Report - gitus.net/watch/?=7NS080524

Report Overview

Submitted URL
gitus.net/watch/?=7NS080524
IP
78.135.87.2
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Submitted
2024-05-09 01:53:17
Access
public
Website Title
(1) New Message!
Final URL
gitus.net/watch/?=7NS080524
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
44

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-08	338 B	942 B	143.204.53.97
arvigorothan.com	unknown	2023-10-19	2023-10-19	2024-05-03	395 B	32 kB	104.21.30.34
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	1.0 kB	33 kB	216.58.207.227
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-08	852 B	832 B	3.124.83.201
restlessidea.com	unknown	unknown	No data	No data	2.4 kB	5.7 kB	192.243.61.227
selfevidentvisual.com	unknown	unknown	No data	No data	2.9 kB	22 kB	192.243.61.227
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-08	2.2 kB	68 kB	188.114.97.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	416 B	1.8 kB	142.250.74.106
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-08	1.8 kB	126 kB	45.133.44.10
glakaits.net	unknown	2024-05-07	2024-05-08	2024-05-08	1.6 kB	8.6 kB	139.45.197.242
shapedcongest.com	unknown	unknown	No data	No data	7.3 kB	13 kB	192.243.59.13
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-07	476 B	1.0 kB	45.133.44.4
gitus.net	unknown	2023-02-02	2023-02-03	2024-02-26	3.9 kB	120 kB	78.135.87.2
continentalfinishdislike.com	unknown	2023-12-11	2023-12-15	2024-02-26	1.3 kB	38 kB	172.240.108.68
skilledskillemergency.com	unknown	2024-05-06	2024-05-07	2024-05-08	2.5 kB	5.5 kB	172.240.108.68
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-08	451 B	738 B	139.45.195.8
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-08	406 B	87 kB	188.114.97.1
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-07	730 B	424 B	192.243.59.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	continentalfinishdislike.com	Sinkholed
2024-05-08	medium	continentalfinishdislike.com	Sinkholed
2024-05-08	medium	continentalfinishdislike.com	Sinkholed
2024-05-08	medium	arvigorothan.com	Sinkholed
2024-05-08	medium	skilledskillemergency.com	Sinkholed
2024-05-08	medium	restlessidea.com	Sinkholed
2024-05-08	medium	skilledskillemergency.com	Sinkholed
2024-05-08	medium	restlessidea.com	Sinkholed
2024-05-08	medium	selfevidentvisual.com	Sinkholed
2024-05-08	medium	selfevidentvisual.com	Sinkholed
2024-05-08	medium	selfevidentvisual.com	Sinkholed
2024-05-08	medium	glakaits.net	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	glakaits.net	Sinkholed
2024-05-08	medium	shapedcongest.com	Sinkholed
2024-05-08	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0	7.0 kB	2024-02-06	2024-05-19
Pretty URL gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-06 20:30:22 Last Seen2024-05-19 23:07:23 Times Seen214 Hash 70bb4fab119eb133cae33105b69f65cb 0c78a77e06be020674ca82d28b02a712615f7b35 395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936 Loading...

	unknown	145 B	2023-04-11	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 22:41:58 Last Seen2024-05-18 04:40:35 Times Seen39 Hash b7908ee5eef46d1a861eefa7ecd6a7bd 9c7a9b22fd081494c5a3a0ed41da7f06540acec9 11f5aad50a346c8b6933f5bb4f3389df9b59757a268f76da0f085515e89d2f68 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js	31 kB	2024-05-09	2024-05-09
Pretty URL continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:24 Last Seen2024-05-09 03:53:25 Times Seen2 Hash 505beb1ad459b15d81f8909f6d2ca860 d2ca872c53368d27542b2823801eedbb0144b474 f62b399b71ffe107d35041ced696c09fbc7bbc3b9886619757ce884975457c6d Loading...

	unknown	145 B	2023-04-11	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 22:41:58 Last Seen2024-05-18 04:40:35 Times Seen39 Hash 0f37f4480a57fabcd1bb713144dbd4d0 27d50475da9563206586971e98994182f732d3c7 f61ee725e088b4e2901bed2a5f46c50d4491ad4fcaad4fe2aca3f7e9541beaa0 Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-05-19 22:24:36 Times Seen4200 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3	19 kB	2024-03-13	2024-05-20
Pretty URL gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02:37 Last Seen2024-05-20 08:35:20 Times Seen5435 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	gitus.net/watch/?=7NS080524	3.2 kB	2024-05-08	2024-05-18
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 23:58:31 Last Seen2024-05-18 04:40:35 Times Seen5 Hash b57a12c82bc87f767476b4b855c6acc0 4937764a6065176a551a242a8359a054608eec42 13e717f987d4249e3b84e56a561a9c9cb371d7743308db78dc727472377648d6 Loading...

	gitus.net/watch/?=7NS080524	290 B	2023-12-29	2024-05-18
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 14:59:33 Last Seen2024-05-18 04:40:35 Times Seen26 Hash 39fa9ea76a0b1f68eba0ff9fb4eb5b9e 46cd8ee66d009a9d2e886496b9b2826fb83cf7ef 7551c5eb7ee204a5ccf492fe2429f4fb6cada8becb4e2662609d6ad302794be9 Loading...

	gitus.net/watch/?=7NS080524	291 B	2023-12-29	2024-05-18
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 14:59:33 Last Seen2024-05-18 04:40:35 Times Seen26 Hash d09ca3af0700b5467eb081ce90cc10ce 6fef5cd9a5b326c185829752aa2aeb56fa2d7508 186b143293dc23c67a003d7173bf3b5160e25ebdb282be63ee2da42e8432fef7 Loading...

	unknown	3.3 kB	2024-05-09	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:24 Last Seen2024-05-09 03:53:24 Times Seen1 Hash 3f89ff4fe3905eb317bc96bbc2d72f2b 7e9a12677085534c2fc6f36f312d68a9dc5b0503 66b51066b77eb6486292cad2f9babda4c1e35f28f14305840efeb44545bce5a9 Loading...

	unknown	196 B	2024-01-26	2024-05-12
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:25:26 Last Seen2024-05-12 17:32:00 Times Seen6 Hash 06db12e666896eefdcf088f0a834c73e 3c0ea4178acffa802d24b9c69da6e138570a43ea 1e069a0949344c0c68f9f5dcd23d027301c7cffa57e9c30620b34ef8fa309a49 Loading...

	continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js	31 kB	2024-05-09	2024-05-09
Pretty URL continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:24 Last Seen2024-05-09 03:53:25 Times Seen2 Hash 0f39d6109094c1666d3cfe78be1cf7be e4f1f2dfd4a54ec9c5f342d61b2dec1d7fc01e81 857d0a450074723d66e6eb02b7b2145f348b3f8cc884205cd5be0ae13e33ccd8 Loading...

	arvigorothan.com/tag.min.js	90 kB	2024-05-08	2024-05-09
Pretty URL arvigorothan.com/tag.min.js IP 104.21.30.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 21:20:09 Last Seen2024-05-09 07:49:38 Times Seen12 Hash 76c2a69970c22493395c731940cfe07c c009ced71ef13eccbca3583729ede2e58156894e 0cd441d1f29495f38b588ddb04e10283e04ea626e2c5b79783710998031576d6 Loading...

	unknown	564 B	2024-02-14	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 10:57:59 Last Seen2024-05-18 04:40:35 Times Seen4 Hash 611d713b04bad14a8b5b0ba10e727e10 812b934ac82715d425e8b45921d05339d93941b9 22830a13a6d75c053da0e419f22b81288afd11798c7d4f3757d56bac55365404 Loading...

	gitus.net/watch/?=7NS080524	290 B	2023-12-29	2024-05-18
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 14:59:33 Last Seen2024-05-18 04:40:35 Times Seen26 Hash a46fc8f176e3f10ccd0b5694a80602ac e69423a1b0ff6a0bff13e939c5022d4405d938cf ec42e1d1af38ecb4ca7facf6100760547903a97f81a0c00c726a3d1d38160290 Loading...

	gitus.net/watch/?=7NS080524	196 B	2024-05-08	2024-05-18
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 23:58:31 Last Seen2024-05-18 04:40:35 Times Seen5 Hash 3d9647da28c32793682f8796d745ca02 9e4c6212a45efb843d2820ac86d9766e8ef01423 38c82104dd084758b47455e2a99eb45de18cfe7891dd0a56615e8edf44aabe4a Loading...

	gitus.net/watch/?=7NS080524	424 B	2023-04-11	2024-05-18
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-11 22:41:58 Last Seen2024-05-18 04:40:35 Times Seen39 Hash c8386f88e7424db9b68390f23570df12 ab5e50b9117416b979e3f1fc91ca1d0c06a0cbe0 6ae158646d616cf594893036bea0febf7a3aea18b4614dc1c52a9cf4fabcc804 Loading...

	gitus.net/watch/?=7NS080524	260 B	2023-03-07	2024-05-19
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:19 Last Seen2024-05-19 23:07:23 Times Seen2616 Hash 9b78b28b396646badfc6017235ee4be9 18103240bf0cb760cdf7febc628b56b8fca44319 215f517010a20f2f4c55d34dd3c574568bd0fb83662f0b915ddb6561f97c3904 Loading...

	selfevidentvisual.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js	44 kB	2024-05-09	2024-05-09
Pretty URL selfevidentvisual.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:24 Last Seen2024-05-09 03:53:25 Times Seen2 Hash 792bb6a548426b591680bd6041f1b7fe d0b7715daa4982bc0db74eecc5d37c320825157b 96608b298629ce3b8a2e9e1c96ca6df52bfc6d50be85b63dea776f5724147c6d Loading...

	gitus.net/watch/?=7NS080524	127 B	2023-03-07	2024-05-19
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:19 Last Seen2024-05-19 21:15:20 Times Seen1647 Hash e891393f0be3a6ffaa3923b307180e7e bc0a7332b9846a5762a71b9b9811c1a8b19df194 2d1778345d3607ceb641cc5f21b0a2c045fa70052361ac91a17c39b2c9d96f71 Loading...

	continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js	31 kB	2024-05-09	2024-05-09
Pretty URL continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:24 Last Seen2024-05-09 03:53:25 Times Seen2 Hash a5ef2656cc5dec03a90cde65c761bd89 fd4bfd6bafe25b7b16eaf5f29fc64f6329070b86 94e6f43ba61f733d3a0254e5fe793dedc2e39208916689aa73ca3af707a4cef1 Loading...

	unknown	145 B	2023-04-11	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 22:41:58 Last Seen2024-05-18 04:40:35 Times Seen39 Hash 03ebd3b660718bbe2db2520611f66a9e 315817436c3a7373a089556f3330894793df70ad d4408fc9662402fdcd4c544c1c959d0b4c5252382fcbc4b2a10be55144c10b96 Loading...

	unknown	3.2 kB	2024-05-09	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:25 Last Seen2024-05-09 03:53:25 Times Seen1 Hash 01abba914c6876d5cb20eabc8bb881a1 1e3f921a3bc0fcc6a36255982bbc0b1e77ba017b 6ff408ddb0f5fc545f6ab1811923d3998c3eb028ae4e35158188b445cc5c7794 Loading...

	unknown	3.3 kB	2024-05-09	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:53:25 Last Seen2024-05-09 03:53:25 Times Seen1 Hash b2839a2a4b51cd808c0379aa2d6c7d38 f6cd0be1855b422f0739375fece8bc8856570638 5d77c435ba9ecb5f96a541713193605e7fe13a4108dbe4caff534845e44a4ac3 Loading...

	gitus.net/watch/?=7NS080524	82 kB	2024-04-02	2024-05-20
Pretty URL gitus.net/watch/?=7NS080524 IP 78.135.87.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-02 01:06:00 Last Seen2024-05-20 04:08:34 Times Seen79 Hash 918fdfeb208a2b48301982701469753b 1954ca532ba0d67d352dc1bef6ed8dfbd9deeec2 e1a664aa85bae6f0ab4da4acf77c76ca723410c18372d84df28439823d25e8f6 Loading...

		Size	First Seen	Last Seen
	#1 Eval - a55b9f220c890cd9dc6c0beca71754de	2.1 kB	2024-05-09	2024-05-09
Pretty Observations First Seen2024-05-09 03:53:25 Last Seen2024-05-09 03:53:25 Times Seen1 Hash a55b9f220c890cd9dc6c0beca71754de 411bfcc8bcc6fc1d550312aa84a1102701e68c5e 92c8a1cea3030c6eae7657f95299c7a497ec462c2a507cc4755b7cf873fd296a Loading...

	#2 Eval - a78bfd42e7603fbb573c1aed1410fa84	2.1 kB	2024-05-09	2024-05-09
Pretty Observations First Seen2024-05-09 03:53:25 Last Seen2024-05-09 03:53:25 Times Seen1 Hash a78bfd42e7603fbb573c1aed1410fa84 14856c1cb54adb75a3925dbb25aa76328f807a3a fd249b7d200e8c07cd8c3937e01c8a0ff2a2b124a99124fec34f15b6e8e955e8 Loading...

	#3 Eval - 41a223b5c581f49c3cfbc06aafaacc3f	2.1 kB	2024-05-09	2024-05-09
Pretty Observations First Seen2024-05-09 03:53:25 Last Seen2024-05-09 03:53:25 Times Seen1 Hash 41a223b5c581f49c3cfbc06aafaacc3f f2851c58e7046455d67cf395e968fd26ac8d260f b78ff8371f5b5eaf1ab008307d89110571b8a04b0999889bc876400e311eb830 Loading...

		Size	First Seen	Last Seen
	#1 Write - 513b6a3d12217399be54b69f372e6a56	120 B	2023-12-29	2024-05-18
Pretty Observations First Seen2023-12-29 14:59:33 Last Seen2024-05-18 04:40:35 Times Seen24 Hash 513b6a3d12217399be54b69f372e6a56 ea6f8a2bdbebffeef89267b264073f05a44eb916 ae0572daaeb315578bd2b89d201a9e31cea9f3dfcbd09f9b73f7c9cffb156f3d Loading...

	#2 Write - e396837fc5590e1641219295bb3f2f86	120 B	2023-12-29	2024-05-18
Pretty Observations First Seen2023-12-29 14:59:33 Last Seen2024-05-18 04:40:35 Times Seen26 Hash e396837fc5590e1641219295bb3f2f86 e498c0270edb421f44eab8ca141eb9ce4e9adc71 0d1deab00d0e61b0eb37ca433dadb0b28dd55ef0b928daabecfa239c2c32ad61 Loading...

	#3 Write - d7f544f994c3b444045e1cb341228c01	120 B	2023-12-29	2024-05-18
Pretty Observations First Seen2023-12-29 14:59:33 Last Seen2024-05-18 04:40:36 Times Seen26 Hash d7f544f994c3b444045e1cb341228c01 e19aa9b90d2e0d208bfb3fbe17649ce3a7f68785 1f6e9bf09f92352414084fe9c7a345fc19788c660ea5f60ed3ccc6a9dda00a83 Loading...

HTTP Transactions (48)

URL IP Response Size

gitus.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3

78.135.87.2

200 OK

14 kB

URL GET HTTP/3
gitus.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
ASCII text, with very long lines (59701)
Size
14 kB (14071 bytes)
Hash
51a8390b47aa0582cf2d9c96c5addee2
b16a640874025d085c38119a1a02a3460f83f2de
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: text/css
last-modified: Sat, 06 Apr 2024 01:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14071
date: Thu, 09 May 2024 01:52:50 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

gitus.net/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0

78.135.87.2

200 OK

4.4 kB

URL GET HTTP/3
gitus.net/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
ASCII text, with very long lines (19564), with no line terminators
Size
4.4 kB (4416 bytes)
Hash
867585929ee8b21749cdefa675d9aa11
afbd7bc967068d4e804641f4b1df78ab37417144
bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d

HTTP Headers

GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 18:24:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4416
date: Thu, 09 May 2024 01:52:50 GMT

gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0

78.135.87.2

200 OK

1.5 kB

URL GET HTTP/3
gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
JavaScript source, ASCII text, with very long lines (6957), with no line terminators
Size
1.5 kB (1546 bytes)
Hash
70bb4fab119eb133cae33105b69f65cb
0c78a77e06be020674ca82d28b02a712615f7b35
395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936

HTTP Headers

GET /wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 18:24:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1546
date: Thu, 09 May 2024 01:52:50 GMT

gitus.net/play.png

78.135.87.2

200 OK

40 kB

URL GET HTTP/3
gitus.net/play.png
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Size
40 kB (39992 bytes)
Hash
1548e0a529c859d60164557c1619a60e
773b667e66c8a712673e5f26e3e0f10483edfaaa
f9ed0ce815f22787aa1ad1abc0fb9988aa6e6b66200ca6146f1585883a40a10d

HTTP Headers

GET /play.png HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: image/png
last-modified: Mon, 22 Apr 2024 18:17:44 GMT
accept-ranges: bytes
content-length: 39992
date: Thu, 09 May 2024 01:52:50 GMT

gitus.net/wp-content/uploads/2023/05/telegram-channel-300x96.webp

78.135.87.2

200 OK

5.8 kB

URL GET HTTP/3
gitus.net/wp-content/uploads/2023/05/telegram-channel-300x96.webp
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x96, Scaling: [none]x[none], YUV color, decoders should clamp
Size
5.8 kB (5792 bytes)
Hash
19927eb618d6d8a5f00c81509a1ab3b0
21316c888dafe934f19c4d010c71c6c2a22ab26d
246018f0503266eae1b1dfe2a1a3ab030c78a5d52d954eea666ac5dc3546b311

HTTP Headers

GET /wp-content/uploads/2023/05/telegram-channel-300x96.webp HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: image/webp
last-modified: Sun, 28 May 2023 09:41:28 GMT
accept-ranges: bytes
content-length: 5792
date: Thu, 09 May 2024 01:52:50 GMT

continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js

172.240.108.68

200 OK

12 kB

URL GET HTTP/1.1
continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcontinentalfinishdislike.com
FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C
ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT

File type
JavaScript source, ASCII text, with very long lines (31277), with no line terminators
Size
12 kB (11813 bytes)
Hash
0f39d6109094c1666d3cfe78be1cf7be
e4f1f2dfd4a54ec9c5f342d61b2dec1d7fc01e81
857d0a450074723d66e6eb02b7b2145f348b3f8cc884205cd5be0ae13e33ccd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0628c4627ca50d7aec78b63c9d6947bc/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3b7a5e69e322df8b4398d23ba4f4d2d1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js

172.240.108.68

200 OK

12 kB

URL GET HTTP/1.1
continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcontinentalfinishdislike.com
FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C
ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT

File type
JavaScript source, ASCII text, with very long lines (31296), with no line terminators
Size
12 kB (11834 bytes)
Hash
505beb1ad459b15d81f8909f6d2ca860
d2ca872c53368d27542b2823801eedbb0144b474
f62b399b71ffe107d35041ced696c09fbc7bbc3b9886619757ce884975457c6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b11545e588bb39ae3149b6e82aed3eb2/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5181c228b6a99e4cf50eef915b38772b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
17d83a6a1ce5ec032b9d0be6c8c68106
9b412e1c9f9694753b73daa262811ec4c420e7d1
935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 09 May 2024 01:52:51 GMT
Last-Modified: Thu, 09 May 2024 00:04:26 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4C0KvH_7SRnKcPFXq7M9Y3ui921paAxXnfNMxWtdQGNrOE-hMtPNIA==
Age: 6505

proftrafficcounter.com/stats

3.124.83.201

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
3.124.83.201:443
ASN
#16509 AMAZON-02

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
db5731f2f270fce66d3372c3c286f73a
155d8f015ec347bd2edc7bf240740e20c4ce2ad4
ae7b5fe98e7e182bcab6a8510662c355f294070bfa904f5fccd185385183d634

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitus.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a106fa90-f1b8-49b6-9ac8-0a118f55fa81:1:1; expires=Sun, 07 May 2034 01:52:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

3.124.83.201

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
3.124.83.201:443
ASN
#16509 AMAZON-02

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
6519404060c71625c2324891f70f2bf3
5239b2ebfaf49bea7483a289765eb5b555a5d9d8
b75725d13872091ce6022416dda5b6a3d7880f0d49ba64cc1e6a05328c9c981d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitus.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Sun, 07 May 2034 01:52:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js

172.240.108.68

200 OK

12 kB

URL GET HTTP/1.1
continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcontinentalfinishdislike.com
FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C
ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT

File type
JavaScript source, ASCII text, with very long lines (31250), with no line terminators
Size
12 kB (11805 bytes)
Hash
a5ef2656cc5dec03a90cde65c761bd89
fd4bfd6bafe25b7b16eaf5f29fc64f6329070b86
94e6f43ba61f733d3a0254e5fe793dedc2e39208916689aa73ca3af707a4cef1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /871902a25f4f75ff642515ce6baf163b/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8dcccf2dda0d2c4e14716688acdf0dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3

78.135.87.2

200 OK

4.7 kB

URL GET HTTP/3
gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
4.7 kB (4676 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:51 GMT
content-type: application/javascript
last-modified: Sat, 06 Apr 2024 01:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4676
date: Thu, 09 May 2024 01:52:51 GMT

arvigorothan.com/tag.min.js

104.21.30.34

200 OK

31 kB

URL GET HTTP/2
arvigorothan.com/tag.min.js
IP
104.21.30.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectarvigorothan.com
Fingerprint3A:2D:B5:82:D0:74:59:F6:A0:25:BC:11:72:CE:92:28:1A:77:F7:F3
ValiditySat, 13 Apr 2024 22:48:55 GMT - Fri, 12 Jul 2024 22:48:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30708 bytes)
Hash
76c2a69970c22493395c731940cfe07c
c009ced71ef13eccbca3583729ede2e58156894e
0cd441d1f29495f38b588ddb04e10283e04ea626e2c5b79783710998031576d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: arvigorothan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:51 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 432ea3f91c8b45bc0d7fd769b5d1152a
cache-control: max-age=86400
last-modified: Wed, 08 May 2024 11:49:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 May 2024 13:59:04 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 42827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nsXWPPcgGm2c1lp1KSzEuMFCkiFUb4Rqm%2B%2B%2FXnr5KqxGnbv8vMJHfIJMvwc3yQPRDgqM2EDjhbJMAPda3JCpPk5u2QgrQzBE61ZHL9XQFCz%2FExBefec7QyW2Pp1sBflHpwdS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0d735f08b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

skilledskillemergency.com/watch.1189329983831.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1

172.240.108.68

307 Temporary Redirect

0 B

URL GET HTTP/1.1
skilledskillemergency.com/watch.1189329983831.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectskilledskillemergency.com
Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03
ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1189329983831.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://skilledskillemergency.com/watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1
Set-Cookie: u_pl=18294299; expires=Fri, 10 May 2024 01:52:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI5OSwiayI6IjA2MjhjNDYyN2NhNTBkN2FlYzc4YjYzYzlkNjk0N2JjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ0bnNkcjBweGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.M6Gir2t7NAD68CyQvSTmCjJZTseQew8w0uL79ym1eRk; expires=Thu, 09 May 2024 01:53:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 15fbc7110aa572d8a9668b9b4438218a
Strict-Transport-Security: max-age=0; includeSubdomains

restlessidea.com/watch.1422058122694.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
restlessidea.com/watch.1422058122694.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectrestlessidea.com
FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD
ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1422058122694.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://restlessidea.com/watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
Set-Cookie: u_pl=18366955; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2Njk1NSwiayI6Ijg3MTkwMmEyNWY0Zjc1ZmY2NDI1MTVjZTZiYWYxNjNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiOW5uZzA3a2ViIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0dXMubmV0L3dhdGNoLz89N05TMDgwNTI0IiwiYXIiOltdfX0.HNGmphftrSX_kmPz0-2GGDb2HxKM1NPgyIIhpLIPWww; expires=Thu, 09 May 2024 01:53:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b68fe3d2cc508027687cd4d8693b864a
Strict-Transport-Security: max-age=0; includeSubdomains

skilledskillemergency.com/watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1

172.240.108.68

200 OK

2.0 kB

URL GET HTTP/1.1
skilledskillemergency.com/watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectskilledskillemergency.com
Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03
ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT

File type
JavaScript source, ASCII text, with very long lines (2435)
Size
2.0 kB (1973 bytes)
Hash
9dd8107d27773e391e37b6551b9c188d
3615b4ecf632a42e0d14f17281ff3f414fbbfa30
d76a01f6dcec62f43dbb204849b13a3cf8f2a2edc8e645c6d0ef4bb9f304f8f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18294299; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI5OSwiayI6IjA2MjhjNDYyN2NhNTBkN2FlYzc4YjYzYzlkNjk0N2JjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ0bnNkcjBweGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.M6Gir2t7NAD68CyQvSTmCjJZTseQew8w0uL79ym1eRk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a106fa90-f1b8-49b6-9ac8-0a118f55fa81:1:1; expires=Thu, 16 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv27=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs27=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3dc6c5f2dbb17344a376e53d832299a5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

restlessidea.com/watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
restlessidea.com/watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectrestlessidea.com
FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD
ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT

File type
JavaScript source, ASCII text, with very long lines (2609)
Size
2.1 kB (2079 bytes)
Hash
cf159b85ce0e856e73cbb7df7628061b
9fb8a7d924ba91bdbabff1a0be11c3bb8722002b
f65bcdcbd973319c32a6057cac51d311c31ee32423e579cce23786471be536e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18366955; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2Njk1NSwiayI6Ijg3MTkwMmEyNWY0Zjc1ZmY2NDI1MTVjZTZiYWYxNjNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiOW5uZzA3a2ViIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0dXMubmV0L3dhdGNoLz89N05TMDgwNTI0IiwiYXIiOltdfX0.HNGmphftrSX_kmPz0-2GGDb2HxKM1NPgyIIhpLIPWww
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Thu, 16 May 2024 01:52:52 GMT; secure; SameSite=None
iprc67998e1f5dd5582b4e23ebbe33b016b1=3570421; expires=Thu, 09 May 2024 05:52:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv32=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs32=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13eb40f5dfea05f54904a857448a15e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

selfevidentvisual.com/watch.577768106697.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
selfevidentvisual.com/watch.577768106697.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectselfevidentvisual.com
Fingerprint67:06:8B:12:1D:E0:78:04:09:96:B8:2C:9B:E1:75:AB:5F:7A:A1:AD
ValidityMon, 06 May 2024 12:44:12 GMT - Sun, 04 Aug 2024 12:44:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.577768106697.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: selfevidentvisual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://selfevidentvisual.com/watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
Set-Cookie: u_pl=18294265; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI2NSwiayI6ImIxMTU0NWU1ODhiYjM5YWUzMTQ5YjZlODJhZWQzZWIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im01NzlqYWpoaCIsImNwa3MiOnsiMjkiOiI5MjYzZTBjYThmMjhmMDIzMzQwYzE0NmMxMmY2YjU0NCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.aFzEnOAA-n8WgHHL_i3VFLQBI-YFjamHLeuMv0ynXus; expires=Thu, 09 May 2024 01:53:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c7ee3203f90dc6f7c2f4142f85f7e38
Strict-Transport-Security: max-age=0; includeSubdomains

my.rtmark.net/gid.js?userId=008057f2f6104fa7ebe04c4cd269e5f4

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008057f2f6104fa7ebe04c4cd269e5f4
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
2a70c4e507d0b5a6f074d9a012f2ae31
fbeedc98b1db0a26af19d672fea5acfd7d9ed2a8
4a15d7c8e7c630a5aa2af3418810fe47b991befac86de1aecfa30ee128b2467b

HTTP Headers

GET /gid.js?userId=008057f2f6104fa7ebe04c4cd269e5f4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://gitus.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008057f2f6104fa7ebe04c4cd269e5f4; expires=Fri, 09 May 2025 01:52:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

selfevidentvisual.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js

192.243.61.227

200 OK

16 kB

URL GET HTTP/1.1
selfevidentvisual.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectselfevidentvisual.com
Fingerprint67:06:8B:12:1D:E0:78:04:09:96:B8:2C:9B:E1:75:AB:5F:7A:A1:AD
ValidityMon, 06 May 2024 12:44:12 GMT - Sun, 04 Aug 2024 12:44:11 GMT

File type
JavaScript source, ASCII text, with very long lines (44045), with no line terminators
Size
16 kB (15814 bytes)
Hash
792bb6a548426b591680bd6041f1b7fe
d0b7715daa4982bc0db74eecc5d37c320825157b
96608b298629ce3b8a2e9e1c96ca6df52bfc6d50be85b63dea776f5724147c6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /92/63/e0/9263e0ca8f28f023340c146c12f6b544.js HTTP/1.1
Host: selfevidentvisual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5bbb5ab6e4634331eb311b7fae76925
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/6d/84/c9/6d84c95cf38073e236b57c8fd493bc60/1627917004.png

45.133.44.10

200 OK

22 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/6d/84/c9/6d84c95cf38073e236b57c8fd493bc60/1627917004.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 468 x 60, 8-bit/color RGB, non-interlaced
Size
22 kB (22093 bytes)
Hash
d3a2f167c25626f865850a86b565f2f1
49d449e3b737d891edb771546252fa59dfc2c041
72ce733b5eb986289ac3c3a5e7cd9939dd8b212f3b32bd019f5b65b53dc912ad

HTTP Headers

GET /cti/6d/84/c9/6d84c95cf38073e236b57c8fd493bc60/1627917004.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: image/png
content-length: 22093
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:10:15 GMT
etag: "61080ad7-564d"
expires: Sat, 11 May 2024 01:52:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Sat, 11 May 2024 01:52:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

selfevidentvisual.com/watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1

192.243.61.227

200 OK

2.0 kB

URL GET HTTP/1.1
selfevidentvisual.com/watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectselfevidentvisual.com
Fingerprint67:06:8B:12:1D:E0:78:04:09:96:B8:2C:9B:E1:75:AB:5F:7A:A1:AD
ValidityMon, 06 May 2024 12:44:12 GMT - Sun, 04 Aug 2024 12:44:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2423)
Size
2.0 kB (1968 bytes)
Hash
1ae3b4ffd0d35df14cd7d022a10253d5
5edcc4bf156ac039114c2dc0a088b901ebef5ce9
15090f8c6867708c2521fed2a46f142b31065ff2becaa3e6b321878d2ab02de4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: selfevidentvisual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18294265; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI2NSwiayI6ImIxMTU0NWU1ODhiYjM5YWUzMTQ5YjZlODJhZWQzZWIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im01NzlqYWpoaCIsImNwa3MiOnsiMjkiOiI5MjYzZTBjYThmMjhmMDIzMzQwYzE0NmMxMmY2YjU0NCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.aFzEnOAA-n8WgHHL_i3VFLQBI-YFjamHLeuMv0ynXus
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Thu, 16 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e0cae72fa4122a34961c1cf10504fe2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

gitus.net/favicon.ico

78.135.87.2

404 Not Found

708 B

URL GET HTTP/3
gitus.net/favicon.ico
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1; prefetchAd_7156415=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Thu, 09 May 2024 01:52:52 GMT

cdn.cloudimagesb.com/cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png

45.133.44.10

200 OK

63 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
63 kB (63346 bytes)
Hash
5942ffc6b6a9c37ff916a6a75f8e56cf
4660db02422b646fe368c795a3dcf8fa1ef97ce5
0acbcb3c359cff614a772250f6475c3c44c1a32a13e6b1996f5cfbc6ea80ee0d

HTTP Headers

GET /cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: image/png
content-length: 63346
server: nginx/1.21.6
last-modified: Mon, 12 Feb 2024 08:18:33 GMT
etag: "65c9d459-f772"
expires: Sat, 11 May 2024 01:52:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

glakaits.net/5/7156415/?oo=1&js_build=iclick-v1.790.0

139.45.197.242

200 OK

3.5 kB

URL GET HTTP/2
glakaits.net/5/7156415/?oo=1&js_build=iclick-v1.790.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
gzip compressed data, max speed, from Unix
Size
3.5 kB (3461 bytes)
Hash
0a2628c8dfaf5a8e80bfd2770fcdb791
d1b57c942481d49910af711aa6e2d7568b986a1f
91f24610ee999ba08738b14ead21e2e91b4e5e17e360ef23504f72b305a71e0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7156415/?oo=1&js_build=iclick-v1.790.0 HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/json
x-trace-id: 060677b2dff963cc505152f67f3a5548
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://gitus.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008057f2f6104fa7ebe04c4cd269e5f4; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
oaidts=1715219572; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gitus.net/watch/?=7NS080524

78.135.87.2

200 OK

46 kB

URL User Request GET HTTP/2
gitus.net/watch/?=7NS080524
IP
78.135.87.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Certificate
IssuerLet's Encrypt
Subject*.gitus.net
FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C
ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT

File type
HTML document, ASCII text, with very long lines (8903), with CRLF, LF line terminators
Size
46 kB (45780 bytes)
Hash
7446bd3d609318ced151ab292ff348c3
8d99af93fe7b0a2d3e65ab5b7be0835a727389a8
d9e132eefd9e7be2bbe3864ec5d2901d72283a9a6cfe1306098c9c2247a1d1ba

HTTP Headers

GET /watch/?=7NS080524 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
x-ua-compatible: IE=edge
link: <https://gitus.net/wp-json/>; rel="https://api.w.org/", <https://gitus.net/wp-json/wp/v2/pages/34>; rel="alternate"; type="application/json", <https://gitus.net/?p=34>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 May 2024 01:52:49 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

shapedcongest.com/sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1

192.243.59.13

200 OK

8.3 kB

URL GET HTTP/1.1
shapedcongest.com/sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type
JSON text data
Size
8.3 kB (8326 bytes)
Hash
e620ba0bee8042ae57de20aa75014a32
842c8eb609f35d8057f0a0bc8cd1450ae80616c5
ece213f0547d8354585daf93f99d58cf0a9cbdb6652eda966a052490f9a0694b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18829199; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Thu, 16 May 2024 01:53:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c12883f709c872fdad9d9da265b1e8a4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

shapedcongest.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSunuQmCMp6WsQRPKywmfTPpGfGFZaNMRKMO%2Bvuit6kuqt6Uqamq63qmp7kFAzI3hw8eup8k2yILrJ7FVxksuAhIGQ85WAuXjwr7FlmHBx9h3rv1fcVfPW99%2BWBvSQ%2BLL1Y%2B0DtCinp8krNrV77xPNuVDdFavvVfjP8NKzfqOreW62w5r5ZfY%2FH22rZdz3X9Vyvui40T1R%2FeQJCZI9aXq3l1up%2BzVupo6%2F%2F3xvrwFAHrHdJXoZg48VnzhWIeIS0%2B3iNm%2B1cZdff7VpJc6XRY8cfpdupKlJ052WiHSTp8YwNZc7Xn0KlR1O5UL1%2FiZEYE%2Bfnp4jS45lIRL3Dqc5IgqeI2AsoeiNwOYKgI8RqH4KdEyBmuN1G2n14W%2BmC7vyD0gk6JovP%2F4IoxmTxtytIu9%2BvStGv3lPS5kKlBv2khOiPIDojZPYU%2BW4FojhFnH8BwX4hy883kXYP20YqCHbxBnWjKGKxt9RqRY2lOneDpWilSZdaXhA0mkndb4R0apAQI4hkBMkHoKYCaxxY4cAmDmzmoMsuqrHneQ2XxdRttuI4YA0ehcz1aCPxqOeGTdh48ocB8myAWA4Q6z1keg%2FbYgBtf4LZKmHYAkw%2BJs6Hn6PHShScoDAEBSUoBEGRExS98ohJ45vyIZPGRt4s%2B7MclEOVdw7okco7PCWgegDNyoPskrw0MdF5rf0VtvlFteWHAXdj2kz8ZuL6QVB3Y68exp6fhNFKvQ4jSghTATUOdsWYvH7yDTJxfusPRPQURp4iFq%2BA2ldBixJ0q8RuetIRuTW1lOdgqkSWLyLfcQ7kJbk6neBG%2BzF4fHbz92AaiHWJTJf4TDwj6MgHw7uqIId3VWHIk3aWi67YpZPp3stpzhe%2BfZ%2FvFEqzjTUzOLkVT4BJ%2Beg%2BN%2FkmTZlIO4Z8tyoY43pd6ZiTHzfMxzy6Y83WqtWpzTbvvLO%2B0c00N0aodAQ6WdQ%2FNWIxJi9evT9d3Gs%2FtCH0CNqW6NozMgsINUKc7cFkc%2F1GEWg550SZg8KWQ%2B1H80spCCSf9zQqYf7TR%2FN6qOnkNRXlgXmAjq6A5vtIuyV6ukRPlqByAGMXhnmmz27%2BOpMRycowkrpyGEktv57aPDmewIiLaiMIXBq2VrxGg%2FJGVPebSegxSv166IchDZCbcfL29f2%2FAQAA%2F%2F8BAAD%2F%2F98rLymSBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
shapedcongest.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSunuQmCMp6WsQRPKywmfTPpGfGFZaNMRKMO%2Bvuit6kuqt6Uqamq63qmp7kFAzI3hw8eup8k2yILrJ7FVxksuAhIGQ85WAuXjwr7FlmHBx9h3rv1fcVfPW99%2BWBvSQ%2BLL1Y%2B0DtCinp8krNrV77xPNuVDdFavvVfjP8NKzfqOreW62w5r5ZfY%2FH22rZdz3X9Vyvui40T1R%2FeQJCZI9aXq3l1up%2BzVupo6%2F%2F3xvrwFAHrHdJXoZg48VnzhWIeIS0%2B3iNm%2B1cZdff7VpJc6XRY8cfpdupKlJ052WiHSTp8YwNZc7Xn0KlR1O5UL1%2FiZEYE%2Bfnp4jS45lIRL3Dqc5IgqeI2AsoeiNwOYKgI8RqH4KdEyBmuN1G2n14W%2BmC7vyD0gk6JovP%2F4IoxmTxtytIu9%2BvStGv3lPS5kKlBv2khOiPIDojZPYU%2BW4FojhFnH8BwX4hy883kXYP20YqCHbxBnWjKGKxt9RqRY2lOneDpWilSZdaXhA0mkndb4R0apAQI4hkBMkHoKYCaxxY4cAmDmzmoMsuqrHneQ2XxdRttuI4YA0ehcz1aCPxqOeGTdh48ocB8myAWA4Q6z1keg%2FbYgBtf4LZKmHYAkw%2BJs6Hn6PHShScoDAEBSUoBEGRExS98ohJ45vyIZPGRt4s%2B7MclEOVdw7okco7PCWgegDNyoPskrw0MdF5rf0VtvlFteWHAXdj2kz8ZuL6QVB3Y68exp6fhNFKvQ4jSghTATUOdsWYvH7yDTJxfusPRPQURp4iFq%2BA2ldBixJ0q8RuetIRuTW1lOdgqkSWLyLfcQ7kJbk6neBG%2BzF4fHbz92AaiHWJTJf4TDwj6MgHw7uqIId3VWHIk3aWi67YpZPp3stpzhe%2BfZ%2FvFEqzjTUzOLkVT4BJ%2Beg%2BN%2FkmTZlIO4Z8tyoY43pd6ZiTHzfMxzy6Y83WqtWpzTbvvLO%2B0c00N0aodAQ6WdQ%2FNWIxJi9evT9d3Gs%2FtCH0CNqW6NozMgsINUKc7cFkc%2F1GEWg550SZg8KWQ%2B1H80spCCSf9zQqYf7TR%2FN6qOnkNRXlgXmAjq6A5vtIuyV6ukRPlqByAGMXhnmmz27%2BOpMRycowkrpyGEktv57aPDmewIiLaiMIXBq2VrxGg%2FJGVPebSegxSv166IchDZCbcfL29f2%2FAQAA%2F%2F8BAAD%2F%2F98rLymSBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSunuQmCMp6WsQRPKywmfTPpGfGFZaNMRKMO%2Bvuit6kuqt6Uqamq63qmp7kFAzI3hw8eup8k2yILrJ7FVxksuAhIGQ85WAuXjwr7FlmHBx9h3rv1fcVfPW99%2BWBvSQ%2BLL1Y%2B0DtCinp8krNrV77xPNuVDdFavvVfjP8NKzfqOreW62w5r5ZfY%2FH22rZdz3X9Vyvui40T1R%2FeQJCZI9aXq3l1up%2BzVupo6%2F%2F3xvrwFAHrHdJXoZg48VnzhWIeIS0%2B3iNm%2B1cZdff7VpJc6XRY8cfpdupKlJ052WiHSTp8YwNZc7Xn0KlR1O5UL1%2FiZEYE%2Bfnp4jS45lIRL3Dqc5IgqeI2AsoeiNwOYKgI8RqH4KdEyBmuN1G2n14W%2BmC7vyD0gk6JovP%2F4IoxmTxtytIu9%2BvStGv3lPS5kKlBv2khOiPIDojZPYU%2BW4FojhFnH8BwX4hy883kXYP20YqCHbxBnWjKGKxt9RqRY2lOneDpWilSZdaXhA0mkndb4R0apAQI4hkBMkHoKYCaxxY4cAmDmzmoMsuqrHneQ2XxdRttuI4YA0ehcz1aCPxqOeGTdh48ocB8myAWA4Q6z1keg%2FbYgBtf4LZKmHYAkw%2BJs6Hn6PHShScoDAEBSUoBEGRExS98ohJ45vyIZPGRt4s%2B7MclEOVdw7okco7PCWgegDNyoPskrw0MdF5rf0VtvlFteWHAXdj2kz8ZuL6QVB3Y68exp6fhNFKvQ4jSghTATUOdsWYvH7yDTJxfusPRPQURp4iFq%2BA2ldBixJ0q8RuetIRuTW1lOdgqkSWLyLfcQ7kJbk6neBG%2BzF4fHbz92AaiHWJTJf4TDwj6MgHw7uqIId3VWHIk3aWi67YpZPp3stpzhe%2BfZ%2FvFEqzjTUzOLkVT4BJ%2Beg%2BN%2FkmTZlIO4Z8tyoY43pd6ZiTHzfMxzy6Y83WqtWpzTbvvLO%2B0c00N0aodAQ6WdQ%2FNWIxJi9evT9d3Gs%2FtCH0CNqW6NozMgsINUKc7cFkc%2F1GEWg550SZg8KWQ%2B1H80spCCSf9zQqYf7TR%2FN6qOnkNRXlgXmAjq6A5vtIuyV6ukRPlqByAGMXhnmmz27%2BOpMRycowkrpyGEktv57aPDmewIiLaiMIXBq2VrxGg%2FJGVPebSegxSv166IchDZCbcfL29f2%2FAQAA%2F%2F8BAAD%2F%2F98rLymSBAAA HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45d5861100d2c9b84afb0295d6352d8d
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html

45.133.44.4

200 OK

661 B

URL GET HTTP/2
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text
Size
661 B (661 bytes)
Hash
027fddd0d322239ada2f2b8b93934fda
6f99560bca5c6d8d747c802f26058344eb179cec
a5b2073d8f57ef0469b777f73d6c3f4a85cc17b4c2ed2a53aa3f1acb2273dbd5

HTTP Headers

GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 09 May 2024 02:53:08 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png

188.114.97.1

200 OK

6.0 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 717284
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnjP36rRKeb%2FqLk4sw7AWLXoW3NH3sbvdX84XtbYuO664mAt%2FXmpHzoxViR%2BmZ%2BtbMTx585GuGaAEvYJqJYL0YpG04wriifAxCEx6u8MS7%2Fu46NfX4CM9pu8nYjThXkUQoZxLJP435%2BP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddb3e9156b7-OSL
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png

45.133.44.10

200 OK

14 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
14 kB (14496 bytes)
Hash
962ac416cce3fad636d4904386c8d3d4
811166fceb971353dc6a9ea3a153367f20b47592
ec6c8e1c030499a846897265d0c1f66dedc6ece17c1ea6006b700faf37e73555

HTTP Headers

GET /si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: image/png
content-length: 14496
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:05:10 GMT
etag: "656d25c6-38a0"
expires: Sat, 11 May 2024 01:53:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=70

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=70
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=70 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1188 bytes)
Hash
8ad348dfd1ff674a3e5d2d000a2e1480
e2140b067fc1a2bd278a9cc8ddb064a3eb9ac4a6
c5d367d9f52b99eeccb55a25220687fe1e5600c6bfd6ed854cab0b1c71aa28b6

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:53:08 GMT
date: Thu, 09 May 2024 01:53:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=13

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=13
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=13 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=383

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=383
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=383 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 404671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css

188.114.97.1

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
4.9 kB (4867 bytes)
Hash
fc638645a938f69e69360c75335ffd1a
143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4
7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90

HTTP Headers

GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSh%2B2Kp2ghROXeRZPNZA8UxOEvt6NU%2FgKhfCUJnVh%2F7VVgA02ELV629ipW5AMQdUYywTyy4xW5mbHMOnVLbq0ScjLLlNzcuqgNuAKVGEtPKRLBwUD%2B2TG99dZqRYV8i38f5DuCic96Kr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddab9cb56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

shapedcongest.com/pixel/sbs?c=1

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
shapedcongest.com/pixel/sbs?c=1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js

188.114.97.1

200 OK

48 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
48 kB (47823 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 725732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnkpxPcK9klzdjhqxla%2FvLJPaDSvg0Aj99lcEAWUaS39JCtKrCG86gy3BDwf35qE8Bqx4J%2BG34UGBoG38Vu2g78nc2q2rhaLr19LwEN6%2FlU4XSrkOFgEIEW%2BF7MaaLDK3NpWhmkTY3Pg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddb3e9356b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

shapedcongest.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSunuxNEJR4CuIIHiJkZ7vnf4wQEuPK4pqJSURvUn89Kbemq63qmp7sKbgguTl49NT7zW6W1SDJVTDIbMDDgrDjaQ%2FuxYtnhZxlxsHRd6j3Xn1fwVffe1%2Fu%2BjNShaen1z8w20prutaohOWLn0TR5fKmSvywPGw3P23WL5ft4K1OsxK%2BWX5P8i2zVg2jMIzCqLyurIzNcG0GQqWPOlGlE1bq1UrUqGNo%2F987H8DRAGJwRl6GEtOVZ8F5KD5B0n98XbqtzKSX3u17TTNjMRAHHyVbickT9JdlbAPEycGCDeNO1p%2FCJPtzuTCDf4lMTUnw81Ow5GAhEmywN9fJNGQCJl5APphA6gkUnYCbHShxQgAucKOLpP%2FwhrE5vfcPSmfolKw8%2Fwsqn5KV384j6X9%2FTath%2BbbRPlMmcRjGBdRwAtWbIPVHyLZLUPkRePYFlPiFrD3fRNLf6zptoMTpGzRkjAkerXY6rLVal2FtlTXadLUT1Wqtdlyvtpp0bpBSE6h4Ai1HoK4E7wJ4FcDHAXwaoC9OyzyKolYoOA3bHc5roiVZU4QRbcURjcJmG57P%2FjBClo7A9Qjc3kdq72NLjWD9T3B3CzhxDi6bkuDDzzEQBXJJkDuCnBLkiiDPCPJBsS%2B0q7riodDOs2iRq4tcK8Ym6%2B3SfZP1ZEJA7QhWFLvpGXlpZmLwWvcrbMnTcqfarMmQ03ZcbcdhtVarhzyqN3lUjZusUa%2FDqQLKlUBdgG01Ja8ffoNUnVz9A4wewekjcPUKqH8VNC9A7xbYTg57KvOuksgMwhRIsxVk94JdfUYuzCe40X0MyY%2Bv%2FF6bB7gtkNoCn6lnBD39YHzL5GTvlskdedJNM9VX23Q23dsZzeS5b9%2BX93JjxcZ1Nzq8ymfArHx0R7pskyZCJT1HvrumhJB23VguyY8b7mPJbnp395q3iU83b76zvtFPrXROmWQCOlvUPy24mpIXL9yZL%2B7FH7pQdgLrC%2FT9MVkElJmAp%2Ffh0qV%2BZwisXnJYGiD3xdhW2fJSKwItlz1lBdx%2Ferasx5bOXlNV7LoH6NkSaLaDpF9gYAsMdAGqR3D%2B3DhL7fGVXxcymC6NmbalPaat%2Fnpu8%2Bx4AqdOy7VQtJiMZYvJeqMeSy5Yo8FCHnNWE%2B02R%2Bam8duXdv4GAAD%2F%2FwEAAP%2F%2FX%2F%2F6wZIEAAA%3D

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
shapedcongest.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSunuxNEJR4CuIIHiJkZ7vnf4wQEuPK4pqJSURvUn89Kbemq63qmp7sKbgguTl49NT7zW6W1SDJVTDIbMDDgrDjaQ%2FuxYtnhZxlxsHRd6j3Xn1fwVffe1%2Fu%2BjNShaen1z8w20prutaohOWLn0TR5fKmSvywPGw3P23WL5ft4K1OsxK%2BWX5P8i2zVg2jMIzCqLyurIzNcG0GQqWPOlGlE1bq1UrUqGNo%2F987H8DRAGJwRl6GEtOVZ8F5KD5B0n98XbqtzKSX3u17TTNjMRAHHyVbickT9JdlbAPEycGCDeNO1p%2FCJPtzuTCDf4lMTUnw81Ow5GAhEmywN9fJNGQCJl5APphA6gkUnYCbHShxQgAucKOLpP%2FwhrE5vfcPSmfolKw8%2Fwsqn5KV384j6X9%2FTath%2BbbRPlMmcRjGBdRwAtWbIPVHyLZLUPkRePYFlPiFrD3fRNLf6zptoMTpGzRkjAkerXY6rLVal2FtlTXadLUT1Wqtdlyvtpp0bpBSE6h4Ai1HoK4E7wJ4FcDHAXwaoC9OyzyKolYoOA3bHc5roiVZU4QRbcURjcJmG57P%2FjBClo7A9Qjc3kdq72NLjWD9T3B3CzhxDi6bkuDDzzEQBXJJkDuCnBLkiiDPCPJBsS%2B0q7riodDOs2iRq4tcK8Ym6%2B3SfZP1ZEJA7QhWFLvpGXlpZmLwWvcrbMnTcqfarMmQ03ZcbcdhtVarhzyqN3lUjZusUa%2FDqQLKlUBdgG01Ja8ffoNUnVz9A4wewekjcPUKqH8VNC9A7xbYTg57KvOuksgMwhRIsxVk94JdfUYuzCe40X0MyY%2Bv%2FF6bB7gtkNoCn6lnBD39YHzL5GTvlskdedJNM9VX23Q23dsZzeS5b9%2BX93JjxcZ1Nzq8ymfArHx0R7pskyZCJT1HvrumhJB23VguyY8b7mPJbnp395q3iU83b76zvtFPrXROmWQCOlvUPy24mpIXL9yZL%2B7FH7pQdgLrC%2FT9MVkElJmAp%2Ffh0qV%2BZwisXnJYGiD3xdhW2fJSKwItlz1lBdx%2Ferasx5bOXlNV7LoH6NkSaLaDpF9gYAsMdAGqR3D%2B3DhL7fGVXxcymC6NmbalPaat%2Fnpu8%2Bx4AqdOy7VQtJiMZYvJeqMeSy5Yo8FCHnNWE%2B02R%2Bam8duXdv4GAAD%2F%2FwEAAP%2F%2FX%2F%2F6wZIEAAA%3D
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSunuxNEJR4CuIIHiJkZ7vnf4wQEuPK4pqJSURvUn89Kbemq63qmp7sKbgguTl49NT7zW6W1SDJVTDIbMDDgrDjaQ%2FuxYtnhZxlxsHRd6j3Xn1fwVffe1%2Fu%2BjNShaen1z8w20prutaohOWLn0TR5fKmSvywPGw3P23WL5ft4K1OsxK%2BWX5P8i2zVg2jMIzCqLyurIzNcG0GQqWPOlGlE1bq1UrUqGNo%2F987H8DRAGJwRl6GEtOVZ8F5KD5B0n98XbqtzKSX3u17TTNjMRAHHyVbickT9JdlbAPEycGCDeNO1p%2FCJPtzuTCDf4lMTUnw81Ow5GAhEmywN9fJNGQCJl5APphA6gkUnYCbHShxQgAucKOLpP%2FwhrE5vfcPSmfolKw8%2Fwsqn5KV384j6X9%2FTath%2BbbRPlMmcRjGBdRwAtWbIPVHyLZLUPkRePYFlPiFrD3fRNLf6zptoMTpGzRkjAkerXY6rLVal2FtlTXadLUT1Wqtdlyvtpp0bpBSE6h4Ai1HoK4E7wJ4FcDHAXwaoC9OyzyKolYoOA3bHc5roiVZU4QRbcURjcJmG57P%2FjBClo7A9Qjc3kdq72NLjWD9T3B3CzhxDi6bkuDDzzEQBXJJkDuCnBLkiiDPCPJBsS%2B0q7riodDOs2iRq4tcK8Ym6%2B3SfZP1ZEJA7QhWFLvpGXlpZmLwWvcrbMnTcqfarMmQ03ZcbcdhtVarhzyqN3lUjZusUa%2FDqQLKlUBdgG01Ja8ffoNUnVz9A4wewekjcPUKqH8VNC9A7xbYTg57KvOuksgMwhRIsxVk94JdfUYuzCe40X0MyY%2Bv%2FF6bB7gtkNoCn6lnBD39YHzL5GTvlskdedJNM9VX23Q23dsZzeS5b9%2BX93JjxcZ1Nzq8ymfArHx0R7pskyZCJT1HvrumhJB23VguyY8b7mPJbnp395q3iU83b76zvtFPrXROmWQCOlvUPy24mpIXL9yZL%2B7FH7pQdgLrC%2FT9MVkElJmAp%2Ffh0qV%2BZwisXnJYGiD3xdhW2fJSKwItlz1lBdx%2Ferasx5bOXlNV7LoH6NkSaLaDpF9gYAsMdAGqR3D%2B3DhL7fGVXxcymC6NmbalPaat%2Fnpu8%2Bx4AqdOy7VQtJiMZYvJeqMeSy5Yo8FCHnNWE%2B02R%2Bam8duXdv4GAAD%2F%2FwEAAP%2F%2FX%2F%2F6wZIEAAA%3D HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 92e4d9aff69edc47fceaf3ba9e6adc09
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7ed8beb2c0a20e737da7f8e83305d814
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 09 May 2024 01:52:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Xsq4mbh%2FkGyCa0vqxe%2F6OGvpwdD%2FAB5%2B8pcTBZhkvA%2FhiuLM1NK0%2BXLIZ1muM5AZp3%2FMUvVbGd3a5b1oUB1NQr7zx3ehMbLETwAWN6NcMfFoKubEQduAAaxcAQDY7qtz50CYP8d3QEnwOBhe8SAJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0d783ab6b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

glakaits.net/?rb=qoLND7oDT-u-7r4RnJEPZPbCSe_GKnM9WJ-RMmq4Avo92K_UY4N3T8SHK_EC18w1TFysFmJ5VeTRcemRgLLIWuQOjem6qNgVRYcl47wvYa5-ENXOkWylaY4_ODuDHgN3UiafZDt_cgbkocgKAWyD1xcQBp3cdawP37P_dcGr0f5TKARiRGKwrxX3OCaUgA8kuQKo57vR-zWMStkuFy_yE5Sq9IzEjRhL9sIblllK4KNz45iHuvONWQeU_TWG2jsC8G-3hQ%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=7a740c34-910d-4558-afb0-d972ea5073aa&wasm=1&userId=008057f2f6104fa7ebe04c4cd269e5f4&m=link

139.45.197.242

200 OK

2.7 kB

URL GET HTTP/2
glakaits.net/?rb=qoLND7oDT-u-7r4RnJEPZPbCSe_GKnM9WJ-RMmq4Avo92K_UY4N3T8SHK_EC18w1TFysFmJ5VeTRcemRgLLIWuQOjem6qNgVRYcl47wvYa5-ENXOkWylaY4_ODuDHgN3UiafZDt_cgbkocgKAWyD1xcQBp3cdawP37P_dcGr0f5TKARiRGKwrxX3OCaUgA8kuQKo57vR-zWMStkuFy_yE5Sq9IzEjRhL9sIblllK4KNz45iHuvONWQeU_TWG2jsC8G-3hQ%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=7a740c34-910d-4558-afb0-d972ea5073aa&wasm=1&userId=008057f2f6104fa7ebe04c4cd269e5f4&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2720), with no line terminators
Size
2.7 kB (2690 bytes)
Hash
8281327fdbdd20a5e5f466a47e652604
55864784bc64e9dcc350268bf585c345ad631e0b
4191c97ed2492b4ae954ff53dc0fc646f4393a7b22dc4c2e3a5faf9c9fbe30c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=qoLND7oDT-u-7r4RnJEPZPbCSe_GKnM9WJ-RMmq4Avo92K_UY4N3T8SHK_EC18w1TFysFmJ5VeTRcemRgLLIWuQOjem6qNgVRYcl47wvYa5-ENXOkWylaY4_ODuDHgN3UiafZDt_cgbkocgKAWyD1xcQBp3cdawP37P_dcGr0f5TKARiRGKwrxX3OCaUgA8kuQKo57vR-zWMStkuFy_yE5Sq9IzEjRhL9sIblllK4KNz45iHuvONWQeU_TWG2jsC8G-3hQ%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=7a740c34-910d-4558-afb0-d972ea5073aa&wasm=1&userId=008057f2f6104fa7ebe04c4cd269e5f4&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gitus.net/
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Cookie: OAID=008057f2f6104fa7ebe04c4cd269e5f4; oaidts=1715219572
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/json
x-trace-id: 8328563add13cec3f82b9f2320ae9846
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://gitus.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008057f2f6104fa7ebe04c4cd269e5f4; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
oaidts=1715219572; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 16 May 2024 01:52:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js

188.114.97.1

200 OK

382 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (411), with no line terminators
Size
382 B (382 bytes)
Hash
9ffae600059bf4e6adb35ebb274ae385
6130e466c04551baa2a5d650e6bd5a87daba73a7
a7d15e051fb3d3c31494683306bb7752478354894825b110d26d333cbeaaeb39

HTTP Headers

GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 52127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FCZWVnordNlYM6fTHEkKtBZZUP%2FzoLW9jCkfPvzoZ7Rzcs7GPvQnWidZ0EUwvLCp5PmmFgVJlZRV6Nrt4t%2FVKagjvO%2FPOGzK0iF%2B736Pr%2FlRqCf5YOY%2F7oss%2BuwNUyxRVYzbR%2BnLmqBk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddb9ebc56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=150

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=150
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subjectshapedcongest.com
Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01
ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=150 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:52:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0fdd1cd9b3121a3ebc2d93c4794d22a
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css

188.114.97.1

200 OK

4.6 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (4886), with no line terminators
Size
4.6 kB (4617 bytes)
Hash
1230b98f01a549572edcd2bf3bdcb4ad
ac87a2a752ffb8b5167566183fddd531d7971be9
9a2954fc66ebbb9adf18c2ea4403d2a0a5dedf2928f9905e1fc656f5dc1b208d

HTTP Headers

GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 127608
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ssNPBoJcRSomPZNquFRdJ96f5FlblrItzUEwil3y3PBX%2BJCJr2eTcZ0ENBpP75HJ0yoc1PstBIG2Lwm58P1DmeXQb5ViU91NALNbuCb4UOr%2B6lmhync4ICglKrgPqBtwnXXf9v3MwWEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddab9c956c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gitus.net/watch/?=7NS080524
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 604688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by