| | 185.11.100.204 | 301 Moved Permanently | 239 B |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeHTML document, ASCII text Hashb3594ad480a73c6aeaf50b1d9411190d 22ef920fc9593a7448a0843d13dce25442ee0d31 8f0f98ca065e0d387e2886c039801eada70191d82c7e9718cd053f10930e66e5
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /VeKF HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 18 Apr 2024 11:52:20 GMT
server: Apache
location: https://bitly.ws/?redirect=VeKF
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:20 GMT
content-length: 239
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| bitly.ws/ | 185.11.100.204 | | 225 B |
IP185.11.100.204:0 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeHTML document, ASCII text Hash898a67dfd1538747526dd6e26ca9751f 91d45a3ef97e1f923e9da56db7e628547c0d7271 8f79b9dc8dcc4d4925121c5cab66969b4bd9f756d1716f6b031f9634eb7cb897
GET / HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
date: Thu, 18 Apr 2024 11:52:23 GMT
server: Apache
location: https://bitly.ws/
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:23 GMT
content-length: 225
content-type: text/html; charset=iso-8859-1
|
|
| | 185.11.100.204 | 301 Moved Permanently | 295 B |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hashfec185a9bfd0f49cb5baa231ff3e298a 1666b43695cae25f3696cd25a1b88fe0284151af d0e82d07a75635f0171541c98880d1be2ead41296f28355aadd747db898d4bdb
GET /?redirect=VeKF HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Thu, 18 Apr 2024 11:52:20 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:20 GMT
content-type: text/html
X-Firefox-Spdy: h2
|
|
| mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 | 185.11.100.204 | 302 Found | 0 B |
URL User Request GET HTTP/2mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectmp.org.pl Fingerprint57:DA:09:4B:84:35:ED:47:0C:F1:15:D5:2E:AE:2C:51:82:64:3A:AC ValiditySun, 18 Feb 2024 08:00:38 GMT - Sat, 18 May 2024 08:00:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
content-length: 0
content-type: text/html
|
|
| bitly.ws/js/adframe.js | 185.11.100.204 | 200 OK | 16 B |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeASCII text, with no line terminators Hash760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828
GET /js/adframe.js HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
content-type: application/javascript
X-Firefox-Spdy: h2
|
|
| bitly.ws/css/style.css | 185.11.100.204 | 200 OK | 2.8 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeassembler source, Unicode text, UTF-8 text, with CRLF line terminators Hasheeee0a4d84ff512093277dcc29852c8d 8cdc89abbf41ad34513b14144d235e215110a600 7b7fa3cffc3403b893b3d6816de290ad101c9f93ff2b06bd91151aed5cd78d35
GET /css/style.css HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Thu, 04 Apr 2024 03:49:30 GMT
etag: "2d16-6153d39fcf8a2-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2763
content-type: text/css
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/stripe.png | 185.11.100.204 | 200 OK | 1.4 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 91 x 60, 8-bit colormap, non-interlaced Hash17aaa9dc48a895306b06de8ae9a8b104 f75e086497b3743ac83d85dc4ca456e8bb556e55 b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a
GET /gfx/stripe.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/bmac.png | 185.11.100.204 | 200 OK | 3.2 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 214 x 60, 8-bit colormap, non-interlaced Hash781860bb7eb619aa3b173144c6d29646 6ba3a103709f121cf9f5ab214610d0215dab93e9 54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657
GET /gfx/bmac.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/bitly-chart.png | 185.11.100.204 | 200 OK | 210 B |
URL GET HTTP/2bitly.ws/gfx/bitly-chart.png IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 200 x 200, 1-bit colormap, non-interlaced Hash0f7081ab57097da4c3f76c5a4fcf3174 1aa09d97610e3ad42e25577468864aacaa26eeee c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d
GET /gfx/bitly-chart.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "d2-561cab088ec59"
accept-ranges: bytes
content-length: 210
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/adsterra2.png | 185.11.100.204 | 200 OK | 15 kB |
URL GET HTTP/2bitly.ws/gfx/adsterra2.png IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hash5d4aab7e8b7267e1876143c7bd308318 5e1827fa8442e7b1e06cfbdec4c52bdec22c9063 f9b415d80dc86d44446a312e855460fb4ac16207f5b2caa0620e69013598bde6
GET /gfx/adsterra2.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Sat, 30 Mar 2024 10:55:14 GMT
etag: "3ba2-614de974dba8f"
accept-ranges: bytes
content-length: 15266
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| www.paypalobjects.com/pl_PL/i/scr/pixel.gif | 192.229.221.25 | 200 OK | 43 B |
URL GET HTTP/2www.paypalobjects.com/pl_PL/i/scr/pixel.gif IP192.229.221.25:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerDigiCert Inc Subjectwww.paypal.com Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Thu, 18 Apr 2024 11:52:26 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Thu, 18 Apr 2024 12:52:26 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/paypal.jpg | 185.11.100.204 | 200 OK | 8.7 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 380 x 130, 8-bit colormap, non-interlaced Hasheeb10183dfe4b9ec6bcfea9aa6fa07f6 b55d89bc1ead011821dd3371f2885996fe99785a 1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c
GET /gfx/paypal.jpg HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/paypal.png | 185.11.100.204 | 200 OK | 5.5 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 200 x 150, 8-bit colormap, non-interlaced Hash164e7543a819062962815f4bd99b8419 0355f9dad012daa6adf4bae4e47e44d4b2c51888 675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea
GET /gfx/paypal.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:26 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX | 142.250.74.168 | 200 OK | 86 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP142.250.74.168:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hashc9bbfd254cbc28d3c19fdcaf6293f5c7 c3010ff264ac543cd2b30cd3f26f01fd8cc65855 12d02541e47f1115e1b684b5c3bc7493b18348ec0beaa153077d83c2f162a26c
GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 11:52:26 GMT
expires: Thu, 18 Apr 2024 11:52:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP172.240.127.234:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31304), with no line terminators Hash1ca44521a9d9d0a7b58392640d074891 670dc1211a398662ae1f5f309465c9b9fee09800 13d6ac39ffd5f0bc9e5f51dc22e08ff20817a812feef4219b8ed031356bd8f2a
GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6de36cee9cc523fee50ecf8ab0ce8ded
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js | 172.240.253.132 | 200 OK | 16 kB |
URL GET HTTP/1.1pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, ASCII text, with very long lines (44188), with no line terminators Hash10c805751ac96603c45d091636ea2469 fffbc12a39b5e51e77d03daa508c45c3e142a3d2 78d76338d70fcb9d32a1d619ff45fd67dab6748052589c34a6c17cad8f41db73
GET /33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js HTTP/1.1
Host: pl22826256.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69138067889d280f2dac2e026fcc05fd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP172.240.127.234:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31301), with no line terminators Hasheab430f761b381c0567bc87f0a030d22 75ff65b1e877bb12acbc69855b2e00c92615749c de62842e662c7176d578d20f1be139afb67ccc9d2bbe2a2e21e8951ce4b759e0
GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b8d6ddca52cd99368c8d0da770c461c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| proftrafficcounter.com/stats | 18.196.110.226 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.196.110.226:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash904ec974214c3e69a3b0ee0e2ac98ffc d811f63e7e8e781c375b2b04de70bf41db0affc6 ba5cdcf2f58d0698d3cf99f6c1246b1dcdda822462c192e7fa440b0a0ba227f4
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=dd5bc680-6c35-41be-a9b1-0e58cc90cafd:2:1; expires=Sun, 16 Apr 2034 11:52:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.196.110.226 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.196.110.226:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash01a994d2c95cd81fa7d3ece60c129740 e8a05d83d03457f1dfa5134664788e0005d29fde 3cff104db5924ae40a9a460fa357cc94484743960f0f35c449e3abe2d7644a87
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Sun, 16 Apr 2034 11:52:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.196.110.226 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.196.110.226:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash01a994d2c95cd81fa7d3ece60c129740 e8a05d83d03457f1dfa5134664788e0005d29fde 3cff104db5924ae40a9a460fa357cc94484743960f0f35c449e3abe2d7644a87
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js | 172.240.108.68 | 200 OK | 9.8 kB |
URL GET HTTP/1.1pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26582), with no line terminators Hash3c74f440ea2be72c0f095fb8fb86074f 39dc77247d46ee4d4fa890e8bd2b97e5afd968c3 402b54fa3df231888ce7d085c7313bd54f057ec1cd91d487e2d6cce4ccdf14cb
GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9972de726c954d5f9bea76773db03636
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png | 142.0.204.220 | 200 OK | 90 kB |
URL GET HTTP/1.1landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png IP142.0.204.220:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectlandings-cdn.adsterratech.com Fingerprint71:9A:2B:CA:BF:A3:77:2A:CA:C2:19:7D:85:23:4A:2A:CB:E9:F3:E1 ValidityWed, 28 Feb 2024 06:50:41 GMT - Tue, 28 May 2024 06:50:40 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hasha28902cd41b26954be2c97eea41089a1 c69d00be80adbcba05b788d2dcf7967d0d15a65f 5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61
GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes
|
|
| thongtechnicality.com/watch.1321286929578.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 | 192.243.61.225 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1thongtechnicality.com/watch.1321286929578.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectthongtechnicality.com Fingerprint5F:19:69:4B:44:97:7E:74:F5:5A:F1:90:25:DE:C7:11:5E:DD:9F:15 ValidityTue, 16 Apr 2024 13:46:58 GMT - Mon, 15 Jul 2024 13:46:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1321286929578.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 HTTP/1.1
Host: thongtechnicality.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://thongtechnicality.com/watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1
Set-Cookie: u_pl=22735548; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; expires=Thu, 18 Apr 2024 11:53:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de91c95257d16fe7bef5298bd042c433
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| diabeteprecursor.com/watch.991580067608.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 | 192.243.61.227 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1diabeteprecursor.com/watch.991580067608.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdiabeteprecursor.com Fingerprint1C:22:64:65:CD:8F:40:2B:A3:ED:A2:2E:A4:63:1D:A2:32:AB:B3:82 ValidityTue, 16 Apr 2024 13:58:08 GMT - Mon, 15 Jul 2024 13:58:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.991580067608.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 HTTP/1.1
Host: diabeteprecursor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://diabeteprecursor.com/watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1
Set-Cookie: u_pl=22829219; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk; expires=Thu, 18 Apr 2024 11:53:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 579fc5b5e2504a87a9a8c549a481d654
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| thongtechnicality.com/watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 | 192.243.61.225 | 200 OK | 2.1 kB |
URL GET HTTP/1.1thongtechnicality.com/watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectthongtechnicality.com Fingerprint5F:19:69:4B:44:97:7E:74:F5:5A:F1:90:25:DE:C7:11:5E:DD:9F:15 ValidityTue, 16 Apr 2024 13:46:58 GMT - Mon, 15 Jul 2024 13:46:57 GMT
File typeJavaScript source, ASCII text, with very long lines (2655) Hash4a412c09c40e90c19ed569265989d56f 55a4a69d4ac376a9d656d84b2a3dc0f6163f3aee 492e099e6d0790c7e857cb3295b67b7e198e00456296335b0a7416804a9fd31e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1321286929578.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=a3185ea92cd89dd08b06f7da4af89ebc35b02cf22d3b0ed9c0c15f88991660687fcb2b465a616eeb65c41470ee8a15fe10d4742a174a474f3b5ebb9e326e9abf47a396bc477dcbe01a6bfba7e749db23f6f8f29e30f2661ddae8e1ded3864f0f242f52&tz=0&uuid=dd5bc680-6c35-41be-a9b1-0e58cc90cafd%3A2%3A1 HTTP/1.1
Host: thongtechnicality.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd5bc680-6c35-41be-a9b1-0e58cc90cafd:2:1; expires=Thu, 25 Apr 2024 11:52:27 GMT; secure; SameSite=None
iprc0dd152cdf2f1296c28ccc3becd4a1e33=3569806; expires=Thu, 18 Apr 2024 15:52:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 31113819070eb292a533b09e55871dc7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| faintjump.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js | 192.243.59.13 | 200 OK | 30 kB |
URL GET HTTP/1.1faintjump.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd258596d1bd417dba55d3a6f7ec9c9e9 087a6639a2b8f64bc35603a4eed707c0935680f4 c3b34562bd2c06f26e100fe7efc2e992f350a425ce8dd2b4c46c46ea040cf61c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f5cd618c9aa86a2649e11934b7e4748
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| diabeteprecursor.com/watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 | 192.243.61.227 | 200 OK | 2.1 kB |
URL GET HTTP/1.1diabeteprecursor.com/watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdiabeteprecursor.com Fingerprint1C:22:64:65:CD:8F:40:2B:A3:ED:A2:2E:A4:63:1D:A2:32:AB:B3:82 ValidityTue, 16 Apr 2024 13:58:08 GMT - Mon, 15 Jul 2024 13:58:07 GMT
File typeJavaScript source, ASCII text, with very long lines (2637) Hash1346aaaba61ee6757e6c332cc86e8e7f 3bfd5a4d50ebd80368bceaf87906b6df64853ca8 a58f5dde2bd313e22e00f77b64b40b275c89f10685472ee0b4396a80307ebcf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.991580067608.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713441207&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=8ffc9d74b5f1796823cb00c2747f0e9ae1cd930d35da69e0b4b78a1a479f661950dfcda9c6049fb3830d0be92512c8fef703812cc3c75136b4c06f7b1473abf6f3fe54144e6674fdff1bf6c03aa0480698a1a91d76a86edd5340f0bb8d0044&tz=0&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 HTTP/1.1
Host: diabeteprecursor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Thu, 25 Apr 2024 11:52:27 GMT; secure; SameSite=None
iprc2aa4b93e3e4f312b9659d3698d6ae139=3570421; expires=Thu, 18 Apr 2024 15:52:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
pdhtkv32=true; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uncs32=1; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f05e606de3fc3e5e258adbbd59f63ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| faintjump.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22a%22%7D | 192.243.59.13 | 200 OK | 18 kB |
URL GET HTTP/1.1faintjump.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22a%22%7D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
Hashdb2e074e447ce23c148f9509276006e9 09b899db93fd740d0208ea0a253c25a3ddc8d738 912f40c3e82aed0f34fc72d348e5291ba27034a48060a7d83541a08b7e46bcb5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22a%22%7D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: application/json
Content-Length: 17798
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Fri, 19 Apr 2024 11:52:27 GMT; secure; SameSite=None
uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Thu, 25 Apr 2024 11:52:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
pdhtkv49=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs49=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]; expires=Thu, 18 Apr 2024 11:52:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f13a5190c6707fe8ef46d6a122fad7c
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg | 45.133.44.9 | 200 OK | 25 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, baseline, precision 8, 320x50, components 3 Hashd465d02b90e928dfd9d9846e102a9dac 22f7333777bec813bd9a7b870913a2b79b6d2fe4 e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.9 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg | 45.133.44.9 | 200 OK | 24 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hashd71c872fb9f50bd9383abc0721d1d51e 1f69b40ef2f95798b4e0fd738d630ad4319cd739 6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08
GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg | 45.133.44.9 | 200 OK | 28 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash1dcde64d47d24d151a1433ecf4403dd7 443d6704b5a294e000084d7a8ac823e526093928 d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376
GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg | 45.133.44.9 | 200 OK | 32 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3 Hash3528385dd0c31dbd2e5bfc4af7a6bec5 832c580ffd7711115d6c036ab4232f5bd88480a4 bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75
GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg | 45.133.44.9 | 200 OK | 23 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash9a2dc4fe2ebb70df2dfb1566d22970b8 b85a5f4ef7bd68b834d03d8b9a552e2e546e8701 1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd
GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5sd09P94xBgjFuCK7ZmBj8uEh1V%2FWknOqupqp7enb0EA1IjnPwoqeeZzaJHyHoH2CQ2YUgi%2BLORRZ0wX%2FAixA8So%2BLq%2B%2Fh%2FajnLXjqeerjaXFAXBR0%2F%2BxraiykpKudlt189i3HOdVcF2kxao66%2Fru%2Bd6qphy%2F0%2FJb9XPMcjwZq1bUd23Zsp7kmNI%2FVaLUGIbI7PafVs1ue23I6Hkb6v7MpLBhqgQ0PyKMQbNHYsU5ARHOkyddnuRnkKnv%2BlaSQNFcaQ3b7SjpIVZkiOWpjbSFObx9uQ5m9tXtQ6c0lXajhP4uhWBDr%2Fj2E6e1DkgiHW0ueoQRPEbKHUA7n4HIOQeeI1HUItkeAiOHCBtLk1gWlS7r5N0prdEEaD%2F6AKBek8esJpMndM1KMmpeVLHKhUoNRXEGM5hD9ObJiG%2Fn4GES5jSj%2FCIL9SFYfrCNNtjaMVBBs%2F2kvjOJu1AtXWNRpr3hd313pBd14pc3djm0HvtdzgqVAQswh4jkkn4CaYyiMhUJYKGILRWYhYfvNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrfMEGeTRDJCSJ9DZn%2B8HPWDng7jLwpxUBMoIvvYK5WMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4yaVxT3WLSFKFzWN3D2q5mKu9P6U2V93lKQPUEmlXT7IA8UmtpvbPjYMD3m07gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsIcAzUWxmJBuo%2F%2Fgqz2d1AhpNswchuROAlaOKBlBXq1wji9k4t0s9CylahQgKkKWd5AvmlN5QF5YunmycYV8Gj39P3jL2azn48j0hUyXeE9sUPQlzdml1RJti6p0pBvNrJcJGJMa6cv5zTn%2F%2FvyVb5ZKs3OnzWTL16KaqBu77zBTb5OUybSviFfnRGMcb2mdMTJt%2BfNmzy8WJirZwqdFtn6xZfXzieZ5sYIlc5Bxd7Gn4jEgjSeeWz5hR%2F%2B4XcIPYcuKiTFLjkMCLWNKLsGk%2B2ezse%2Fnbt74n0YRaDl0U6YWSiLaqbd8OhQCgLJj2YaVjD%2FmsOjfqZpfZuKampuoK8boPl1pEmFoa4wlBWonMAUx2d5pndPf%2F9pHZ8hlI1ZKHVjK5RafrIUuU5v1%2Bn1BXnyJw9G7DeDdtumfq%2FjBAHlQei53dh3GKWu57u%2BT9vIzSJ%2B6v8f%2FAUAAP%2F%2FAQAA%2F%2F9MrNYEpgQAAA%3D%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5sd09P94xBgjFuCK7ZmBj8uEh1V%2FWknOqupqp7enb0EA1IjnPwoqeeZzaJHyHoH2CQ2YUgi%2BLORRZ0wX%2FAixA8So%2BLq%2B%2Fh%2FajnLXjqeerjaXFAXBR0%2F%2BxraiykpKudlt189i3HOdVcF2kxao66%2Fru%2Bd6qphy%2F0%2FJb9XPMcjwZq1bUd23Zsp7kmNI%2FVaLUGIbI7PafVs1ue23I6Hkb6v7MpLBhqgQ0PyKMQbNHYsU5ARHOkyddnuRnkKnv%2BlaSQNFcaQ3b7SjpIVZkiOWpjbSFObx9uQ5m9tXtQ6c0lXajhP4uhWBDr%2Fj2E6e1DkgiHW0ueoQRPEbKHUA7n4HIOQeeI1HUItkeAiOHCBtLk1gWlS7r5N0prdEEaD%2F6AKBek8esJpMndM1KMmpeVLHKhUoNRXEGM5hD9ObJiG%2Fn4GES5jSj%2FCIL9SFYfrCNNtjaMVBBs%2F2kvjOJu1AtXWNRpr3hd313pBd14pc3djm0HvtdzgqVAQswh4jkkn4CaYyiMhUJYKGILRWYhYfvNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrfMEGeTRDJCSJ9DZn%2B8HPWDng7jLwpxUBMoIvvYK5WMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4yaVxT3WLSFKFzWN3D2q5mKu9P6U2V93lKQPUEmlXT7IA8UmtpvbPjYMD3m07gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsIcAzUWxmJBuo%2F%2Fgqz2d1AhpNswchuROAlaOKBlBXq1wji9k4t0s9CylahQgKkKWd5AvmlN5QF5YunmycYV8Gj39P3jL2azn48j0hUyXeE9sUPQlzdml1RJti6p0pBvNrJcJGJMa6cv5zTn%2F%2FvyVb5ZKs3OnzWTL16KaqBu77zBTb5OUybSviFfnRGMcb2mdMTJt%2BfNmzy8WJirZwqdFtn6xZfXzieZ5sYIlc5Bxd7Gn4jEgjSeeWz5hR%2F%2B4XcIPYcuKiTFLjkMCLWNKLsGk%2B2ezse%2Fnbt74n0YRaDl0U6YWSiLaqbd8OhQCgLJj2YaVjD%2FmsOjfqZpfZuKampuoK8boPl1pEmFoa4wlBWonMAUx2d5pndPf%2F9pHZ8hlI1ZKHVjK5RafrIUuU5v1%2Bn1BXnyJw9G7DeDdtumfq%2FjBAHlQei53dh3GKWu57u%2BT9vIzSJ%2B6v8f%2FAUAAP%2F%2FAQAA%2F%2F9MrNYEpgQAAA%3D%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5sd09P94xBgjFuCK7ZmBj8uEh1V%2FWknOqupqp7enb0EA1IjnPwoqeeZzaJHyHoH2CQ2YUgi%2BLORRZ0wX%2FAixA8So%2BLq%2B%2Fh%2FajnLXjqeerjaXFAXBR0%2F%2BxraiykpKudlt189i3HOdVcF2kxao66%2Fru%2Bd6qphy%2F0%2FJb9XPMcjwZq1bUd23Zsp7kmNI%2FVaLUGIbI7PafVs1ue23I6Hkb6v7MpLBhqgQ0PyKMQbNHYsU5ARHOkyddnuRnkKnv%2BlaSQNFcaQ3b7SjpIVZkiOWpjbSFObx9uQ5m9tXtQ6c0lXajhP4uhWBDr%2Fj2E6e1DkgiHW0ueoQRPEbKHUA7n4HIOQeeI1HUItkeAiOHCBtLk1gWlS7r5N0prdEEaD%2F6AKBek8esJpMndM1KMmpeVLHKhUoNRXEGM5hD9ObJiG%2Fn4GES5jSj%2FCIL9SFYfrCNNtjaMVBBs%2F2kvjOJu1AtXWNRpr3hd313pBd14pc3djm0HvtdzgqVAQswh4jkkn4CaYyiMhUJYKGILRWYhYfvNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrfMEGeTRDJCSJ9DZn%2B8HPWDng7jLwpxUBMoIvvYK5WMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4yaVxT3WLSFKFzWN3D2q5mKu9P6U2V93lKQPUEmlXT7IA8UmtpvbPjYMD3m07gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsIcAzUWxmJBuo%2F%2Fgqz2d1AhpNswchuROAlaOKBlBXq1wji9k4t0s9CylahQgKkKWd5AvmlN5QF5YunmycYV8Gj39P3jL2azn48j0hUyXeE9sUPQlzdml1RJti6p0pBvNrJcJGJMa6cv5zTn%2F%2FvyVb5ZKs3OnzWTL16KaqBu77zBTb5OUybSviFfnRGMcb2mdMTJt%2BfNmzy8WJirZwqdFtn6xZfXzieZ5sYIlc5Bxd7Gn4jEgjSeeWz5hR%2F%2B4XcIPYcuKiTFLjkMCLWNKLsGk%2B2ezse%2Fnbt74n0YRaDl0U6YWSiLaqbd8OhQCgLJj2YaVjD%2FmsOjfqZpfZuKampuoK8boPl1pEmFoa4wlBWonMAUx2d5pndPf%2F9pHZ8hlI1ZKHVjK5RafrIUuU5v1%2Bn1BXnyJw9G7DeDdtumfq%2FjBAHlQei53dh3GKWu57u%2BT9vIzSJ%2B6v8f%2FAUAAP%2F%2FAQAA%2F%2F9MrNYEpgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67c23c02234f3d1a9da9f583e6e67479
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t9cfvHiR%2FAiyBgUFNzZ7p6e7hmDBGNcCa7ZmBj8uEh1V%2FWknOqupqp7enbxEA1IjnPwoqeeZzaJH4voH2CQ2YUgi%2BLORRZ0%2FwUPQvAoPS6Ovod%2B37efp%2BCp56mPJ8UxcVHQowuvq20hJV3rtOzms287ztnmhkiLUXPU9d%2FzvbNNPXyh57fs55qv8mig1lzbsW3HdprrQvNYjdZqECLb7Tmtnt3y3JbT8TDS%2F91NYcFQC2x4TB6FYPPGvnUaIpohTb65wM0gV9nzrySFpLnSGLK719JBqsoUyXKMtYU4vXvChjKH6%2Feg0tsLuVDDf4ihmBPr%2Fj2E6d0TkQiHOwudoQRPEbKHUA5n4HIGQWeI1E0IdkiAiOHSJtLkziWlS7r1N0prdE4aD%2F6AKOek8dtppMnX56UYNa8qWeRCpQajuIIYzSD6M2TFHvLtFYhyD1H%2BEQT7iaw92ECa7GwaqSDY0dNeGMXdqBeusqjTXvW6vrvaC7rxapu7HdsOfK%2FnBAuDhJhBxDNIPgY1KyiMhUJYKGILRWYhYUfNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrvMEaejRHJMSJ9A5n%2B8HPWDng7jLwJxUCMoYvvYa5XMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4zaVxT3WHSFKFz0t2T3q6mKu9P6G2V93lKQPUYmlWT7Jg8UntpvbvvYMCPmk7gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsKsgBoL22JOuo%2F%2FiqzOd1AhpHswcg%2BROANaOKBlBXq9wna6m4t0q9CylahQgKkKWd5AvmVN5DF5YpHmmcY74NHBufunXsymv5xCpCtkusL7Yp%2BgL29Nr6iS7FxRpSHfbma5SMQ2rZO%2BmtOc%2F%2B%2FL1%2FhWqTS7eMGMv3gpqoF63H2Tm3yDpkykfUO%2BOi8Y43pd6YiT7y6at3h4uTDXzxc6LbKNyy%2BvX0wyzY0RKp2BisPNPxGJOWk889jiCT%2F84%2B8QegZdVEiKA3JSEGoPUXYDJluqN4pAyyUnzFZQFtVUu%2BHypxQEki93GlYw%2F9rD5TzVtD5NRTUxt9DXDdD8JtKkwlBXGMoKVI5hilPTPNMH5374tK7PEMrGNJS6sRNKLT%2BpTb62cLr%2BvDEnT%2F7swYijZtBu29TvdZwgoDwIPbcb%2Bw6j1PV81%2FdpG7mZx0%2F9%2F4O%2FAAAA%2F%2F8BAAD%2F%2F3aJ636mBAAA | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t9cfvHiR%2FAiyBgUFNzZ7p6e7hmDBGNcCa7ZmBj8uEh1V%2FWknOqupqp7enbxEA1IjnPwoqeeZzaJH4voH2CQ2YUgi%2BLORRZ0%2FwUPQvAoPS6Ovod%2B37efp%2BCp56mPJ8UxcVHQowuvq20hJV3rtOzms287ztnmhkiLUXPU9d%2FzvbNNPXyh57fs55qv8mig1lzbsW3HdprrQvNYjdZqECLb7Tmtnt3y3JbT8TDS%2F91NYcFQC2x4TB6FYPPGvnUaIpohTb65wM0gV9nzrySFpLnSGLK719JBqsoUyXKMtYU4vXvChjKH6%2Feg0tsLuVDDf4ihmBPr%2Fj2E6d0TkQiHOwudoQRPEbKHUA5n4HIGQWeI1E0IdkiAiOHSJtLkziWlS7r1N0prdE4aD%2F6AKOek8dtppMnX56UYNa8qWeRCpQajuIIYzSD6M2TFHvLtFYhyD1H%2BEQT7iaw92ECa7GwaqSDY0dNeGMXdqBeusqjTXvW6vrvaC7rxapu7HdsOfK%2FnBAuDhJhBxDNIPgY1KyiMhUJYKGILRWYhYUfNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrvMEaejRHJMSJ9A5n%2B8HPWDng7jLwJxUCMoYvvYa5XMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4zaVxT3WHSFKFz0t2T3q6mKu9P6G2V93lKQPUYmlWT7Jg8UntpvbvvYMCPmk7gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsKsgBoL22JOuo%2F%2FiqzOd1AhpHswcg%2BROANaOKBlBXq9wna6m4t0q9CylahQgKkKWd5AvmVN5DF5YpHmmcY74NHBufunXsymv5xCpCtkusL7Yp%2BgL29Nr6iS7FxRpSHfbma5SMQ2rZO%2BmtOc%2F%2B%2FL1%2FhWqTS7eMGMv3gpqoF63H2Tm3yDpkykfUO%2BOi8Y43pd6YiT7y6at3h4uTDXzxc6LbKNyy%2BvX0wyzY0RKp2BisPNPxGJOWk889jiCT%2F84%2B8QegZdVEiKA3JSEGoPUXYDJluqN4pAyyUnzFZQFtVUu%2BHypxQEki93GlYw%2F9rD5TzVtD5NRTUxt9DXDdD8JtKkwlBXGMoKVI5hilPTPNMH5374tK7PEMrGNJS6sRNKLT%2BpTb62cLr%2BvDEnT%2F7swYijZtBu29TvdZwgoDwIPbcb%2Bw6j1PV81%2FdpG7mZx0%2F9%2F4O%2FAAAA%2F%2F8BAAD%2F%2F3aJ636mBAAA IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t9cfvHiR%2FAiyBgUFNzZ7p6e7hmDBGNcCa7ZmBj8uEh1V%2FWknOqupqp7enbxEA1IjnPwoqeeZzaJH4voH2CQ2YUgi%2BLORRZ0%2FwUPQvAoPS6Ovod%2B37efp%2BCp56mPJ8UxcVHQowuvq20hJV3rtOzms287ztnmhkiLUXPU9d%2FzvbNNPXyh57fs55qv8mig1lzbsW3HdprrQvNYjdZqECLb7Tmtnt3y3JbT8TDS%2F91NYcFQC2x4TB6FYPPGvnUaIpohTb65wM0gV9nzrySFpLnSGLK719JBqsoUyXKMtYU4vXvChjKH6%2Feg0tsLuVDDf4ihmBPr%2Fj2E6d0TkQiHOwudoQRPEbKHUA5n4HIGQWeI1E0IdkiAiOHSJtLkziWlS7r1N0prdE4aD%2F6AKOek8dtppMnX56UYNa8qWeRCpQajuIIYzSD6M2TFHvLtFYhyD1H%2BEQT7iaw92ECa7GwaqSDY0dNeGMXdqBeusqjTXvW6vrvaC7rxapu7HdsOfK%2FnBAuDhJhBxDNIPgY1KyiMhUJYKGILRWYhYUfNyHGcwGYRtbu9KGqzgIc%2Bsx0axA51bL%2BLIqrvMEaejRHJMSJ9A5n%2B8HPWDng7jLwJxUCMoYvvYa5XMMyCyQmGrELJCUpDUFKCUhCUOUE5rG4zaVxT3WHSFKFz0t2T3q6mKu9P6G2V93lKQPUYmlWT7Jg8UntpvbvvYMCPmk7gsp7ftV2v0%2Bm0edfuuJTGIXdC5nvUacOICsKsgBoL22JOuo%2F%2FiqzOd1AhpHswcg%2BROANaOKBlBXq9wna6m4t0q9CylahQgKkKWd5AvmVN5DF5YpHmmcY74NHBufunXsymv5xCpCtkusL7Yp%2BgL29Nr6iS7FxRpSHfbma5SMQ2rZO%2BmtOc%2F%2B%2FL1%2FhWqTS7eMGMv3gpqoF63H2Tm3yDpkykfUO%2BOi8Y43pd6YiT7y6at3h4uTDXzxc6LbKNyy%2BvX0wyzY0RKp2BisPNPxGJOWk889jiCT%2F84%2B8QegZdVEiKA3JSEGoPUXYDJluqN4pAyyUnzFZQFtVUu%2BHypxQEki93GlYw%2F9rD5TzVtD5NRTUxt9DXDdD8JtKkwlBXGMoKVI5hilPTPNMH5374tK7PEMrGNJS6sRNKLT%2BpTb62cLr%2BvDEnT%2F7swYijZtBu29TvdZwgoDwIPbcb%2Bw6j1PV81%2FdpG7mZx0%2F9%2F4O%2FAAAA%2F%2F8BAAD%2F%2F3aJ636mBAAA HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe2d6c6524a71aa4b9222aad5153495f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| decidedlyenjoyableannihilation.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 | 172.240.253.132 | 200 OK | 8.3 kB |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
Hashc18fe4e6d6a65532ec56f0eff09ff295 cbb35077c159c247f3af4f3255aafa6357ac6f46 bf466f1f04eedb2e9525e0f7071bb800d4d590ca608a9de14b60727d713d3e53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725757; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; expires=Thu, 25 Apr 2024 11:52:28 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 19 Apr 2024 11:52:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f6fda46bf913c64ba0f2613d86f2c875
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuZivPgjeBFkDAoK7mx3T0%2F3jEGCMa4E12xMDP64SHVX9aSc6q6mqnt6dvEQDUiOc%2FCip543m8Qfi%2BgfYJDZhSCL4s5FFnT%2FA09C8Cg9Lo5%2Bh%2F6%2Br98rePVefTIpjoiLgh5eeENtCSnpaqdlN597x3HONtdFWoyao67%2Fvu%2Bdberhiz2%2FZT%2FffI1HA7Xq2o5tO7bTXBOax2q0WoMQ2U7PafXslue2nI6Hkf7%2FbgoLhlpgwyPyGASbN%2Fas0xDRDGny7QVuBrnKXng1KSTNlcaQ3b2WDlJVpkiWY6wtxOndYzaUOVi7B5XeXsiFGv5LDMWcWPfvIUzvHotEONxe6AwleIqQPYxyOAOXMwg6Q6RuQrADAkQMlzaQJncuKV3SzX9QWqNz0njwJ0Q5J43fTyNNvjkvxah5VckiFyo1GMUVxGgG0Z8hK3aRb52AKHcR5R9DsJ%2FJ6oN1pMn2hpEKgh0%2B44VR3I164QqLOu0Vr%2Bu7K72gG6%2B0udux7cD3ek6wMEiIGUQ8g%2BRjUHMChbFQCAtFbKHILCTssBk5jhPYLKJ2txdFbRbw0Ge2Q4PYoY7td1FE9R3GyLMxIjlGpG8g0x99wdoBb4eRN6EYiDF08QPM9QqGWTA5wZBVKDlBaQhKSlAKgjInKIfVbSaNa6o7TJoidI67e9zb1VTl%2FQm9rfI%2BTwmoHkOzapIdkUdrL6339hwM%2BGHTCVzW87u263U6nTbv2h2X0jjkTsh8jzptGFFBmBOgxsKWmJPuE78hq%2FMdVAjpLozcRSTOgBYOaFmBXq%2Bwle7kIt0stGwlKhRgqkKWN5BvWhN5RJ5cpHmm8SZ4tH%2Fu%2FqmXsumvpxDpCpmu8IHYI%2BjLW9MrqiTbV1RpyHcbWS4SsUXrpK%2FmNOcnv3qdb5ZKs4sXzPjLl6MaqMedt7jJ12nKRNo35OvzgjGu15SOOPn%2Bonmbh5cLc%2F18odMiW7%2F8ytrFJNPcGKHSGag42PgLkZiTxrOPL57wIz%2F9AaFn0EWFpNgnxwWhdhFlN2CypXqjCLRccsLsJMqimmo3XP6UgkDy5U7DCuY%2Fe7icp5rWp6moJuYW%2BroBmt9EmlQY6gpDWYHKMUxxappnev%2Fcj5%2FV9TlC2ZiGUje2Q6nlp7XJ1%2BrPuwu75%2BSpXzwYcdgM2m2b%2Br2OEwSUB6HndmPfYZS6nu%2F6Pm0jN%2FP46Yc%2B%2FBsAAP%2F%2FAQAA%2F%2F8pSXG1pgQAAA%3D%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuZivPgjeBFkDAoK7mx3T0%2F3jEGCMa4E12xMDP64SHVX9aSc6q6mqnt6dvEQDUiOc%2FCip543m8Qfi%2BgfYJDZhSCL4s5FFnT%2FA09C8Cg9Lo5%2Bh%2F6%2Br98rePVefTIpjoiLgh5eeENtCSnpaqdlN597x3HONtdFWoyao67%2Fvu%2Bdberhiz2%2FZT%2FffI1HA7Xq2o5tO7bTXBOax2q0WoMQ2U7PafXslue2nI6Hkf7%2FbgoLhlpgwyPyGASbN%2Fas0xDRDGny7QVuBrnKXng1KSTNlcaQ3b2WDlJVpkiWY6wtxOndYzaUOVi7B5XeXsiFGv5LDMWcWPfvIUzvHotEONxe6AwleIqQPYxyOAOXMwg6Q6RuQrADAkQMlzaQJncuKV3SzX9QWqNz0njwJ0Q5J43fTyNNvjkvxah5VckiFyo1GMUVxGgG0Z8hK3aRb52AKHcR5R9DsJ%2FJ6oN1pMn2hpEKgh0%2B44VR3I164QqLOu0Vr%2Bu7K72gG6%2B0udux7cD3ek6wMEiIGUQ8g%2BRjUHMChbFQCAtFbKHILCTssBk5jhPYLKJ2txdFbRbw0Ge2Q4PYoY7td1FE9R3GyLMxIjlGpG8g0x99wdoBb4eRN6EYiDF08QPM9QqGWTA5wZBVKDlBaQhKSlAKgjInKIfVbSaNa6o7TJoidI67e9zb1VTl%2FQm9rfI%2BTwmoHkOzapIdkUdrL6339hwM%2BGHTCVzW87u263U6nTbv2h2X0jjkTsh8jzptGFFBmBOgxsKWmJPuE78hq%2FMdVAjpLozcRSTOgBYOaFmBXq%2Bwle7kIt0stGwlKhRgqkKWN5BvWhN5RJ5cpHmm8SZ4tH%2Fu%2FqmXsumvpxDpCpmu8IHYI%2BjLW9MrqiTbV1RpyHcbWS4SsUXrpK%2FmNOcnv3qdb5ZKs4sXzPjLl6MaqMedt7jJ12nKRNo35OvzgjGu15SOOPn%2Bonmbh5cLc%2F18odMiW7%2F8ytrFJNPcGKHSGag42PgLkZiTxrOPL57wIz%2F9AaFn0EWFpNgnxwWhdhFlN2CypXqjCLRccsLsJMqimmo3XP6UgkDy5U7DCuY%2Fe7icp5rWp6moJuYW%2BroBmt9EmlQY6gpDWYHKMUxxappnev%2Fcj5%2FV9TlC2ZiGUje2Q6nlp7XJ1%2BrPuwu75%2BSpXzwYcdgM2m2b%2Br2OEwSUB6HndmPfYZS6nu%2F6Pm0jN%2FP46Yc%2B%2FBsAAP%2F%2FAQAA%2F%2F8pSXG1pgQAAA%3D%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuZivPgjeBFkDAoK7mx3T0%2F3jEGCMa4E12xMDP64SHVX9aSc6q6mqnt6dvEQDUiOc%2FCip543m8Qfi%2BgfYJDZhSCL4s5FFnT%2FA09C8Cg9Lo5%2Bh%2F6%2Br98rePVefTIpjoiLgh5eeENtCSnpaqdlN597x3HONtdFWoyao67%2Fvu%2Bdberhiz2%2FZT%2FffI1HA7Xq2o5tO7bTXBOax2q0WoMQ2U7PafXslue2nI6Hkf7%2FbgoLhlpgwyPyGASbN%2Fas0xDRDGny7QVuBrnKXng1KSTNlcaQ3b2WDlJVpkiWY6wtxOndYzaUOVi7B5XeXsiFGv5LDMWcWPfvIUzvHotEONxe6AwleIqQPYxyOAOXMwg6Q6RuQrADAkQMlzaQJncuKV3SzX9QWqNz0njwJ0Q5J43fTyNNvjkvxah5VckiFyo1GMUVxGgG0Z8hK3aRb52AKHcR5R9DsJ%2FJ6oN1pMn2hpEKgh0%2B44VR3I164QqLOu0Vr%2Bu7K72gG6%2B0udux7cD3ek6wMEiIGUQ8g%2BRjUHMChbFQCAtFbKHILCTssBk5jhPYLKJ2txdFbRbw0Ge2Q4PYoY7td1FE9R3GyLMxIjlGpG8g0x99wdoBb4eRN6EYiDF08QPM9QqGWTA5wZBVKDlBaQhKSlAKgjInKIfVbSaNa6o7TJoidI67e9zb1VTl%2FQm9rfI%2BTwmoHkOzapIdkUdrL6339hwM%2BGHTCVzW87u263U6nTbv2h2X0jjkTsh8jzptGFFBmBOgxsKWmJPuE78hq%2FMdVAjpLozcRSTOgBYOaFmBXq%2Bwle7kIt0stGwlKhRgqkKWN5BvWhN5RJ5cpHmm8SZ4tH%2Fu%2FqmXsumvpxDpCpmu8IHYI%2BjLW9MrqiTbV1RpyHcbWS4SsUXrpK%2FmNOcnv3qdb5ZKs4sXzPjLl6MaqMedt7jJ12nKRNo35OvzgjGu15SOOPn%2Bonmbh5cLc%2F18odMiW7%2F8ytrFJNPcGKHSGag42PgLkZiTxrOPL57wIz%2F9AaFn0EWFpNgnxwWhdhFlN2CypXqjCLRccsLsJMqimmo3XP6UgkDy5U7DCuY%2Fe7icp5rWp6moJuYW%2BroBmt9EmlQY6gpDWYHKMUxxappnev%2Fcj5%2FV9TlC2ZiGUje2Q6nlp7XJ1%2BrPuwu75%2BSpXzwYcdgM2m2b%2Br2OEwSUB6HndmPfYZS6nu%2F6Pm0jN%2FP46Yc%2B%2FBsAAP%2F%2FAQAA%2F%2F8pSXG1pgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7357598ccefd3559f4f4cc33ad497917
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2e6bnyyDBGFeCazYmBj8uUl89Kae6q6nqnp5dPEQDkuMcvOip55lN4kcQ%2FQMMMrsQZEHcuciC7j8hBI%2FSm8XR9%2FB%2B1PMWPPU89dk0PyRN5PTg%2FFtmS2lNV9sNv%2F78e0Fwpr6uknxcH%2Fc6H3bCM3U7ernfafgv1N%2BQfGhWm37g%2B4Ef1NeUlZEZr1YgVHq3HzT6fiNsNoJ2iLH97%2BxyD456EKND8jiUWNR2vVNQfI4k%2Fv68dMPMpC%2B9HueaZsZiJO5cTYaJKRLEyzayHqLkzvE2jNtfuweT3DqiCzP6Z5GpBfHu3wNL7hyTBBttH%2FFkGjIBE4%2BgGM0h9RyKzsHNDSixTwAucHEDSXz7orEF3XyI0gpdkNqDP6GKBan9cQpJ%2FN05rcb1K0bnmTKJwzgqocZzqMEcab6DbOsEVLEDnn0KJX4hqw%2FWkcTbG04bKHHwbMh41ON9tiJ4u7US9jrNlX63F620ZLPt%2B91O2A%2B6RwIpNYeK5tByAupOIHcecuUhjzzkqYdYHNR5EARdX3Dq9%2Fqct0RXso7wA9qNAhr4nR5yXr1hgiydgOsJuL2O1H7ylWh1ZYvxcEoxVBPY%2FCe4ayWc8OAygpEoUUiCwhEUlKBQBEVGUIzKW0K7pitvC%2B1yFhzX5nFtlTOTDab0lskGMiGgdgIryml6SB6rtPQ%2B2A0wlAf1oNsU%2FU7Pb4btdrsle367SWnEZMBEJ6RBC06VUO4EqPOwpRak9%2BTvSCt%2FhyUY3YHTO%2BDqNGgegBYl6LUSW8ndTCWbudWN2DAFYUqkWQ3ZpjfVh%2BSpIzef%2FjWE5Htn7598JZ39dhLclkhtiY%2FULsFA35xdNgXZvmwKR37YSDMVqy1aOX0lo5n83zdvys3CWHHhvJt8%2FSqvgKq9%2B4502TpNhEoGjnx7Tgkh7ZqxXJIfL7h3JbuUu2vncpvk6fql19YuxKmVzimTzEHV%2FsZf4GpBas89cfSFH91%2FEcrOYfMScb5HjgPK7ICn1%2BHSJXtnCKxe7rC0hiIvZ7bJlodaEWi5nCkr4f41s2U%2Fs7S6TVU5dTcxsDXQ7AaSuMTIlhjpElRP4PKTsyy1e2d%2F%2FqKKL8F0bca0rW0zbfXnC3K6drVK71fp7YeaO3VQb%2Fmiy2Qku0yG7TCSXLB2m%2Fk84qwlej2OzC2iZ%2F7%2F8d8AAAD%2F%2FwEAAP%2F%2FASVJ5aYEAAA%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2e6bnyyDBGFeCazYmBj8uUl89Kae6q6nqnp5dPEQDkuMcvOip55lN4kcQ%2FQMMMrsQZEHcuciC7j8hBI%2FSm8XR9%2FB%2B1PMWPPU89dk0PyRN5PTg%2FFtmS2lNV9sNv%2F78e0Fwpr6uknxcH%2Fc6H3bCM3U7ernfafgv1N%2BQfGhWm37g%2B4Ef1NeUlZEZr1YgVHq3HzT6fiNsNoJ2iLH97%2BxyD456EKND8jiUWNR2vVNQfI4k%2Fv68dMPMpC%2B9HueaZsZiJO5cTYaJKRLEyzayHqLkzvE2jNtfuweT3DqiCzP6Z5GpBfHu3wNL7hyTBBttH%2FFkGjIBE4%2BgGM0h9RyKzsHNDSixTwAucHEDSXz7orEF3XyI0gpdkNqDP6GKBan9cQpJ%2FN05rcb1K0bnmTKJwzgqocZzqMEcab6DbOsEVLEDnn0KJX4hqw%2FWkcTbG04bKHHwbMh41ON9tiJ4u7US9jrNlX63F620ZLPt%2B91O2A%2B6RwIpNYeK5tByAupOIHcecuUhjzzkqYdYHNR5EARdX3Dq9%2Fqct0RXso7wA9qNAhr4nR5yXr1hgiydgOsJuL2O1H7ylWh1ZYvxcEoxVBPY%2FCe4ayWc8OAygpEoUUiCwhEUlKBQBEVGUIzKW0K7pitvC%2B1yFhzX5nFtlTOTDab0lskGMiGgdgIryml6SB6rtPQ%2B2A0wlAf1oNsU%2FU7Pb4btdrsle367SWnEZMBEJ6RBC06VUO4EqPOwpRak9%2BTvSCt%2FhyUY3YHTO%2BDqNGgegBYl6LUSW8ndTCWbudWN2DAFYUqkWQ3ZpjfVh%2BSpIzef%2FjWE5Htn7598JZ39dhLclkhtiY%2FULsFA35xdNgXZvmwKR37YSDMVqy1aOX0lo5n83zdvys3CWHHhvJt8%2FSqvgKq9%2B4502TpNhEoGjnx7Tgkh7ZqxXJIfL7h3JbuUu2vncpvk6fql19YuxKmVzimTzEHV%2FsZf4GpBas89cfSFH91%2FEcrOYfMScb5HjgPK7ICn1%2BHSJXtnCKxe7rC0hiIvZ7bJlodaEWi5nCkr4f41s2U%2Fs7S6TVU5dTcxsDXQ7AaSuMTIlhjpElRP4PKTsyy1e2d%2F%2FqKKL8F0bca0rW0zbfXnC3K6drVK71fp7YeaO3VQb%2Fmiy2Qku0yG7TCSXLB2m%2Fk84qwlej2OzC2iZ%2F7%2F8d8AAAD%2F%2FwEAAP%2F%2FASVJ5aYEAAA%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2e6bnyyDBGFeCazYmBj8uUl89Kae6q6nqnp5dPEQDkuMcvOip55lN4kcQ%2FQMMMrsQZEHcuciC7j8hBI%2FSm8XR9%2FB%2B1PMWPPU89dk0PyRN5PTg%2FFtmS2lNV9sNv%2F78e0Fwpr6uknxcH%2Fc6H3bCM3U7ernfafgv1N%2BQfGhWm37g%2B4Ef1NeUlZEZr1YgVHq3HzT6fiNsNoJ2iLH97%2BxyD456EKND8jiUWNR2vVNQfI4k%2Fv68dMPMpC%2B9HueaZsZiJO5cTYaJKRLEyzayHqLkzvE2jNtfuweT3DqiCzP6Z5GpBfHu3wNL7hyTBBttH%2FFkGjIBE4%2BgGM0h9RyKzsHNDSixTwAucHEDSXz7orEF3XyI0gpdkNqDP6GKBan9cQpJ%2FN05rcb1K0bnmTKJwzgqocZzqMEcab6DbOsEVLEDnn0KJX4hqw%2FWkcTbG04bKHHwbMh41ON9tiJ4u7US9jrNlX63F620ZLPt%2B91O2A%2B6RwIpNYeK5tByAupOIHcecuUhjzzkqYdYHNR5EARdX3Dq9%2Fqct0RXso7wA9qNAhr4nR5yXr1hgiydgOsJuL2O1H7ylWh1ZYvxcEoxVBPY%2FCe4ayWc8OAygpEoUUiCwhEUlKBQBEVGUIzKW0K7pitvC%2B1yFhzX5nFtlTOTDab0lskGMiGgdgIryml6SB6rtPQ%2B2A0wlAf1oNsU%2FU7Pb4btdrsle367SWnEZMBEJ6RBC06VUO4EqPOwpRak9%2BTvSCt%2FhyUY3YHTO%2BDqNGgegBYl6LUSW8ndTCWbudWN2DAFYUqkWQ3ZpjfVh%2BSpIzef%2FjWE5Htn7598JZ39dhLclkhtiY%2FULsFA35xdNgXZvmwKR37YSDMVqy1aOX0lo5n83zdvys3CWHHhvJt8%2FSqvgKq9%2B4502TpNhEoGjnx7Tgkh7ZqxXJIfL7h3JbuUu2vncpvk6fql19YuxKmVzimTzEHV%2FsZf4GpBas89cfSFH91%2FEcrOYfMScb5HjgPK7ICn1%2BHSJXtnCKxe7rC0hiIvZ7bJlodaEWi5nCkr4f41s2U%2Fs7S6TVU5dTcxsDXQ7AaSuMTIlhjpElRP4PKTsyy1e2d%2F%2FqKKL8F0bca0rW0zbfXnC3K6drVK71fp7YeaO3VQb%2Fmiy2Qku0yG7TCSXLB2m%2Fk84qwlej2OzC2iZ%2F7%2F8d8AAAD%2F%2FwEAAP%2F%2FASVJ5aYEAAA%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88f9625f5fe1278a145ade64765d7a5d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| decidedlyenjoyableannihilation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1FBEFZvCzCKB5WMJPunpmeafewGGMkGDdxd0XxItVV3ZNyqruaqu7pSVAMLsgeB39B55tkgxpk9yq4yCTgISDseApoLv4DhT1Lj4Oj71Dve%2FW9gu%2B9r746yC%2BJi5xerL2n9oSUdKXdsOvXP3KcG%2FVNkeTD%2BrDrfeK1btT14A3fa9iv1d8JWV%2BtuLZj247t1NeFDiM1XKlIiPTEdxq%2B3Wi5DafdwlD%2Fvza5BUMt8MEleQGCT5fOrKsQbIIkfrgWmn6m0tffjnNJM6Ux4McfJP1EFQniBYy0hSg5nndDmSfrj6GSo5lcqMG%2FjYGYEuvnxwiS47lIBIPDmc5AIkwQ8GdRDCYI5QSCTsDUPQj%2BhACM49YWkvjBLaULuvsPSyt2Spae%2FgVRTMnS71eRxN%2BvSjGs31Eyz4RKDIZRCTGcQPQmSPNTZHs1iOIULPsSgv9CVp5uIokPt4xUEPzi1VbAoi7zg2XO2s3lVtdzl%2F1ON1puhm7btjtey3c6swUJMYGIJpDhCNTUkBsLubCQRxby1ELML%2BrMcZyOzRm1uz5jTd4JA4%2FbDu1EDnVsr4ucVTOMkKUjMDkC0%2FtI9T76YgSd%2FwSzU8LwGkw2Jdb7X2DASxQhQWEICkpQCIIiIygG5RGXxjXlAy5NHjjz7M5zsxyrrHdAj1TWCxMCqkfQvDxIL8nz1RKtj88%2BRz%2B8qDebLPRD32dOEFUocHmrS32nzYO257YYjCghTA3UWNgTU9J98TeklbH9EgE9hZGnYOIV0Pwl0KIE3Smxl5xkItnNtWzEKhDgqkSaLSHbtQ7kJbk2s3Fj6xFCdn7zj%2BYswHSJVJf4VJwR9OT98W1VkMPbqjDk0VaaiVjs0criOxnNwivfvhvuFkrzjTUz%2BuZNVhEVPLkbmmyTJlwkPUO%2BWxWch3pdaRaSHzfMh2GwnZud1Vwnebq5%2Fdb6Rpzq0BihkgloNdSfGkxMyXPX7s5%2B7%2FUftiH0BDovEefnZB4QagKW7sOkC%2F1GEWi56AlSC0VejrUbLC6lIJDhoqZBCfOfOljgsabVayrKA3MfPV0Dze4hiUsMdImBLEHlCCa%2FMs5SfX7z17mMQNbGgdS1w0Bq%2BfVszdXxEEZc1DvNpk09v%2B10OjTsBC23G3kOp9Rtea7n0SYyM41efuazvwEAAP%2F%2FAQAA%2F%2F9nwCjYlwQAAA%3D%3D | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1FBEFZvCzCKB5WMJPunpmeafewGGMkGDdxd0XxItVV3ZNyqruaqu7pSVAMLsgeB39B55tkgxpk9yq4yCTgISDseApoLv4DhT1Lj4Oj71Dve%2FW9gu%2B9r746yC%2BJi5xerL2n9oSUdKXdsOvXP3KcG%2FVNkeTD%2BrDrfeK1btT14A3fa9iv1d8JWV%2BtuLZj247t1NeFDiM1XKlIiPTEdxq%2B3Wi5DafdwlD%2Fvza5BUMt8MEleQGCT5fOrKsQbIIkfrgWmn6m0tffjnNJM6Ux4McfJP1EFQniBYy0hSg5nndDmSfrj6GSo5lcqMG%2FjYGYEuvnxwiS47lIBIPDmc5AIkwQ8GdRDCYI5QSCTsDUPQj%2BhACM49YWkvjBLaULuvsPSyt2Spae%2FgVRTMnS71eRxN%2BvSjGs31Eyz4RKDIZRCTGcQPQmSPNTZHs1iOIULPsSgv9CVp5uIokPt4xUEPzi1VbAoi7zg2XO2s3lVtdzl%2F1ON1puhm7btjtey3c6swUJMYGIJpDhCNTUkBsLubCQRxby1ELML%2BrMcZyOzRm1uz5jTd4JA4%2FbDu1EDnVsr4ucVTOMkKUjMDkC0%2FtI9T76YgSd%2FwSzU8LwGkw2Jdb7X2DASxQhQWEICkpQCIIiIygG5RGXxjXlAy5NHjjz7M5zsxyrrHdAj1TWCxMCqkfQvDxIL8nz1RKtj88%2BRz%2B8qDebLPRD32dOEFUocHmrS32nzYO257YYjCghTA3UWNgTU9J98TeklbH9EgE9hZGnYOIV0Pwl0KIE3Smxl5xkItnNtWzEKhDgqkSaLSHbtQ7kJbk2s3Fj6xFCdn7zj%2BYswHSJVJf4VJwR9OT98W1VkMPbqjDk0VaaiVjs0criOxnNwivfvhvuFkrzjTUz%2BuZNVhEVPLkbmmyTJlwkPUO%2BWxWch3pdaRaSHzfMh2GwnZud1Vwnebq5%2Fdb6Rpzq0BihkgloNdSfGkxMyXPX7s5%2B7%2FUftiH0BDovEefnZB4QagKW7sOkC%2F1GEWi56AlSC0VejrUbLC6lIJDhoqZBCfOfOljgsabVayrKA3MfPV0Dze4hiUsMdImBLEHlCCa%2FMs5SfX7z17mMQNbGgdS1w0Bq%2BfVszdXxEEZc1DvNpk09v%2B10OjTsBC23G3kOp9Rtea7n0SYyM41efuazvwEAAP%2F%2FAQAA%2F%2F9nwCjYlwQAAA%3D%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1FBEFZvCzCKB5WMJPunpmeafewGGMkGDdxd0XxItVV3ZNyqruaqu7pSVAMLsgeB39B55tkgxpk9yq4yCTgISDseApoLv4DhT1Lj4Oj71Dve%2FW9gu%2B9r746yC%2BJi5xerL2n9oSUdKXdsOvXP3KcG%2FVNkeTD%2BrDrfeK1btT14A3fa9iv1d8JWV%2BtuLZj247t1NeFDiM1XKlIiPTEdxq%2B3Wi5DafdwlD%2Fvza5BUMt8MEleQGCT5fOrKsQbIIkfrgWmn6m0tffjnNJM6Ux4McfJP1EFQniBYy0hSg5nndDmSfrj6GSo5lcqMG%2FjYGYEuvnxwiS47lIBIPDmc5AIkwQ8GdRDCYI5QSCTsDUPQj%2BhACM49YWkvjBLaULuvsPSyt2Spae%2FgVRTMnS71eRxN%2BvSjGs31Eyz4RKDIZRCTGcQPQmSPNTZHs1iOIULPsSgv9CVp5uIokPt4xUEPzi1VbAoi7zg2XO2s3lVtdzl%2F1ON1puhm7btjtey3c6swUJMYGIJpDhCNTUkBsLubCQRxby1ELML%2BrMcZyOzRm1uz5jTd4JA4%2FbDu1EDnVsr4ucVTOMkKUjMDkC0%2FtI9T76YgSd%2FwSzU8LwGkw2Jdb7X2DASxQhQWEICkpQCIIiIygG5RGXxjXlAy5NHjjz7M5zsxyrrHdAj1TWCxMCqkfQvDxIL8nz1RKtj88%2BRz%2B8qDebLPRD32dOEFUocHmrS32nzYO257YYjCghTA3UWNgTU9J98TeklbH9EgE9hZGnYOIV0Pwl0KIE3Smxl5xkItnNtWzEKhDgqkSaLSHbtQ7kJbk2s3Fj6xFCdn7zj%2BYswHSJVJf4VJwR9OT98W1VkMPbqjDk0VaaiVjs0criOxnNwivfvhvuFkrzjTUz%2BuZNVhEVPLkbmmyTJlwkPUO%2BWxWch3pdaRaSHzfMh2GwnZud1Vwnebq5%2Fdb6Rpzq0BihkgloNdSfGkxMyXPX7s5%2B7%2FUftiH0BDovEefnZB4QagKW7sOkC%2F1GEWi56AlSC0VejrUbLC6lIJDhoqZBCfOfOljgsabVayrKA3MfPV0Dze4hiUsMdImBLEHlCCa%2FMs5SfX7z17mMQNbGgdS1w0Bq%2BfVszdXxEEZc1DvNpk09v%2B10OjTsBC23G3kOp9Rtea7n0SYyM41efuazvwEAAP%2F%2FAQAA%2F%2F9nwCjYlwQAAA%3D%3D HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5874ff81b71fba7367b53a55744495d5
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=89 | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=89 IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=89 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2u6ene8YgwRhXgms2JgY%2FLlLdVT1bTnVXU9U9Pbt4iAYkxzl40VPPM7tZPxbRP8AgswtBFsSdiyzo%2FhNC8Ci9WRx9D%2B9HPW%2FBU89Tn02KY%2BKioEeX31KbQkq63GnZzeffc5wLzVWRFqPmqOt%2F6HsXmnr4cs9v2S803%2BDRQC27tmPbju00V4TmsRot1yBEtttzWj275bktp%2BNhpP87m8KCoRbY8Jg8DsHmjX3rHEQ0Q5p8f5mbQa6yl15PCklzpTFkOzfTQarKFMmijbWFON053YYyhyv3oNLtE7pQw38WQzEn1v17CNOdU5IIh1snPEMJniJkj6AczsDlDILOEKnbEOyQABHD1TWkyd2rSpd04yFKa3ROGg%2F%2BhCjnpPHHOaTJd5ekGDVvKFnkQqUGo7iCGM0g%2BjNkxR7yzTMQ5R6i%2FFMI9gtZfrCKNNlaM1JBsKNnvTCKu1EvXGJRp73kdX13qRd046U2dzu2HfhezwlOBBJiBhHPIPkY1JxBYSwUwkIRWygyCwk7akaO4wQ2i6jd7UVRmwU89Jnt0CB2qGP7XRRR%2FYYx8myMSI4R6VvI9CdfsXbA22HkTSgGYgxd%2FASzXsEwCyYnGLIKJScoDUFJCUpBUOYE5bDaZtK4prrLpClC57S6p7VdTVXen9Btlfd5SkD1GJpVk%2ByYPFZraX2w72DAj5pO4LKe37Vdr9PptHnX7riUxiF3QuZ71GnDiArCnAE1FjbFnHSf%2FB1Z7e%2BgQkj3YOQeInEetHBAywp0vcJmupuLdKPQspWoUICpClneQL5hTeQxeerEzad%2F9cCjg4v3z76STX87i0hXyHSFj8Q%2BQV%2FemV5XJdm6rkpDfljLcpGITVo7fSOnOf%2FfN2%2FyjVJpduWyGX%2F9alQDdbv7Djf5Kk2ZSPuGfHtJMMb1itIRJz9eMe%2Fy8Fph1i8VOi2y1WuvrVxJMs2NESqdgYrDtb8QiTlpPPfEyRd%2B9PBFCD2DLiokxQE5DQi1hyi7BZMt2BtFoOViJ8waKItqqt1wcSgFgeSLmYYVzL%2FmcNFPNa1vU1FNzB30dQM0v400qTDUFYayApVjmOLsNM%2F0wcWfv6jjS4SyMQ2lbmyFUsvP5%2BR842ad3q%2FT2w81N%2BKoGbTbNvV7HScIKA9Cz%2B3GvsModT3f9X3aRm7m8TP%2F%2F%2FhvAAAA%2F%2F8BAAD%2F%2F4HxnA2mBAAA | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2u6ene8YgwRhXgms2JgY%2FLlLdVT1bTnVXU9U9Pbt4iAYkxzl40VPPM7tZPxbRP8AgswtBFsSdiyzo%2FhNC8Ci9WRx9D%2B9HPW%2FBU89Tn02KY%2BKioEeX31KbQkq63GnZzeffc5wLzVWRFqPmqOt%2F6HsXmnr4cs9v2S803%2BDRQC27tmPbju00V4TmsRot1yBEtttzWj275bktp%2BNhpP87m8KCoRbY8Jg8DsHmjX3rHEQ0Q5p8f5mbQa6yl15PCklzpTFkOzfTQarKFMmijbWFON053YYyhyv3oNLtE7pQw38WQzEn1v17CNOdU5IIh1snPEMJniJkj6AczsDlDILOEKnbEOyQABHD1TWkyd2rSpd04yFKa3ROGg%2F%2BhCjnpPHHOaTJd5ekGDVvKFnkQqUGo7iCGM0g%2BjNkxR7yzTMQ5R6i%2FFMI9gtZfrCKNNlaM1JBsKNnvTCKu1EvXGJRp73kdX13qRd046U2dzu2HfhezwlOBBJiBhHPIPkY1JxBYSwUwkIRWygyCwk7akaO4wQ2i6jd7UVRmwU89Jnt0CB2qGP7XRRR%2FYYx8myMSI4R6VvI9CdfsXbA22HkTSgGYgxd%2FASzXsEwCyYnGLIKJScoDUFJCUpBUOYE5bDaZtK4prrLpClC57S6p7VdTVXen9Btlfd5SkD1GJpVk%2ByYPFZraX2w72DAj5pO4LKe37Vdr9PptHnX7riUxiF3QuZ71GnDiArCnAE1FjbFnHSf%2FB1Z7e%2BgQkj3YOQeInEetHBAywp0vcJmupuLdKPQspWoUICpClneQL5hTeQxeerEzad%2F9cCjg4v3z76STX87i0hXyHSFj8Q%2BQV%2FemV5XJdm6rkpDfljLcpGITVo7fSOnOf%2FfN2%2FyjVJpduWyGX%2F9alQDdbv7Djf5Kk2ZSPuGfHtJMMb1itIRJz9eMe%2Fy8Fph1i8VOi2y1WuvrVxJMs2NESqdgYrDtb8QiTlpPPfEyRd%2B9PBFCD2DLiokxQE5DQi1hyi7BZMt2BtFoOViJ8waKItqqt1wcSgFgeSLmYYVzL%2FmcNFPNa1vU1FNzB30dQM0v400qTDUFYayApVjmOLsNM%2F0wcWfv6jjS4SyMQ2lbmyFUsvP5%2BR842ad3q%2FT2w81N%2BKoGbTbNvV7HScIKA9Cz%2B3GvsModT3f9X3aRm7m8TP%2F%2F%2FhvAAAA%2F%2F8BAAD%2F%2F4HxnA2mBAAA IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uvwiCGrwIMgYFFXe2u6ene8YgwRhXgms2JgY%2FLlLdVT1bTnVXU9U9Pbt4iAYkxzl40VPPM7tZPxbRP8AgswtBFsSdiyzo%2FhNC8Ci9WRx9D%2B9HPW%2FBU89Tn02KY%2BKioEeX31KbQkq63GnZzeffc5wLzVWRFqPmqOt%2F6HsXmnr4cs9v2S803%2BDRQC27tmPbju00V4TmsRot1yBEtttzWj275bktp%2BNhpP87m8KCoRbY8Jg8DsHmjX3rHEQ0Q5p8f5mbQa6yl15PCklzpTFkOzfTQarKFMmijbWFON053YYyhyv3oNLtE7pQw38WQzEn1v17CNOdU5IIh1snPEMJniJkj6AczsDlDILOEKnbEOyQABHD1TWkyd2rSpd04yFKa3ROGg%2F%2BhCjnpPHHOaTJd5ekGDVvKFnkQqUGo7iCGM0g%2BjNkxR7yzTMQ5R6i%2FFMI9gtZfrCKNNlaM1JBsKNnvTCKu1EvXGJRp73kdX13qRd046U2dzu2HfhezwlOBBJiBhHPIPkY1JxBYSwUwkIRWygyCwk7akaO4wQ2i6jd7UVRmwU89Jnt0CB2qGP7XRRR%2FYYx8myMSI4R6VvI9CdfsXbA22HkTSgGYgxd%2FASzXsEwCyYnGLIKJScoDUFJCUpBUOYE5bDaZtK4prrLpClC57S6p7VdTVXen9Btlfd5SkD1GJpVk%2ByYPFZraX2w72DAj5pO4LKe37Vdr9PptHnX7riUxiF3QuZ71GnDiArCnAE1FjbFnHSf%2FB1Z7e%2BgQkj3YOQeInEetHBAywp0vcJmupuLdKPQspWoUICpClneQL5hTeQxeerEzad%2F9cCjg4v3z76STX87i0hXyHSFj8Q%2BQV%2FemV5XJdm6rkpDfljLcpGITVo7fSOnOf%2FfN2%2FyjVJpduWyGX%2F9alQDdbv7Djf5Kk2ZSPuGfHtJMMb1itIRJz9eMe%2Fy8Fph1i8VOi2y1WuvrVxJMs2NESqdgYrDtb8QiTlpPPfEyRd%2B9PBFCD2DLiokxQE5DQi1hyi7BZMt2BtFoOViJ8waKItqqt1wcSgFgeSLmYYVzL%2FmcNFPNa1vU1FNzB30dQM0v400qTDUFYayApVjmOLsNM%2F0wcWfv6jjS4SyMQ2lbmyFUsvP5%2BR842ad3q%2FT2w81N%2BKoGbTbNvV7HScIKA9Cz%2B3GvsModT3f9X3aRm7m8TP%2F%2F%2FhvAAAA%2F%2F8BAAD%2F%2F4HxnA2mBAAA HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8af6f162809546fb54f598e8f858b6f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5u90zPl0GCMW4IrtmYGPy4SH31pJzqrqaqe3p29BANSI5z8KKnnmc2iR8h6B9gkNlAkEUxc5EFXfAf8CIEj9Lj4up7eD%2FqeQueep76eJrvkwZyunf6NTNWWtO11qpff%2FatIDhR31BJPqqPuu132%2BGJuh2%2B0Guv%2Bs%2FVz0g%2BMGsNP%2FD9wA%2Fq68rKyIzWKhAqvdULVnv%2BathYDVohRva%2Fs8s9OOpBDPfJo1BiUbvrHYPicyTx16elG2Qmff6VONc0MxZDcfNSMkhMkSA%2BbCPrIUpuHmzDuPvrd2CS60u6MMN%2FFplaEO%2FeHbDk5gFJsOH2kifTkAmYeAjFcA6p51B0Dm6uQon7BOAC5zaRxDfOGVvQrb9RWqELUnvwB1SxILVfjyGJb5%2FSalS%2FaHSeKZM4jKISajSH6s%2BR5jvIxkegih3w7CMo8SNZe7CBJN7edNpAib2nQ8ajLu%2BxFcFbzZWw226s9DrdaKUpGy3f77TDXtBZCqTUHCqaQ8sJqDuC3HnIlYc88pCnHmKxV%2BdBEHR8wanf7XHeFB3J2sIPaCcKaOC3u8h59YYJsnQCrifg9gpS%2B%2BHnotmRTcbDKcVATWDz7%2BAul3DCg8sIhqJEIQkKR1BQgkIRFBlBMSyvC%2B0arrwhtMtZcFAbB7VZzkzWn9LrJuvLhIDaCawop%2Bk%2BeaTS0nvnboCB3KsHnYbotbt%2BI2y1Wk3Z9VsNSiMmAybaIQ2acKqEckdAnYexWpDu478grfwdlGB0B07vgKvjoHkAWpSgl0uMk1uZSrZyq1djwxSEKZFmNWRb3lTvkyeWbh6vXYLkuyfvHX0xnf18FNyWSG2J99Rdgr6%2BNrtgCrJ9wRSOfLOZZipWY1o5fTGjmfzfl6%2FKrcJYcfa0m3zxEq%2BAqr31hnTZBk2ESvqOfHVKCSHturFckm%2FPujclO5%2B7y6dym%2BTpxvmX18%2FGqZXOKZPMQdX9zT%2FB1YLUnnls%2BYUf%2FuF3KDuHzUvE%2BS45CCizA55egUt3T2bj387cPvY%2BnCGw%2BnCHpR6KvJzZBjs81IpAy8OZshLuXzM77GeWVrepKqfuGvq2BppdRRKXGNoSQ12C6glcfnSWpXb35PefVvEZmK7NmLa1baat%2FmQpcpXertLrC%2FLkTyGc2qs3fdFhMpIdJsNWGEkuWKvFfB5x1hTdLkfmFtFT%2F%2F%2FgLwAAAP%2F%2FAQAA%2F%2F%2FMeAPspgQAAA%3D%3D | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5u90zPl0GCMW4IrtmYGPy4SH31pJzqrqaqe3p29BANSI5z8KKnnmc2iR8h6B9gkNlAkEUxc5EFXfAf8CIEj9Lj4up7eD%2FqeQueep76eJrvkwZyunf6NTNWWtO11qpff%2FatIDhR31BJPqqPuu132%2BGJuh2%2B0Guv%2Bs%2FVz0g%2BMGsNP%2FD9wA%2Fq68rKyIzWKhAqvdULVnv%2BathYDVohRva%2Fs8s9OOpBDPfJo1BiUbvrHYPicyTx16elG2Qmff6VONc0MxZDcfNSMkhMkSA%2BbCPrIUpuHmzDuPvrd2CS60u6MMN%2FFplaEO%2FeHbDk5gFJsOH2kifTkAmYeAjFcA6p51B0Dm6uQon7BOAC5zaRxDfOGVvQrb9RWqELUnvwB1SxILVfjyGJb5%2FSalS%2FaHSeKZM4jKISajSH6s%2BR5jvIxkegih3w7CMo8SNZe7CBJN7edNpAib2nQ8ajLu%2BxFcFbzZWw226s9DrdaKUpGy3f77TDXtBZCqTUHCqaQ8sJqDuC3HnIlYc88pCnHmKxV%2BdBEHR8wanf7XHeFB3J2sIPaCcKaOC3u8h59YYJsnQCrifg9gpS%2B%2BHnotmRTcbDKcVATWDz7%2BAul3DCg8sIhqJEIQkKR1BQgkIRFBlBMSyvC%2B0arrwhtMtZcFAbB7VZzkzWn9LrJuvLhIDaCawop%2Bk%2BeaTS0nvnboCB3KsHnYbotbt%2BI2y1Wk3Z9VsNSiMmAybaIQ2acKqEckdAnYexWpDu478grfwdlGB0B07vgKvjoHkAWpSgl0uMk1uZSrZyq1djwxSEKZFmNWRb3lTvkyeWbh6vXYLkuyfvHX0xnf18FNyWSG2J99Rdgr6%2BNrtgCrJ9wRSOfLOZZipWY1o5fTGjmfzfl6%2FKrcJYcfa0m3zxEq%2BAqr31hnTZBk2ESvqOfHVKCSHturFckm%2FPujclO5%2B7y6dym%2BTpxvmX18%2FGqZXOKZPMQdX9zT%2FB1YLUnnls%2BYUf%2FuF3KDuHzUvE%2BS45CCizA55egUt3T2bj387cPvY%2BnCGw%2BnCHpR6KvJzZBjs81IpAy8OZshLuXzM77GeWVrepKqfuGvq2BppdRRKXGNoSQ12C6glcfnSWpXb35PefVvEZmK7NmLa1baat%2FmQpcpXertLrC%2FLkTyGc2qs3fdFhMpIdJsNWGEkuWKvFfB5x1hTdLkfmFtFT%2F%2F%2FgLwAAAP%2F%2FAQAA%2F%2F%2FMeAPspgQAAA%3D%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm8uv3jxI3gRZAwKCu5u90zPl0GCMW4IrtmYGPy4SH31pJzqrqaqe3p29BANSI5z8KKnnmc2iR8h6B9gkNlAkEUxc5EFXfAf8CIEj9Lj4up7eD%2FqeQueep76eJrvkwZyunf6NTNWWtO11qpff%2FatIDhR31BJPqqPuu132%2BGJuh2%2B0Guv%2Bs%2FVz0g%2BMGsNP%2FD9wA%2Fq68rKyIzWKhAqvdULVnv%2BathYDVohRva%2Fs8s9OOpBDPfJo1BiUbvrHYPicyTx16elG2Qmff6VONc0MxZDcfNSMkhMkSA%2BbCPrIUpuHmzDuPvrd2CS60u6MMN%2FFplaEO%2FeHbDk5gFJsOH2kifTkAmYeAjFcA6p51B0Dm6uQon7BOAC5zaRxDfOGVvQrb9RWqELUnvwB1SxILVfjyGJb5%2FSalS%2FaHSeKZM4jKISajSH6s%2BR5jvIxkegih3w7CMo8SNZe7CBJN7edNpAib2nQ8ajLu%2BxFcFbzZWw226s9DrdaKUpGy3f77TDXtBZCqTUHCqaQ8sJqDuC3HnIlYc88pCnHmKxV%2BdBEHR8wanf7XHeFB3J2sIPaCcKaOC3u8h59YYJsnQCrifg9gpS%2B%2BHnotmRTcbDKcVATWDz7%2BAul3DCg8sIhqJEIQkKR1BQgkIRFBlBMSyvC%2B0arrwhtMtZcFAbB7VZzkzWn9LrJuvLhIDaCawop%2Bk%2BeaTS0nvnboCB3KsHnYbotbt%2BI2y1Wk3Z9VsNSiMmAybaIQ2acKqEckdAnYexWpDu478grfwdlGB0B07vgKvjoHkAWpSgl0uMk1uZSrZyq1djwxSEKZFmNWRb3lTvkyeWbh6vXYLkuyfvHX0xnf18FNyWSG2J99Rdgr6%2BNrtgCrJ9wRSOfLOZZipWY1o5fTGjmfzfl6%2FKrcJYcfa0m3zxEq%2BAqr31hnTZBk2ESvqOfHVKCSHturFckm%2FPujclO5%2B7y6dym%2BTpxvmX18%2FGqZXOKZPMQdX9zT%2FB1YLUnnls%2BYUf%2FuF3KDuHzUvE%2BS45CCizA55egUt3T2bj387cPvY%2BnCGw%2BnCHpR6KvJzZBjs81IpAy8OZshLuXzM77GeWVrepKqfuGvq2BppdRRKXGNoSQ12C6glcfnSWpXb35PefVvEZmK7NmLa1baat%2FmQpcpXertLrC%2FLkTyGc2qs3fdFhMpIdJsNWGEkuWKvFfB5x1hTdLkfmFtFT%2F%2F%2FgLwAAAP%2F%2FAQAA%2F%2F%2FMeAPspgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5658f107e48cfdda59b0c33d2967b9bb
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.9 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sat, 20 Apr 2024 11:52:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 172.67.141.24 | 200 OK | 591 B |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP172.67.141.24:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5525241
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOPTdZZt8CdNSigoXmUpcQETTtEy%2FNC73QMbFWoyEnuLxxfpINcDzNiJhNI%2Bd%2BK86%2BBXeQkeAat4AaNxwBMs18Eho22dmO%2FzPl2fRUn%2Br6kD%2BkPPmdoWYMPt1AsJlJ%2FYUZ41Xe5zwrQe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472eacd4656b7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS4scVRi9lfTGuPER3AjSBgUFp6equ%2FplkGCMI8ExExODj43cV3WufatucW9VV8%2FgIhqQLHvhRlfVpyeJjyD6AwzSEwgSFNMbGdD5B66E4FKqHWz9FvV9X51z4dxz7ifT%2FIA0kdP9M2%2BYHaU1XW83%2FPpz7wTByfqmSvJxfdzrvN8JT9bt6MV%2Bp%2BE%2FX39N8qFZb%2FqB7wd%2BUN9QVkZmvF6BUOmtftDo%2B42w2QjaIcb2%2F7vLPTjqQYwOyGNQYlG74x2H4nMk8bdnpBtmJn3h1TjXNDMWI3HzUjJMTJEgXo2R9RAlNw%2FZMO7%2Bxm2Y5PpSLszoXyJTC%2BLdvQ2W3DwUCTbaXepkGjIBEw%2BjGM0h9RyKzsHNVShxnwBc4NwWkvjGOWMLuv0PSit0QWoP%2FoQqFqT2%2B3Ek8TentRrXLxqdZ8okDuOohBrPoQZzpPkesp0jUMUeePYxlPiZrD%2FYRBLvbjltoMT%2BMyHjUY%2F32Zrg7dZa2Os01%2FrdXrTWks2273c7YT%2FoLg1Sag4VzaHlBNQdQe485MpDHnnIUw%2Bx2K%2FzIAi6vuDU7%2FU5b4muZB3hB7QbBTTwOz3kvLrDBFk6AdcTcHsFqf3oC9Hqyhbj4ZRiqCaw%2BQ9wl0s44cFlBCNRopAEhSMoKEGhCIqMoBiV14V2TVfeENrlLDjszcPeKmcmG0zpdZMNZEJA7QRWlNP0gDxaeem9dyfAUO7Xg25T9Ds9vxm22%2B2W7PntJqURkwETnZAGLThVQrkjoM7DjlqQ3hO%2FIa3yHZZgdA9O74GrE6B5AFqUoJdL7CS3MpVs51Y3YsMUhCmRZjVk295UH5Anl2meqL0Jye%2BdunvspXT26zFwWyK1JT5QdwgG%2BtrsginI7gVTOPLdVpqpWO3QKumLGc3k0a9el9uFseLsGTf58mVeAdV46y3psk2aCJUMHPn6tBJC2g1juSTfn3VvS3Y%2Bd5dP5zbJ083zr2ycjVMrnVMmmYOq%2B1t%2FgasFqT37%2BPIJP%2FLTH1B2DpuXiPN75LCgzB54egUuXal3hsDqFYelR1Hk5cw22eqnVgRarnbKSrj%2F7Gw1zyytTlNVTt01DGwNNLuKJC4xsiVGugTVE7j82CxL7b1TP35W1edgujZj2tZ2mbb608rkS9Xn3aXdC%2FLULyGc2q%2B3fNFlMpJdJsN2GEkuWLvNfB5x1hK9HkfmFtHTD334NwAAAP%2F%2FAQAA%2F%2F%2BpnaRdpgQAAA%3D%3D | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS4scVRi9lfTGuPER3AjSBgUFp6equ%2FplkGCMI8ExExODj43cV3WufatucW9VV8%2FgIhqQLHvhRlfVpyeJjyD6AwzSEwgSFNMbGdD5B66E4FKqHWz9FvV9X51z4dxz7ifT%2FIA0kdP9M2%2BYHaU1XW83%2FPpz7wTByfqmSvJxfdzrvN8JT9bt6MV%2Bp%2BE%2FX39N8qFZb%2FqB7wd%2BUN9QVkZmvF6BUOmtftDo%2B42w2QjaIcb2%2F7vLPTjqQYwOyGNQYlG74x2H4nMk8bdnpBtmJn3h1TjXNDMWI3HzUjJMTJEgXo2R9RAlNw%2FZMO7%2Bxm2Y5PpSLszoXyJTC%2BLdvQ2W3DwUCTbaXepkGjIBEw%2BjGM0h9RyKzsHNVShxnwBc4NwWkvjGOWMLuv0PSit0QWoP%2FoQqFqT2%2B3Ek8TentRrXLxqdZ8okDuOohBrPoQZzpPkesp0jUMUeePYxlPiZrD%2FYRBLvbjltoMT%2BMyHjUY%2F32Zrg7dZa2Os01%2FrdXrTWks2273c7YT%2FoLg1Sag4VzaHlBNQdQe485MpDHnnIUw%2Bx2K%2FzIAi6vuDU7%2FU5b4muZB3hB7QbBTTwOz3kvLrDBFk6AdcTcHsFqf3oC9Hqyhbj4ZRiqCaw%2BQ9wl0s44cFlBCNRopAEhSMoKEGhCIqMoBiV14V2TVfeENrlLDjszcPeKmcmG0zpdZMNZEJA7QRWlNP0gDxaeem9dyfAUO7Xg25T9Ds9vxm22%2B2W7PntJqURkwETnZAGLThVQrkjoM7DjlqQ3hO%2FIa3yHZZgdA9O74GrE6B5AFqUoJdL7CS3MpVs51Y3YsMUhCmRZjVk295UH5Anl2meqL0Jye%2BdunvspXT26zFwWyK1JT5QdwgG%2BtrsginI7gVTOPLdVpqpWO3QKumLGc3k0a9el9uFseLsGTf58mVeAdV46y3psk2aCJUMHPn6tBJC2g1juSTfn3VvS3Y%2Bd5dP5zbJ083zr2ycjVMrnVMmmYOq%2B1t%2FgasFqT37%2BPIJP%2FLTH1B2DpuXiPN75LCgzB54egUuXal3hsDqFYelR1Hk5cw22eqnVgRarnbKSrj%2F7Gw1zyytTlNVTt01DGwNNLuKJC4xsiVGugTVE7j82CxL7b1TP35W1edgujZj2tZ2mbb608rkS9Xn3aXdC%2FLULyGc2q%2B3fNFlMpJdJsN2GEkuWLvNfB5x1hK9HkfmFtHTD334NwAAAP%2F%2FAQAA%2F%2F%2BpnaRdpgQAAA%3D%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS4scVRi9lfTGuPER3AjSBgUFp6equ%2FplkGCMI8ExExODj43cV3WufatucW9VV8%2FgIhqQLHvhRlfVpyeJjyD6AwzSEwgSFNMbGdD5B66E4FKqHWz9FvV9X51z4dxz7ifT%2FIA0kdP9M2%2BYHaU1XW83%2FPpz7wTByfqmSvJxfdzrvN8JT9bt6MV%2Bp%2BE%2FX39N8qFZb%2FqB7wd%2BUN9QVkZmvF6BUOmtftDo%2B42w2QjaIcb2%2F7vLPTjqQYwOyGNQYlG74x2H4nMk8bdnpBtmJn3h1TjXNDMWI3HzUjJMTJEgXo2R9RAlNw%2FZMO7%2Bxm2Y5PpSLszoXyJTC%2BLdvQ2W3DwUCTbaXepkGjIBEw%2BjGM0h9RyKzsHNVShxnwBc4NwWkvjGOWMLuv0PSit0QWoP%2FoQqFqT2%2B3Ek8TentRrXLxqdZ8okDuOohBrPoQZzpPkesp0jUMUeePYxlPiZrD%2FYRBLvbjltoMT%2BMyHjUY%2F32Zrg7dZa2Os01%2FrdXrTWks2273c7YT%2FoLg1Sag4VzaHlBNQdQe485MpDHnnIUw%2Bx2K%2FzIAi6vuDU7%2FU5b4muZB3hB7QbBTTwOz3kvLrDBFk6AdcTcHsFqf3oC9Hqyhbj4ZRiqCaw%2BQ9wl0s44cFlBCNRopAEhSMoKEGhCIqMoBiV14V2TVfeENrlLDjszcPeKmcmG0zpdZMNZEJA7QRWlNP0gDxaeem9dyfAUO7Xg25T9Ds9vxm22%2B2W7PntJqURkwETnZAGLThVQrkjoM7DjlqQ3hO%2FIa3yHZZgdA9O74GrE6B5AFqUoJdL7CS3MpVs51Y3YsMUhCmRZjVk295UH5Anl2meqL0Jye%2BdunvspXT26zFwWyK1JT5QdwgG%2BtrsginI7gVTOPLdVpqpWO3QKumLGc3k0a9el9uFseLsGTf58mVeAdV46y3psk2aCJUMHPn6tBJC2g1juSTfn3VvS3Y%2Bd5dP5zbJ083zr2ycjVMrnVMmmYOq%2B1t%2FgasFqT37%2BPIJP%2FLTH1B2DpuXiPN75LCgzB54egUuXal3hsDqFYelR1Hk5cw22eqnVgRarnbKSrj%2F7Gw1zyytTlNVTt01DGwNNLuKJC4xsiVGugTVE7j82CxL7b1TP35W1edgujZj2tZ2mbb608rkS9Xn3aXdC%2FLULyGc2q%2B3fNFlMpJdJsN2GEkuWLvNfB5x1hK9HkfmFtHTD334NwAAAP%2F%2FAQAA%2F%2F%2BpnaRdpgQAAA%3D%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d06630246d495674006fa82c5d5f6de4
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.97.1 | 200 OK | 28 kB |
URL GET HTTP/3downstairsnegotiatebarren.com/sfp.js IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44 ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 92f74891546f275233c0744a6129c096
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 18 Apr 2024 11:52:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4aUFFQQaJnk1KrULmK5rAEbmzx9DAagkPbMO%2Bo5V65RUDa6sasARazwrf8A7KfRBPS8tKTXZdWyeOtm43CtdYJf117f2ABEqGAquSIpSwehgmep4RUur%2BMUoZrAwaBMBY5uSSGGYdqzF5egUXTPSNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472e77fe6b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| universitypermanentlyhusk.com/pixel/purst?dl=0&th=0&sc=0&rs=7199&rd=7199&fd=570&bv=24.4.2204&tmpl=136 | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1universitypermanentlyhusk.com/pixel/purst?dl=0&th=0&sc=0&rs=7199&rd=7199&fd=570&bv=24.4.2204&tmpl=136 IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectuniversitypermanentlyhusk.com Fingerprint35:AE:DE:9A:A8:51:0B:CD:1E:CB:9A:1F:6C:87:EE:4C:0C:5C:A1:6B ValidityTue, 16 Apr 2024 13:50:42 GMT - Mon, 15 Jul 2024 13:50:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=7199&rd=7199&fd=570&bv=24.4.2204&tmpl=136 HTTP/1.1
Host: universitypermanentlyhusk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=44 | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=44 IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=44 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.4 | 200 OK | 912 B |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.4:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3 ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File typegzip compressed data, from Unix Hashccb4f323985f4b41e67fa6e4195b3578 aaf38109ab70df9e1dee17cb5eb9a5da65b29fc5 2bc469d2e694c89c0ad20ff04d0ab730d603449426974fce6f35881fb28cc4a4
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 18 Apr 2024 12:52:28 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 172.67.141.24 | 200 OK | 31 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP172.67.141.24:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5525242
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aA3wj7RSXbEca%2FoLHYV3i3YutjD020QyJrEbZ6V3frZCREy1c96w821hg5yvP8ExdgmVIEyheyv8boc2l020fluy01TixeNBN6XZfW4auEHMqUwIHNjY%2FakB0Rj5GQMyOFvO0Wu8z2EC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472eacd4f56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| bitly.ws/gfx/favicon.png | 185.11.100.204 | 200 OK | 2.0 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced Hash549c8f6c3f6b1340852212e7c784d187 e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc 00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590
GET /gfx/favicon.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1713441147.1.0.1713441147.0.0.0; _ga=GA1.1.220879910.1713441147; dom3ic8zudi28v8lr6fgphwffqoz0j6c=4bcf8c9b-dc53-4862-978f-3e2500764917%3A2%3A1; sb_main_33ce9e99c1bfce9eb2d48a915db5624c=1; sb_count_33ce9e99c1bfce9eb2d48a915db5624c=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=faintjump.com; pbpr0tpuw4isk85t8yg3jb2lj5vqf=decidedlyenjoyableannihilation.com; pp_main_7866ead300fcf9e425beaf01fe308949=1; pp_idelay_7866ead300fcf9e425beaf01fe308949=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 11:52:28 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=46 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=46 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=46 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| decidedlyenjoyableannihilation.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxFBEEJXoIwiocI7mz3%2FB5zCMa4srhmYxJRvEj96kk51V1NVff07KK4GJAcB%2F%2BC3m92s6iLJFfBILMLHhaEjKcF3Yv%2FgULO0uPg6DvU%2B159r%2BB776uv9rJzUkdGz66%2FZ3aU1nStVfOrlz8KgivVTRVno%2Bqo2%2F6k3bxStcM3eu2a%2F1r1HckHZq3uB74f%2BEF1XVkZmtFaSUIlR72g1vNrzXotaDUxsv%2BvXebBUQ9ieE5egBKzlRPvIhSfIo4eXpdukJrk9bejTNPUWAzF4QfxIDZ5jGgJQ%2BshjA8X3TDuyfpjmPhgLhdm%2BG8jUzPi%2FfwYLD5ciAQb7s91Mg0Zg4lnkQ%2BnkHoKRafg5h6UeEIALnBjC3H04IaxOd3%2Bh6UlOyMrT%2F%2BCymdk5feLiKPvr2k1qt42OkuViR1GYQE1mkL1p0iyY6Q7Faj8GDz9Ekr8QtaebiKO9recNlDi7NUm42GX99iq4K3GarPbrq%2F2Ot1wtSHrLd%2FvtJu9oDNfkFJTqHAKLcegroLMeciUhyz0kCUeInFW5UEQdHzBqd%2Ftcd4QHcnawg9oJwxo4Le7yHg5wxhpMgbXY3C7i8TuYqDGsNlPcHcLOFGBS2fEe%2F8LDEWBXBLkjiCnBLkiyFOCfFgcCO3qrnggtMtYsMj1RW4UE5P29%2BiBSfsyJqB2DCuKveScPF8u0fv45HMM5Fm10eCyJ3s9HrCwRKwuml3aC1qCtdr1JodTBZSrgDoPO2pGui%2F%2BhqQ0dlCA0WM4fQyuXgHNXgLNC9C7BXbio1TF25nVtcgwBWEKJOkK0m1vT5%2BTS3MbN7YeQfLTq3805gFuCyS2wKfqhKCv709umZzs3zK5I4%2B2klRFaoeWFt9OaSovfPuu3M6NFRvX3fibN3lJlPDojnTpJo2FivuOfHdNCSHturFckh833IeS3czc3WuZjbNk8%2BZb6xtRYqVzysRT0HKoPy24mpHnLt2Z%2F97LP9yEslPYrECUnZJFQJkpeLILlyz1O0Ng9bKHJR7yrJjYOlteakWg5bKmrID7T82WeGJp%2BZqqYs%2FdR99WQNN7iKMCQ1tgqAtQPYbLLkzSxJ5e%2FXUhg%2BnKhGlb2Wfa6q%2Fnay6Ph3DqrNrwRYfJUHaYbLaaoeSCtVrM5yFnDdHtcqRuFr78zGd%2FAwAA%2F%2F8BAAD%2F%2F%2BcU%2FTCXBAAA | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxFBEEJXoIwiocI7mz3%2FB5zCMa4srhmYxJRvEj96kk51V1NVff07KK4GJAcB%2F%2BC3m92s6iLJFfBILMLHhaEjKcF3Yv%2FgULO0uPg6DvU%2B159r%2BB776uv9rJzUkdGz66%2FZ3aU1nStVfOrlz8KgivVTRVno%2Bqo2%2F6k3bxStcM3eu2a%2F1r1HckHZq3uB74f%2BEF1XVkZmtFaSUIlR72g1vNrzXotaDUxsv%2BvXebBUQ9ieE5egBKzlRPvIhSfIo4eXpdukJrk9bejTNPUWAzF4QfxIDZ5jGgJQ%2BshjA8X3TDuyfpjmPhgLhdm%2BG8jUzPi%2FfwYLD5ciAQb7s91Mg0Zg4lnkQ%2BnkHoKRafg5h6UeEIALnBjC3H04IaxOd3%2Bh6UlOyMrT%2F%2BCymdk5feLiKPvr2k1qt42OkuViR1GYQE1mkL1p0iyY6Q7Faj8GDz9Ekr8QtaebiKO9recNlDi7NUm42GX99iq4K3GarPbrq%2F2Ot1wtSHrLd%2FvtJu9oDNfkFJTqHAKLcegroLMeciUhyz0kCUeInFW5UEQdHzBqd%2Ftcd4QHcnawg9oJwxo4Le7yHg5wxhpMgbXY3C7i8TuYqDGsNlPcHcLOFGBS2fEe%2F8LDEWBXBLkjiCnBLkiyFOCfFgcCO3qrnggtMtYsMj1RW4UE5P29%2BiBSfsyJqB2DCuKveScPF8u0fv45HMM5Fm10eCyJ3s9HrCwRKwuml3aC1qCtdr1JodTBZSrgDoPO2pGui%2F%2BhqQ0dlCA0WM4fQyuXgHNXgLNC9C7BXbio1TF25nVtcgwBWEKJOkK0m1vT5%2BTS3MbN7YeQfLTq3805gFuCyS2wKfqhKCv709umZzs3zK5I4%2B2klRFaoeWFt9OaSovfPuu3M6NFRvX3fibN3lJlPDojnTpJo2FivuOfHdNCSHturFckh833IeS3czc3WuZjbNk8%2BZb6xtRYqVzysRT0HKoPy24mpHnLt2Z%2F97LP9yEslPYrECUnZJFQJkpeLILlyz1O0Ng9bKHJR7yrJjYOlteakWg5bKmrID7T82WeGJp%2BZqqYs%2FdR99WQNN7iKMCQ1tgqAtQPYbLLkzSxJ5e%2FXUhg%2BnKhGlb2Wfa6q%2Fnay6Ph3DqrNrwRYfJUHaYbLaaoeSCtVrM5yFnDdHtcqRuFr78zGd%2FAwAA%2F%2F8BAAD%2F%2F%2BcU%2FTCXBAAA IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxFBEEJXoIwiocI7mz3%2FB5zCMa4srhmYxJRvEj96kk51V1NVff07KK4GJAcB%2F%2BC3m92s6iLJFfBILMLHhaEjKcF3Yv%2FgULO0uPg6DvU%2B159r%2BB776uv9rJzUkdGz66%2FZ3aU1nStVfOrlz8KgivVTRVno%2Bqo2%2F6k3bxStcM3eu2a%2F1r1HckHZq3uB74f%2BEF1XVkZmtFaSUIlR72g1vNrzXotaDUxsv%2BvXebBUQ9ieE5egBKzlRPvIhSfIo4eXpdukJrk9bejTNPUWAzF4QfxIDZ5jGgJQ%2BshjA8X3TDuyfpjmPhgLhdm%2BG8jUzPi%2FfwYLD5ciAQb7s91Mg0Zg4lnkQ%2BnkHoKRafg5h6UeEIALnBjC3H04IaxOd3%2Bh6UlOyMrT%2F%2BCymdk5feLiKPvr2k1qt42OkuViR1GYQE1mkL1p0iyY6Q7Faj8GDz9Ekr8QtaebiKO9recNlDi7NUm42GX99iq4K3GarPbrq%2F2Ot1wtSHrLd%2FvtJu9oDNfkFJTqHAKLcegroLMeciUhyz0kCUeInFW5UEQdHzBqd%2Ftcd4QHcnawg9oJwxo4Le7yHg5wxhpMgbXY3C7i8TuYqDGsNlPcHcLOFGBS2fEe%2F8LDEWBXBLkjiCnBLkiyFOCfFgcCO3qrnggtMtYsMj1RW4UE5P29%2BiBSfsyJqB2DCuKveScPF8u0fv45HMM5Fm10eCyJ3s9HrCwRKwuml3aC1qCtdr1JodTBZSrgDoPO2pGui%2F%2BhqQ0dlCA0WM4fQyuXgHNXgLNC9C7BXbio1TF25nVtcgwBWEKJOkK0m1vT5%2BTS3MbN7YeQfLTq3805gFuCyS2wKfqhKCv709umZzs3zK5I4%2B2klRFaoeWFt9OaSovfPuu3M6NFRvX3fibN3lJlPDojnTpJo2FivuOfHdNCSHturFckh833IeS3czc3WuZjbNk8%2BZb6xtRYqVzysRT0HKoPy24mpHnLt2Z%2F97LP9yEslPYrECUnZJFQJkpeLILlyz1O0Ng9bKHJR7yrJjYOlteakWg5bKmrID7T82WeGJp%2BZqqYs%2FdR99WQNN7iKMCQ1tgqAtQPYbLLkzSxJ5e%2FXUhg%2BnKhGlb2Wfa6q%2Fnay6Ph3DqrNrwRYfJUHaYbLaaoeSCtVrM5yFnDdHtcqRuFr78zGd%2FAwAA%2F%2F8BAAD%2F%2F%2BcU%2FTCXBAAA HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f45a35e7328986665912e0acde01cabd
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| decidedlyenjoyableannihilation.com/pixel/sbs?c=1 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1decidedlyenjoyableannihilation.com/pixel/sbs?c=1 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdecidedlyenjoyableannihilation.com Fingerprint04:5E:A7:2F:94:E4:08:88:66:15:BE:36:F0:95:99:2C:7B:DD:4F:6D ValidityTue, 16 Apr 2024 13:55:09 GMT - Mon, 15 Jul 2024 13:55:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: decidedlyenjoyableannihilation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.138 | 200 OK | 9.0 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.138:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hash99f1232cccbbd28e86885010b6f786ef f784aaf97a5d014a043ff9bc669e0832351e9e32 becb3824f34eb725609e1581a24c080b1c964eba2505d3457acc827ffef64b45
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 11:52:28 GMT
date: Thu, 18 Apr 2024 11:52:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 172.67.141.24 | 200 OK | 21 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP172.67.141.24:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 167995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgVa404Qh1E0N9WKplG5qq8w9HAeJI36dR6k3q2ZKODteA2ERRvP%2B%2BuibBpaCydITvCNMeNeAk%2FKAz3qy0SHJi%2FoAUQsnoy4Po4mN3F2vqInCECLuTLNZRuA46gIEsPxQz1WARS4ulaK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472ea4aeab4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 172.67.141.24 | 200 OK | 17 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP172.67.141.24:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash039a6734d79ed9aa51cf81c52479c5fe 9cf29c4ea1a3880681d50c7228374f8073b7778b a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 167995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B92i%2BoYjtkEwA52oAPwJzREE6exGsRmE7mhqAm2yZTU9WwLLe8E%2BxsQHqnttunhlHiK%2F7tHZCBZAWiYGESKYv%2BZbee10iRb%2BBizNmfRKmfGdlMhCIcSAwyoYc5dyHKGMvfnVxls0UmiE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472ea4af0b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap | 142.250.74.138 | 200 OK | 54 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap IP142.250.74.138:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hash3bdd4fbdb93b4b7cbadcf2ba7d351fbf 2d00729f8b567ef117eba8531deec4d6752d0a57 6a2eb030769985939aa0e8bc8ba40edccc6aa1d9471a3ef51b5ccd3567454b4d
GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 11:52:29 GMT
date: Thu, 18 Apr 2024 11:52:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 142.250.74.99 | 200 OK | 48 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP142.250.74.99:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 186477
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 | 142.250.74.99 | 200 OK | 128 kB |
URL GET HTTP/2fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 IP142.250.74.99:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 128352, version 1.0 Size128 kB (128352 bytes) Hash53436aca8627a49f4deaaa44dc9e3c05 0bc0c675480d94ec7e8609dda6227f88c5d08d2c 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
GET /s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 21:27:45 GMT
expires: Tue, 15 Apr 2025 21:27:45 GMT
cache-control: public, max-age=31536000
age: 224684
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fundingchoicesmessages.google.com/el/AGSKWxVyvPg0c4Dz0UlGOcw0wGIy3OwGpQ7E4_ThW9z-6lYEYyqfBP6FIevzECEDir40TTs5ziFBAzCm3kVNrZPyixP-vVrb4VGHZ2CSz6xTNHxqjbf0TLkqRE8dCeJAG8ea8T_B2NDzAw== | 142.250.74.142 | 204 No Content | 0 B |
URL POST HTTP/3fundingchoicesmessages.google.com/el/AGSKWxVyvPg0c4Dz0UlGOcw0wGIy3OwGpQ7E4_ThW9z-6lYEYyqfBP6FIevzECEDir40TTs5ziFBAzCm3kVNrZPyixP-vVrb4VGHZ2CSz6xTNHxqjbf0TLkqRE8dCeJAG8ea8T_B2NDzAw== IP142.250.74.142:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /el/AGSKWxVyvPg0c4Dz0UlGOcw0wGIy3OwGpQ7E4_ThW9z-6lYEYyqfBP6FIevzECEDir40TTs5ziFBAzCm3kVNrZPyixP-vVrb4VGHZ2CSz6xTNHxqjbf0TLkqRE8dCeJAG8ea8T_B2NDzAw== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 169
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://bitly.ws
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 11:52:29 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'nonce-4x4ZREEfy5gYWQ3ByaFXaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII0JBiqGV4xtQKxE7pM1hDgFiIh-PvpJaNbAIf5t5ezAQAyCgMgA"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 | 192.243.61.227 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d95ff6c5036d9dd01e444606c43eb8bd
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 | 192.243.61.227 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=4bcf8c9b-dc53-4862-978f-3e2500764917&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dab4e47d9b19a2eeeddbae9d7fb2cbfe
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 | 142.250.74.142 | 200 OK | 184 kB |
URL GET HTTP/2fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 IP142.250.74.142:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (2607) Size184 kB (184221 bytes) Hash73f7952292bcb0c0986fc5960dcedf11 86df3769fe75f9a6d10c3e650772885fb0ea8ca5 a1d8900276c8bcf87e3f200621d06ce16c565e37a89bf6177e71c45f0439d73d
GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 11:52:28 GMT
content-security-policy: script-src 'nonce-RPxwrM-SGrJeT0Fj7Ustvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitDikmLw0pBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAWIhHo4_k1o2sgnMuHvzJjMA_nMrYA"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9Nb%2Fe%2FOLGR3AjSBsUFJyequ7ql0GCMY4Ex0xMDD42cl%2FVufatusW9VV09g4toQLLshRtdVZ%2BeJD6C6B9gkJ5AkKCY3siAzr%2FgQggupdrB1m9R3%2FfVORfOPed%2BPM0PSRM5PTjzutlVWtONdsOvP%2Ft2EJysb6kkH9fHvc57nfBk3Y5e6Hca%2FnP1VyUfmo2mH%2Fh%2B4Af1TWVlZMYbFQiV3uoHjb7fCJuNoB1ibP%2B7u9yDox7E6JA8CiUWtTvecSg%2BRxJ%2Fc0a6YWbS51%2BJc00zYzESNy8lw8QUCeLVGFkPUXLziA3j7m%2FehkmuL%2BXCjP4hMrUg3t3bYMnNI5Fgo72lTqYhEzDxEIrRHFLPoegc3FyFEvcJwAXObSOJb5wztqA7f6O0Qhek9uAPqGJBar8dRxJ%2FfVqrcf2i0XmmTOIwjkqo8RxqMEea7yPbXYMq9sGzj6DET2TjwRaSeG%2FbaQMlDp4OGY96vM%2FWBW%2B31sNep7ne7%2Fai9ZZstn2%2F2wn7QXdpkFJzqGgOLSegbg2585ArD3nkIU89xOKgzoMg6PqCU7%2FX57wlupJ1hB%2FQbhTQwO%2F0kPPqDhNk6QRcT8DtFaT2w89FqytbjIdTiqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVF4X2jVdeUNol7PgqDePequcmWwwpddNNpAJAbUTWFFO00PySOWl9%2B6dAEN5UA%2B6TdHv9Pxm2G63W7Lnt5uURkwGTHRCGrTgVAnl1kCdh121IL3Hf0Va5Tssweg%2BnN4HVydA8wC0KEEvl9hNbmUq2cmtbsSGKQhTIs1qyHa8qT4kTyzTPFF7B5LfO3X32Ivp7Jdj4LZEaku8r%2B4QDPS12QVTkL0LpnDk2%2B00U7HapVXSFzOayf99%2BZrcKYwVZ8%2B4yRcv8QqoxltvSpdt0USoZODIV6eVENJuGssl%2Be6se0uy87m7fDq3SZ5unX9582ycWumcMskcVN3f%2FhNcLUjtmceWT%2FjhH3%2BHsnPYvESc3yNHBWX2wdMrcOlKvTMEVq84LF1DkZcz22Srn1oRaLnaKSvh%2FrWz1TyztDpNVTl11zCwNdDsKpK4xMiWGOkSVE%2Fg8mOzLLX3Tv3waVWfgenajGlb22Pa6k8qky8tna4%2BbyzIkz%2BHcOqg3vJFl8lIdpkM22EkuWDtNvN5xFlL9HocmVtET%2F3%2Fg78AAAD%2F%2FwEAAP%2F%2F9l0%2BlqYEAAA%3D | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1faintjump.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9Nb%2Fe%2FOLGR3AjSBsUFJyequ7ql0GCMY4Ex0xMDD42cl%2FVufatusW9VV09g4toQLLshRtdVZ%2BeJD6C6B9gkJ5AkKCY3siAzr%2FgQggupdrB1m9R3%2FfVORfOPed%2BPM0PSRM5PTjzutlVWtONdsOvP%2Ft2EJysb6kkH9fHvc57nfBk3Y5e6Hca%2FnP1VyUfmo2mH%2Fh%2B4Af1TWVlZMYbFQiV3uoHjb7fCJuNoB1ibP%2B7u9yDox7E6JA8CiUWtTvecSg%2BRxJ%2Fc0a6YWbS51%2BJc00zYzESNy8lw8QUCeLVGFkPUXLziA3j7m%2FehkmuL%2BXCjP4hMrUg3t3bYMnNI5Fgo72lTqYhEzDxEIrRHFLPoegc3FyFEvcJwAXObSOJb5wztqA7f6O0Qhek9uAPqGJBar8dRxJ%2FfVqrcf2i0XmmTOIwjkqo8RxqMEea7yPbXYMq9sGzj6DET2TjwRaSeG%2FbaQMlDp4OGY96vM%2FWBW%2B31sNep7ne7%2Fai9ZZstn2%2F2wn7QXdpkFJzqGgOLSegbg2585ArD3nkIU89xOKgzoMg6PqCU7%2FX57wlupJ1hB%2FQbhTQwO%2F0kPPqDhNk6QRcT8DtFaT2w89FqytbjIdTiqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVF4X2jVdeUNol7PgqDePequcmWwwpddNNpAJAbUTWFFO00PySOWl9%2B6dAEN5UA%2B6TdHv9Pxm2G63W7Lnt5uURkwGTHRCGrTgVAnl1kCdh121IL3Hf0Va5Tssweg%2BnN4HVydA8wC0KEEvl9hNbmUq2cmtbsSGKQhTIs1qyHa8qT4kTyzTPFF7B5LfO3X32Ivp7Jdj4LZEaku8r%2B4QDPS12QVTkL0LpnDk2%2B00U7HapVXSFzOayf99%2BZrcKYwVZ8%2B4yRcv8QqoxltvSpdt0USoZODIV6eVENJuGssl%2Be6se0uy87m7fDq3SZ5unX9582ycWumcMskcVN3f%2FhNcLUjtmceWT%2FjhH3%2BHsnPYvESc3yNHBWX2wdMrcOlKvTMEVq84LF1DkZcz22Srn1oRaLnaKSvh%2FrWz1TyztDpNVTl11zCwNdDsKpK4xMiWGOkSVE%2Fg8mOzLLX3Tv3waVWfgenajGlb22Pa6k8qky8tna4%2BbyzIkz%2BHcOqg3vJFl8lIdpkM22EkuWDtNvN5xFlL9HocmVtET%2F3%2Fg78AAAD%2F%2FwEAAP%2F%2F9l0%2BlqYEAAA%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfaintjump.com FingerprintE1:A6:B1:E0:5E:2B:F0:AE:AB:17:8C:1B:A0:A9:04:4F:40:BF:03:75 ValidityTue, 16 Apr 2024 10:06:25 GMT - Mon, 15 Jul 2024 10:06:24 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9Nb%2Fe%2FOLGR3AjSBsUFJyequ7ql0GCMY4Ex0xMDD42cl%2FVufatusW9VV09g4toQLLshRtdVZ%2BeJD6C6B9gkJ5AkKCY3siAzr%2FgQggupdrB1m9R3%2FfVORfOPed%2BPM0PSRM5PTjzutlVWtONdsOvP%2Ft2EJysb6kkH9fHvc57nfBk3Y5e6Hca%2FnP1VyUfmo2mH%2Fh%2B4Af1TWVlZMYbFQiV3uoHjb7fCJuNoB1ibP%2B7u9yDox7E6JA8CiUWtTvecSg%2BRxJ%2Fc0a6YWbS51%2BJc00zYzESNy8lw8QUCeLVGFkPUXLziA3j7m%2FehkmuL%2BXCjP4hMrUg3t3bYMnNI5Fgo72lTqYhEzDxEIrRHFLPoegc3FyFEvcJwAXObSOJb5wztqA7f6O0Qhek9uAPqGJBar8dRxJ%2FfVqrcf2i0XmmTOIwjkqo8RxqMEea7yPbXYMq9sGzj6DET2TjwRaSeG%2FbaQMlDp4OGY96vM%2FWBW%2B31sNep7ne7%2Fai9ZZstn2%2F2wn7QXdpkFJzqGgOLSegbg2585ArD3nkIU89xOKgzoMg6PqCU7%2FX57wlupJ1hB%2FQbhTQwO%2F0kPPqDhNk6QRcT8DtFaT2w89FqytbjIdTiqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVF4X2jVdeUNol7PgqDePequcmWwwpddNNpAJAbUTWFFO00PySOWl9%2B6dAEN5UA%2B6TdHv9Pxm2G63W7Lnt5uURkwGTHRCGrTgVAnl1kCdh121IL3Hf0Va5Tssweg%2BnN4HVydA8wC0KEEvl9hNbmUq2cmtbsSGKQhTIs1qyHa8qT4kTyzTPFF7B5LfO3X32Ivp7Jdj4LZEaku8r%2B4QDPS12QVTkL0LpnDk2%2B00U7HapVXSFzOayf99%2BZrcKYwVZ8%2B4yRcv8QqoxltvSpdt0USoZODIV6eVENJuGssl%2Be6se0uy87m7fDq3SZ5unX9582ycWumcMskcVN3f%2FhNcLUjtmceWT%2FjhH3%2BHsnPYvESc3yNHBWX2wdMrcOlKvTMEVq84LF1DkZcz22Srn1oRaLnaKSvh%2FrWz1TyztDpNVTl11zCwNdDsKpK4xMiWGOkSVE%2Fg8mOzLLX3Tv3waVWfgenajGlb22Pa6k8qky8tna4%2BbyzIkz%2BHcOqg3vJFl8lIdpkM22EkuWDtNvN5xFlL9HocmVtET%2F3%2Fg78AAAD%2F%2FwEAAP%2F%2F9l0%2BlqYEAAA%3D HTTP/1.1
Host: faintjump.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; uid_id2=4bcf8c9b-dc53-4862-978f-3e2500764917:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 11:52:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 33eccc8cf68c774b68c3442d1cd9ccfb
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 | 185.11.100.204 | 302 Moved Temporarily | 14 kB |
URL User Request GET HTTP/1.1mp.org.pl/yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 IP185.11.100.204:80 ASN#29522 Cyber_Folks S.A.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /yt-redirect.php?banurl=https://inhalerflow.com/0/0/0/8a5ab89ba460dbf20f3b5568a3ea4364/2009 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
content-length: 0
content-type: text/html
|
|
| fundingchoicesmessages.google.com/f/AGSKWxVmIx8dPpxuiK62hoI-DTjxojOezOCd_-arqWfdmFuAMIgsJie0EuEWEvraTT9txcuomFyIfdDYhGWrYTSEJH_afi4clZpdVvROSF2Y0WJOHh6zXcb5KxF-PI-hd7K5Z9ryUR-3ZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzNDQxMTQ5LDE3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJWS0R3REtkLVJ4TSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 | 142.250.74.142 | 200 OK | 378 kB |
URL GET HTTP/3fundingchoicesmessages.google.com/f/AGSKWxVmIx8dPpxuiK62hoI-DTjxojOezOCd_-arqWfdmFuAMIgsJie0EuEWEvraTT9txcuomFyIfdDYhGWrYTSEJH_afi4clZpdVvROSF2Y0WJOHh6zXcb5KxF-PI-hd7K5Z9ryUR-3ZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzNDQxMTQ5LDE3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJWS0R3REtkLVJ4TSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 IP142.250.74.142:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Size378 kB (377775 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f/AGSKWxVmIx8dPpxuiK62hoI-DTjxojOezOCd_-arqWfdmFuAMIgsJie0EuEWEvraTT9txcuomFyIfdDYhGWrYTSEJH_afi4clZpdVvROSF2Y0WJOHh6zXcb5KxF-PI-hd7K5Z9ryUR-3ZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzNDQxMTQ5LDE3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJWS0R3REtkLVJ4TSJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 11:52:29 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'nonce-HlQbm2ob0dcrPis_Lr5iHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmLw0JBiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZALPH1JZMWEMc8n86aAsRO6TNYQ4DYp34GaxwQt948xzodiE8uOM96EYiT_p1nLQFiIR6Ov5NaNrIJ3Hi2aBojAPx7MDo"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.99:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 176757
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.99:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:37:01 GMT
expires: Fri, 18 Apr 2025 02:37:01 GMT
cache-control: public, max-age=31536000
age: 33328
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 172.67.141.24 | 200 OK | 962 B |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP172.67.141.24:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (1015), with no line terminators Hash88523e22d10f0cbad31aa1d8276764fa 9238cd9499e01abdbeb33e68c550d26cfb6eaba5 d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:52:28 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 167995
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=esjF7VPzc9bmxPHAPIEeLdsDSWNgbr3pagaYQO5VX8TAUxYdeVVWSEfwA%2BLo8bLiujhgi%2BYldmEZZqbH3Z0xr6pxOBgwkX2du4sW1l4cZYRknJG2NOEnTRWxG1gWdvOONiZWlmRFV3c6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876472eb3df556b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 185.11.100.204 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?banned=1 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:52:26 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Thu, 18 Apr 2024 11:52:26 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2
|
|