuxKmVzimTzEHV%2FsZf4GpBas89cfSFH91%2FEcrOYfMScb5HjgPK7ICn1%2BHSJXtnCKxe7rC0hiIvZ7bJlodaEWi5nCkr4f41s2U%2Fs7S6TVU5dTcxsDXQ7AaSuMTIlhjpElRP4PKTsyy1e2d%2F%2FqKKL8F0bca0rW0zbfXnC3K6drVK71fp7YeaO3VQb%2Fmiy2Qku0yG7TCSXLB2m%2Fk84qwlej2OzC2iZ%2F7%2F8d8AAAD%2F%2FwEAAP%2F%2FASVJ5aYEAAA%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2e6bnyyDBGFeCazYmBj8uUl89Kae6q6nqnp5dPEQDkuMcvOip55lN4kcQ%2FQMMMrsQZEHcuciC7j8hBI%2FSm8XR9%2FB%2B1PMWPPU89dk0PyRN5PTg%2FFtmS2lNV9sNv%2F78e0Fwpr6uknxcH%2Fc6H3bCM3U7ernfafgv1N%2BQfGhWm37g%2B4Ef1NeUlZEZr1YgVHq3HzT6fiNsNoJ2iLH97%2BxyD456EKND8jiUWNR2vVNQfI4k%2Fv68dMPMpC%2B9HueaZsZiJO5cTYaJKRLEyzayHqLkzvE2jNtfuweT3DqiCzP6Z5GpBfHu3wNL7hyTBBttH%2FFkGjIBE4%2BgGM0h9RyKzsHNDSixTwAucHEDSXz7orEF3XyI0gpdkNqDP6GKBan9cQpJ%2FN05rcb1K0bnmTKJwzgqocZzqMEcab6DbOsEVLEDnn0KJX4hqw%2FWkcTbG04bKHHwbMh41ON9tiJ4u7US9jrNlX63F620ZLPt%2B91O2A%2B6RwIpNYeK5tByAupOIHcecuUhjzzkqYdYHNR5EARdX3Dq9%2Fqct0RXso7wA9qNAhr4nR5yXr1hgiydgOsJuL2O1H7ylWh1ZYvxcEoxVBPY%2FCe4ayWc8OAygpEoUUiCwhEUlKBQBEVGUIzKW0K7pitvC%2B1yFhzX5nFtlTOTDab0lskGMiGgdgIryml6SB6rtPQ%2B2A0wlAf1oNsU%2FU7Pb4btdrsle367SWnEZMBEJ6RBC06VUO4EqPOwpRak9%2BTvSCt%2FhyUY3YHTO%2BDqNGgegBYl6LUSW8ndTCWbudWN2DAFYUqkWQ3ZpjfVh%2BSpIzef%2FjWE5Htn7598JZ39dhLclkhtiY%2FULsFA35xdNgXZvmwKR37YSDMVqy1aOX0lo5n83zdvys3CWHHhvJt8%2FSqvgKq9%2B4502TpNhEoGjnx7Tgkh7ZqxXJIfL7h3JbuUu2vncpvk6fql19YuxKmVzimTzEHV%2FsZf4GpBas89cfSFH91%2FEcrOYfMScb5HjgPK7ICn1%2BHSJXtnCKxe7rC0hiIvZ7bJlodaEWi5nCkr4f41s2U%2Fs7S6TVU5dTcxsDXQ7AaSuMTIlhjpElRP4PKTsyy1e2d%2F%2FqKKL8F0bca0rW0zbfXnC3K6drVK71fp7YeaO3VQb%2Fmiy2Qku0yG7TCSXLB2m%2Fk84qwlej2OzC2iZ%2F7%2F8d8AAAD%2F%2FwEAAP%2F%2FASVJ5aYEAAA%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2e6bnyyDBGFeCazYmBj8uUl89Kae6q6nqnp5dPEQDkuMcvOip55lN4kcQ%2FQMMMrsQZEHcuciC7j8hBI%2FSm8XR9%2FB%2B1PMWPPU89dk0PyRN5PTg%2FFtmS2lNV9sNv%2F78e0Fwpr6uknxcH%2Fc6H3bCM3U7ernfafgv1N%2BQfGhWm37g%2B4Ef1NeUlZEZr1YgVHq3HzT6fiNsNoJ2iLH97%2BxyD456EKND8jiUWNR2vVNQfI4k%2Fv68dMPMpC%2B9HueaZsZiJO5cTYaJKRLEyzayHqLkzvE2jNtfuweT3DqiCzP6Z5GpBfHu3wNL7hyTBBttH%2FFkGjIBE4%2BgGM0h9RyKzsHNDSixTwAucHEDSXz7orEF3XyI0gpdkNqDP6GKBan9cQpJ%2FN05rcb1K0bnmTKJwzgqocZzqMEcab6DbOsEVLEDnn0KJX4hqw%2FWkcTbG04bKHHwbMh41ON9tiJ4u7US9jrNlX63F620ZLPt%2B91O2A%2B6RwIpNYeK5tByAupOIHcecuUhjzzkqYdYHNR5EARdX3Dq9%2Fqct0RXso7wA9qNAhr4nR5yXr1hgiydgOsJuL2O1H7ylWh1ZYvxcEoxVBPY%2FCe4ayWc8OAygpEoUUiCwhEUlKBQBEVGUIzKW0K7pitvC%2B1yFhzX5nFtlTOTDab0lskGMiGgdgIryml6SB6rtPQ%2B2A0wlAf1oNsU%2FU7Pb4btdrsle367SWnEZMBEJ6RBC06VUO4EqPOwpRak9%2BTvSCt%2FhyUY3YHTO%2BDqNGgegBYl6LUSW8ndTCWbudWN2DAFYUqkWQ3ZpjfVh%2BSpIzef%2FjWE5Htn7598JZ39dhLclkhtiY%2FULsFA35xdNgXZvmwKR37YSDMVqy1aOX0lo5n83zdvys3CWHHhvJt8%2FSqvgKq9%2B4502TpNhEoGjnx7Tgkh7ZqxXJIfL7h3JbuUu2vncpvk6fql19YuxKmVzimTzEHV%2FsZf4GpBas89cfSFH91%2FEcrOYfMScb5HjgPK7ICn1%2BHSJXtnCKxe7rC0hiIvZ7bJlodaEWi5nCkr4f41s2U%2Fs7S6TVU5dTcxsDXQ7AaSuMTIlhjpElRP4PKTsyy1e2d%2F%2FqKKL8F0bca0rW0zbfXnC3K6drVK71fp7YeaO3VQb%2Fmiy2Qku0yG7TCSXLB2m%2Fk84qwlej2OzC2iZ%2F7%2F8d8AAAD%2F%2FwEAAP%2F%2FASVJ5aYEAAA%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88f9625f5fe1278a145ade64765d7a5d
Strict-Transport-Security: max-age=0; includeSubdomains

decidedlyenjoyableannihilation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1FBEFZvCzCKB5WMJPunpmeafewGGMkGDdxd0XxItVV3ZNyqruaqu7pSVAMLsgeB39B55tkgxpk9yq4yCTgISDseApoLv4DhT1Lj4Oj71Dve%2FW9gu%2B9r746yC%2BJi5xerL2n9oSUdKXdsOvXP3KcG%2FVNkeTD%2BrDrfeK1btT14A3fa9iv1d8JWV%2BtuLZj247t1NeFDiM1XKlIiPTEdxq%2B3Wi5DafdwlD%2Fvza5BUMt8MEleQGCT5fOrKsQbIIkfrgWmn6m0tffjnNJM6Ux4McfJP1EFQniBYy0hSg5nndDmSfrj6GSo5lcqMG%2FjYGYEuvnxwiS47lIBIPDmc5AIkwQ8GdRDCYI5QSCTsDUPQj%2BhACM49YWkvjBLaULuvsPSyt2Spae%2FgVRTMnS71eRxN%2BvSjGs31Eyz4RKDIZRCTGcQPQmSPNTZHs1iOIULPsSgv9CVp5uIokPt4xUEPzi1VbAoi7zg2XO2s3lVtdzl%2F1ON1puhm7btjtey3c6swUJMYGIJpDhCNTUkBsLubCQRxby1ELML%2BrMcZyOzRm1uz5jTd4JA4%2FbDu1EDnVsr4ucVTOMkKUjMDkC0%2FtI9T76YgSd%2FwSzU8LwGkw2Jdb7X2DASxQhQWEICkpQCIIiIygG5RGXxjXlAy5NHjjz7M5zsxyrrHdAj1TWCxMCqkfQvDxIL8nz1RKtj88%2BRz%2B8qDebLPRD32dOEFUocHmrS32nzYO257YYjCghTA3UWNgTU9J98TeklbH9EgE9hZGnYOIV0Pwl0KIE3Smxl5xkItnNtWzEKhDgqkSaLSHbtQ7kJbk2s3Fj6xFCdn7zj%2BYswHSJVJf4VJwR9OT98W1VkMPbqjDk0VaaiVjs0criOxnNwivfvhvuFkrzjTUz%2BuZNVhEVPLkbmmyTJlwkPUO%2BWxWch3pdaRaSHzfMh2GwnZud1Vwnebq5%2Fdb6Rpzq0BihkgloNdSfGkxMyXPX7s5%2B7%2FUftiH0BDovEefnZB4QagKW7sOkC%2F1GEWi56AlSC0VejrUbLC6lIJDhoqZBCfOfOljgsabVayrKA3MfPV0Dze4hiUsMdImBLEHlCCa%2FMs5SfX7z17mMQNbGgdS1w0Bq%2BfVszdXxEEZc1DvNpk09v%2B10OjTsBC23G3kOp9Rtea7n0SYyM41efuazvwEAAP%2F%2FAQAA%2F%2F9nwCjYlwQAAA%3D%3D

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1FBEFZvCzCKB5WMJPunpmeafewGGMkGDdxd0XxItVV3ZNyqruaqu7pSVAMLsgeB39B55tkgxpk9yq4yCTgISDseApoLv4DhT1Lj4Oj71Dve%2FW9gu%2B9r746yC%2BJi5xerL2n9oSUdKXdsOvXP3KcG%2FVNkeTD%2BrDrfeK1btT14A3fa9iv1d8JWV%2BtuLZj247t1NeFDiM1XKlIiPTEdxq%2B3Wi5DafdwlD%2Fvza5BUMt8MEleQGCT5fOrKsQbIIkfrgWmn6m0tffjnNJM6Ux4McfJP1EFQniBYy0hSg5nndDmSfrj6GSo5lcqMG%2FjYGYEuvnxwiS47lIBIPDmc5AIkwQ8GdRDCYI5QSCTsDUPQj%2BhACM49YWkvjBLaULuvsPSyt2Spae%2FgVRTMnS71eRxN%2BvSjGs31Eyz4RKDIZRCTGcQPQmSPNTZHs1iOIULPsSgv9CVp5uIokPt4xUEPzi1VbAoi7zg2XO2s3lVtdzl%2F1ON1puhm7btjtey3c6swUJMYGIJpDhCNTUkBsLubCQRxby1ELML%2BrMcZyOzRm1uz5jTd4JA4%2FbDu1EDnVsr4ucVTOMkKUjMDkC0%2FtI9T76YgSd%2FwSzU8LwGkw2Jdb7X2DASxQhQWEICkpQCIIiIygG5RGXxjXlAy5NHjjz7M5zsxyrrHdAj1TWCxMCqkfQvDxIL8nz1RKtj88%2BRz%2B8qDebLPRD32dOEFUocHmrS32nzYO257YYjCghTA3UWNgTU9J98TeklbH9EgE9hZGnYOIV0Pwl0KIE3Smxl5xkItnNtWzEKhDgqkSaLSHbtQ7kJbk2s3Fj6xFCdn7zj%2BYswHSJVJf4VJwR9OT98W1VkMPbqjDk0VaaiVjs0criOxnNwivfvhvuFkrzjTUz%2BuZNVhEVPLkbmmyTJlwkPUO%2BWxWch3pdaRaSHzfMh2GwnZud1Vwnebq5%2Fdb6Rpzq0BihkgloNdSfGkxMyXPX7s5%2B7%2FUftiH0BDovEefnZB4QagKW7sOkC%2F1GEWi56AlSC0VejrUbLC6lIJDhoqZBCfOfOljgsabVayrKA3MfPV0Dze4hiUsMdImBLEHlCCa%2FMs5SfX7z17mMQNbGgdS1w0Bq%2BfVszdXxEEZc1DvNpk09v%2B10OjTsBC23G3kOp9Rtea7n0SYyM41efuazvwEAAP%2F%2FAQAA%2F%2F9nwCjYlwQAAA%3D%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1FBEFZvCzCKB5WMJPunpmeafewGGMkGDdxd0XxItVV3ZNyqruaqu7pSVAMLsgeB39B55tkgxpk9yq4yCTgISDseApoLv4DhT1Lj4Oj71Dve%2FW9gu%2B9r746yC%2BJi5xerL2n9oSUdKXdsOvXP3KcG%2FVNkeTD%2BrDrfeK1btT14A3fa9iv1d8JWV%2BtuLZj247t1NeFDiM1XKlIiPTEdxq%2B3Wi5DafdwlD%2Fvza5BUMt8MEleQGCT5fOrKsQbIIkfrgWmn6m0tffjnNJM6Ux4McfJP1EFQniBYy0hSg5nndDmSfrj6GSo5lcqMG%2FjYGYEuvnxwiS47lIBIPDmc5AIkwQ8GdRDCYI5QSCTsDUPQj%2BhACM49YWkvjBLaULuvsPSyt2Spae%2FgVRTMnS71eRxN%2BvSjGs31Eyz4RKDIZRCTGcQPQmSPNTZHs1iOIULPsSgv9CVp5uIokPt4xUEPzi1VbAoi7zg2XO2s3lVtdzl%2F1ON1puhm7btjtey3c6swUJMYGIJpDhCNTUkBsLubCQRxby1ELML%2BrMcZyOzRm1uz5jTd4JA4%2FbDu1EDnVsr4ucVTOMkKUjMDkC0%2FtI9T76YgSd%2FwSzU8LwGkw2Jdb7X2DASxQhQWEICkpQCIIiIygG5RGXxjXlAy5NHjjz7M5zsxyrrHdAj1TWCxMCqkfQvDxIL8nz1RKtj88%2BRz%2B8qDebLPRD32dOEFUocHmrS32nzYO257YYjCghTA3UWNgTU9J98TeklbH9EgE9hZGnYOIV0Pwl0KIE3Smxl5xkItnNtWzEKhDgqkSaLSHbtQ7kJbk2s3Fj6xFCdn7zj%2BYswHSJVJf4VJwR9OT98W1VkMPbqjDk0VaaiVjs0criOxnNwivfvhvuFkrzjTUz%2BuZNVhEVPLkbmmyTJlwkPUO%2BWxWch3pdaRaSHzfMh2GwnZud1Vwnebq5%2Fdb6Rpzq0BihkgloNdSfGkxMyXPX7s5%2B7%2FUftiH0BDovEefnZB4QagKW7sOkC%2F1GEWi56AlSC0VejrUbLC6lIJDhoqZBCfOfOljgsabVayrKA3MfPV0Dze4hiUsMdImBLEHlCCa%2FMs5SfX7z17mMQNbGgdS1w0Bq%2BfVszdXxEEZc1DvNpk09v%2B10OjTsBC23G3kOp9Rtea7n0SYyM41efuazvwEAAP%2F%2FAQAA%2F%2F9nwCjYlwQAAA%3D%3D HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5874ff81b71fba7367b53a55744495d5
Strict-Transport-Security: max-age=0; includeSubdomains

decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=89

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=89
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=89 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2u6ene8YgwRhXgms2JgY%2FLlLdVT1bTnVXU9U9Pbt4iAYkxzl40VPPM7tZPxbRP8AgswtBFsSdiyzo%2FhNC8Ci9WRx9D%2B9HPW%2FBU89Tn02KY%2BKioEeX31KbQkq63GnZzeffc5wLzVWRFqPmqOt%2F6HsXmnr4cs9v2S803%2BDRQC27tmPbju00V4TmsRot1yBEtttzWj275bktp%2BNhpP87m8KCoRbY8Jg8DsHmjX3rHEQ0Q5p8f5mbQa6yl15PCklzpTFkOzfTQarKFMmijbWFON053YYyhyv3oNLtE7pQw38WQzEn1v17CNOdU5IIh1snPEMJniJkj6AczsDlDILOEKnbEOyQABHD1TWkyd2rSpd04yFKa3ROGg%2F%2BhCjnpPHHOaTJd5ekGDVvKFnkQqUGo7iCGM0g%2BjNkxR7yzTMQ5R6i%2FFMI9gtZfrCKNNlaM1JBsKNnvTCKu1EvXGJRp73kdX13qRd046U2dzu2HfhezwlOBBJiBhHPIPkY1JxBYSwUwkIRWygyCwk7akaO4wQ2i6jd7UVRmwU89Jnt0CB2qGP7XRRR%2FYYx8myMSI4R6VvI9CdfsXbA22HkTSgGYgxd%2FASzXsEwCyYnGLIKJScoDUFJCUpBUOYE5bDaZtK4prrLpClC57S6p7VdTVXen9Btlfd5SkD1GJpVk%2ByYPFZraX2w72DAj5pO4LKe37Vdr9PptHnX7riUxiF3QuZ71GnDiArCnAE1FjbFnHSf%2FB1Z7e%2BgQkj3YOQeInEetHBAywp0vcJmupuLdKPQspWoUICpClneQL5hTeQxeerEzad%2F9cCjg4v3z76STX87i0hXyHSFj8Q%2BQV%2FemV5XJdm6rkpDfljLcpGITVo7fSOnOf%2FfN2%2FyjVJpduWyGX%2F9alQDdbv7Djf5Kk2ZSPuGfHtJMMb1itIRJz9eMe%2Fy8Fph1i8VOi2y1WuvrVxJMs2NESqdgYrDtb8QiTlpPPfEyRd%2B9PBFCD2DLiokxQE5DQi1hyi7BZMt2BtFoOViJ8waKItqqt1wcSgFgeSLmYYVzL%2FmcNFPNa1vU1FNzB30dQM0v400qTDUFYayApVjmOLsNM%2F0wcWfv6jjS4SyMQ2lbmyFUsvP5%2BR842ad3q%2FT2w81N%2BKoGbTbNvV7HScIKA9Cz%2B3GvsModT3f9X3aRm7m8TP%2F%2F%2FhvAAAA%2F%2F8BAAD%2F%2F4HxnA2mBAAA

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2u6ene8YgwRhXgms2JgY%2FLlLdVT1bTnVXU9U9Pbt4iAYkxzl40VPPM7tZPxbRP8AgswtBFsSdiyzo%2FhNC8Ci9WRx9D%2B9HPW%2FBU89Tn02KY%2BKioEeX31KbQkq63GnZzeffc5wLzVWRFqPmqOt%2F6HsXmnr4cs9v2S803%2BDRQC27tmPbju00V4TmsRot1yBEtttzWj275bktp%2BNhpP87m8KCoRbY8Jg8DsHmjX3rHEQ0Q5p8f5mbQa6yl15PCklzpTFkOzfTQarKFMmijbWFON053YYyhyv3oNLtE7pQw38WQzEn1v17CNOdU5IIh1snPEMJniJkj6AczsDlDILOEKnbEOyQABHD1TWkyd2rSpd04yFKa3ROGg%2F%2BhCjnpPHHOaTJd5ekGDVvKFnkQqUGo7iCGM0g%2BjNkxR7yzTMQ5R6i%2FFMI9gtZfrCKNNlaM1JBsKNnvTCKu1EvXGJRp73kdX13qRd046U2dzu2HfhezwlOBBJiBhHPIPkY1JxBYSwUwkIRWygyCwk7akaO4wQ2i6jd7UVRmwU89Jnt0CB2qGP7XRRR%2FYYx8myMSI4R6VvI9CdfsXbA22HkTSgGYgxd%2FASzXsEwCyYnGLIKJScoDUFJCUpBUOYE5bDaZtK4prrLpClC57S6p7VdTVXen9Btlfd5SkD1GJpVk%2ByYPFZraX2w72DAj5pO4LKe37Vdr9PptHnX7riUxiF3QuZ71GnDiArCnAE1FjbFnHSf%2FB1Z7e%2BgQkj3YOQeInEetHBAywp0vcJmupuLdKPQspWoUICpClneQL5hTeQxeerEzad%2F9cCjg4v3z76STX87i0hXyHSFj8Q%2BQV%2FemV5XJdm6rkpDfljLcpGITVo7fSOnOf%2FfN2%2FyjVJpduWyGX%2F9alQDdbv7Djf5Kk2ZSPuGfHtJMMb1itIRJz9eMe%2Fy8Fph1i8VOi2y1WuvrVxJMs2NESqdgYrDtb8QiTlpPPfEyRd%2B9PBFCD2DLiokxQE5DQi1hyi7BZMt2BtFoOViJ8waKItqqt1wcSgFgeSLmYYVzL%2FmcNFPNa1vU1FNzB30dQM0v400qTDUFYayApVjmOLsNM%2F0wcWfv6jjS4SyMQ2lbmyFUsvP5%2BR842ad3q%2FT2w81N%2BKoGbTbNvV7HScIKA9Cz%2B3GvsModT3f9X3aRm7m8TP%2F%2F%2FhvAAAA%2F%2F8BAAD%2F%2F4HxnA2mBAAA
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2u6ene8YgwRhXgms2JgY%2FLlLdVT1bTnVXU9U9Pbt4iAYkxzl40VPPM7tZPxbRP8AgswtBFsSdiyzo%2FhNC8Ci9WRx9D%2B9HPW%2FBU89Tn02KY%2BKioEeX31KbQkq63GnZzeffc5wLzVWRFqPmqOt%2F6HsXmnr4cs9v2S803%2BDRQC27tmPbju00V4TmsRot1yBEtttzWj275bktp%2BNhpP87m8KCoRbY8Jg8DsHmjX3rHEQ0Q5p8f5mbQa6yl15PCklzpTFkOzfTQarKFMmijbWFON053YYyhyv3oNLtE7pQw38WQzEn1v17CNOdU5IIh1snPEMJniJkj6AczsDlDILOEKnbEOyQABHD1TWkyd2rSpd04yFKa3ROGg%2F%2BhCjnpPHHOaTJd5ekGDVvKFnkQqUGo7iCGM0g%2BjNkxR7yzTMQ5R6i%2FFMI9gtZfrCKNNlaM1JBsKNnvTCKu1EvXGJRp73kdX13qRd046U2dzu2HfhezwlOBBJiBhHPIPkY1JxBYSwUwkIRWygyCwk7akaO4wQ2i6jd7UVRmwU89Jnt0CB2qGP7XRRR%2FYYx8myMSI4R6VvI9CdfsXbA22HkTSgGYgxd%2FASzXsEwCyYnGLIKJScoDUFJCUpBUOYE5bDaZtK4prrLpClC57S6p7VdTVXen9Btlfd5SkD1GJpVk%2ByYPFZraX2w72DAj5pO4LKe37Vdr9PptHnX7riUxiF3QuZ71GnDiArCnAE1FjbFnHSf%2FB1Z7e%2BgQkj3YOQeInEetHBAywp0vcJmupuLdKPQspWoUICpClneQL5hTeQxeerEzad%2F9cCjg4v3z76STX87i0hXyHSFj8Q%2BQV%2FemV5XJdm6rkpDfljLcpGITVo7fSOnOf%2FfN2%2FyjVJpduWyGX%2F9alQDdbv7Djf5Kk2ZSPuGfHtJMMb1itIRJz9eMe%2Fy8Fph1i8VOi2y1WuvrVxJMs2NESqdgYrDtb8QiTlpPPfEyRd%2B9PBFCD2DLiokxQE5DQi1hyi7BZMt2BtFoOViJ8waKItqqt1wcSgFgeSLmYYVzL%2FmcNFPNa1vU1FNzB30dQM0v400qTDUFYayApVjmOLsNM%2F0wcWfv6jjS4SyMQ2lbmyFUsvP5%2BR842ad3q%2FT2w81N%2BKoGbTbNvV7HScIKA9Cz%2B3GvsModT3f9X3aRm7m8TP%2F%2F%2FhvAAAA%2F%2F8BAAD%2F%2F4HxnA2mBAAA HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8af6f162809546fb54f598e8f858b6f
Strict-Transport-Security: max-age=0; includeSubdomains

faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5u90zPl0GCMW4IrtmYGPy4SH31pJzqrqaqe3p29BANSI5z8KKnnmc2iR8h6B9gkNlAkEUxc5EFXfAf8CIEj9Lj4up7eD%2FqeQueep76eJrvkwZyunf6NTNWWtO11qpff%2FatIDhR31BJPqqPuu132%2BGJuh2%2B0Guv%2Bs%2FVz0g%2BMGsNP%2FD9wA%2Fq68rKyIzWKhAqvdULVnv%2BathYDVohRva%2Fs8s9OOpBDPfJo1BiUbvrHYPicyTx16elG2Qmff6VONc0MxZDcfNSMkhMkSA%2BbCPrIUpuHmzDuPvrd2CS60u6MMN%2FFplaEO%2FeHbDk5gFJsOH2kifTkAmYeAjFcA6p51B0Dm6uQon7BOAC5zaRxDfOGVvQrb9RWqELUnvwB1SxILVfjyGJb5%2FSalS%2FaHSeKZM4jKISajSH6s%2BR5jvIxkegih3w7CMo8SNZe7CBJN7edNpAib2nQ8ajLu%2BxFcFbzZWw226s9DrdaKUpGy3f77TDXtBZCqTUHCqaQ8sJqDuC3HnIlYc88pCnHmKxV%2BdBEHR8wanf7XHeFB3J2sIPaCcKaOC3u8h59YYJsnQCrifg9gpS%2B%2BHnotmRTcbDKcVATWDz7%2BAul3DCg8sIhqJEIQkKR1BQgkIRFBlBMSyvC%2B0arrwhtMtZcFAbB7VZzkzWn9LrJuvLhIDaCawop%2Bk%2BeaTS0nvnboCB3KsHnYbotbt%2BI2y1Wk3Z9VsNSiMmAybaIQ2acKqEckdAnYexWpDu478grfwdlGB0B07vgKvjoHkAWpSgl0uMk1uZSrZyq1djwxSEKZFmNWRb3lTvkyeWbh6vXYLkuyfvHX0xnf18FNyWSG2J99Rdgr6%2BNrtgCrJ9wRSOfLOZZipWY1o5fTGjmfzfl6%2FKrcJYcfa0m3zxEq%2BAqr31hnTZBk2ESvqOfHVKCSHturFckm%2FPujclO5%2B7y6dym%2BTpxvmX18%2FGqZXOKZPMQdX9zT%2FB1YLUnnls%2BYUf%2FuF3KDuHzUvE%2BS45CCizA55egUt3T2bj387cPvY%2BnCGw%2BnCHpR6KvJzZBjs81IpAy8OZshLuXzM77GeWVrepKqfuGvq2BppdRRKXGNoSQ12C6glcfnSWpXb35PefVvEZmK7NmLa1baat%2FmQpcpXertLrC%2FLkTyGc2qs3fdFhMpIdJsNWGEkuWKvFfB5x1hTdLkfmFtFT%2F%2F%2FgLwAAAP%2F%2FAQAA%2F%2F%2FMeAPspgQAAA%3D%3D

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5u90zPl0GCMW4IrtmYGPy4SH31pJzqrqaqe3p29BANSI5z8KKnnmc2iR8h6B9gkNlAkEUxc5EFXfAf8CIEj9Lj4up7eD%2FqeQueep76eJrvkwZyunf6NTNWWtO11qpff%2FatIDhR31BJPqqPuu132%2BGJuh2%2B0Guv%2Bs%2FVz0g%2BMGsNP%2FD9wA%2Fq68rKyIzWKhAqvdULVnv%2BathYDVohRva%2Fs8s9OOpBDPfJo1BiUbvrHYPicyTx16elG2Qmff6VONc0MxZDcfNSMkhMkSA%2BbCPrIUpuHmzDuPvrd2CS60u6MMN%2FFplaEO%2FeHbDk5gFJsOH2kifTkAmYeAjFcA6p51B0Dm6uQon7BOAC5zaRxDfOGVvQrb9RWqELUnvwB1SxILVfjyGJb5%2FSalS%2FaHSeKZM4jKISajSH6s%2BR5jvIxkegih3w7CMo8SNZe7CBJN7edNpAib2nQ8ajLu%2BxFcFbzZWw226s9DrdaKUpGy3f77TDXtBZCqTUHCqaQ8sJqDuC3HnIlYc88pCnHmKxV%2BdBEHR8wanf7XHeFB3J2sIPaCcKaOC3u8h59YYJsnQCrifg9gpS%2B%2BHnotmRTcbDKcVATWDz7%2BAul3DCg8sIhqJEIQkKR1BQgkIRFBlBMSyvC%2B0arrwhtMtZcFAbB7VZzkzWn9LrJuvLhIDaCawop%2Bk%2BeaTS0nvnboCB3KsHnYbotbt%2BI2y1Wk3Z9VsNSiMmAybaIQ2acKqEckdAnYexWpDu478grfwdlGB0B07vgKvjoHkAWpSgl0uMk1uZSrZyq1djwxSEKZFmNWRb3lTvkyeWbh6vXYLkuyfvHX0xnf18FNyWSG2J99Rdgr6%2BNrtgCrJ9wRSOfLOZZipWY1o5fTGjmfzfl6%2FKrcJYcfa0m3zxEq%2BAqr31hnTZBk2ESvqOfHVKCSHturFckm%2FPujclO5%2B7y6dym%2BTpxvmX18%2FGqZXOKZPMQdX9zT%2FB1YLUnnls%2BYUf%2FuF3KDuHzUvE%2BS45CCizA55egUt3T2bj387cPvY%2BnCGw%2BnCHpR6KvJzZBjs81IpAy8OZshLuXzM77GeWVrepKqfuGvq2BppdRRKXGNoSQ12C6glcfnSWpXb35PefVvEZmK7NmLa1baat%2FmQpcpXertLrC%2FLkTyGc2qs3fdFhMpIdJsNWGEkuWKvFfB5x1hTdLkfmFtFT%2F%2F%2FgLwAAAP%2F%2FAQAA%2F%2F%2FMeAPspgQAAA%3D%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5u90zPl0GCMW4IrtmYGPy4SH31pJzqrqaqe3p29BANSI5z8KKnnmc2iR8h6B9gkNlAkEUxc5EFXfAf8CIEj9Lj4up7eD%2FqeQueep76eJrvkwZyunf6NTNWWtO11qpff%2FatIDhR31BJPqqPuu132%2BGJuh2%2B0Guv%2Bs%2FVz0g%2BMGsNP%2FD9wA%2Fq68rKyIzWKhAqvdULVnv%2BathYDVohRva%2Fs8s9OOpBDPfJo1BiUbvrHYPicyTx16elG2Qmff6VONc0MxZDcfNSMkhMkSA%2BbCPrIUpuHmzDuPvrd2CS60u6MMN%2FFplaEO%2FeHbDk5gFJsOH2kifTkAmYeAjFcA6p51B0Dm6uQon7BOAC5zaRxDfOGVvQrb9RWqELUnvwB1SxILVfjyGJb5%2FSalS%2FaHSeKZM4jKISajSH6s%2BR5jvIxkegih3w7CMo8SNZe7CBJN7edNpAib2nQ8ajLu%2BxFcFbzZWw226s9DrdaKUpGy3f77TDXtBZCqTUHCqaQ8sJqDuC3HnIlYc88pCnHmKxV%2BdBEHR8wanf7XHeFB3J2sIPaCcKaOC3u8h59YYJsnQCrifg9gpS%2B%2BHnotmRTcbDKcVATWDz7%2BAul3DCg8sIhqJEIQkKR1BQgkIRFBlBMSyvC%2B0arrwhtMtZcFAbB7VZzkzWn9LrJuvLhIDaCawop%2Bk%2BeaTS0nvnboCB3KsHnYbotbt%2BI2y1Wk3Z9VsNSiMmAybaIQ2acKqEckdAnYexWpDu478grfwdlGB0B07vgKvjoHkAWpSgl0uMk1uZSrZyq1djwxSEKZFmNWRb3lTvkyeWbh6vXYLkuyfvHX0xnf18FNyWSG2J99Rdgr6%2BNrtgCrJ9wRSOfLOZZipWY1o5fTGjmfzfl6%2FKrcJYcfa0m3zxEq%2BAqr31hnTZBk2ESvqOfHVKCSHturFckm%2FPujclO5%2B7y6dym%2BTpxvmX18%2FGqZXOKZPMQdX9zT%2FB1YLUnnls%2BYUf%2FuF3KDuHzUvE%2BS45CCizA55egUt3T2bj387cPvY%2BnCGw%2BnCHpR6KvJzZBjs81IpAy8OZshLuXzM77GeWVrepKqfuGvq2BppdRRKXGNoSQ12C6glcfnSWpXb35PefVvEZmK7NmLa1baat%2FmQpcpXertLrC%2FLkTyGc2qs3fdFhMpIdJsNWGEkuWKvFfB5x1hTdLkfmFtFT%2F%2F%2FgLwAAAP%2F%2FAQAA%2F%2F%2FMeAPspgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5658f107e48cfdda59b0c33d2967b9bb
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
16 kB (16093 bytes)
Hash
14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af

HTTP Headers

GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

172.67.141.24

200 OK

591 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5525241
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOPTdZZt8CdNSigoXmUpcQETTtEy%2FNC73QMbFWoyEnuLxxfpINcDzNiJhNI%2Bd%2BK86%2BBXeQkeAat4AaNxwBMs18Eho22dmO%2FzPl2fRUn%2Br6kD%2BkPPmdoWYMPt1AsJlJ%2FYUZ41Xe5zwrQe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472eacd4656b7-OSL
alt-svc: h3=":443"; ma=86400

faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS4scVRi9lfTGuPER3AjSBgUFp6equ%2FplkGCMI8ExExODj43cV3WufatucW9VV8%2FgIhqQLHvhRlfVpyeJjyD6AwzSEwgSFNMbGdD5B66E4FKqHWz9FvV9X51z4dxz7ifT%2FIA0kdP9M2%2BYHaU1XW83%2FPpz7wTByfqmSvJxfdzrvN8JT9bt6MV%2Bp%2BE%2FX39N8qFZb%2FqB7wd%2BUN9QVkZmvF6BUOmtftDo%2B42w2QjaIcb2%2F7vLPTjqQYwOyGNQYlG74x2H4nMk8bdnpBtmJn3h1TjXNDMWI3HzUjJMTJEgXo2R9RAlNw%2FZMO7%2Bxm2Y5PpSLszoXyJTC%2BLdvQ2W3DwUCTbaXepkGjIBEw%2BjGM0h9RyKzsHNVShxnwBc4NwWkvjGOWMLuv0PSit0QWoP%2FoQqFqT2%2B3Ek8TentRrXLxqdZ8okDuOohBrPoQZzpPkesp0jUMUeePYxlPiZrD%2FYRBLvbjltoMT%2BMyHjUY%2F32Zrg7dZa2Os01%2FrdXrTWks2273c7YT%2FoLg1Sag4VzaHlBNQdQe485MpDHnnIUw%2Bx2K%2FzIAi6vuDU7%2FU5b4muZB3hB7QbBTTwOz3kvLrDBFk6AdcTcHsFqf3oC9Hqyhbj4ZRiqCaw%2BQ9wl0s44cFlBCNRopAEhSMoKEGhCIqMoBiV14V2TVfeENrlLDjszcPeKmcmG0zpdZMNZEJA7QRWlNP0gDxaeem9dyfAUO7Xg25T9Ds9vxm22%2B2W7PntJqURkwETnZAGLThVQrkjoM7DjlqQ3hO%2FIa3yHZZgdA9O74GrE6B5AFqUoJdL7CS3MpVs51Y3YsMUhCmRZjVk295UH5Anl2meqL0Jye%2BdunvspXT26zFwWyK1JT5QdwgG%2BtrsginI7gVTOPLdVpqpWO3QKumLGc3k0a9el9uFseLsGTf58mVeAdV46y3psk2aCJUMHPn6tBJC2g1juSTfn3VvS3Y%2Bd5dP5zbJ083zr2ycjVMrnVMmmYOq%2B1t%2FgasFqT37%2BPIJP%2FLTH1B2DpuXiPN75LCgzB54egUuXal3hsDqFYelR1Hk5cw22eqnVgRarnbKSrj%2F7Gw1zyytTlNVTt01DGwNNLuKJC4xsiVGugTVE7j82CxL7b1TP35W1edgujZj2tZ2mbb608rkS9Xn3aXdC%2FLULyGc2q%2B3fNFlMpJdJsN2GEkuWLvNfB5x1hK9HkfmFtHTD334NwAAAP%2F%2FAQAA%2F%2F%2BpnaRdpgQAAA%3D%3D

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS4scVRi9lfTGuPER3AjSBgUFp6equ%2FplkGCMI8ExExODj43cV3WufatucW9VV8%2FgIhqQLHvhRlfVpyeJjyD6AwzSEwgSFNMbGdD5B66E4FKqHWz9FvV9X51z4dxz7ifT%2FIA0kdP9M2%2BYHaU1XW83%2FPpz7wTByfqmSvJxfdzrvN8JT9bt6MV%2Bp%2BE%2FX39N8qFZb%2FqB7wd%2BUN9QVkZmvF6BUOmtftDo%2B42w2QjaIcb2%2F7vLPTjqQYwOyGNQYlG74x2H4nMk8bdnpBtmJn3h1TjXNDMWI3HzUjJMTJEgXo2R9RAlNw%2FZMO7%2Bxm2Y5PpSLszoXyJTC%2BLdvQ2W3DwUCTbaXepkGjIBEw%2BjGM0h9RyKzsHNVShxnwBc4NwWkvjGOWMLuv0PSit0QWoP%2FoQqFqT2%2B3Ek8TentRrXLxqdZ8okDuOohBrPoQZzpPkesp0jUMUeePYxlPiZrD%2FYRBLvbjltoMT%2BMyHjUY%2F32Zrg7dZa2Os01%2FrdXrTWks2273c7YT%2FoLg1Sag4VzaHlBNQdQe485MpDHnnIUw%2Bx2K%2FzIAi6vuDU7%2FU5b4muZB3hB7QbBTTwOz3kvLrDBFk6AdcTcHsFqf3oC9Hqyhbj4ZRiqCaw%2BQ9wl0s44cFlBCNRopAEhSMoKEGhCIqMoBiV14V2TVfeENrlLDjszcPeKmcmG0zpdZMNZEJA7QRWlNP0gDxaeem9dyfAUO7Xg25T9Ds9vxm22%2B2W7PntJqURkwETnZAGLThVQrkjoM7DjlqQ3hO%2FIa3yHZZgdA9O74GrE6B5AFqUoJdL7CS3MpVs51Y3YsMUhCmRZjVk295UH5Anl2meqL0Jye%2BdunvspXT26zFwWyK1JT5QdwgG%2BtrsginI7gVTOPLdVpqpWO3QKumLGc3k0a9el9uFseLsGTf58mVeAdV46y3psk2aCJUMHPn6tBJC2g1juSTfn3VvS3Y%2Bd5dP5zbJ083zr2ycjVMrnVMmmYOq%2B1t%2FgasFqT37%2BPIJP%2FLTH1B2DpuXiPN75LCgzB54egUuXal3hsDqFYelR1Hk5cw22eqnVgRarnbKSrj%2F7Gw1zyytTlNVTt01DGwNNLuKJC4xsiVGugTVE7j82CxL7b1TP35W1edgujZj2tZ2mbb608rkS9Xn3aXdC%2FLULyGc2q%2B3fNFlMpJdJsN2GEkuWLvNfB5x1hK9HkfmFtHTD334NwAAAP%2F%2FAQAA%2F%2F%2BpnaRdpgQAAA%3D%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS4scVRi9lfTGuPER3AjSBgUFp6equ%2FplkGCMI8ExExODj43cV3WufatucW9VV8%2FgIhqQLHvhRlfVpyeJjyD6AwzSEwgSFNMbGdD5B66E4FKqHWz9FvV9X51z4dxz7ifT%2FIA0kdP9M2%2BYHaU1XW83%2FPpz7wTByfqmSvJxfdzrvN8JT9bt6MV%2Bp%2BE%2FX39N8qFZb%2FqB7wd%2BUN9QVkZmvF6BUOmtftDo%2B42w2QjaIcb2%2F7vLPTjqQYwOyGNQYlG74x2H4nMk8bdnpBtmJn3h1TjXNDMWI3HzUjJMTJEgXo2R9RAlNw%2FZMO7%2Bxm2Y5PpSLszoXyJTC%2BLdvQ2W3DwUCTbaXepkGjIBEw%2BjGM0h9RyKzsHNVShxnwBc4NwWkvjGOWMLuv0PSit0QWoP%2FoQqFqT2%2B3Ek8TentRrXLxqdZ8okDuOohBrPoQZzpPkesp0jUMUeePYxlPiZrD%2FYRBLvbjltoMT%2BMyHjUY%2F32Zrg7dZa2Os01%2FrdXrTWks2273c7YT%2FoLg1Sag4VzaHlBNQdQe485MpDHnnIUw%2Bx2K%2FzIAi6vuDU7%2FU5b4muZB3hB7QbBTTwOz3kvLrDBFk6AdcTcHsFqf3oC9Hqyhbj4ZRiqCaw%2BQ9wl0s44cFlBCNRopAEhSMoKEGhCIqMoBiV14V2TVfeENrlLDjszcPeKmcmG0zpdZMNZEJA7QRWlNP0gDxaeem9dyfAUO7Xg25T9Ds9vxm22%2B2W7PntJqURkwETnZAGLThVQrkjoM7DjlqQ3hO%2FIa3yHZZgdA9O74GrE6B5AFqUoJdL7CS3MpVs51Y3YsMUhCmRZjVk295UH5Anl2meqL0Jye%2BdunvspXT26zFwWyK1JT5QdwgG%2BtrsginI7gVTOPLdVpqpWO3QKumLGc3k0a9el9uFseLsGTf58mVeAdV46y3psk2aCJUMHPn6tBJC2g1juSTfn3VvS3Y%2Bd5dP5zbJ083zr2ycjVMrnVMmmYOq%2B1t%2FgasFqT37%2BPIJP%2FLTH1B2DpuXiPN75LCgzB54egUuXal3hsDqFYelR1Hk5cw22eqnVgRarnbKSrj%2F7Gw1zyytTlNVTt01DGwNNLuKJC4xsiVGugTVE7j82CxL7b1TP35W1edgujZj2tZ2mbb608rkS9Xn3aXdC%2FLULyGc2q%2B3fNFlMpJdJsN2GEkuWLvNfB5x1hK9HkfmFtHTD334NwAAAP%2F%2FAQAA%2F%2F%2BpnaRdpgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d06630246d495674006fa82c5d5f6de4
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

28 kB

URL GET HTTP/3
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27468 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 92f74891546f275233c0744a6129c096
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 18 Apr 2024 11:52:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4aUFFQQaJnk1KrULmK5rAEbmzx9DAagkPbMO%2Bo5V65RUDa6sasARazwrf8A7KfRBPS8tKTXZdWyeOtm43CtdYJf117f2ABEqGAquSIpSwehgmep4RUur%2BMUoZrAwaBMBY5uSSGGYdqzF5egUXTPSNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472e77fe6b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

universitypermanentlyhusk.com/pixel/purst?dl=0&th=0&sc=0&rs=7199&rd=7199&fd=570&bv=24.4.2204&tmpl=136

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
universitypermanentlyhusk.com/pixel/purst?dl=0&th=0&sc=0&rs=7199&rd=7199&fd=570&bv=24.4.2204&tmpl=136
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectuniversitypermanentlyhusk.com
Fingerprint35:AE:DE:9A:A8:51:0B:CD:1E:CB:9A:1F:6C:87:EE:4C:0C:5C:A1:6B
ValidityTue, 16 Apr 2024 13:50:42 GMT - Mon, 15 Jul 2024 13:50:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=7199&rd=7199&fd=570&bv=24.4.2204&tmpl=136 HTTP/1.1
Host: universitypermanentlyhusk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=44

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=44
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=44 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.4

200 OK

912 B

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
gzip compressed data, from Unix
Size
912 B (912 bytes)
Hash
ccb4f323985f4b41e67fa6e4195b3578
aaf38109ab70df9e1dee17cb5eb9a5da65b29fc5
2bc469d2e694c89c0ad20ff04d0ab730d603449426974fce6f35881fb28cc4a4

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 18 Apr 2024 12:52:28 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

172.67.141.24

200 OK

31 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32025)
Size
31 kB (31425 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5525242
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aA3wj7RSXbEca%2FoLHYV3i3YutjD020QyJrEbZ6V3frZCREy1c96w821hg5yvP8ExdgmVIEyheyv8boc2l020fluy01TixeNBN6XZfW4auEHMqUwIHNjY%2FakB0Rj5GQMyOFvO0Wu8z2EC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472eacd4f56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bitly.ws/gfx/favicon.png

185.11.100.204

200 OK

2.0 kB

URL GET HTTP/2
bitly.ws/gfx/favicon.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced
Size
2.0 kB (1973 bytes)
Hash
549c8f6c3f6b1340852212e7c784d187
e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc
00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590

HTTP Headers

GET /gfx/favicon.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1713441147.1.0.1713441147.0.0.0; _ga=GA1.1.220879910.1713441147; dom3ic8zudi28v8lr6fgphwffqoz0j6c=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1; sb_main_33ce9e99c1bfce9eb2d48a915db5624c=1; sb_count_33ce9e99c1bfce9eb2d48a915db5624c=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=faintjump.com; pbpr0tpuw4isk85t8yg3jb2lj5vqf=decidedlyenjoyableannihilation.com; pp_main_7866ead300fcf9e425beaf01fe308949=1; pp_idelay_7866ead300fcf9e425beaf01fe308949=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:28 GMT
content-type: image/png
X-Firefox-Spdy: h2

decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=46

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=46
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=46 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

decidedlyenjoyableannihilation.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxFBEEJXoIwiocI7mz3%2FB5zCMa4srhmYxJRvEj96kk51V1NVff07KK4GJAcB%2F%2BC3m92s6iLJFfBILMLHhaEjKcF3Yv%2FgULO0uPg6DvU%2B159r%2BB776uv9rJzUkdGz66%2FZ3aU1nStVfOrlz8KgivVTRVno%2Bqo2%2F6k3bxStcM3eu2a%2F1r1HckHZq3uB74f%2BEF1XVkZmtFaSUIlR72g1vNrzXotaDUxsv%2BvXebBUQ9ieE5egBKzlRPvIhSfIo4eXpdukJrk9bejTNPUWAzF4QfxIDZ5jGgJQ%2BshjA8X3TDuyfpjmPhgLhdm%2BG8jUzPi%2FfwYLD5ciAQb7s91Mg0Zg4lnkQ%2BnkHoKRafg5h6UeEIALnBjC3H04IaxOd3%2Bh6UlOyMrT%2F%2BCymdk5feLiKPvr2k1qt42OkuViR1GYQE1mkL1p0iyY6Q7Faj8GDz9Ekr8QtaebiKO9recNlDi7NUm42GX99iq4K3GarPbrq%2F2Ot1wtSHrLd%2FvtJu9oDNfkFJTqHAKLcegroLMeciUhyz0kCUeInFW5UEQdHzBqd%2Ftcd4QHcnawg9oJwxo4Le7yHg5wxhpMgbXY3C7i8TuYqDGsNlPcHcLOFGBS2fEe%2F8LDEWBXBLkjiCnBLkiyFOCfFgcCO3qrnggtMtYsMj1RW4UE5P29%2BiBSfsyJqB2DCuKveScPF8u0fv45HMM5Fm10eCyJ3s9HrCwRKwuml3aC1qCtdr1JodTBZSrgDoPO2pGui%2F%2BhqQ0dlCA0WM4fQyuXgHNXgLNC9C7BXbio1TF25nVtcgwBWEKJOkK0m1vT5%2BTS3MbN7YeQfLTq3805gFuCyS2wKfqhKCv709umZzs3zK5I4%2B2klRFaoeWFt9OaSovfPuu3M6NFRvX3fibN3lJlPDojnTpJo2FivuOfHdNCSHturFckh833IeS3czc3WuZjbNk8%2BZb6xtRYqVzysRT0HKoPy24mpHnLt2Z%2F97LP9yEslPYrECUnZJFQJkpeLILlyz1O0Ng9bKHJR7yrJjYOlteakWg5bKmrID7T82WeGJp%2BZqqYs%2FdR99WQNN7iKMCQ1tgqAtQPYbLLkzSxJ5e%2FXUhg%2BnKhGlb2Wfa6q%2Fnay6Ph3DqrNrwRYfJUHaYbLaaoeSCtVrM5yFnDdHtcqRuFr78zGd%2FAwAA%2F%2F8BAAD%2F%2F%2BcU%2FTCXBAAA

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxFBEEJXoIwiocI7mz3%2FB5zCMa4srhmYxJRvEj96kk51V1NVff07KK4GJAcB%2F%2BC3m92s6iLJFfBILMLHhaEjKcF3Yv%2FgULO0uPg6DvU%2B159r%2BB776uv9rJzUkdGz66%2FZ3aU1nStVfOrlz8KgivVTRVno%2Bqo2%2F6k3bxStcM3eu2a%2F1r1HckHZq3uB74f%2BEF1XVkZmtFaSUIlR72g1vNrzXotaDUxsv%2BvXebBUQ9ieE5egBKzlRPvIhSfIo4eXpdukJrk9bejTNPUWAzF4QfxIDZ5jGgJQ%2BshjA8X3TDuyfpjmPhgLhdm%2BG8jUzPi%2FfwYLD5ciAQb7s91Mg0Zg4lnkQ%2BnkHoKRafg5h6UeEIALnBjC3H04IaxOd3%2Bh6UlOyMrT%2F%2BCymdk5feLiKPvr2k1qt42OkuViR1GYQE1mkL1p0iyY6Q7Faj8GDz9Ekr8QtaebiKO9recNlDi7NUm42GX99iq4K3GarPbrq%2F2Ot1wtSHrLd%2FvtJu9oDNfkFJTqHAKLcegroLMeciUhyz0kCUeInFW5UEQdHzBqd%2Ftcd4QHcnawg9oJwxo4Le7yHg5wxhpMgbXY3C7i8TuYqDGsNlPcHcLOFGBS2fEe%2F8LDEWBXBLkjiCnBLkiyFOCfFgcCO3qrnggtMtYsMj1RW4UE5P29%2BiBSfsyJqB2DCuKveScPF8u0fv45HMM5Fm10eCyJ3s9HrCwRKwuml3aC1qCtdr1JodTBZSrgDoPO2pGui%2F%2BhqQ0dlCA0WM4fQyuXgHNXgLNC9C7BXbio1TF25nVtcgwBWEKJOkK0m1vT5%2BTS3MbN7YeQfLTq3805gFuCyS2wKfqhKCv709umZzs3zK5I4%2B2klRFaoeWFt9OaSovfPuu3M6NFRvX3fibN3lJlPDojnTpJo2FivuOfHdNCSHturFckh833IeS3czc3WuZjbNk8%2BZb6xtRYqVzysRT0HKoPy24mpHnLt2Z%2F97LP9yEslPYrECUnZJFQJkpeLILlyz1O0Ng9bKHJR7yrJjYOlteakWg5bKmrID7T82WeGJp%2BZqqYs%2FdR99WQNN7iKMCQ1tgqAtQPYbLLkzSxJ5e%2FXUhg%2BnKhGlb2Wfa6q%2Fnay6Ph3DqrNrwRYfJUHaYbLaaoeSCtVrM5yFnDdHtcqRuFr78zGd%2FAwAA%2F%2F8BAAD%2F%2F%2BcU%2FTCXBAAA
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxFBEEJXoIwiocI7mz3%2FB5zCMa4srhmYxJRvEj96kk51V1NVff07KK4GJAcB%2F%2BC3m92s6iLJFfBILMLHhaEjKcF3Yv%2FgULO0uPg6DvU%2B159r%2BB776uv9rJzUkdGz66%2FZ3aU1nStVfOrlz8KgivVTRVno%2Bqo2%2F6k3bxStcM3eu2a%2F1r1HckHZq3uB74f%2BEF1XVkZmtFaSUIlR72g1vNrzXotaDUxsv%2BvXebBUQ9ieE5egBKzlRPvIhSfIo4eXpdukJrk9bejTNPUWAzF4QfxIDZ5jGgJQ%2BshjA8X3TDuyfpjmPhgLhdm%2BG8jUzPi%2FfwYLD5ciAQb7s91Mg0Zg4lnkQ%2BnkHoKRafg5h6UeEIALnBjC3H04IaxOd3%2Bh6UlOyMrT%2F%2BCymdk5feLiKPvr2k1qt42OkuViR1GYQE1mkL1p0iyY6Q7Faj8GDz9Ekr8QtaebiKO9recNlDi7NUm42GX99iq4K3GarPbrq%2F2Ot1wtSHrLd%2FvtJu9oDNfkFJTqHAKLcegroLMeciUhyz0kCUeInFW5UEQdHzBqd%2Ftcd4QHcnawg9oJwxo4Le7yHg5wxhpMgbXY3C7i8TuYqDGsNlPcHcLOFGBS2fEe%2F8LDEWBXBLkjiCnBLkiyFOCfFgcCO3qrnggtMtYsMj1RW4UE5P29%2BiBSfsyJqB2DCuKveScPF8u0fv45HMM5Fm10eCyJ3s9HrCwRKwuml3aC1qCtdr1JodTBZSrgDoPO2pGui%2F%2BhqQ0dlCA0WM4fQyuXgHNXgLNC9C7BXbio1TF25nVtcgwBWEKJOkK0m1vT5%2BTS3MbN7YeQfLTq3805gFuCyS2wKfqhKCv709umZzs3zK5I4%2B2klRFaoeWFt9OaSovfPuu3M6NFRvX3fibN3lJlPDojnTpJo2FivuOfHdNCSHturFckh833IeS3czc3WuZjbNk8%2BZb6xtRYqVzysRT0HKoPy24mpHnLt2Z%2F97LP9yEslPYrECUnZJFQJkpeLILlyz1O0Ng9bKHJR7yrJjYOlteakWg5bKmrID7T82WeGJp%2BZqqYs%2FdR99WQNN7iKMCQ1tgqAtQPYbLLkzSxJ5e%2FXUhg%2BnKhGlb2Wfa6q%2Fnay6Ph3DqrNrwRYfJUHaYbLaaoeSCtVrM5yFnDdHtcqRuFr78zGd%2FAwAA%2F%2F8BAAD%2F%2F%2BcU%2FTCXBAAA HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f45a35e7328986665912e0acde01cabd
Strict-Transport-Security: max-age=0; includeSubdomains

decidedlyenjoyableannihilation.com/pixel/sbs?c=1

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
decidedlyenjoyableannihilation.com/pixel/sbs?c=1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdecidedlyenjoyableannihilation.com
Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D
ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.138

200 OK

9.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
9.0 kB (8952 bytes)
Hash
99f1232cccbbd28e86885010b6f786ef
f784aaf97a5d014a043ff9bc669e0832351e9e32
becb3824f34eb725609e1581a24c080b1c964eba2505d3457acc827ffef64b45

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 11:52:28 GMT
date: Thu, 18 Apr 2024 11:52:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css

172.67.141.24

200 OK

21 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
21 kB (20729 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 167995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgVa404Qh1E0N9WKplG5qq8w9HAeJI36dR6k3q2ZKODteA2ERRvP%2B%2BuibBpaCydITvCNMeNeAk%2FKAz3qy0SHJi%2FoAUQsnoy4Po4mN3F2vqInCECLuTLNZRuA46gIEsPxQz1WARS4ulaK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472ea4aeab4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

172.67.141.24

200 OK

17 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
17 kB (16705 bytes)
Hash
039a6734d79ed9aa51cf81c52479c5fe
9cf29c4ea1a3880681d50c7228374f8073b7778b
a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 167995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B92i%2BoYjtkEwA52oAPwJzREE6exGsRmE7mhqAm2yZTU9WwLLe8E%2BxsQHqnttunhlHiK%2F7tHZCBZAWiYGESKYv%2BZbee10iRb%2BBizNmfRKmfGdlMhCIcSAwyoYc5dyHKGMvfnVxls0UmiE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472ea4af0b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

142.250.74.138

200 OK

54 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
54 kB (53803 bytes)
Hash
3bdd4fbdb93b4b7cbadcf2ba7d351fbf
2d00729f8b567ef117eba8531deec4d6752d0a57
6a2eb030769985939aa0e8bc8ba40edccc6aa1d9471a3ef51b5ccd3567454b4d

HTTP Headers

GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 11:52:29 GMT
date: Thu, 18 Apr 2024 11:52:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.99

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 186477
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

142.250.74.99

200 OK

128 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 21:27:45 GMT
expires: Tue, 15 Apr 2025 21:27:45 GMT
cache-control: public, max-age=31536000
age: 224684
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/el/AGSKWxVyvPg0c4Dz0UlGOcw0wGIy3OwGpQ7E4_ThW9z-6lYEYyqfBP6FIevzECEDir40TTs5ziFBAzCm3kVNrZPyixP-vVrb4VGHZ2CSz6xTNHxqjbf0TLkqRE8dCeJAG8ea8T_B2NDzAw==

142.250.74.142

204 No Content

0 B

URL POST HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxVyvPg0c4Dz0UlGOcw0wGIy3OwGpQ7E4_ThW9z-6lYEYyqfBP6FIevzECEDir40TTs5ziFBAzCm3kVNrZPyixP-vVrb4VGHZ2CSz6xTNHxqjbf0TLkqRE8dCeJAG8ea8T_B2NDzAw==
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxVyvPg0c4Dz0UlGOcw0wGIy3OwGpQ7E4_ThW9z-6lYEYyqfBP6FIevzECEDir40TTs5ziFBAzCm3kVNrZPyixP-vVrb4VGHZ2CSz6xTNHxqjbf0TLkqRE8dCeJAG8ea8T_B2NDzAw== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 169
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://bitly.ws
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 11:52:29 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'nonce-4x4ZREEfy5gYWQ3ByaFXaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII0JBiqGV4xtQKxE7pM1hDgFiIh-PvpJaNbAIf5t5ezAQAyCgMgA"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d95ff6c5036d9dd01e444606c43eb8bd
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dab4e47d9b19a2eeeddbae9d7fb2cbfe
Strict-Transport-Security: max-age=0; includeSubdomains

fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1

142.250.74.142

200 OK

184 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type
JavaScript source, ASCII text, with very long lines (2607)
Size
184 kB (184221 bytes)
Hash
73f7952292bcb0c0986fc5960dcedf11
86df3769fe75f9a6d10c3e650772885fb0ea8ca5
a1d8900276c8bcf87e3f200621d06ce16c565e37a89bf6177e71c45f0439d73d

HTTP Headers

GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 11:52:28 GMT
content-security-policy: script-src 'nonce-RPxwrM-SGrJeT0Fj7Ustvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitDikmLw0pBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAWIhHo4_k1o2sgnMuHvzJjMA_nMrYA"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9Nb%2Fe%2FOLGR3AjSBsUFJyequ7ql0GCMY4Ex0xMDD42cl%2FVufatusW9VV09g4toQLLshRtdVZ%2BeJD6C6B9gkJ5AkKCY3siAzr%2FgQggupdrB1m9R3%2FfVORfOPed%2BPM0PSRM5PTjzutlVWtONdsOvP%2Ft2EJysb6kkH9fHvc57nfBk3Y5e6Hca%2FnP1VyUfmo2mH%2Fh%2B4Af1TWVlZMYbFQiV3uoHjb7fCJuNoB1ibP%2B7u9yDox7E6JA8CiUWtTvecSg%2BRxJ%2Fc0a6YWbS51%2BJc00zYzESNy8lw8QUCeLVGFkPUXLziA3j7m%2FehkmuL%2BXCjP4hMrUg3t3bYMnNI5Fgo72lTqYhEzDxEIrRHFLPoegc3FyFEvcJwAXObSOJb5wztqA7f6O0Qhek9uAPqGJBar8dRxJ%2FfVqrcf2i0XmmTOIwjkqo8RxqMEea7yPbXYMq9sGzj6DET2TjwRaSeG%2FbaQMlDp4OGY96vM%2FWBW%2B31sNep7ne7%2Fai9ZZstn2%2F2wn7QXdpkFJzqGgOLSegbg2585ArD3nkIU89xOKgzoMg6PqCU7%2FX57wlupJ1hB%2FQbhTQwO%2F0kPPqDhNk6QRcT8DtFaT2w89FqytbjIdTiqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVF4X2jVdeUNol7PgqDePequcmWwwpddNNpAJAbUTWFFO00PySOWl9%2B6dAEN5UA%2B6TdHv9Pxm2G63W7Lnt5uURkwGTHRCGrTgVAnl1kCdh121IL3Hf0Va5Tssweg%2BnN4HVydA8wC0KEEvl9hNbmUq2cmtbsSGKQhTIs1qyHa8qT4kTyzTPFF7B5LfO3X32Ivp7Jdj4LZEaku8r%2B4QDPS12QVTkL0LpnDk2%2B00U7HapVXSFzOayf99%2BZrcKYwVZ8%2B4yRcv8QqoxltvSpdt0USoZODIV6eVENJuGssl%2Be6se0uy87m7fDq3SZ5unX9582ycWumcMskcVN3f%2FhNcLUjtmceWT%2FjhH3%2BHsnPYvESc3yNHBWX2wdMrcOlKvTMEVq84LF1DkZcz22Srn1oRaLnaKSvh%2FrWz1TyztDpNVTl11zCwNdDsKpK4xMiWGOkSVE%2Fg8mOzLLX3Tv3waVWfgenajGlb22Pa6k8qky8tna4%2BbyzIkz%2BHcOqg3vJFl8lIdpkM22EkuWDtNvN5xFlL9HocmVtET%2F3%2Fg78AAAD%2F%2FwEAAP%2F%2F9l0%2BlqYEAAA%3D

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9Nb%2Fe%2FOLGR3AjSBsUFJyequ7ql0GCMY4Ex0xMDD42cl%2FVufatusW9VV09g4toQLLshRtdVZ%2BeJD6C6B9gkJ5AkKCY3siAzr%2FgQggupdrB1m9R3%2FfVORfOPed%2BPM0PSRM5PTjzutlVWtONdsOvP%2Ft2EJysb6kkH9fHvc57nfBk3Y5e6Hca%2FnP1VyUfmo2mH%2Fh%2B4Af1TWVlZMYbFQiV3uoHjb7fCJuNoB1ibP%2B7u9yDox7E6JA8CiUWtTvecSg%2BRxJ%2Fc0a6YWbS51%2BJc00zYzESNy8lw8QUCeLVGFkPUXLziA3j7m%2FehkmuL%2BXCjP4hMrUg3t3bYMnNI5Fgo72lTqYhEzDxEIrRHFLPoegc3FyFEvcJwAXObSOJb5wztqA7f6O0Qhek9uAPqGJBar8dRxJ%2FfVqrcf2i0XmmTOIwjkqo8RxqMEea7yPbXYMq9sGzj6DET2TjwRaSeG%2FbaQMlDp4OGY96vM%2FWBW%2B31sNep7ne7%2Fai9ZZstn2%2F2wn7QXdpkFJzqGgOLSegbg2585ArD3nkIU89xOKgzoMg6PqCU7%2FX57wlupJ1hB%2FQbhTQwO%2F0kPPqDhNk6QRcT8DtFaT2w89FqytbjIdTiqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVF4X2jVdeUNol7PgqDePequcmWwwpddNNpAJAbUTWFFO00PySOWl9%2B6dAEN5UA%2B6TdHv9Pxm2G63W7Lnt5uURkwGTHRCGrTgVAnl1kCdh121IL3Hf0Va5Tssweg%2BnN4HVydA8wC0KEEvl9hNbmUq2cmtbsSGKQhTIs1qyHa8qT4kTyzTPFF7B5LfO3X32Ivp7Jdj4LZEaku8r%2B4QDPS12QVTkL0LpnDk2%2B00U7HapVXSFzOayf99%2BZrcKYwVZ8%2B4yRcv8QqoxltvSpdt0USoZODIV6eVENJuGssl%2Be6se0uy87m7fDq3SZ5unX9582ycWumcMskcVN3f%2FhNcLUjtmceWT%2FjhH3%2BHsnPYvESc3yNHBWX2wdMrcOlKvTMEVq84LF1DkZcz22Srn1oRaLnaKSvh%2FrWz1TyztDpNVTl11zCwNdDsKpK4xMiWGOkSVE%2Fg8mOzLLX3Tv3waVWfgenajGlb22Pa6k8qky8tna4%2BbyzIkz%2BHcOqg3vJFl8lIdpkM22EkuWDtNvN5xFlL9HocmVtET%2F3%2Fg78AAAD%2F%2FwEAAP%2F%2F9l0%2BlqYEAAA%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfaintjump.com
FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75
ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9Nb%2Fe%2FOLGR3AjSBsUFJyequ7ql0GCMY4Ex0xMDD42cl%2FVufatusW9VV09g4toQLLshRtdVZ%2BeJD6C6B9gkJ5AkKCY3siAzr%2FgQggupdrB1m9R3%2FfVORfOPed%2BPM0PSRM5PTjzutlVWtONdsOvP%2Ft2EJysb6kkH9fHvc57nfBk3Y5e6Hca%2FnP1VyUfmo2mH%2Fh%2B4Af1TWVlZMYbFQiV3uoHjb7fCJuNoB1ibP%2B7u9yDox7E6JA8CiUWtTvecSg%2BRxJ%2Fc0a6YWbS51%2BJc00zYzESNy8lw8QUCeLVGFkPUXLziA3j7m%2FehkmuL%2BXCjP4hMrUg3t3bYMnNI5Fgo72lTqYhEzDxEIrRHFLPoegc3FyFEvcJwAXObSOJb5wztqA7f6O0Qhek9uAPqGJBar8dRxJ%2FfVqrcf2i0XmmTOIwjkqo8RxqMEea7yPbXYMq9sGzj6DET2TjwRaSeG%2FbaQMlDp4OGY96vM%2FWBW%2B31sNep7ne7%2Fai9ZZstn2%2F2wn7QXdpkFJzqGgOLSegbg2585ArD3nkIU89xOKgzoMg6PqCU7%2FX57wlupJ1hB%2FQbhTQwO%2F0kPPqDhNk6QRcT8DtFaT2w89FqytbjIdTiqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVF4X2jVdeUNol7PgqDePequcmWwwpddNNpAJAbUTWFFO00PySOWl9%2B6dAEN5UA%2B6TdHv9Pxm2G63W7Lnt5uURkwGTHRCGrTgVAnl1kCdh121IL3Hf0Va5Tssweg%2BnN4HVydA8wC0KEEvl9hNbmUq2cmtbsSGKQhTIs1qyHa8qT4kTyzTPFF7B5LfO3X32Ivp7Jdj4LZEaku8r%2B4QDPS12QVTkL0LpnDk2%2B00U7HapVXSFzOayf99%2BZrcKYwVZ8%2B4yRcv8QqoxltvSpdt0USoZODIV6eVENJuGssl%2Be6se0uy87m7fDq3SZ5unX9582ycWumcMskcVN3f%2FhNcLUjtmceWT%2FjhH3%2BHsnPYvESc3yNHBWX2wdMrcOlKvTMEVq84LF1DkZcz22Srn1oRaLnaKSvh%2FrWz1TyztDpNVTl11zCwNdDsKpK4xMiWGOkSVE%2Fg8mOzLLX3Tv3waVWfgenajGlb22Pa6k8qky8tna4%2BbyzIkz%2BHcOqg3vJFl8lIdpkM22EkuWDtNvN5xFlL9HocmVtET%2F3%2Fg78AAAD%2F%2FwEAAP%2F%2F9l0%2BlqYEAAA%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 33eccc8cf68c774b68c3442d1cd9ccfb
Strict-Transport-Security: max-age=0; includeSubdomains

mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009

185.11.100.204

302 Moved Temporarily

14 kB

URL User Request GET HTTP/1.1
mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009
IP
185.11.100.204:80
ASN
#29522 Cyber_Folks S.A.

File type

Size
14 kB (14364 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
content-length: 0
content-type: text/html

fundingchoicesmessages.google.com/f/AGSKWxVmIx8dPpxuiK62hoI-DTjxojOezOCd_-arqWfdmFuAMIgsJie0EuEWEvraTT9txcuomFyIfdDYhGWrYTSEJH_afi4clZpdVvROSF2Y0WJOHh6zXcb5KxF-PI-hd7K5Z9ryUR-3ZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzNDQxMTQ5LDE3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJWS0R3REtkLVJ4TSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0

142.250.74.142

200 OK

378 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/f/AGSKWxVmIx8dPpxuiK62hoI-DTjxojOezOCd_-arqWfdmFuAMIgsJie0EuEWEvraTT9txcuomFyIfdDYhGWrYTSEJH_afi4clZpdVvROSF2Y0WJOHh6zXcb5KxF-PI-hd7K5Z9ryUR-3ZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzNDQxMTQ5LDE3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJWS0R3REtkLVJ4TSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type

Size
378 kB (377775 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f/AGSKWxVmIx8dPpxuiK62hoI-DTjxojOezOCd_-arqWfdmFuAMIgsJie0EuEWEvraTT9txcuomFyIfdDYhGWrYTSEJH_afi4clZpdVvROSF2Y0WJOHh6zXcb5KxF-PI-hd7K5Z9ryUR-3ZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzNDQxMTQ5LDE3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJWS0R3REtkLVJ4TSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 11:52:29 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'nonce-HlQbm2ob0dcrPis_Lr5iHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmLw0JBiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZALPH1JZMWEMc8n86aAsRO6TNYQ4DYp34GaxwQt948xzodiE8uOM96EYiT_p1nLQFiIR6Ov5NaNrIJ3Hi2aBojAPx7MDo"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 176757
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:37:01 GMT
expires: Fri, 18 Apr 2025 02:37:01 GMT
cache-control: public, max-age=31536000
age: 33328
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

172.67.141.24

200 OK

962 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (1015), with no line terminators
Size
962 B (962 bytes)
Hash
88523e22d10f0cbad31aa1d8276764fa
9238cd9499e01abdbeb33e68c550d26cfb6eaba5
d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 167995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=esjF7VPzc9bmxPHAPIEeLdsDSWNgbr3pagaYQO5VX8TAUxYdeVVWSEfwA%2BLo8bLiujhgi%2BYldmEZZqbH3Z0xr6pxOBgwkX2du4sW1l4cZYRknJG2NOEnTRWxG1gWdvOONiZWlmRFV3c6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472eb3df556b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bitly.ws/?banned=1

185.11.100.204

200 OK

14 kB

URL User Request GET HTTP/2
bitly.ws/?banned=1
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type

Size
14 kB (14364 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?banned=1 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML