Report - sylvesterblacknallbsmxkuerr.pages.dev/

Report Overview

Submitted URL
sylvesterblacknallbsmxkuerr.pages.dev/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 20:12:25
Access
public
Website Title
sylvesterblacknallbsmxkuerr.pages.dev/
Final URL
sylvesterblacknallbsmxkuerr.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-09	757 B	423 B	192.243.61.225
shayscholz.blogspot.com	unknown	2000-07-31	2024-03-16	2024-03-16	452 B	894 B	216.58.207.193
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-09	434 B	87 kB	188.114.97.1
ads.bisniskini.biz.id	unknown	2023-09-30	2024-02-24	2024-04-18	1.8 kB	4.0 kB	104.21.86.41
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-09	964 B	888 B	18.185.9.67
lifetimeagriculturalproducer.com	unknown	2024-05-06	2024-05-07	2024-05-08	2.5 kB	5.8 kB	172.240.108.76
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-09	1.8 kB	329 kB	45.133.44.9
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-09	2.3 kB	114 kB	188.114.96.1
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-09	532 B	1.0 kB	45.133.44.3
suggestqueries.google.com	1239	1997-09-15	2012-06-27	2024-05-09	481 B	824 B	142.250.74.142
sylvesterblacknallbsmxkuerr.pages.dev	unknown	unknown	No data	No data	494 B	18 kB	188.114.97.1
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-05-09	1.4 kB	38 kB	172.240.127.234
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-09	338 B	942 B	143.204.53.97
stupidityscream.com	unknown	2024-05-06	2024-05-08	2024-05-10	2.5 kB	5.8 kB	192.243.59.13
pl23249615.highcpmgate.com	unknown	unknown	No data	No data	467 B	17 kB	192.243.59.20
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	416 B	1.8 kB	142.250.74.74
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	1.0 kB	28 kB	104.17.25.14
tse1.mm.bing.net	7917	1997-09-03	2014-03-13	2024-05-09	439 B	1.6 kB	13.107.21.200
skilledskillemergency.com	unknown	2024-05-06	2024-05-07	2024-05-08	2.5 kB	5.6 kB	192.243.59.13
sprangsugar.com	unknown	2024-05-06	2024-05-07	2024-05-08	7.6 kB	12 kB	172.240.108.76
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.1 kB	33 kB	142.250.74.163
3.bp.blogspot.com	11048	2000-07-31	2012-05-21	2024-05-08	503 B	894 B	142.250.74.161

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	lifetimeagriculturalproducer.com	Sinkholed
2024-05-10	medium	stupidityscream.com	Sinkholed
2024-05-10	medium	lifetimeagriculturalproducer.com	Sinkholed
2024-05-10	medium	stupidityscream.com	Sinkholed
2024-05-10	medium	highcpmgate.com	Sinkholed
2024-05-10	medium	skilledskillemergency.com	Sinkholed
2024-05-10	medium	skilledskillemergency.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	unseenreport.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (33)

	URL	Size	First Seen	Last Seen
	unknown	145 B	2024-05-08	2024-05-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-17 11:37:02 Times Seen36 Hash 756e754e6cfb16dffe59b72c712d5cb1 36c5ec2f5fcd87c6f704acadb258c1bc7bfaa981 3f10cd126b12dc8d1f6c9da89832d77dbce1b0a1a38b14490e578386d323fce1 Loading...

	ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e	299 B	2024-05-08	2024-05-10
Pretty URL ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e IP 104.21.86.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 23:37:41 Times Seen23 Hash 252b107927cd0781f0972fac6f9f4f8f ce31eb7d65808aa4fae8620ffabf7c40cc077b77 8d6a0836a8d3ca9e64038e97232c4c8e1442635523e33c3d07f7e204ce125ee2 Loading...

	www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js	31 kB	2024-05-10	2024-05-10
Pretty URL www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 15:24:17 Last Seen2024-05-10 22:12:32 Times Seen4 Hash fad2576209462143bf6ba11cc30fdc67 a2896b4d870e808f166656b2d552f35de6cd191c d26de7bb5061a748bc0cfc6347d2f54d9c8fab6fdf95715dedbdd362f40650d0 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js	7.9 kB	2023-03-07	2024-06-03
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:12 Last Seen2024-06-03 17:12:46 Times Seen2037 Hash 96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98 Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-10 22:12:32 Times Seen1 Hash 1962630f3d551fab27efa223a31905fa 546b677c51131c65f6913a2ba93b9f9e92bdea0a a54ce8fd16a4f0c2160d82ba28651e1589cbcddfc21f2cae32ed040652ccbeeb Loading...

	sylvesterblacknallbsmxkuerr.pages.dev/	407 B	2024-03-16	2024-06-03
Pretty URL sylvesterblacknallbsmxkuerr.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-06-03 15:02:58 Times Seen265 Hash 033f01caf6d0f553ffc421cc2772f928 67876067762ac6818db46c43a14ed10d9c046a0c 873ff640f3ae1bde848bbd3a7156f7991cf3a34e1236471b8f83ab7608ccb51b Loading...

	unknown	3.2 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-10 22:12:32 Times Seen1 Hash bc53dbe61bd728cbdfc9f1c99d6463cd 74acf54e96c9bbb3b4fbc92a2708a62349a917c4 001a5b46614959c228ee441ba1bb7b105188507a544ec2f3c2028985ade96222 Loading...

	sylvesterblacknallbsmxkuerr.pages.dev/	3 B	2023-03-07	2024-06-03
Pretty URL sylvesterblacknallbsmxkuerr.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:09:38 Last Seen2024-06-03 17:12:46 Times Seen1057 Hash d2a16faace6f59c009a1dc045e086658 1335c7f603963b6f76f45a8045f12cce142f1175 009966d20c582967816f9721a10b558b07333c88849bff11176b5140e746191e Loading...

	sylvesterblacknallbsmxkuerr.pages.dev/	2.7 kB	2024-03-16	2024-06-03
Pretty URL sylvesterblacknallbsmxkuerr.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-06-03 15:02:58 Times Seen204 Hash 372cd0e8ad89ee27fefebce4470d5a08 e70fccac5381673af0c002f5172fde78f8f71de0 393c63070292b13107be81d5ce120b72e6a002a2ac0183c1c28ab6159fb6cf74 Loading...

	www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js	31 kB	2024-05-10	2024-05-10
Pretty URL www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 15:24:16 Last Seen2024-05-10 22:12:32 Times Seen4 Hash 6dc8dec7f309bf5dd0c3a8f5e302d5e9 3ee49c2ee53e52a1731aa9fc18ff585c1946d029 368fea20d2aa5a8a5de8e7285ec57a05f831507be014306edc3d20730fd5b9eb Loading...

	ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d	293 B	2024-05-08	2024-05-11
Pretty URL ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP 104.21.86.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-11 23:33:22 Times Seen58 Hash 53d76623d9d99464e544bae28620f09f 15762f2bde793d241f10807442f825e8b732b501 0aae87e7770c472eaf96f99fc7c6d0c6fb29815cba1734f672af54d5f24e3400 Loading...

	pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js	44 kB	2024-05-10	2024-05-10
Pretty URL pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 20:42:45 Last Seen2024-05-10 22:12:32 Times Seen4 Hash 15456f1a79f8d9f4931e207259fbcaad c6aedf604dbc8d46586e3bf483884804fe334b30 6d7314f76e50b91c0c3f06bd029bf9278f9ae30e3d6b69b39b1f2d22f294934e Loading...

	sylvesterblacknallbsmxkuerr.pages.dev/	658 B	2024-03-16	2024-06-03
Pretty URL sylvesterblacknallbsmxkuerr.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-06-03 17:12:46 Times Seen594 Hash 9d3d818ca9f81a71b4da9fa707cafb6a 5d49232709a360c05ec5721f7e1e3b2d7a899ee0 bf346b7f785a552ee4c436e06f3c5388b4229f91ee5eda32e75a6c234e66ca52 Loading...

	sylvesterblacknallbsmxkuerr.pages.dev/	1.6 kB	2024-03-16	2024-06-03
Pretty URL sylvesterblacknallbsmxkuerr.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-06-03 15:02:58 Times Seen204 Hash 2d8da26e690c8f38327ea27b6b3de976 5f3690feb3394fe91eb9a5c5516feb125d74b79c 25cc80ecbfcdad55f15bb883126a93c5e986544b5b925121e7b73cc6008ffc18 Loading...

	unknown	564 B	2024-05-08	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 22:12:32 Times Seen6 Hash 9fea595a884af2bb0f7c1a7a0465798c a5a1f8b4e08dd49045e2ca28707562256d219f7d 7500bbc7493675fb4eae95159162c1c87bcbb1b8ba8cd1336942c8ce1ad4fe3f Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-10 22:12:32 Times Seen1 Hash 32aa313687a8d896bbb93c5715b0e551 e66e0487ed7a7fae078d12c400602bc204abf687 c98400f1812c1db891496ddbe3df555ac5130f5e2215ebcd7b87cfb0b2003807 Loading...

	ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a	139 B	2024-05-08	2024-05-10
Pretty URL ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a IP 104.21.86.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 23:37:41 Times Seen23 Hash 613e75c06a28ec97154a5377fee5a84a 0e90f96404fd96309ec40fe6b1403c5565cdfaa7 288a35e42dbea205601d112e4e6e1017487060c55c5dd6249fc654b4660210ce Loading...

	unknown	196 B	2024-05-08	2024-05-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-17 11:37:02 Times Seen36 Hash 2820c46d651db71f89ec9f00ac04d32e a6c7504ac655c161b9fb83c829ebfa37d5031fc3 da99c8d35690e3fe343067fbac633b2c44e569c00c3c9af26c3c6d28a5c9c15f Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js	72 kB	2023-03-07	2024-06-03
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:59 Last Seen2024-06-03 17:12:46 Times Seen5371 Hash 1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512 Loading...

	sylvesterblacknallbsmxkuerr.pages.dev/	424 B	2024-03-16	2024-06-03
Pretty URL sylvesterblacknallbsmxkuerr.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-06-03 15:02:58 Times Seen202 Hash 931ef0af690b9f574a888dd47f5fe6a6 98971ca06dba745aa4f8b6d735b6f628d9668e98 747ca94860b1741ad0a224703fb741208b72c16a173a7a79d411cb69ea886712 Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js	90 kB	2023-03-07	2024-06-03
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-06-03 05:25:52 Times Seen4407 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	unknown	196 B	2024-05-08	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-10 23:37:41 Times Seen13 Hash 3f63d4ff93fa8fcccd3857daab575f47 c96921c50ac1e616cc7ba9a42aefdff8ca95b33f 6415b93a36e457cf73f5f1dcfd0b343e3d742e05cbb418f47aa1a0963a3c1076 Loading...

	unknown	145 B	2024-05-08	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 23:37:41 Times Seen15 Hash e5c2aed274edb5f09c20a4eaec9746f4 a8e6554af58e57f36a9ab3e45a9bb05453b5b451 cce27b5446155bfb961626ef41108241e627cf2bc203f3f94d14ebc35abe50f1 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=	20 B	2023-05-14	2024-06-03
Pretty URL suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 08:59:35 Last Seen2024-06-03 16:40:50 Times Seen535 Hash fdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4 Loading...

	www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js	31 kB	2024-05-10	2024-05-11
Pretty URL www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-11 20:27:36 Times Seen4 Hash ea0a09b31b802d7ede58bcf9397f7a2f eefb8934fd4d7d99af44788bc980400a103fa77a 8a01b4f42cbffa5afea42fef5f142ee642c9336c7942642546c3fc2aabdc6fec Loading...

		Size	First Seen	Last Seen
	#1 Eval - c2f4265ece5466df87d4fa26088560dd	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-10 22:12:32 Times Seen1 Hash c2f4265ece5466df87d4fa26088560dd 5c9744be8e6c6c458cc9189e62b1fd811befb3d7 df46e9c30dd32f27df5b0ee6db352d7704fd5edf0b9bd54ec677ecd6579a10c7 Loading...

	#2 Eval - 0e69c0e48aa58e6edac5833289329aa1	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-10 22:12:32 Times Seen1 Hash 0e69c0e48aa58e6edac5833289329aa1 f22ebbe91b0c0c574c3d5e57904af1096c918df8 3317a1e81e08f2a21c231f284689cb1c249c21318a9f51ad1d17449db3ad6d71 Loading...

	#3 Eval - 90c40d7abb083ae8a83533d4098c1d2e	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 22:12:32 Last Seen2024-05-10 22:12:32 Times Seen1 Hash 90c40d7abb083ae8a83533d4098c1d2e ca7a6121bd0c7a607a5621f26c6e44ad727f5704 8f6755a243caf7fbb0d104f6b39294580dbd3a4b9131273cd08fb77a2dadb634 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2407a02b81aa4bfbc3891763e7e1090c	117 B	2024-05-08	2024-05-10
Pretty Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-10 23:37:41 Times Seen15 Hash 2407a02b81aa4bfbc3891763e7e1090c c2d7989c91fa6e549bedeb7beea016e8e88151ec 00382cfc4630efb222363f71f3437c8b34605294acdd80f0d8da1b9248c69e55 Loading...

	#2 Write - 72801973ba0b6a94445d572830275a58	117 B	2024-05-08	2024-05-17
Pretty Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-17 11:37:03 Times Seen37 Hash 72801973ba0b6a94445d572830275a58 d7aab80ec076bdb3a342b30ac7ad62b1daceeece 560e2547fefb37a19196d2a23610fa137597ec4ed9e4a4fac764462152d855b6 Loading...

	#3 Write - 3c433dc9740caa2ae15e4de2be1978d2	120 B	2024-05-08	2024-05-10
Pretty Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-10 23:37:41 Times Seen15 Hash 3c433dc9740caa2ae15e4de2be1978d2 a67cb46fdeef1c2f73f4ac380a0624eeebbe0f0a bcb41d6150f7b7d533b58bf52f7bb341d1828566e370ecd4dbc8cb65963db489 Loading...

	#4 Write - 811a7da70e54c8c50a76774257dad93a	138 B	2024-03-16	2024-06-03
Pretty Observations First Seen2024-03-16 20:44:50 Last Seen2024-06-03 16:40:50 Times Seen361 Hash 811a7da70e54c8c50a76774257dad93a cece740ca0320764b2f43cb2df97d1c54ea55974 2b51ee1a7ee63d01e92e50a183e8c8473a4d2549c28010ff65a1e086903ecf1d Loading...

HTTP Transactions (47)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

104.17.25.14

200 OK

22 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65241)
Size
22 kB (22329 bytes)
Hash
1276065911521c5c22037a31365d179d
d1c6704e94efe2d465fc161b6381e127d35acd81
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:11:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 876986
expires: Wed, 30 Apr 2025 20:11:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=161zU%2BYZFhM0KB65QwVOOsmTMKxFZbkRbkHrieADwRHordWzqjWkKO9s04sWiXmWIemGiNT3aCjgyq7Q6gJDt0xJ8oL9dT9uxsJuqra1AWORBy3VDppSPL8B0xAh%2FkwrHcR1mCey"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c94e189d8b4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

104.17.25.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
96201abb62283557a9d7b97b4cab14ab
a72f33d920d0ab863df4cb60edf44ec140304cdb
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

HTTP Headers

GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:11:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 873714
expires: Wed, 30 Apr 2025 20:11:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w37ZX20ebyvho3m4lEYLGTkYz5lILFNon91D%2BvwxFUJ5RL7nTArCV25akaycB%2BaJKXLAkcVR%2FJR8j7qxuKvqX3Ig6WJiFFAJ2lz3IIjYyoIOJSPsc%2B%2FUHsS%2Fj6Ec%2FA2q0d3X%2FW%2F1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c94e199deb4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif

142.250.74.161

200 OK

362 B

URL GET HTTP/2
3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
GIF image data, version 89a, 52 x 15
Size
362 B (362 bytes)
Hash
fd2c05a8c327ace309722b0a5fc4faf3
f446e97c43f8830be9f60644563dd846abe6b8e8
0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4

HTTP Headers

GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Fri, 10 May 2024 17:51:06 GMT
expires: Sat, 11 May 2024 17:51:06 GMT
cache-control: public, max-age=86400, no-transform
age: 8453
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e

104.21.86.41

200 OK

222 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e
IP
104.21.86.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
222 B (222 bytes)
Hash
252b107927cd0781f0972fac6f9f4f8f
ce31eb7d65808aa4fae8620ffabf7c40cc077b77
8d6a0836a8d3ca9e64038e97232c4c8e1442635523e33c3d07f7e204ce125ee2

HTTP Headers

GET /get/site/js/cb1f929c7c7c523575650f47146f231e HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:00 GMT
content-type: application/javascript
content-length: 222
set-cookie: PHPSESSID=qk54lvfoh35ulv16sb6rfqjrub; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yDU1A0kfn7Wl9dBGV4BvyRyVYssWkN8FEVfWSpef96Xo%2FVAvFBRU39DvftECpvmm%2BLexf0vQgMKOkRu9boCZMpPN1Lp6KkcCodnbX4YZgQEaGFTWvSrwu00cDEC%2FMfzpLrCpPpPy02k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c94e1dd5db50c-OSL
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d

104.21.86.41

200 OK

218 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d
IP
104.21.86.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
218 B (218 bytes)
Hash
53d76623d9d99464e544bae28620f09f
15762f2bde793d241f10807442f825e8b732b501
0aae87e7770c472eaf96f99fc7c6d0c6fb29815cba1734f672af54d5f24e3400

HTTP Headers

GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:00 GMT
content-type: application/javascript
content-length: 218
set-cookie: PHPSESSID=p4jk39oq22rfpbim4grc625b2p; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TixNrD8aoaQsW6BEU6eqQyfTXWKht%2B0mclidsH%2BjsNwJ%2FUp6dPdafRXbRICjaYhnkS2GIBBfpwHpZCDmBHGXV4ggBAxfo5p8E1ebNUFuoIa29aMOjixcvXu%2BuUAMaVYv%2FdpGRbV8R4E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c94e1dd5cb50c-OSL
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a

104.21.86.41

200 OK

140 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a
IP
104.21.86.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
HTML document, ASCII text, with no line terminators
Size
140 B (140 bytes)
Hash
613e75c06a28ec97154a5377fee5a84a
0e90f96404fd96309ec40fe6b1403c5565cdfaa7
288a35e42dbea205601d112e4e6e1017487060c55c5dd6249fc654b4660210ce

HTTP Headers

GET /get/site/js/d0b1e71bd1922518d7cf826d604fe57a HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:00 GMT
content-type: application/javascript
content-length: 140
set-cookie: PHPSESSID=e44igstms9pijoaj9jr6tav06e; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9VUiEqRlI2DPptITTqO5qoeUh0HqulHJfNG8R7xZmTBj0XYg3iwQ46BA%2BSsZK3BABlEKE3ySpMZdlGz4t9tj%2BBlz%2FrZaM54%2FCityC6wXz9DumyVObk%2Bn052WeTC%2FJeLwqyiOrAanTYs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c94e1dd61b50c-OSL
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f

104.21.86.41

200 OK

218 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f
IP
104.21.86.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
218 B (218 bytes)
Hash
53d76623d9d99464e544bae28620f09f
15762f2bde793d241f10807442f825e8b732b501
0aae87e7770c472eaf96f99fc7c6d0c6fb29815cba1734f672af54d5f24e3400

HTTP Headers

GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:00 GMT
content-type: application/javascript
content-length: 218
set-cookie: PHPSESSID=sps78he9aofv078jdo78ju2cgt; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2BlhE%2F6HAwGpou%2B732D7b8Fm92gWzJHLYbuw5xWZZ4OXx%2BPusR7FwCpYF8Gn%2B6Snu5ricXh%2BGgOCZ17E5WHEZ7Kzk3ypKi6fCFHt3Zt863NjTCb9QOkRUU%2Bb0Bq7ZtJ%2BBZ5L%2FVIFBO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c94e1dd57b50c-OSL
X-Firefox-Spdy: h2

www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31301), with no line terminators
Size
12 kB (11846 bytes)
Hash
6dc8dec7f309bf5dd0c3a8f5e302d5e9
3ee49c2ee53e52a1731aa9fc18ff585c1946d029
368fea20d2aa5a8a5de8e7285ec57a05f831507be014306edc3d20730fd5b9eb

HTTP Headers

GET /d64164e145fb760de2b76872de4432d8/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c75e05005e5d65fc2dcac73c46d1bb13
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31340), with no line terminators
Size
12 kB (11855 bytes)
Hash
fad2576209462143bf6ba11cc30fdc67
a2896b4d870e808f166656b2d552f35de6cd191c
d26de7bb5061a748bc0cfc6347d2f54d9c8fab6fdf95715dedbdd362f40650d0

HTTP Headers

GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2db79462ca3a5a198177711ae347126
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f7a3aabaedd5c95463e85c2d7682d410
715b2bd7dd959bb3423d71b22c43302b7a18a3a5
55ab8ca84eb2c090ff2a4eb9ebc48ce053c3f38261d66bded94f03719a384335

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 20:12:00 GMT
Last-Modified: Fri, 10 May 2024 19:20:06 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DopRqWHt2TtV5z6_PImtSfIXeL7F-HsNkuDR68jU5EduXQcBbzBSFw==
Age: 3114

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
0fe02adf985f2ad32d5c0ae0dbaa0a49
3a1431fd5a646f11851d8c0734dbc2dc5f8e538e
d1c7d132db1e6f8cd86019a30704d0d35873c3b0010239d79f8bb42faa43497f

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sylvesterblacknallbsmxkuerr.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2097d057-b24e-4aaf-981b-ed5a2c6db802:2:1; expires=Mon, 08 May 2034 20:12:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
a7048d5e803e8aa81005db44db1a4b1e
eb3e585712894e8041ebe8ce6e9869991ca64781
be96deda012567f670b9b6748d82a1456dfd39ed6161430fb058f3e958479aa9

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://sylvesterblacknallbsmxkuerr.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; expires=Mon, 08 May 2034 20:12:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

lifetimeagriculturalproducer.com/watch.800984343624.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1

172.240.108.76

307 Temporary Redirect

0 B

URL GET HTTP/1.1
lifetimeagriculturalproducer.com/watch.800984343624.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlifetimeagriculturalproducer.com
FingerprintB1:00:CB:CF:6F:C1:E3:CD:FA:E3:5B:47:C8:D6:55:01:F7:14:93:83
ValidityMon, 06 May 2024 12:50:20 GMT - Sun, 04 Aug 2024 12:50:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.800984343624.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1 HTTP/1.1
Host: lifetimeagriculturalproducer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Location: https://lifetimeagriculturalproducer.com/watch.800984343624.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=97a12dc04971edc22d64f6ee45c5a56aa18ffdef15483dfc203c7573306bf630ff3c540dcd84bdb057468ec9eaf369a5e0784a39adfcb5ccd8600665aed009884c8b21dbd482026b0e3fde7d3359d6810fe40ee8ee3228afbf3fa228ad27&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc3lsdmVzdGVyYmxhY2tuYWxsYnNteGt1ZXJyLnBhZ2VzLmRldi8iLCJhciI6W119fQ.oCTE8LXpuBvPXsj8IbbMZDm8Y5SB5OUA20EY1hBKLQE; expires=Fri, 10 May 2024 20:13:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 954e8e61efd08d23bb7e1a181e41ef72
Strict-Transport-Security: max-age=0; includeSubdomains

stupidityscream.com/watch.875775027594.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
stupidityscream.com/watch.875775027594.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectstupidityscream.com
FingerprintC6:EB:05:3A:5C:7C:D6:B1:69:24:D4:14:75:BD:E4:B2:47:40:B7:AD
ValidityMon, 06 May 2024 12:41:56 GMT - Sun, 04 Aug 2024 12:41:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.875775027594.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1 HTTP/1.1
Host: stupidityscream.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 10 May 2024 20:12:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Location: https://stupidityscream.com/watch.875775027594.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=3cdc5bd46bb707f7024b265e0f2d5da9d2ce3fbe7827182b5935a99dc300968c28c4c577a9e78e19b2e857b7a4a8fdfd47bdb183a8bf46dab2fadf2332d17fa0cb16cd491eabc08b3dd3c85d7755485dd44e5085622dd49d8c32b360b599&tz=0&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1
Set-Cookie: u_pl=23149106; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc3lsdmVzdGVyYmxhY2tuYWxsYnNteGt1ZXJyLnBhZ2VzLmRldi8iLCJhciI6W119fQ.vpuIKV6Zi7A0Avcz4rgW_FlMtN7lcNgijhdFnB7h_kY; expires=Fri, 10 May 2024 20:13:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b53f10c2b7e365c30494e6b3391c7892
Strict-Transport-Security: max-age=0; includeSubdomains

lifetimeagriculturalproducer.com/watch.800984343624.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=97a12dc04971edc22d64f6ee45c5a56aa18ffdef15483dfc203c7573306bf630ff3c540dcd84bdb057468ec9eaf369a5e0784a39adfcb5ccd8600665aed009884c8b21dbd482026b0e3fde7d3359d6810fe40ee8ee3228afbf3fa228ad27&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1

172.240.108.76

200 OK

2.1 kB

URL GET HTTP/1.1
lifetimeagriculturalproducer.com/watch.800984343624.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=97a12dc04971edc22d64f6ee45c5a56aa18ffdef15483dfc203c7573306bf630ff3c540dcd84bdb057468ec9eaf369a5e0784a39adfcb5ccd8600665aed009884c8b21dbd482026b0e3fde7d3359d6810fe40ee8ee3228afbf3fa228ad27&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlifetimeagriculturalproducer.com
FingerprintB1:00:CB:CF:6F:C1:E3:CD:FA:E3:5B:47:C8:D6:55:01:F7:14:93:83
ValidityMon, 06 May 2024 12:50:20 GMT - Sun, 04 Aug 2024 12:50:19 GMT

File type
JavaScript source, ASCII text, with very long lines (2630)
Size
2.1 kB (2102 bytes)
Hash
849c30e829ce34ce76a17f6461e1dac2
c20e93643525629f015c0b6e270676a0e546e750
697654cbed357730d8af2f1249cd6ae7a3792a2b2e675329446dc812329ca46c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.800984343624.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=97a12dc04971edc22d64f6ee45c5a56aa18ffdef15483dfc203c7573306bf630ff3c540dcd84bdb057468ec9eaf369a5e0784a39adfcb5ccd8600665aed009884c8b21dbd482026b0e3fde7d3359d6810fe40ee8ee3228afbf3fa228ad27&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1 HTTP/1.1
Host: lifetimeagriculturalproducer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc3lsdmVzdGVyYmxhY2tuYWxsYnNteGt1ZXJyLnBhZ2VzLmRldi8iLCJhciI6W119fQ.oCTE8LXpuBvPXsj8IbbMZDm8Y5SB5OUA20EY1hBKLQE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; expires=Fri, 17 May 2024 20:12:01 GMT; secure; SameSite=None
iprcfb678ff084673ac0d053db5bcee852b7=3569806; expires=Sat, 11 May 2024 00:12:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67058821b05e5ae8977607210dc79749
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

stupidityscream.com/watch.875775027594.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=3cdc5bd46bb707f7024b265e0f2d5da9d2ce3fbe7827182b5935a99dc300968c28c4c577a9e78e19b2e857b7a4a8fdfd47bdb183a8bf46dab2fadf2332d17fa0cb16cd491eabc08b3dd3c85d7755485dd44e5085622dd49d8c32b360b599&tz=0&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1

192.243.59.13

200 OK

2.1 kB

URL GET HTTP/1.1
stupidityscream.com/watch.875775027594.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=3cdc5bd46bb707f7024b265e0f2d5da9d2ce3fbe7827182b5935a99dc300968c28c4c577a9e78e19b2e857b7a4a8fdfd47bdb183a8bf46dab2fadf2332d17fa0cb16cd491eabc08b3dd3c85d7755485dd44e5085622dd49d8c32b360b599&tz=0&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectstupidityscream.com
FingerprintC6:EB:05:3A:5C:7C:D6:B1:69:24:D4:14:75:BD:E4:B2:47:40:B7:AD
ValidityMon, 06 May 2024 12:41:56 GMT - Sun, 04 Aug 2024 12:41:55 GMT

File type
JavaScript source, ASCII text, with very long lines (2605)
Size
2.1 kB (2077 bytes)
Hash
dcdc57c78c02cc4dbf79851213e4a83c
4bf9cc5ccac31a0e50acd41ce15c99a67a758eff
fa9c0fac1e518eeaeb909e27fc34e122457cd6a4339057055a2f410812892216

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.875775027594.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715371981&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=3cdc5bd46bb707f7024b265e0f2d5da9d2ce3fbe7827182b5935a99dc300968c28c4c577a9e78e19b2e857b7a4a8fdfd47bdb183a8bf46dab2fadf2332d17fa0cb16cd491eabc08b3dd3c85d7755485dd44e5085622dd49d8c32b360b599&tz=0&uuid=2097d057-b24e-4aaf-981b-ed5a2c6db802%3A2%3A1 HTTP/1.1
Host: stupidityscream.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149106; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc3lsdmVzdGVyYmxhY2tuYWxsYnNteGt1ZXJyLnBhZ2VzLmRldi8iLCJhciI6W119fQ.vpuIKV6Zi7A0Avcz4rgW_FlMtN7lcNgijhdFnB7h_kY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 20:12:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2097d057-b24e-4aaf-981b-ed5a2c6db802:2:1; expires=Fri, 17 May 2024 20:12:01 GMT; secure; SameSite=None
iprc26410bc9bb85c53c5ea43d3cd92d89a2=3569808; expires=Sat, 11 May 2024 00:12:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 20:12:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5115782a2118f8ce8fe9d60a454cb22
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js

192.243.59.20

200 OK

16 kB

URL GET HTTP/1.1
pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecthighcpmgate.com
FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E
ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT

File type
JavaScript source, ASCII text, with very long lines (44052), with no line terminators
Size
16 kB (15818 bytes)
Hash
15456f1a79f8d9f4931e207259fbcaad
c6aedf604dbc8d46586e3bf483884804fe334b30
6d7314f76e50b91c0c3f06bd029bf9278f9ae30e3d6b69b39b1f2d22f294934e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /36/35/24/36352469ba20ff8ade54795907dd51e5.js HTTP/1.1
Host: pl23249615.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 20:12:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 25a8c4dc471bd22e9a609dc5cb3bdb78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:01 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 20:12:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:01 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Sun, 12 May 2024 20:12:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31319), with no line terminators
Size
12 kB (11849 bytes)
Hash
ea0a09b31b802d7ede58bcf9397f7a2f
eefb8934fd4d7d99af44788bc980400a103fa77a
8a01b4f42cbffa5afea42fef5f142ee642c9336c7942642546c3fc2aabdc6fec

HTTP Headers

GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a73c05321ea8ad7973e9b78d1aaddaef
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

tse1.mm.bing.net/th?q=

13.107.21.200

404 Not Found

727 B

URL GET HTTP/2
tse1.mm.bing.net/th?q=
IP
13.107.21.200:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58
ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3
Size
727 B (727 bytes)
Hash
5116706c119475f5ae2fc135c3358037
7e5bdf3585153e317ebef05a9b8241d311e44cb3
7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c

HTTP Headers

GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CB75F9711E4A49B0803D9AAF945BE3AB Ref B: OSL30EDGE0211 Ref C: 2024-05-10T20:12:02Z
date: Fri, 10 May 2024 20:12:01 GMT
X-Firefox-Spdy: h2

skilledskillemergency.com/watch.310406727873.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
skilledskillemergency.com/watch.310406727873.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskilledskillemergency.com
Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03
ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.310406727873.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 10 May 2024 20:12:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Location: https://skilledskillemergency.com/watch.310406727873.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371982&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=78baa39a5739ae3adcb77ed4e8ad0497569a1cdeae3e369a9fcee2159a75ae6029c9269ea7b07335d684a8cdda883a17c88e31f9d91d4f920d39aaadbff834e38012f73966f1938ec5a7ed778fbd5bc789accfcdab3885a394489ad6615b92&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 20:12:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc3lsdmVzdGVyYmxhY2tuYWxsYnNteGt1ZXJyLnBhZ2VzLmRldi8iLCJhciI6W119fQ.oCTE8LXpuBvPXsj8IbbMZDm8Y5SB5OUA20EY1hBKLQE; expires=Fri, 10 May 2024 20:13:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aec820f24cdabd3c67e0e94b900653ce
Strict-Transport-Security: max-age=0; includeSubdomains

skilledskillemergency.com/watch.310406727873.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371982&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=78baa39a5739ae3adcb77ed4e8ad0497569a1cdeae3e369a9fcee2159a75ae6029c9269ea7b07335d684a8cdda883a17c88e31f9d91d4f920d39aaadbff834e38012f73966f1938ec5a7ed778fbd5bc789accfcdab3885a394489ad6615b92&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1

192.243.59.13

200 OK

2.0 kB

URL GET HTTP/1.1
skilledskillemergency.com/watch.310406727873.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371982&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=78baa39a5739ae3adcb77ed4e8ad0497569a1cdeae3e369a9fcee2159a75ae6029c9269ea7b07335d684a8cdda883a17c88e31f9d91d4f920d39aaadbff834e38012f73966f1938ec5a7ed778fbd5bc789accfcdab3885a394489ad6615b92&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskilledskillemergency.com
Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03
ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT

File type
JavaScript source, ASCII text, with very long lines (2429)
Size
2.0 kB (1978 bytes)
Hash
199c252f4fcf5228dec9ca97fd97779d
2dca34921c12f9b88187698cf66cb10b8c31e6d6
442699466ddc9fd13670d348de299d83d15937d0f46dcd82bc9544baa6cf5235

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.310406727873.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715371982&refer=https%3A%2F%2Fsylvesterblacknallbsmxkuerr.pages.dev%2F&res=14.2071&rmtc=t&shu=78baa39a5739ae3adcb77ed4e8ad0497569a1cdeae3e369a9fcee2159a75ae6029c9269ea7b07335d684a8cdda883a17c88e31f9d91d4f920d39aaadbff834e38012f73966f1938ec5a7ed778fbd5bc789accfcdab3885a394489ad6615b92&tz=0&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc3lsdmVzdGVyYmxhY2tuYWxsYnNteGt1ZXJyLnBhZ2VzLmRldi8iLCJhciI6W119fQ.oCTE8LXpuBvPXsj8IbbMZDm8Y5SB5OUA20EY1hBKLQE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 20:12:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; expires=Fri, 17 May 2024 20:12:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 20:12:02 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 20:12:02 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 20:12:02 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 20:12:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0f609b5a622c114d7e941a3efa7574d0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png

45.133.44.9

200 OK

63 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
63 kB (63346 bytes)
Hash
5942ffc6b6a9c37ff916a6a75f8e56cf
4660db02422b646fe368c795a3dcf8fa1ef97ce5
0acbcb3c359cff614a772250f6475c3c44c1a32a13e6b1996f5cfbc6ea80ee0d

HTTP Headers

GET /cti/bd/40/19/bd4019b6dcef73a1f96bc4593c321e11/1707725903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:02 GMT
content-type: image/png
content-length: 63346
server: nginx/1.21.6
last-modified: Mon, 12 Feb 2024 08:18:33 GMT
etag: "65c9d459-f772"
expires: Sun, 12 May 2024 20:12:02 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

sprangsugar.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1

172.240.108.76

200 OK

6.7 kB

URL GET HTTP/1.1
sprangsugar.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type
JSON text data
Size
6.7 kB (6693 bytes)
Hash
dff8ef1431380adf95bb3a713ebbd6a6
109c310ec205461eba2760f257e1e17dfaf3a5fd
3fde7feaf75acfb66bb1d6f951438bf7b33706613b13c7bd7ba410c9d67670bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5%3A2%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=23149116; expires=Sat, 11 May 2024 20:12:02 GMT; secure; SameSite=None
uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; expires=Fri, 17 May 2024 20:12:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 20:12:03 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 20:12:03 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 11 May 2024 20:12:03 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 11 May 2024 20:12:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 143c12b76c1dcdc5ac5549e23f1df42a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

unseenreport.com/pxf.gif?uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=d45a3c56-40ec-494a-836c-4da5ccba2df5&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c8893791607faa87833b0cfee776e8b1
Strict-Transport-Security: max-age=0; includeSubdomains

shayscholz.blogspot.com/favicon.ico

216.58.207.193

412 B

URL GET
shayscholz.blogspot.com/favicon.ico
IP
216.58.207.193:0
ASN
#15169 GOOGLE

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
expires: Fri, 10 May 2024 20:12:03 GMT
date: Fri, 10 May 2024 20:12:03 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sprangsugar.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXJDQgL1Vir5wKFIxNld767tFFERQlBEaEpTBDc0O7PrDJ7dWc3sep1ciKiEerTgD2w%2BJ40oFWqvSFTIqcQhElLNKQdy4R8UqWdkY2F4h3nvzfeN9M333jdHxSVxUdCLjY%2FVgZCSrvoNu379c8e5Ud8WaTGoD9rBF4F3o677a52gYb9V%2FzBiPbXq2o5tO7ZT3xQ6itVgdQpCZI86TqNjNzy34fgeBvr%2FvSksGGqB9y%2FJ6xB8svzMugLBxkiTxxuR6eUqe%2FuDpJA0Vxp9fvpp2ktVmSJZlLG2EKenczaUeb75FCo9mcmF6v9LDMWEWL8%2BRZiezkUi7B%2FPdIYSUYqQv4KyP0YkxxB0DKbuQfDnBGAct3aQJg9uKV3S%2FX9QOkUnZPnlXxDlhCz%2FcQVp8uO6FIP6rpJFLlRqMIgriMEYojtGVpwhP6hBlGdg%2BdcQ%2FDey%2BnIbaXK8Y6SC4Bdvcs%2BnTeYHK54dsRWv49GVdjNgKx6nPmMhdXnszwwSYgwRjyGjIaipoTAWCmGhiC0UmYWEX9SZ4zgtmzNqtzuMNXkrCgNuO7QVO9SxgzYKNv3DEHk2BJNDMH2ITB%2BiJ4bQxS8wexUMX4LJJ8T65BB9XqGMCEpDUFKCUhCUOUHZr064NK6pHnBpitCZZ3eem9VI5d0jeqLybpQSUD2E5tVRdklem5po0bV30Isu6s2g6bte0Ampa8dxm%2FLI91odv2O3OPedyIcRFYSpgRoLB2JC1nYrZGJC3rj2AiE9g5FnYGIJtLgGWlagexUO0ocpFT0lG0wl4KpCli8j37eO5CW5Ohvi1s5jROz85p%2FNWYDpCpmu8KV4RtCV90d3VEmO76jSkCc7WS4ScUCnA97NaR4tPfwo2i%2BV5lsbZvj9e2wKTMtHdyOTb9OUi7RryA%2FrgvNIbyrNIvLzlvksCm8XZm%2B90GmRbd9%2Bf3MryXRkjFDpGHS6qy80mJiQV6%2Fene3u9Z92IPQYuqiQFOdkHhBqDJYdwmQL%2FUYRaLnghJmFsqhG2g0Xl1IQyGjR07CC%2BU8fLuqRptPXVFRH5j66ugaa30OaVOjrCn1ZgcohTLE0yjN9fvP3uYxQ1kah1LXjUGr57czm6fEERlzUW82mTYOO77RaNGqFntuOA4dT6nqBGwS0idxM4ne%2F%2Bu5vAAAA%2F%2F8BAAD%2F%2F%2BSMgl2VBAAA

172.240.108.76

200 OK

7 B

URL GET HTTP/1.1
sprangsugar.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXJDQgL1Vir5wKFIxNld767tFFERQlBEaEpTBDc0O7PrDJ7dWc3sep1ciKiEerTgD2w%2BJ40oFWqvSFTIqcQhElLNKQdy4R8UqWdkY2F4h3nvzfeN9M333jdHxSVxUdCLjY%2FVgZCSrvoNu379c8e5Ud8WaTGoD9rBF4F3o677a52gYb9V%2FzBiPbXq2o5tO7ZT3xQ6itVgdQpCZI86TqNjNzy34fgeBvr%2FvSksGGqB9y%2FJ6xB8svzMugLBxkiTxxuR6eUqe%2FuDpJA0Vxp9fvpp2ktVmSJZlLG2EKenczaUeb75FCo9mcmF6v9LDMWEWL8%2BRZiezkUi7B%2FPdIYSUYqQv4KyP0YkxxB0DKbuQfDnBGAct3aQJg9uKV3S%2FX9QOkUnZPnlXxDlhCz%2FcQVp8uO6FIP6rpJFLlRqMIgriMEYojtGVpwhP6hBlGdg%2BdcQ%2FDey%2BnIbaXK8Y6SC4Bdvcs%2BnTeYHK54dsRWv49GVdjNgKx6nPmMhdXnszwwSYgwRjyGjIaipoTAWCmGhiC0UmYWEX9SZ4zgtmzNqtzuMNXkrCgNuO7QVO9SxgzYKNv3DEHk2BJNDMH2ITB%2BiJ4bQxS8wexUMX4LJJ8T65BB9XqGMCEpDUFKCUhCUOUHZr064NK6pHnBpitCZZ3eem9VI5d0jeqLybpQSUD2E5tVRdklem5po0bV30Isu6s2g6bte0Ampa8dxm%2FLI91odv2O3OPedyIcRFYSpgRoLB2JC1nYrZGJC3rj2AiE9g5FnYGIJtLgGWlagexUO0ocpFT0lG0wl4KpCli8j37eO5CW5Ohvi1s5jROz85p%2FNWYDpCpmu8KV4RtCV90d3VEmO76jSkCc7WS4ScUCnA97NaR4tPfwo2i%2BV5lsbZvj9e2wKTMtHdyOTb9OUi7RryA%2FrgvNIbyrNIvLzlvksCm8XZm%2B90GmRbd9%2Bf3MryXRkjFDpGHS6qy80mJiQV6%2Fene3u9Z92IPQYuqiQFOdkHhBqDJYdwmQL%2FUYRaLnghJmFsqhG2g0Xl1IQyGjR07CC%2BU8fLuqRptPXVFRH5j66ugaa30OaVOjrCn1ZgcohTLE0yjN9fvP3uYxQ1kah1LXjUGr57czm6fEERlzUW82mTYOO77RaNGqFntuOA4dT6nqBGwS0idxM4ne%2F%2Bu5vAAAA%2F%2F8BAAD%2F%2F%2BSMgl2VBAAA
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXJDQgL1Vir5wKFIxNld767tFFERQlBEaEpTBDc0O7PrDJ7dWc3sep1ciKiEerTgD2w%2BJ40oFWqvSFTIqcQhElLNKQdy4R8UqWdkY2F4h3nvzfeN9M333jdHxSVxUdCLjY%2FVgZCSrvoNu379c8e5Ud8WaTGoD9rBF4F3o677a52gYb9V%2FzBiPbXq2o5tO7ZT3xQ6itVgdQpCZI86TqNjNzy34fgeBvr%2FvSksGGqB9y%2FJ6xB8svzMugLBxkiTxxuR6eUqe%2FuDpJA0Vxp9fvpp2ktVmSJZlLG2EKenczaUeb75FCo9mcmF6v9LDMWEWL8%2BRZiezkUi7B%2FPdIYSUYqQv4KyP0YkxxB0DKbuQfDnBGAct3aQJg9uKV3S%2FX9QOkUnZPnlXxDlhCz%2FcQVp8uO6FIP6rpJFLlRqMIgriMEYojtGVpwhP6hBlGdg%2BdcQ%2FDey%2BnIbaXK8Y6SC4Bdvcs%2BnTeYHK54dsRWv49GVdjNgKx6nPmMhdXnszwwSYgwRjyGjIaipoTAWCmGhiC0UmYWEX9SZ4zgtmzNqtzuMNXkrCgNuO7QVO9SxgzYKNv3DEHk2BJNDMH2ITB%2BiJ4bQxS8wexUMX4LJJ8T65BB9XqGMCEpDUFKCUhCUOUHZr064NK6pHnBpitCZZ3eem9VI5d0jeqLybpQSUD2E5tVRdklem5po0bV30Isu6s2g6bte0Ampa8dxm%2FLI91odv2O3OPedyIcRFYSpgRoLB2JC1nYrZGJC3rj2AiE9g5FnYGIJtLgGWlagexUO0ocpFT0lG0wl4KpCli8j37eO5CW5Ohvi1s5jROz85p%2FNWYDpCpmu8KV4RtCV90d3VEmO76jSkCc7WS4ScUCnA97NaR4tPfwo2i%2BV5lsbZvj9e2wKTMtHdyOTb9OUi7RryA%2FrgvNIbyrNIvLzlvksCm8XZm%2B90GmRbd9%2Bf3MryXRkjFDpGHS6qy80mJiQV6%2Fene3u9Z92IPQYuqiQFOdkHhBqDJYdwmQL%2FUYRaLnghJmFsqhG2g0Xl1IQyGjR07CC%2BU8fLuqRptPXVFRH5j66ugaa30OaVOjrCn1ZgcohTLE0yjN9fvP3uYxQ1kah1LXjUGr57czm6fEERlzUW82mTYOO77RaNGqFntuOA4dT6nqBGwS0idxM4ne%2F%2Bu5vAAAA%2F%2F8BAAD%2F%2F%2BSMgl2VBAAA HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7c67ea8273e7f23bffb0f0ba7dc9897c
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png

188.114.96.1

200 OK

6.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 869619
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kAduMYYDeLoxPwpTK8tERFTEOV3%2BSj%2BTorSodo5%2Fw5VJ9jGjZ3UsiJXdVYMxItlBiiVIpMdizsCtp9XsErkgOe5YCYj%2BEYB2IEiW4SMc2lQDoQyY9fXrW%2FF91DlsXoAlKTL784WLhODf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94f8dea60b49-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html

45.133.44.3

200 OK

661 B

URL GET HTTP/2
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint08:55:F0:C8:EA:24:54:0D:3C:B9:2C:95:3E:DC:BF:FB:A8:76:BA:BC
ValidityThu, 09 May 2024 03:01:15 GMT - Wed, 07 Aug 2024 03:01:14 GMT

File type
HTML document, ASCII text
Size
661 B (661 bytes)
Hash
027fddd0d322239ada2f2b8b93934fda
6f99560bca5c6d8d747c802f26058344eb179cec
a5b2073d8f57ef0469b777f73d6c3f4a85cc17b4c2ed2a53aa3f1acb2273dbd5

HTTP Headers

GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 10 May 2024 21:12:03 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png

45.133.44.9

200 OK

14 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
14 kB (14496 bytes)
Hash
962ac416cce3fad636d4904386c8d3d4
811166fceb971353dc6a9ea3a153367f20b47592
ec6c8e1c030499a846897265d0c1f66dedc6ece17c1ea6006b700faf37e73555

HTTP Headers

GET /si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: image/png
content-length: 14496
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:05:10 GMT
etag: "656d25c6-38a0"
expires: Sun, 12 May 2024 20:12:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.74

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1188 bytes)
Hash
9dcbf2a08faadaef60c30034400a06f4
b87b51d1566ef8865552ce169fa71a7cef30bdd4
b07dea89578b459c67a077df8e100f1a32296307a58b2b6cb294f6e24fab2dcc

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 20:12:03 GMT
date: Fri, 10 May 2024 20:12:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css

188.114.96.1

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
4.9 kB (4898 bytes)
Hash
fc638645a938f69e69360c75335ffd1a
143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4
7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90

HTTP Headers

GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zGe3Eywsv1%2BRiBLmjAkwVLT1K0PDaM06MzD%2F7riXKw7UutI1D0fujOz%2BYLgLCRrFSA%2F%2BNljDO7AkS%2BwGvinB0BSIMMSapeiznzCxNR2LK8llvIJamhKFuuD0xPzQjamhS840Hu7XpeUu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94f89e6a0b49-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=381

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=381
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=381 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=321

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=321
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=321 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js

188.114.96.1

200 OK

655 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
655 B (655 bytes)
Hash
4f5f05ab032dd8fc0db448fcf51a35e2
78f94f93fdb792d95ea3ac293ac1b8e3bc13d609
7fd8e9c0e5ca0c7123954a109fa8b7e8368c7e1262880925e2ac7b8c877a9e38

HTTP Headers

GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=deTMC24IkMdu0NnlKJMMy4gNaMCRQW9OxOg4nOt56eCen7RB8jnI4ptLYUCi3temQ8aYHhktp93zVknP23xg30ZT9poDmlJ2ukYFRJxmzCEmnOzZsJBev6k7PioCzGsgMwIVPpEjGBG2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94f96f170b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:08:19 GMT
expires: Sat, 10 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
age: 50625
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 10:46:32 GMT
expires: Wed, 07 May 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 293132
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sprangsugar.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSunuQmCMre1oU5eFjBTLpnuudHVlyMMRKMm3WzojeprqqelFPd1VR1T09yMbggexz0H%2Bh8k2xwXWT3KrjIZMFDQNjxlIO5%2BB%2BssGeZcXD0Heq9V99X8NX33jdH%2BSWpI6cXGx%2FrA6kUXQ1qbvX65553o7otk3xQHbSbXzT9G1XTX%2Bs0a%2B5b1Q8F6%2BnVuuu5rud61U1pRKQHq1MQMn3U8Wodt%2BbXa17gY2D%2B39vcgaUOeP%2BSvA7JJ8vPnCuQbIwkfrwhbC%2FT6dsfxLmimTbo89NPk16iiwTxooyMgyg5nbOh7fPNp9DJyUwudP9fYignxPn1KcLkdC4SYf94pjNUEAlC%2FgqK%2FhhCjSHpGEzfg%2BTPCcA4bu0giR%2Fc0qag%2B%2F%2BgdIpOyPLLvyCLCVn%2B4wqS%2BMd1JQfVXa3yTOrEYhCVkIMxZHeMND9DdlCBLM7Asq8h%2BW9k9eU2kvh4xyoNyS%2Fe5H5AGyxorviuYCt%2Bx6cr7UaTrficBoyFtM6jYGaQlGPIaAwlhqC2gtw6yKWDPHKQpw5iflFlnue1XM6o2%2B4w1uAtETa569FW5FHPbbaRs%2BkfhsjSIZgagplDpOYQPTmEyX%2BB3Sth%2BRJsNiHOJ4fo8xKFICgsQUEJCklQZARFvzzhytZt%2BYArm4fePNfnuVGOdNY9oic664qEgJohDC%2BP0kvy2tREh669g564qDaajaDuNzshrbtR1KZcBH6rE3TcFueBJwJYWULaCqh1cCAnZG23RCon5I1rLxDSM1h1BiaXQPNroEUJulfiIHmYUNnTqsZ0DK5LpNkysn3nSF2Sq7Mhbu08hmDnN%2F9szALMlEhNiS%2FlM4Kuuj%2B6owtyfEcXljzZSTMZywM6HfBuRjOx9PAjsV9ow7c27PD799gUmJaP7gqbbdOEy6RryQ%2FrknNhNrVhgvy8ZT8T4e3c7q3nJsnT7dvvb27FqRHWSp2MQae7%2BsKAyQl59erd2e5e%2F2kH0oxh8hJxfk7mAanHYOkhbLrQbzWBUQtOmDoo8nJk6uHiUkkCJRY9DUvY%2F%2FThoh4ZOn1NZXlk76NrKqDZPSRxib4p0VclqBrC5kujLDXnN3%2BfywhVZRQqUzkOlVHfzmyeHk9g5UW14fJWKCLRCoUf%2BJFgPAyC0GURCxu83WbI7CR696vv%2FgYAAP%2F%2FAQAA%2F%2F9kWFe1lQQAAA%3D%3D

172.240.108.76

200 OK

7 B

URL GET HTTP/1.1
sprangsugar.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSunuQmCMre1oU5eFjBTLpnuudHVlyMMRKMm3WzojeprqqelFPd1VR1T09yMbggexz0H%2Bh8k2xwXWT3KrjIZMFDQNjxlIO5%2BB%2BssGeZcXD0Heq9V99X8NX33jdH%2BSWpI6cXGx%2FrA6kUXQ1qbvX65553o7otk3xQHbSbXzT9G1XTX%2Bs0a%2B5b1Q8F6%2BnVuuu5rud61U1pRKQHq1MQMn3U8Wodt%2BbXa17gY2D%2B39vcgaUOeP%2BSvA7JJ8vPnCuQbIwkfrwhbC%2FT6dsfxLmimTbo89NPk16iiwTxooyMgyg5nbOh7fPNp9DJyUwudP9fYignxPn1KcLkdC4SYf94pjNUEAlC%2FgqK%2FhhCjSHpGEzfg%2BTPCcA4bu0giR%2Fc0qag%2B%2F%2BgdIpOyPLLvyCLCVn%2B4wqS%2BMd1JQfVXa3yTOrEYhCVkIMxZHeMND9DdlCBLM7Asq8h%2BW9k9eU2kvh4xyoNyS%2Fe5H5AGyxorviuYCt%2Bx6cr7UaTrficBoyFtM6jYGaQlGPIaAwlhqC2gtw6yKWDPHKQpw5iflFlnue1XM6o2%2B4w1uAtETa569FW5FHPbbaRs%2BkfhsjSIZgagplDpOYQPTmEyX%2BB3Sth%2BRJsNiHOJ4fo8xKFICgsQUEJCklQZARFvzzhytZt%2BYArm4fePNfnuVGOdNY9oic664qEgJohDC%2BP0kvy2tREh669g564qDaajaDuNzshrbtR1KZcBH6rE3TcFueBJwJYWULaCqh1cCAnZG23RCon5I1rLxDSM1h1BiaXQPNroEUJulfiIHmYUNnTqsZ0DK5LpNkysn3nSF2Sq7Mhbu08hmDnN%2F9szALMlEhNiS%2FlM4Kuuj%2B6owtyfEcXljzZSTMZywM6HfBuRjOx9PAjsV9ow7c27PD799gUmJaP7gqbbdOEy6RryQ%2FrknNhNrVhgvy8ZT8T4e3c7q3nJsnT7dvvb27FqRHWSp2MQae7%2BsKAyQl59erd2e5e%2F2kH0oxh8hJxfk7mAanHYOkhbLrQbzWBUQtOmDoo8nJk6uHiUkkCJRY9DUvY%2F%2FThoh4ZOn1NZXlk76NrKqDZPSRxib4p0VclqBrC5kujLDXnN3%2BfywhVZRQqUzkOlVHfzmyeHk9g5UW14fJWKCLRCoUf%2BJFgPAyC0GURCxu83WbI7CR696vv%2FgYAAP%2F%2FAQAA%2F%2F9kWFe1lQQAAA%3D%3D
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSunuQmCMre1oU5eFjBTLpnuudHVlyMMRKMm3WzojeprqqelFPd1VR1T09yMbggexz0H%2Bh8k2xwXWT3KrjIZMFDQNjxlIO5%2BB%2BssGeZcXD0Heq9V99X8NX33jdH%2BSWpI6cXGx%2FrA6kUXQ1qbvX65553o7otk3xQHbSbXzT9G1XTX%2Bs0a%2B5b1Q8F6%2BnVuuu5rud61U1pRKQHq1MQMn3U8Wodt%2BbXa17gY2D%2B39vcgaUOeP%2BSvA7JJ8vPnCuQbIwkfrwhbC%2FT6dsfxLmimTbo89NPk16iiwTxooyMgyg5nbOh7fPNp9DJyUwudP9fYignxPn1KcLkdC4SYf94pjNUEAlC%2FgqK%2FhhCjSHpGEzfg%2BTPCcA4bu0giR%2Fc0qag%2B%2F%2BgdIpOyPLLvyCLCVn%2B4wqS%2BMd1JQfVXa3yTOrEYhCVkIMxZHeMND9DdlCBLM7Asq8h%2BW9k9eU2kvh4xyoNyS%2Fe5H5AGyxorviuYCt%2Bx6cr7UaTrficBoyFtM6jYGaQlGPIaAwlhqC2gtw6yKWDPHKQpw5iflFlnue1XM6o2%2B4w1uAtETa569FW5FHPbbaRs%2BkfhsjSIZgagplDpOYQPTmEyX%2BB3Sth%2BRJsNiHOJ4fo8xKFICgsQUEJCklQZARFvzzhytZt%2BYArm4fePNfnuVGOdNY9oic664qEgJohDC%2BP0kvy2tREh669g564qDaajaDuNzshrbtR1KZcBH6rE3TcFueBJwJYWULaCqh1cCAnZG23RCon5I1rLxDSM1h1BiaXQPNroEUJulfiIHmYUNnTqsZ0DK5LpNkysn3nSF2Sq7Mhbu08hmDnN%2F9szALMlEhNiS%2FlM4Kuuj%2B6owtyfEcXljzZSTMZywM6HfBuRjOx9PAjsV9ow7c27PD799gUmJaP7gqbbdOEy6RryQ%2FrknNhNrVhgvy8ZT8T4e3c7q3nJsnT7dvvb27FqRHWSp2MQae7%2BsKAyQl59erd2e5e%2F2kH0oxh8hJxfk7mAanHYOkhbLrQbzWBUQtOmDoo8nJk6uHiUkkCJRY9DUvY%2F%2FThoh4ZOn1NZXlk76NrKqDZPSRxib4p0VclqBrC5kujLDXnN3%2BfywhVZRQqUzkOlVHfzmyeHk9g5UW14fJWKCLRCoUf%2BJFgPAyC0GURCxu83WbI7CR696vv%2FgYAAP%2F%2FAQAA%2F%2F9kWFe1lQQAAA%3D%3D HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:04 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87cc6752c3f6e2135ba77e5dd0966f10
Strict-Transport-Security: max-age=0; includeSubdomains

sprangsugar.com/pixel/sbs?c=1

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
sprangsugar.com/pixel/sbs?c=1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css

188.114.96.1

200 OK

8.8 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
gzip compressed data, from Unix
Size
8.8 kB (8759 bytes)
Hash
b19ac4a4be423e0db3a8d0bc7e5b2c42
4ce62ccba1cbc2cdb72493685498e439a8706b0a
bbffc0c93e916ccb7d66d11e94faea34a87a8913525287b044fad93d9551e2cc

HTTP Headers

GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
Origin: https://sylvesterblacknallbsmxkuerr.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oq3koYI55Zjw2clWpyoNNOl%2F5fx8FwDiGI9%2BMsBoY9GTRjigcC1BGmUO5N0WXWUwfnN%2FDPj3kUuFxCUIPkii4IndANN2WRle%2Bz9elgo8qlTyjLfzNN2SkNQ%2BOj4%2Fup76B%2FYReZQ9rUgB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94f89e730b49-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=

142.250.74.142

200 OK

20 B

URL GET HTTP/2
suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
a1b72ded50d7e2b047cd0d3966b148ab
8ff9743451774724c183efa801b999ecce23821a
4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f

HTTP Headers

GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:02 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-AUXL5KFs6iUf2uMY3AtvIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sylvesterblacknallbsmxkuerr.pages.dev/

188.114.97.1

200 OK

17 kB

URL User Request GET HTTP/2
sylvesterblacknallbsmxkuerr.pages.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsylvesterblacknallbsmxkuerr.pages.dev
Fingerprint13:E6:4F:10:7E:DE:9C:5F:E5:CB:AC:64:47:BC:1D:46:EA:DE:F7:24
ValidityThu, 09 May 2024 19:49:57 GMT - Wed, 07 Aug 2024 19:49:56 GMT

File type
HTML document, ASCII text, with very long lines (7816)
Size
17 kB (17424 bytes)
Hash
9e4d199bdcce68a959948bb622099196
1c268b24615bd049766ee9351c1dc2b226b9f42f
b37663c81a40cd5aad4bf13c087583b3ab83bbf6ab1da016ce73880086a4d2ea

HTTP Headers

GET / HTTP/1.1
Host: sylvesterblacknallbsmxkuerr.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:11:59 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ee60d5758493bcc7afc692a991a1cf6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ggGikljqsH%2B%2F9yx8RWBSuNoLXw1yByiU9JIg%2BHka2ZwrPEjz8xnQ2gC6OGky2UHP%2FLbY9KIAmYKLUJCFtDeRTR8p645joANlWo%2BQqoC8O4yrPvRmTQeinGvtIU3Ah0Zyl2AW2e2Ngc9lwEB5gUgPwxZkytqEOPTE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94dd9a3656c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:02 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2a12e4debd94ecd1eb3970e82af7cb7d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 20:12:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jwYKdyogISopWYFGmCTXLQAZlmzFrqxLyR5rXZiOskAu4%2BWS2OjZ2R4hH%2BuMpJblLe%2BShDkMx3sHJGCtOLBBG7dlde8frInFRAD5A1OhrQ5VevagnEj8ffrBpCC5UD%2FOsd4L8HlZOBjcQmmFpzqUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94f039c056be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=237

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=237
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=237 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=104

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
sprangsugar.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=104
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=104 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sylvesterblacknallbsmxkuerr.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=d45a3c56-40ec-494a-836c-4da5ccba2df5:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 20:12:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js

188.114.96.1

200 OK

90 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sylvesterblacknallbsmxkuerr.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89492 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 20:12:03 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 878067
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hwdg7bocfX%2FEq8SBJ8qfmhTgkcl08NPn%2FhlKXJxVz%2BjQgbhKD4KDiA%2FFx9B6upg5JAZRVdRWKexg5Aw68X1utqEJdYAEHOE9NjX%2Box%2FBSp%2Bvzp6vyuHmVsDrJPEAmiBFyk342%2B%2FqoRVu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c94f8eeaa0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash