| gitus.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 | 78.135.87.2 | 200 OK | 14 kB |
URL GET HTTP/3gitus.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeASCII text, with very long lines (59701) Hash51a8390b47aa0582cf2d9c96c5addee2 b16a640874025d085c38119a1a02a3460f83f2de 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: text/css
last-modified: Sat, 06 Apr 2024 01:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14071
date: Thu, 09 May 2024 01:52:50 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
|
|
| gitus.net/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 | 78.135.87.2 | 200 OK | 4.4 kB |
URL GET HTTP/3gitus.net/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeASCII text, with very long lines (19564), with no line terminators Hash867585929ee8b21749cdefa675d9aa11 afbd7bc967068d4e804641f4b1df78ab37417144 bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d
GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 18:24:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4416
date: Thu, 09 May 2024 01:52:50 GMT
|
|
| gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 | 78.135.87.2 | 200 OK | 1.5 kB |
URL GET HTTP/3gitus.net/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeJavaScript source, ASCII text, with very long lines (6957), with no line terminators Hash70bb4fab119eb133cae33105b69f65cb 0c78a77e06be020674ca82d28b02a712615f7b35 395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936
GET /wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 18:24:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1546
date: Thu, 09 May 2024 01:52:50 GMT
|
|
| gitus.net/play.png | 78.135.87.2 | 200 OK | 40 kB |
IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typePNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced Hash1548e0a529c859d60164557c1619a60e 773b667e66c8a712673e5f26e3e0f10483edfaaa f9ed0ce815f22787aa1ad1abc0fb9988aa6e6b66200ca6146f1585883a40a10d
GET /play.png HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: image/png
last-modified: Mon, 22 Apr 2024 18:17:44 GMT
accept-ranges: bytes
content-length: 39992
date: Thu, 09 May 2024 01:52:50 GMT
|
|
| gitus.net/wp-content/uploads/2023/05/telegram-channel-300x96.webp | 78.135.87.2 | 200 OK | 5.8 kB |
URL GET HTTP/3gitus.net/wp-content/uploads/2023/05/telegram-channel-300x96.webp IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x96, Scaling: [none]x[none], YUV color, decoders should clamp Hash19927eb618d6d8a5f00c81509a1ab3b0 21316c888dafe934f19c4d010c71c6c2a22ab26d 246018f0503266eae1b1dfe2a1a3ab030c78a5d52d954eea666ac5dc3546b311
GET /wp-content/uploads/2023/05/telegram-channel-300x96.webp HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:50 GMT
content-type: image/webp
last-modified: Sun, 28 May 2023 09:41:28 GMT
accept-ranges: bytes
content-length: 5792
date: Thu, 09 May 2024 01:52:50 GMT
|
|
| continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1continentalfinishdislike.com/0628c4627ca50d7aec78b63c9d6947bc/invoke.js IP172.240.108.68:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcontinentalfinishdislike.com FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31277), with no line terminators Hash0f39d6109094c1666d3cfe78be1cf7be e4f1f2dfd4a54ec9c5f342d61b2dec1d7fc01e81 857d0a450074723d66e6eb02b7b2145f348b3f8cc884205cd5be0ae13e33ccd8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /0628c4627ca50d7aec78b63c9d6947bc/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3b7a5e69e322df8b4398d23ba4f4d2d1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1continentalfinishdislike.com/b11545e588bb39ae3149b6e82aed3eb2/invoke.js IP172.240.108.68:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcontinentalfinishdislike.com FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31296), with no line terminators Hash505beb1ad459b15d81f8909f6d2ca860 d2ca872c53368d27542b2823801eedbb0144b474 f62b399b71ffe107d35041ced696c09fbc7bbc3b9886619757ce884975457c6d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /b11545e588bb39ae3149b6e82aed3eb2/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5181c228b6a99e4cf50eef915b38772b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash17d83a6a1ce5ec032b9d0be6c8c68106 9b412e1c9f9694753b73daa262811ec4c420e7d1 935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 09 May 2024 01:52:51 GMT
Last-Modified: Thu, 09 May 2024 00:04:26 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4C0KvH_7SRnKcPFXq7M9Y3ui921paAxXnfNMxWtdQGNrOE-hMtPNIA==
Age: 6505
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashdb5731f2f270fce66d3372c3c286f73a 155d8f015ec347bd2edc7bf240740e20c4ce2ad4 ae7b5fe98e7e182bcab6a8510662c355f294070bfa904f5fccd185385183d634
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitus.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a106fa90-f1b8-49b6-9ac8-0a118f55fa81:1:1; expires=Sun, 07 May 2034 01:52:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash6519404060c71625c2324891f70f2bf3 5239b2ebfaf49bea7483a289765eb5b555a5d9d8 b75725d13872091ce6022416dda5b6a3d7880f0d49ba64cc1e6a05328c9c981d
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitus.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Sun, 07 May 2034 01:52:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1continentalfinishdislike.com/871902a25f4f75ff642515ce6baf163b/invoke.js IP172.240.108.68:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcontinentalfinishdislike.com FingerprintC1:84:51:DF:B5:EF:80:A6:C4:F9:66:B1:DE:E2:AF:6D:12:8F:F2:0C ValidityThu, 11 Apr 2024 06:32:21 GMT - Wed, 10 Jul 2024 06:32:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31250), with no line terminators Hasha5ef2656cc5dec03a90cde65c761bd89 fd4bfd6bafe25b7b16eaf5f29fc64f6329070b86 94e6f43ba61f733d3a0254e5fe793dedc2e39208916689aa73ca3af707a4cef1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /871902a25f4f75ff642515ce6baf163b/invoke.js HTTP/1.1
Host: continentalfinishdislike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8dcccf2dda0d2c4e14716688acdf0dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 | 78.135.87.2 | 200 OK | 4.7 kB |
URL GET HTTP/3gitus.net/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeJavaScript source, ASCII text, with very long lines (15752) Hashb976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.3 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Thu, 16 May 2024 01:52:51 GMT
content-type: application/javascript
last-modified: Sat, 06 Apr 2024 01:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4676
date: Thu, 09 May 2024 01:52:51 GMT
|
|
| arvigorothan.com/tag.min.js | 104.21.30.34 | 200 OK | 31 kB |
URL GET HTTP/2arvigorothan.com/tag.min.js IP104.21.30.34:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectarvigorothan.com Fingerprint3A:2D:B5:82:D0:74:59:F6:A0:25:BC:11:72:CE:92:28:1A:77:F7:F3 ValiditySat, 13 Apr 2024 22:48:55 GMT - Fri, 12 Jul 2024 22:48:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash76c2a69970c22493395c731940cfe07c c009ced71ef13eccbca3583729ede2e58156894e 0cd441d1f29495f38b588ddb04e10283e04ea626e2c5b79783710998031576d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: arvigorothan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:51 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 432ea3f91c8b45bc0d7fd769b5d1152a
cache-control: max-age=86400
last-modified: Wed, 08 May 2024 11:49:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 May 2024 13:59:04 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 42827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nsXWPPcgGm2c1lp1KSzEuMFCkiFUb4Rqm%2B%2B%2FXnr5KqxGnbv8vMJHfIJMvwc3yQPRDgqM2EDjhbJMAPda3JCpPk5u2QgrQzBE61ZHL9XQFCz%2FExBefec7QyW2Pp1sBflHpwdS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0d735f08b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| skilledskillemergency.com/watch.1189329983831.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 | 172.240.108.68 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1skilledskillemergency.com/watch.1189329983831.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 IP172.240.108.68:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectskilledskillemergency.com Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03 ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1189329983831.js?key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://skilledskillemergency.com/watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1
Set-Cookie: u_pl=18294299; expires=Fri, 10 May 2024 01:52:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI5OSwiayI6IjA2MjhjNDYyN2NhNTBkN2FlYzc4YjYzYzlkNjk0N2JjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ0bnNkcjBweGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.M6Gir2t7NAD68CyQvSTmCjJZTseQew8w0uL79ym1eRk; expires=Thu, 09 May 2024 01:53:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 15fbc7110aa572d8a9668b9b4438218a
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| restlessidea.com/watch.1422058122694.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 | 192.243.61.227 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1restlessidea.com/watch.1422058122694.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1422058122694.js?key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://restlessidea.com/watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
Set-Cookie: u_pl=18366955; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2Njk1NSwiayI6Ijg3MTkwMmEyNWY0Zjc1ZmY2NDI1MTVjZTZiYWYxNjNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiOW5uZzA3a2ViIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0dXMubmV0L3dhdGNoLz89N05TMDgwNTI0IiwiYXIiOltdfX0.HNGmphftrSX_kmPz0-2GGDb2HxKM1NPgyIIhpLIPWww; expires=Thu, 09 May 2024 01:53:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b68fe3d2cc508027687cd4d8693b864a
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| skilledskillemergency.com/watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 | 172.240.108.68 | 200 OK | 2.0 kB |
URL GET HTTP/1.1skilledskillemergency.com/watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 IP172.240.108.68:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectskilledskillemergency.com Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03 ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT
File typeJavaScript source, ASCII text, with very long lines (2435) Hash9dd8107d27773e391e37b6551b9c188d 3615b4ecf632a42e0d14f17281ff3f414fbbfa30 d76a01f6dcec62f43dbb204849b13a3cf8f2a2edc8e645c6d0ef4bb9f304f8f9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1189329983831.js?dev=e&key=0628c4627ca50d7aec78b63c9d6947bc&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219631&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=642149d313d5fb70a11611596002e525792d717adc48e4bab99aafc10f9119ce913dd30671f70c368c0692b46ae147fc3359907d474076c56d866dd0a89061641d76eb336ba80c7dfc3ed1b3f3ca4a06be1b3de1f05a796fe11c1bc8e35c&tz=0&uuid=a106fa90-f1b8-49b6-9ac8-0a118f55fa81%3A1%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18294299; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI5OSwiayI6IjA2MjhjNDYyN2NhNTBkN2FlYzc4YjYzYzlkNjk0N2JjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ0bnNkcjBweGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.M6Gir2t7NAD68CyQvSTmCjJZTseQew8w0uL79ym1eRk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a106fa90-f1b8-49b6-9ac8-0a118f55fa81:1:1; expires=Thu, 16 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv27=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs27=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3dc6c5f2dbb17344a376e53d832299a5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| restlessidea.com/watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 | 192.243.61.227 | 200 OK | 2.1 kB |
URL GET HTTP/1.1restlessidea.com/watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectrestlessidea.com FingerprintF1:1A:4C:F2:E9:86:B0:2E:A7:9E:26:57:D2:56:53:84:4B:25:CA:CD ValidityMon, 06 May 2024 08:16:28 GMT - Sun, 04 Aug 2024 08:16:27 GMT
File typeJavaScript source, ASCII text, with very long lines (2609) Hashcf159b85ce0e856e73cbb7df7628061b 9fb8a7d924ba91bdbabff1a0be11c3bb8722002b f65bcdcbd973319c32a6057cac51d311c31ee32423e579cce23786471be536e3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1422058122694.js?dev=e&key=871902a25f4f75ff642515ce6baf163b&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=e801a8ca1d6678459abe461f575b988b97eafcd44de546a415e630299c653546d39d363f1152135e4a5a90772f65218a2dca3f19d35836ed3499b05f3ea02cef478a340d760f932b29233c0f720d8c422ccaba&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: restlessidea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18366955; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2Njk1NSwiayI6Ijg3MTkwMmEyNWY0Zjc1ZmY2NDI1MTVjZTZiYWYxNjNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiOW5uZzA3a2ViIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0dXMubmV0L3dhdGNoLz89N05TMDgwNTI0IiwiYXIiOltdfX0.HNGmphftrSX_kmPz0-2GGDb2HxKM1NPgyIIhpLIPWww
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Thu, 16 May 2024 01:52:52 GMT; secure; SameSite=None
iprc67998e1f5dd5582b4e23ebbe33b016b1=3570421; expires=Thu, 09 May 2024 05:52:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv32=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs32=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13eb40f5dfea05f54904a857448a15e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| selfevidentvisual.com/watch.577768106697.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 | 192.243.61.227 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1selfevidentvisual.com/watch.577768106697.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectselfevidentvisual.com Fingerprint67:06:8B:12:1D:E0:78:04:09:96:B8:2C:9B:E1:75:AB:5F:7A:A1:AD ValidityMon, 06 May 2024 12:44:12 GMT - Sun, 04 Aug 2024 12:44:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.577768106697.js?key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&tz=0&dev=e&res=14.2071&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: selfevidentvisual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Location: https://selfevidentvisual.com/watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1
Set-Cookie: u_pl=18294265; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI2NSwiayI6ImIxMTU0NWU1ODhiYjM5YWUzMTQ5YjZlODJhZWQzZWIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im01NzlqYWpoaCIsImNwa3MiOnsiMjkiOiI5MjYzZTBjYThmMjhmMDIzMzQwYzE0NmMxMmY2YjU0NCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.aFzEnOAA-n8WgHHL_i3VFLQBI-YFjamHLeuMv0ynXus; expires=Thu, 09 May 2024 01:53:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c7ee3203f90dc6f7c2f4142f85f7e38
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| my.rtmark.net/gid.js?userId=008057f2f6104fa7ebe04c4cd269e5f4 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=008057f2f6104fa7ebe04c4cd269e5f4 IP139.45.195.8:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash2a70c4e507d0b5a6f074d9a012f2ae31 fbeedc98b1db0a26af19d672fea5acfd7d9ed2a8 4a15d7c8e7c630a5aa2af3418810fe47b991befac86de1aecfa30ee128b2467b
GET /gid.js?userId=008057f2f6104fa7ebe04c4cd269e5f4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://gitus.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008057f2f6104fa7ebe04c4cd269e5f4; expires=Fri, 09 May 2025 01:52:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| selfevidentvisual.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js | 192.243.61.227 | 200 OK | 16 kB |
URL GET HTTP/1.1selfevidentvisual.com/92/63/e0/9263e0ca8f28f023340c146c12f6b544.js IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectselfevidentvisual.com Fingerprint67:06:8B:12:1D:E0:78:04:09:96:B8:2C:9B:E1:75:AB:5F:7A:A1:AD ValidityMon, 06 May 2024 12:44:12 GMT - Sun, 04 Aug 2024 12:44:11 GMT
File typeJavaScript source, ASCII text, with very long lines (44045), with no line terminators Hash792bb6a548426b591680bd6041f1b7fe d0b7715daa4982bc0db74eecc5d37c320825157b 96608b298629ce3b8a2e9e1c96ca6df52bfc6d50be85b63dea776f5724147c6d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /92/63/e0/9263e0ca8f28f023340c146c12f6b544.js HTTP/1.1
Host: selfevidentvisual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5bbb5ab6e4634331eb311b7fae76925
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/6d/84/c9/6d84c95cf38073e236b57c8fd493bc60/1627917004.png | 45.133.44.10 | 200 OK | 22 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/6d/84/c9/6d84c95cf38073e236b57c8fd493bc60/1627917004.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 468 x 60, 8-bit/color RGB, non-interlaced Hashd3a2f167c25626f865850a86b565f2f1 49d449e3b737d891edb771546252fa59dfc2c041 72ce733b5eb986289ac3c3a5e7cd9939dd8b212f3b32bd019f5b65b53dc912ad
GET /cti/6d/84/c9/6d84c95cf38073e236b57c8fd493bc60/1627917004.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: image/png
content-length: 22093
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:10:15 GMT
etag: "61080ad7-564d"
expires: Sat, 11 May 2024 01:52:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg | 45.133.44.10 | 200 OK | 25 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, baseline, precision 8, 320x50, components 3 Hashd465d02b90e928dfd9d9846e102a9dac 22f7333777bec813bd9a7b870913a2b79b6d2fe4 e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Sat, 11 May 2024 01:52:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| selfevidentvisual.com/watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 | 192.243.61.227 | 200 OK | 2.0 kB |
URL GET HTTP/1.1selfevidentvisual.com/watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectselfevidentvisual.com Fingerprint67:06:8B:12:1D:E0:78:04:09:96:B8:2C:9B:E1:75:AB:5F:7A:A1:AD ValidityMon, 06 May 2024 12:44:12 GMT - Sun, 04 Aug 2024 12:44:11 GMT
File typeJavaScript source, ASCII text, with very long lines (2423) Hash1ae3b4ffd0d35df14cd7d022a10253d5 5edcc4bf156ac039114c2dc0a088b901ebef5ce9 15090f8c6867708c2521fed2a46f142b31065ff2becaa3e6b321878d2ab02de4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.577768106697.js?dev=e&key=b11545e588bb39ae3149b6e82aed3eb2&kw=%5B%22click%22%2C%22to%22%2C%22access%22%2C%22the%22%2C%22link%22%5D&pst=1715219632&refer=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&res=14.2071&rmtc=t&shu=f06f907c6fdf423b67363b3cbd1f97c8f5130503458e775049a33ba51f778dc4d0deb826ca6d2ea4d5c383a6b9f424574df36fa6f6c1dd08defce2c469278db9eb3696b3c4b0358cd8bf02336d3d3a71e80462&tz=0&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: selfevidentvisual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
Referer: https://gitus.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=18294265; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODI5NDI2NSwiayI6ImIxMTU0NWU1ODhiYjM5YWUzMTQ5YjZlODJhZWQzZWIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjA2MTA2LCJwaWQiOjE2ODcyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im01NzlqYWpoaCIsImNwa3MiOnsiMjkiOiI5MjYzZTBjYThmMjhmMDIzMzQwYzE0NmMxMmY2YjU0NCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXR1cy5uZXQvd2F0Y2gvPz03TlMwODA1MjQiLCJhciI6W119fQ.aFzEnOAA-n8WgHHL_i3VFLQBI-YFjamHLeuMv0ynXus
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:52:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Thu, 16 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 10 May 2024 01:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e0cae72fa4122a34961c1cf10504fe2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| gitus.net/favicon.ico | 78.135.87.2 | 404 Not Found | 708 B |
IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash2382378378c002d88b9a507c712c3349 2e894db3808b554abadc8b144338ad9e2ea937ba 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
GET /favicon.ico HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/watch/?=7NS080524
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1; prefetchAd_7156415=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Thu, 09 May 2024 01:52:52 GMT
|
|
| cdn.cloudimagesb.com/cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png | 45.133.44.10 | 200 OK | 63 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hash5942ffc6b6a9c37ff916a6a75f8e56cf 4660db02422b646fe368c795a3dcf8fa1ef97ce5 0acbcb3c359cff614a772250f6475c3c44c1a32a13e6b1996f5cfbc6ea80ee0d
GET /cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: image/png
content-length: 63346
server: nginx/1.21.6
last-modified: Mon, 12 Feb 2024 08:18:33 GMT
etag: "65c9d459-f772"
expires: Sat, 11 May 2024 01:52:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| glakaits.net/5/7156415/?oo=1&js_build=iclick-v1.790.0 | 139.45.197.242 | 200 OK | 3.5 kB |
URL GET HTTP/2glakaits.net/5/7156415/?oo=1&js_build=iclick-v1.790.0 IP139.45.197.242:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectglakaits.net Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02 ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT
File typegzip compressed data, max speed, from Unix Hash0a2628c8dfaf5a8e80bfd2770fcdb791 d1b57c942481d49910af711aa6e2d7568b986a1f 91f24610ee999ba08738b14ead21e2e91b4e5e17e360ef23504f72b305a71e0f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/7156415/?oo=1&js_build=iclick-v1.790.0 HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/json
x-trace-id: 060677b2dff963cc505152f67f3a5548
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://gitus.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008057f2f6104fa7ebe04c4cd269e5f4; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
oaidts=1715219572; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| gitus.net/watch/?=7NS080524 | 78.135.87.2 | 200 OK | 46 kB |
URL User Request GET HTTP/2gitus.net/watch/?=7NS080524 IP78.135.87.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
CertificateIssuerLet's Encrypt Subject*.gitus.net FingerprintB3:5B:E9:49:F2:94:13:B1:1C:37:F9:DF:39:F8:3C:01:4D:E5:9A:6C ValidityTue, 23 Apr 2024 18:58:37 GMT - Mon, 22 Jul 2024 18:58:36 GMT
File typeHTML document, ASCII text, with very long lines (8903), with CRLF, LF line terminators Hash7446bd3d609318ced151ab292ff348c3 8d99af93fe7b0a2d3e65ab5b7be0835a727389a8 d9e132eefd9e7be2bbe3864ec5d2901d72283a9a6cfe1306098c9c2247a1d1ba
GET /watch/?=7NS080524 HTTP/1.1
Host: gitus.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
x-ua-compatible: IE=edge
link: <https://gitus.net/wp-json/>; rel="https://api.w.org/", <https://gitus.net/wp-json/wp/v2/pages/34>; rel="alternate"; type="application/json", <https://gitus.net/?p=34>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 May 2024 01:52:49 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| shapedcongest.com/sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 | 192.243.59.13 | 200 OK | 8.3 kB |
URL GET HTTP/1.1shapedcongest.com/sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashe620ba0bee8042ae57de20aa75014a32 842c8eb609f35d8057f0a0bc8cd1450ae80616c5 ece213f0547d8354585daf93f99d58cf0a9cbdb6652eda966a052490f9a0694b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=9263e0ca8f28f023340c146c12f6b544&uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a%3A2%3A1 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitus.net
Access-Control-Allow-Origin: https://gitus.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18829199; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; expires=Thu, 16 May 2024 01:53:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 10 May 2024 01:53:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c12883f709c872fdad9d9da265b1e8a4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| shapedcongest.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSunuQmCMp6WsQRPKywmfTPpGfGFZaNMRKMO%2Bvuit6kuqt6Uqamq63qmp7kFAzI3hw8eup8k2yILrJ7FVxksuAhIGQ85WAuXjwr7FlmHBx9h3rv1fcVfPW99%2BWBvSQ%2BLL1Y%2B0DtCinp8krNrV77xPNuVDdFavvVfjP8NKzfqOreW62w5r5ZfY%2FH22rZdz3X9Vyvui40T1R%2FeQJCZI9aXq3l1up%2BzVupo6%2F%2F3xvrwFAHrHdJXoZg48VnzhWIeIS0%2B3iNm%2B1cZdff7VpJc6XRY8cfpdupKlJ052WiHSTp8YwNZc7Xn0KlR1O5UL1%2FiZEYE%2Bfnp4jS45lIRL3Dqc5IgqeI2AsoeiNwOYKgI8RqH4KdEyBmuN1G2n14W%2BmC7vyD0gk6JovP%2F4IoxmTxtytIu9%2BvStGv3lPS5kKlBv2khOiPIDojZPYU%2BW4FojhFnH8BwX4hy883kXYP20YqCHbxBnWjKGKxt9RqRY2lOneDpWilSZdaXhA0mkndb4R0apAQI4hkBMkHoKYCaxxY4cAmDmzmoMsuqrHneQ2XxdRttuI4YA0ehcz1aCPxqOeGTdh48ocB8myAWA4Q6z1keg%2FbYgBtf4LZKmHYAkw%2BJs6Hn6PHShScoDAEBSUoBEGRExS98ohJ45vyIZPGRt4s%2B7MclEOVdw7okco7PCWgegDNyoPskrw0MdF5rf0VtvlFteWHAXdj2kz8ZuL6QVB3Y68exp6fhNFKvQ4jSghTATUOdsWYvH7yDTJxfusPRPQURp4iFq%2BA2ldBixJ0q8RuetIRuTW1lOdgqkSWLyLfcQ7kJbk6neBG%2BzF4fHbz92AaiHWJTJf4TDwj6MgHw7uqIId3VWHIk3aWi67YpZPp3stpzhe%2BfZ%2FvFEqzjTUzOLkVT4BJ%2Beg%2BN%2FkmTZlIO4Z8tyoY43pd6ZiTHzfMxzy6Y83WqtWpzTbvvLO%2B0c00N0aodAQ6WdQ%2FNWIxJi9evT9d3Gs%2FtCH0CNqW6NozMgsINUKc7cFkc%2F1GEWg550SZg8KWQ%2B1H80spCCSf9zQqYf7TR%2FN6qOnkNRXlgXmAjq6A5vtIuyV6ukRPlqByAGMXhnmmz27%2BOpMRycowkrpyGEktv57aPDmewIiLaiMIXBq2VrxGg%2FJGVPebSegxSv166IchDZCbcfL29f2%2FAQAA%2F%2F8BAAD%2F%2F98rLymSBAAA | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1shapedcongest.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSunuQmCMp6WsQRPKywmfTPpGfGFZaNMRKMO%2Bvuit6kuqt6Uqamq63qmp7kFAzI3hw8eup8k2yILrJ7FVxksuAhIGQ85WAuXjwr7FlmHBx9h3rv1fcVfPW99%2BWBvSQ%2BLL1Y%2B0DtCinp8krNrV77xPNuVDdFavvVfjP8NKzfqOreW62w5r5ZfY%2FH22rZdz3X9Vyvui40T1R%2FeQJCZI9aXq3l1up%2BzVupo6%2F%2F3xvrwFAHrHdJXoZg48VnzhWIeIS0%2B3iNm%2B1cZdff7VpJc6XRY8cfpdupKlJ052WiHSTp8YwNZc7Xn0KlR1O5UL1%2FiZEYE%2Bfnp4jS45lIRL3Dqc5IgqeI2AsoeiNwOYKgI8RqH4KdEyBmuN1G2n14W%2BmC7vyD0gk6JovP%2F4IoxmTxtytIu9%2BvStGv3lPS5kKlBv2khOiPIDojZPYU%2BW4FojhFnH8BwX4hy883kXYP20YqCHbxBnWjKGKxt9RqRY2lOneDpWilSZdaXhA0mkndb4R0apAQI4hkBMkHoKYCaxxY4cAmDmzmoMsuqrHneQ2XxdRttuI4YA0ehcz1aCPxqOeGTdh48ocB8myAWA4Q6z1keg%2FbYgBtf4LZKmHYAkw%2BJs6Hn6PHShScoDAEBSUoBEGRExS98ohJ45vyIZPGRt4s%2B7MclEOVdw7okco7PCWgegDNyoPskrw0MdF5rf0VtvlFteWHAXdj2kz8ZuL6QVB3Y68exp6fhNFKvQ4jSghTATUOdsWYvH7yDTJxfusPRPQURp4iFq%2BA2ldBixJ0q8RuetIRuTW1lOdgqkSWLyLfcQ7kJbk6neBG%2BzF4fHbz92AaiHWJTJf4TDwj6MgHw7uqIId3VWHIk3aWi67YpZPp3stpzhe%2BfZ%2FvFEqzjTUzOLkVT4BJ%2Beg%2BN%2FkmTZlIO4Z8tyoY43pd6ZiTHzfMxzy6Y83WqtWpzTbvvLO%2B0c00N0aodAQ6WdQ%2FNWIxJi9evT9d3Gs%2FtCH0CNqW6NozMgsINUKc7cFkc%2F1GEWg550SZg8KWQ%2B1H80spCCSf9zQqYf7TR%2FN6qOnkNRXlgXmAjq6A5vtIuyV6ukRPlqByAGMXhnmmz27%2BOpMRycowkrpyGEktv57aPDmewIiLaiMIXBq2VrxGg%2FJGVPebSegxSv166IchDZCbcfL29f2%2FAQAA%2F%2F8BAAD%2F%2F98rLymSBAAA IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSunuQmCMp6WsQRPKywmfTPpGfGFZaNMRKMO%2Bvuit6kuqt6Uqamq63qmp7kFAzI3hw8eup8k2yILrJ7FVxksuAhIGQ85WAuXjwr7FlmHBx9h3rv1fcVfPW99%2BWBvSQ%2BLL1Y%2B0DtCinp8krNrV77xPNuVDdFavvVfjP8NKzfqOreW62w5r5ZfY%2FH22rZdz3X9Vyvui40T1R%2FeQJCZI9aXq3l1up%2BzVupo6%2F%2F3xvrwFAHrHdJXoZg48VnzhWIeIS0%2B3iNm%2B1cZdff7VpJc6XRY8cfpdupKlJ052WiHSTp8YwNZc7Xn0KlR1O5UL1%2FiZEYE%2Bfnp4jS45lIRL3Dqc5IgqeI2AsoeiNwOYKgI8RqH4KdEyBmuN1G2n14W%2BmC7vyD0gk6JovP%2F4IoxmTxtytIu9%2BvStGv3lPS5kKlBv2khOiPIDojZPYU%2BW4FojhFnH8BwX4hy883kXYP20YqCHbxBnWjKGKxt9RqRY2lOneDpWilSZdaXhA0mkndb4R0apAQI4hkBMkHoKYCaxxY4cAmDmzmoMsuqrHneQ2XxdRttuI4YA0ehcz1aCPxqOeGTdh48ocB8myAWA4Q6z1keg%2FbYgBtf4LZKmHYAkw%2BJs6Hn6PHShScoDAEBSUoBEGRExS98ohJ45vyIZPGRt4s%2B7MclEOVdw7okco7PCWgegDNyoPskrw0MdF5rf0VtvlFteWHAXdj2kz8ZuL6QVB3Y68exp6fhNFKvQ4jSghTATUOdsWYvH7yDTJxfusPRPQURp4iFq%2BA2ldBixJ0q8RuetIRuTW1lOdgqkSWLyLfcQ7kJbk6neBG%2BzF4fHbz92AaiHWJTJf4TDwj6MgHw7uqIId3VWHIk3aWi67YpZPp3stpzhe%2BfZ%2FvFEqzjTUzOLkVT4BJ%2Beg%2BN%2FkmTZlIO4Z8tyoY43pd6ZiTHzfMxzy6Y83WqtWpzTbvvLO%2B0c00N0aodAQ6WdQ%2FNWIxJi9evT9d3Gs%2FtCH0CNqW6NozMgsINUKc7cFkc%2F1GEWg550SZg8KWQ%2B1H80spCCSf9zQqYf7TR%2FN6qOnkNRXlgXmAjq6A5vtIuyV6ukRPlqByAGMXhnmmz27%2BOpMRycowkrpyGEktv57aPDmewIiLaiMIXBq2VrxGg%2FJGVPebSegxSv166IchDZCbcfL29f2%2FAQAA%2F%2F8BAAD%2F%2F98rLymSBAAA HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45d5861100d2c9b84afb0295d6352d8d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html | 45.133.44.4 | 200 OK | 661 B |
URL GET HTTP/2cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html IP45.133.44.4:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3 ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File typeHTML document, ASCII text Hash027fddd0d322239ada2f2b8b93934fda 6f99560bca5c6d8d747c802f26058344eb179cec a5b2073d8f57ef0469b777f73d6c3f4a85cc17b4c2ed2a53aa3f1acb2273dbd5
GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 09 May 2024 02:53:08 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png | 188.114.97.1 | 200 OK | 6.0 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced Hashc489ce2c491a22ee37a55e26a92dfd73 2fa588ab09e94dd902e5bd24b48f98ad1949c9d6 1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 717284
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnjP36rRKeb%2FqLk4sw7AWLXoW3NH3sbvdX84XtbYuO664mAt%2FXmpHzoxViR%2BmZ%2BtbMTx585GuGaAEvYJqJYL0YpG04wriifAxCEx6u8MS7%2Fu46NfX4CM9pu8nYjThXkUQoZxLJP435%2BP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddb3e9156b7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png | 45.133.44.10 | 200 OK | 14 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash962ac416cce3fad636d4904386c8d3d4 811166fceb971353dc6a9ea3a153367f20b47592 ec6c8e1c030499a846897265d0c1f66dedc6ece17c1ea6006b700faf37e73555
GET /si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: image/png
content-length: 14496
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:05:10 GMT
etag: "656d25c6-38a0"
expires: Sat, 11 May 2024 01:53:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=70 | 192.243.59.13 | 200 OK | 0 B |
URL GET HTTP/1.1shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=70 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=70 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash8ad348dfd1ff674a3e5d2d000a2e1480 e2140b067fc1a2bd278a9cc8ddb064a3eb9ac4a6 c5d367d9f52b99eeccb55a25220687fe1e5600c6bfd6ed854cab0b1c71aa28b6
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:53:08 GMT
date: Thu, 09 May 2024 01:53:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=13 | 192.243.59.13 | 200 OK | 0 B |
URL GET HTTP/1.1shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=13 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=13 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=383 | 192.243.59.13 | 200 OK | 0 B |
URL GET HTTP/1.1shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=383 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=383 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 404671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css | 188.114.97.1 | 200 OK | 4.9 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hashfc638645a938f69e69360c75335ffd1a 143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4 7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90
GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSh%2B2Kp2ghROXeRZPNZA8UxOEvt6NU%2FgKhfCUJnVh%2F7VVgA02ELV629ipW5AMQdUYywTyy4xW5mbHMOnVLbq0ScjLLlNzcuqgNuAKVGEtPKRLBwUD%2B2TG99dZqRYV8i38f5DuCic96Kr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddab9cb56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| shapedcongest.com/pixel/sbs?c=1 | 192.243.59.13 | 200 OK | 0 B |
URL GET HTTP/1.1shapedcongest.com/pixel/sbs?c=1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js | 188.114.97.1 | 200 OK | 48 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 725732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnkpxPcK9klzdjhqxla%2FvLJPaDSvg0Aj99lcEAWUaS39JCtKrCG86gy3BDwf35qE8Bqx4J%2BG34UGBoG38Vu2g78nc2q2rhaLr19LwEN6%2FlU4XSrkOFgEIEW%2BF7MaaLDK3NpWhmkTY3Pg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddb3e9356b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| shapedcongest.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSunuxNEJR4CuIIHiJkZ7vnf4wQEuPK4pqJSURvUn89Kbemq63qmp7sKbgguTl49NT7zW6W1SDJVTDIbMDDgrDjaQ%2FuxYtnhZxlxsHRd6j3Xn1fwVffe1%2Fu%2BjNShaen1z8w20prutaohOWLn0TR5fKmSvywPGw3P23WL5ft4K1OsxK%2BWX5P8i2zVg2jMIzCqLyurIzNcG0GQqWPOlGlE1bq1UrUqGNo%2F987H8DRAGJwRl6GEtOVZ8F5KD5B0n98XbqtzKSX3u17TTNjMRAHHyVbickT9JdlbAPEycGCDeNO1p%2FCJPtzuTCDf4lMTUnw81Ow5GAhEmywN9fJNGQCJl5APphA6gkUnYCbHShxQgAucKOLpP%2FwhrE5vfcPSmfolKw8%2Fwsqn5KV384j6X9%2FTath%2BbbRPlMmcRjGBdRwAtWbIPVHyLZLUPkRePYFlPiFrD3fRNLf6zptoMTpGzRkjAkerXY6rLVal2FtlTXadLUT1Wqtdlyvtpp0bpBSE6h4Ai1HoK4E7wJ4FcDHAXwaoC9OyzyKolYoOA3bHc5roiVZU4QRbcURjcJmG57P%2FjBClo7A9Qjc3kdq72NLjWD9T3B3CzhxDi6bkuDDzzEQBXJJkDuCnBLkiiDPCPJBsS%2B0q7riodDOs2iRq4tcK8Ym6%2B3SfZP1ZEJA7QhWFLvpGXlpZmLwWvcrbMnTcqfarMmQ03ZcbcdhtVarhzyqN3lUjZusUa%2FDqQLKlUBdgG01Ja8ffoNUnVz9A4wewekjcPUKqH8VNC9A7xbYTg57KvOuksgMwhRIsxVk94JdfUYuzCe40X0MyY%2Bv%2FF6bB7gtkNoCn6lnBD39YHzL5GTvlskdedJNM9VX23Q23dsZzeS5b9%2BX93JjxcZ1Nzq8ymfArHx0R7pskyZCJT1HvrumhJB23VguyY8b7mPJbnp395q3iU83b76zvtFPrXROmWQCOlvUPy24mpIXL9yZL%2B7FH7pQdgLrC%2FT9MVkElJmAp%2Ffh0qV%2BZwisXnJYGiD3xdhW2fJSKwItlz1lBdx%2Ferasx5bOXlNV7LoH6NkSaLaDpF9gYAsMdAGqR3D%2B3DhL7fGVXxcymC6NmbalPaat%2Fnpu8%2Bx4AqdOy7VQtJiMZYvJeqMeSy5Yo8FCHnNWE%2B02R%2Bam8duXdv4GAAD%2F%2FwEAAP%2F%2FX%2F%2F6wZIEAAA%3D | 172.240.108.76 | 200 OK | 0 B |
URL GET HTTP/1.1shapedcongest.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSunuxNEJR4CuIIHiJkZ7vnf4wQEuPK4pqJSURvUn89Kbemq63qmp7sKbgguTl49NT7zW6W1SDJVTDIbMDDgrDjaQ%2FuxYtnhZxlxsHRd6j3Xn1fwVffe1%2Fu%2BjNShaen1z8w20prutaohOWLn0TR5fKmSvywPGw3P23WL5ft4K1OsxK%2BWX5P8i2zVg2jMIzCqLyurIzNcG0GQqWPOlGlE1bq1UrUqGNo%2F987H8DRAGJwRl6GEtOVZ8F5KD5B0n98XbqtzKSX3u17TTNjMRAHHyVbickT9JdlbAPEycGCDeNO1p%2FCJPtzuTCDf4lMTUnw81Ow5GAhEmywN9fJNGQCJl5APphA6gkUnYCbHShxQgAucKOLpP%2FwhrE5vfcPSmfolKw8%2Fwsqn5KV384j6X9%2FTath%2BbbRPlMmcRjGBdRwAtWbIPVHyLZLUPkRePYFlPiFrD3fRNLf6zptoMTpGzRkjAkerXY6rLVal2FtlTXadLUT1Wqtdlyvtpp0bpBSE6h4Ai1HoK4E7wJ4FcDHAXwaoC9OyzyKolYoOA3bHc5roiVZU4QRbcURjcJmG57P%2FjBClo7A9Qjc3kdq72NLjWD9T3B3CzhxDi6bkuDDzzEQBXJJkDuCnBLkiiDPCPJBsS%2B0q7riodDOs2iRq4tcK8Ym6%2B3SfZP1ZEJA7QhWFLvpGXlpZmLwWvcrbMnTcqfarMmQ03ZcbcdhtVarhzyqN3lUjZusUa%2FDqQLKlUBdgG01Ja8ffoNUnVz9A4wewekjcPUKqH8VNC9A7xbYTg57KvOuksgMwhRIsxVk94JdfUYuzCe40X0MyY%2Bv%2FF6bB7gtkNoCn6lnBD39YHzL5GTvlskdedJNM9VX23Q23dsZzeS5b9%2BX93JjxcZ1Nzq8ymfArHx0R7pskyZCJT1HvrumhJB23VguyY8b7mPJbnp395q3iU83b76zvtFPrXROmWQCOlvUPy24mpIXL9yZL%2B7FH7pQdgLrC%2FT9MVkElJmAp%2Ffh0qV%2BZwisXnJYGiD3xdhW2fJSKwItlz1lBdx%2Ferasx5bOXlNV7LoH6NkSaLaDpF9gYAsMdAGqR3D%2B3DhL7fGVXxcymC6NmbalPaat%2Fnpu8%2Bx4AqdOy7VQtJiMZYvJeqMeSy5Yo8FCHnNWE%2B02R%2Bam8duXdv4GAAD%2F%2FwEAAP%2F%2FX%2F%2F6wZIEAAA%3D IP172.240.108.76:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSunuxNEJR4CuIIHiJkZ7vnf4wQEuPK4pqJSURvUn89Kbemq63qmp7sKbgguTl49NT7zW6W1SDJVTDIbMDDgrDjaQ%2FuxYtnhZxlxsHRd6j3Xn1fwVffe1%2Fu%2BjNShaen1z8w20prutaohOWLn0TR5fKmSvywPGw3P23WL5ft4K1OsxK%2BWX5P8i2zVg2jMIzCqLyurIzNcG0GQqWPOlGlE1bq1UrUqGNo%2F987H8DRAGJwRl6GEtOVZ8F5KD5B0n98XbqtzKSX3u17TTNjMRAHHyVbickT9JdlbAPEycGCDeNO1p%2FCJPtzuTCDf4lMTUnw81Ow5GAhEmywN9fJNGQCJl5APphA6gkUnYCbHShxQgAucKOLpP%2FwhrE5vfcPSmfolKw8%2Fwsqn5KV384j6X9%2FTath%2BbbRPlMmcRjGBdRwAtWbIPVHyLZLUPkRePYFlPiFrD3fRNLf6zptoMTpGzRkjAkerXY6rLVal2FtlTXadLUT1Wqtdlyvtpp0bpBSE6h4Ai1HoK4E7wJ4FcDHAXwaoC9OyzyKolYoOA3bHc5roiVZU4QRbcURjcJmG57P%2FjBClo7A9Qjc3kdq72NLjWD9T3B3CzhxDi6bkuDDzzEQBXJJkDuCnBLkiiDPCPJBsS%2B0q7riodDOs2iRq4tcK8Ym6%2B3SfZP1ZEJA7QhWFLvpGXlpZmLwWvcrbMnTcqfarMmQ03ZcbcdhtVarhzyqN3lUjZusUa%2FDqQLKlUBdgG01Ja8ffoNUnVz9A4wewekjcPUKqH8VNC9A7xbYTg57KvOuksgMwhRIsxVk94JdfUYuzCe40X0MyY%2Bv%2FF6bB7gtkNoCn6lnBD39YHzL5GTvlskdedJNM9VX23Q23dsZzeS5b9%2BX93JjxcZ1Nzq8ymfArHx0R7pskyZCJT1HvrumhJB23VguyY8b7mPJbnp395q3iU83b76zvtFPrXROmWQCOlvUPy24mpIXL9yZL%2B7FH7pQdgLrC%2FT9MVkElJmAp%2Ffh0qV%2BZwisXnJYGiD3xdhW2fJSKwItlz1lBdx%2Ferasx5bOXlNV7LoH6NkSaLaDpF9gYAsMdAGqR3D%2B3DhL7fGVXxcymC6NmbalPaat%2Fnpu8%2Bx4AqdOy7VQtJiMZYvJeqMeSy5Yo8FCHnNWE%2B02R%2Bam8duXdv4GAAD%2F%2FwEAAP%2F%2FX%2F%2F6wZIEAAA%3D HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 92e4d9aff69edc47fceaf3ba9e6adc09
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.97.1 | 200 OK | 86 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7ed8beb2c0a20e737da7f8e83305d814
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 09 May 2024 01:52:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Xsq4mbh%2FkGyCa0vqxe%2F6OGvpwdD%2FAB5%2B8pcTBZhkvA%2FhiuLM1NK0%2BXLIZ1muM5AZp3%2FMUvVbGd3a5b1oUB1NQr7zx3ehMbLETwAWN6NcMfFoKubEQduAAaxcAQDY7qtz50CYP8d3QEnwOBhe8SAJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0d783ab6b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| glakaits.net/?rb=qoLND7oDT-u-7r4RnJEPZPbCSe_GKnM9WJ-RMmq4Avo92K_UY4N3T8SHK_EC18w1TFysFmJ5VeTRcemRgLLIWuQOjem6qNgVRYcl47wvYa5-ENXOkWylaY4_ODuDHgN3UiafZDt_cgbkocgKAWyD1xcQBp3cdawP37P_dcGr0f5TKARiRGKwrxX3OCaUgA8kuQKo57vR-zWMStkuFy_yE5Sq9IzEjRhL9sIblllK4KNz45iHuvONWQeU_TWG2jsC8G-3hQ%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=7a740c34-910d-4558-afb0-d972ea5073aa&wasm=1&userId=008057f2f6104fa7ebe04c4cd269e5f4&m=link | 139.45.197.242 | 200 OK | 2.7 kB |
URL GET HTTP/2glakaits.net/?rb=qoLND7oDT-u-7r4RnJEPZPbCSe_GKnM9WJ-RMmq4Avo92K_UY4N3T8SHK_EC18w1TFysFmJ5VeTRcemRgLLIWuQOjem6qNgVRYcl47wvYa5-ENXOkWylaY4_ODuDHgN3UiafZDt_cgbkocgKAWyD1xcQBp3cdawP37P_dcGr0f5TKARiRGKwrxX3OCaUgA8kuQKo57vR-zWMStkuFy_yE5Sq9IzEjRhL9sIblllK4KNz45iHuvONWQeU_TWG2jsC8G-3hQ%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=7a740c34-910d-4558-afb0-d972ea5073aa&wasm=1&userId=008057f2f6104fa7ebe04c4cd269e5f4&m=link IP139.45.197.242:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectglakaits.net Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02 ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2720), with no line terminators Hash8281327fdbdd20a5e5f466a47e652604 55864784bc64e9dcc350268bf585c345ad631e0b 4191c97ed2492b4ae954ff53dc0fc646f4393a7b22dc4c2e3a5faf9c9fbe30c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=qoLND7oDT-u-7r4RnJEPZPbCSe_GKnM9WJ-RMmq4Avo92K_UY4N3T8SHK_EC18w1TFysFmJ5VeTRcemRgLLIWuQOjem6qNgVRYcl47wvYa5-ENXOkWylaY4_ODuDHgN3UiafZDt_cgbkocgKAWyD1xcQBp3cdawP37P_dcGr0f5TKARiRGKwrxX3OCaUgA8kuQKo57vR-zWMStkuFy_yE5Sq9IzEjRhL9sIblllK4KNz45iHuvONWQeU_TWG2jsC8G-3hQ%3D%3D&request_ab2=0&zoneid=7156415&js_build=iclick-v1.790.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fgitus.net%2Fwatch%2F%3F%3D7NS080524&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.790.0&navlng=en-US&pnt=0&pnrc=0&bs=7a740c34-910d-4558-afb0-d972ea5073aa&wasm=1&userId=008057f2f6104fa7ebe04c4cd269e5f4&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gitus.net/
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Cookie: OAID=008057f2f6104fa7ebe04c4cd269e5f4; oaidts=1715219572
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:52:52 GMT
content-type: application/json
x-trace-id: 8328563add13cec3f82b9f2320ae9846
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://gitus.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008057f2f6104fa7ebe04c4cd269e5f4; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
oaidts=1715219572; expires=Fri, 09 May 2025 01:52:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 16 May 2024 01:52:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js | 188.114.97.1 | 200 OK | 382 B |
URL GET HTTP/3cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (411), with no line terminators Hash9ffae600059bf4e6adb35ebb274ae385 6130e466c04551baa2a5d650e6bd5a87daba73a7 a7d15e051fb3d3c31494683306bb7752478354894825b110d26d333cbeaaeb39
GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 52127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FCZWVnordNlYM6fTHEkKtBZZUP%2FzoLW9jCkfPvzoZ7Rzcs7GPvQnWidZ0EUwvLCp5PmmFgVJlZRV6Nrt4t%2FVKagjvO%2FPOGzK0iF%2B736Pr%2FlRqCf5YOY%2F7oss%2BuwNUyxRVYzbR%2BnLmqBk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddb9ebc56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=150 | 192.243.59.13 | 200 OK | 0 B |
URL GET HTTP/1.1shapedcongest.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=150 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=150 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Cookie: u_pl=18829199; uid_id2=a0bbbdc1-99b7-4e03-b58a-913378f4276a:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:53:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| unseenreport.com/pxf.gif?uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 | 192.243.59.20 | 200 OK | 0 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=a0bbbdc1-99b7-4e03-b58a-913378f4276a&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9263e0ca8f28f023340c146c12f6b544&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 May 2024 01:52:53 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0fdd1cd9b3121a3ebc2d93c4794d22a
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css | 188.114.97.1 | 200 OK | 4.6 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css IP188.114.97.1:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (4886), with no line terminators Hash1230b98f01a549572edcd2bf3bdcb4ad ac87a2a752ffb8b5167566183fddd531d7971be9 9a2954fc66ebbb9adf18c2ea4403d2a0a5dedf2928f9905e1fc656f5dc1b208d
GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://gitus.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:53:08 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 127608
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ssNPBoJcRSomPZNquFRdJ96f5FlblrItzUEwil3y3PBX%2BJCJr2eTcZ0ENBpP75HJ0yoc1PstBIG2Lwm58P1DmeXQb5ViU91NALNbuCb4UOr%2B6lmhync4ICglKrgPqBtwnXXf9v3MwWEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e0ddab9c956c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://gitus.net/watch/?=7NS080524 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitus.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 604688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|