Report - gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC

Report Overview

Submitted URL
gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 13:05:06
Access
public
Website Title
AC Milan Inter
Final URL
gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
arsnivyr.com	unknown	2022-07-08	2022-07-08	2024-02-11	5.5 kB	462 kB	139.45.197.242
imasdk.googleapis.com	11661	2005-01-25	2014-10-30	2024-04-23	1.5 kB	1.2 MB	142.250.74.106
interbuzznews.com	237501	2018-07-24	2018-08-10	2024-04-18	6.0 kB	163 kB	139.45.197.154
bvv.dirgventures.net	unknown	unknown	No data	No data	458 B	51 kB	104.21.53.100
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-24	437 B	31 kB	142.250.74.138
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-24	890 B	173 kB	142.250.74.168
gbggu099.tryupkora.com	unknown	unknown	No data	No data	4.8 kB	523 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-23	437 B	751 B	139.45.195.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	arsnivyr.com	Sinkholed
2024-04-24	medium	arsnivyr.com	Sinkholed
2024-04-24	medium	arsnivyr.com	Sinkholed
2024-04-24	medium	arsnivyr.com	Sinkholed
2024-04-24	medium	arsnivyr.com	Sinkholed
2024-04-24	medium	arsnivyr.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js	87 kB	2023-03-07	2024-05-06
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-06 00:15:44 Times Seen267095 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	www.googletagmanager.com/gtag/js?id=UA-79429268-4&l=dataLayer&cx=c	196 kB	2024-04-24	2024-04-24
Pretty URL www.googletagmanager.com/gtag/js?id=UA-79429268-4&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:15 Times Seen2 Hash a82ea99ccb667921cd7226619e1a6302 96d5f15c39205e7a269d18780b534da24f92c5cd 34da28d774ab0e8775d0563d67b611184de302bf5c744d828d9fdadeca8ca1ff Loading...

	imasdk.googleapis.com/js/core/bridge3.636.0_en.html#goog_1022372946	732 kB	2024-04-23	2024-04-25
Pretty URL imasdk.googleapis.com/js/core/bridge3.636.0_en.html#goog_1022372946 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-23 22:55:26 Last Seen2024-04-25 07:55:02 Times Seen8 Hash 60a3d612450e0e908fbf8431ce07c915 0c1a26c22679b5986fa2b8f222e33eb8d5c63702 c2a0ff94e375b45697fc6e41ffb14f7900c4238f640d2960f7af509cadcaf87b Loading...

	gbggu099.tryupkora.com/Scripts/rmvmp511/crmv-vast511.min.js?v=6	1.8 MB	2024-04-24	2024-04-24
Pretty URL gbggu099.tryupkora.com/Scripts/rmvmp511/crmv-vast511.min.js?v=6 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:15 Times Seen2 Hash 046c526447361209ef1a22d579cceaf3 7756ec1c636c62e7ce482ecf8d5275756819ac61 81a156e37622cc61287598efb40f5cf7008d0f6866e6983c8dd409f436ec588b Loading...

	gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC	299 B	2024-04-24	2024-04-24
Pretty URL gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:14 Times Seen1 Hash fa778fd50597bfd0e817864d574e73c4 32c90df124eb7d6b1a6c2e4711e040dfa054ac1a 51c1899d0eb10e95fb3f0689f4f398d881b34e4e900e0cfc3b25735a67a941d5 Loading...

	arsnivyr.com/1?z=5561100	42 kB	2024-04-24	2024-04-24
Pretty URL arsnivyr.com/1?z=5561100 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:15 Times Seen2 Hash c09545276c48164f7ed48004d9b58a0f a5cc60d298235e0be87746cba570a9fc2d3d39b6 5bad3de9a9d8f1304a766bfb6dac3a65027e7f06e6a8e7b036c65cafc47c8ce5 Loading...

	ssl.google-analytics.com/ga.js	3.4 kB	2023-04-11	2024-05-05
Pretty URL ssl.google-analytics.com/ga.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:38:13 Last Seen2024-05-05 23:41:09 Times Seen20196 Hash b6f6d7efd99960ab916ee096e061f2e7 e21f1b5b99444ed4e4f62308cf616edd93ee852e bbb1ca9c206e0ed72478ea72f3ca038cf739fd540d5d1c2da19620c942e4c4f4 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-06
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-06 01:34:18 Times Seen344556 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	gbggu099.tryupkora.com/embed/sandbox%20eval%20code	147 B	2023-04-11	2024-05-06
Pretty URL gbggu099.tryupkora.com/embed/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-06 01:34:17 Times Seen345063 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	imasdk.googleapis.com/js/sdkloader/ima3.js	397 kB	2024-04-23	2024-04-25
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 17:58:04 Last Seen2024-04-25 22:15:41 Times Seen52 Hash 022a46e0e26c7847859a60529b1c7d04 6423cfe52cc2792b5e9e76ed6ed069601fad0689 9b6570d449af422e59a77fd07da2e468276d453cfac63e427ae6a7cfade6f03e Loading...

	arsnivyr.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-05
Pretty URL arsnivyr.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-05 20:49:55 Times Seen182 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2024-04-24	2024-04-24
Pretty URL interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.154 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:14 Times Seen1 Hash 8c6417626f177adc2be33b2fdf21eeea 0d442ae880dd3e7c56a7fb27450e78a9c78f472b 2d588183338d98a93fa2cd9b4f7de2b04695cea14f3308cd969f6338ac08c125 Loading...

	imasdk.googleapis.com/js/core/bridge3.636.0_en.html#goog_1022372946	352 B	2023-03-07	2024-05-05
Pretty URL imasdk.googleapis.com/js/core/bridge3.636.0_en.html#goog_1022372946 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:08 Last Seen2024-05-05 17:47:22 Times Seen3815 Hash ed714902dd4f1ac0547ae6a96924f09c d3bce72c128b0764bf3e719fa03be31d3f072467 140fb280504a3242f767176791c1cfbe8c7cef3bb489c20b851d926ba401e29e Loading...

	gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC	535 B	2024-04-24	2024-04-24
Pretty URL gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:14 Times Seen1 Hash 37447eda158ce319237a1c7222bdd772 4cd33679ce3a5bf7fa424cd22d6c3c9c4bfb63a5 34dcf3aebf8c6fa1f442ce46fddcd4e534ed4fe1b1c7e913e08d6a98dbf6c006 Loading...

	gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC	297 B	2024-04-24	2024-04-24
Pretty URL gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:14 Times Seen1 Hash 148c6b79a2c69b18110cbea5f73c0dcd 37e65713ebc5dfaf8ed7ac2d88efd536a92e5a41 5ce4fe856f062e8f590c157f234106e26238e75322bc49ed1a6e961bf5ec2029 Loading...

	gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC	12 kB	2024-04-24	2024-04-24
Pretty URL gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 15:05:14 Last Seen2024-04-24 15:05:15 Times Seen1 Hash 7bdc3f5dd53ee32ac8e7b7c0e377556c 6477a7abd5805c560567cf38d45ebb7249372baa df773db04f2cdf7dd89cc33e94b48169676bae870b4deda48229caed96d6385e Loading...

	gbggu099.tryupkora.com/embed/sandbox%20eval%20code	148 B	2023-04-11	2024-05-05
Pretty URL gbggu099.tryupkora.com/embed/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:38:13 Last Seen2024-05-05 23:41:09 Times Seen20255 Hash 64fe6fe97a487c82c5be70158b71aa87 b93ba17d1796e404b0ca1ef6f262bbbb0c427366 3ec8a12103cf9c2e91b9be1329d1e9f1c53043e38a641070650d1b8d07dbbcd2 Loading...

	www.googletagmanager.com/gtag/js?id=G-6T0W0C33T6	297 kB	2024-04-24	2024-04-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-6T0W0C33T6 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 15:05:15 Last Seen2024-04-24 15:05:15 Times Seen2 Hash 98b49e2e1179a4210ace2a5a818f0c89 e470a4d5c79846ff03e8f6357b5a7bb0e007e280 d468c3314bbc3f679a3f164c649471c7e61393ac91ab0f8561c7ad9f50d1257a Loading...

HTTP Transactions (26)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32030)
Size
30 kB (30244 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 20:37:52 GMT
expires: Sat, 19 Apr 2025 20:37:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 404806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-6T0W0C33T6

142.250.74.168

200 OK

100 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-6T0W0C33T6
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (7711)
Size
100 kB (99817 bytes)
Hash
98b49e2e1179a4210ace2a5a818f0c89
e470a4d5c79846ff03e8f6357b5a7bb0e007e280
d468c3314bbc3f679a3f164c649471c7e61393ac91ab0f8561c7ad9f50d1257a

HTTP Headers

GET /gtag/js?id=G-6T0W0C33T6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 13:04:38 GMT
expires: Wed, 24 Apr 2024 13:04:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 99817
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/rmp-font.woff2?s73jsd

188.114.96.1

200 OK

9.2 kB

URL GET HTTP/3
gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/rmp-font.woff2?s73jsd
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9204, version 1.0
Size
9.2 kB (9204 bytes)
Hash
110ee660dc64362b5945138daff98480
9474ffb5f1bdd9a14bc1e2b321bf5aa9ebe53be3
0f61c0b0df63d46075f6c7b82cfdcf833dcee642cfa41b55bbdec201c893359c

HTTP Headers

GET /Scripts/rmvmp511/css/fonts/rmp-font.woff2?s73jsd HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: font/x-woff2
content-length: 9204
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:44 GMT
etag: "cf3f81bff3bdd61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514258
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2wMV%2FIn8zvhveDc8%2FqXDAtIwgd%2BHzruLGh5VWnO2qw2IoeMhrVfZ6oMUjIkBl27wazsYw8gD5PAr3YG%2Ba1xF%2BQJE%2FmxGWbrMoByRQxn8n%2B%2FFSQu%2F1kLqRRLdTiMXcBk6o13%2BRdXY8NsF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964cdfef05b527-OSL
alt-svc: h3=":443"; ma=86400

gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2

188.114.96.1

200 OK

16 kB

URL GET HTTP/3
gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

HTTP Headers

GET /Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: font/x-woff2
content-length: 15736
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:51 GMT
etag: "309b11c4f3bdd61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514258
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2B%2Fui3MzSsr5xMnwi20q1pbWbm%2FYK4euiiuX7fKNGkUiyjdxVjSAyRh9lLLo5do5liOwZS4hhmrKwq1HXvWTQmFaNTGoFcvTnj95oJx7Pr31ZzJRklu2EyLqzieKakrtXO8DDvmoGD2S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce01f57b527-OSL
alt-svc: h3=":443"; ma=86400

gbggu099.tryupkora.com/Scripts/rmvmp511/crmv-vast511.min.js?v=6

188.114.96.1

200 OK

366 kB

URL GET HTTP/3
gbggu099.tryupkora.com/Scripts/rmvmp511/crmv-vast511.min.js?v=6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
JavaScript source, ASCII text, with very long lines (1278), with CRLF line terminators
Size
366 kB (365720 bytes)
Hash
046c526447361209ef1a22d579cceaf3
7756ec1c636c62e7ce482ecf8d5275756819ac61
81a156e37622cc61287598efb40f5cf7008d0f6866e6983c8dd409f436ec588b

HTTP Headers

GET /Scripts/rmvmp511/crmv-vast511.min.js?v=6 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:37 GMT
content-type: application/javascript
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:55:29 GMT
etag: W/"801e6287f5bdd61:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H1yE7%2BIF6DM8d3Du7REAVTCvC8YMIZTekCQUflILZLTcNqtpud2HI8iBk3p6O0VdftGFNQadiYZ82ayuWb12CpJya%2Bou4JvXEXgdJEMX%2B2qMtibCLNgcBTvJ%2Bq8UXBvY1CMKZm4939t1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdd5bc6b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
8b9f609b2d2bf0ceef65efd3bf628534
3d608705d0876be39655518fedcb7252c77bb107
46247054c5ae2e577c625a23f56a5c7e4a758e57a89ed8161d6938d0ee6fe0f1

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-79429268-4&l=dataLayer&cx=c

142.250.74.168

200 OK

72 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-79429268-4&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (2165)
Size
72 kB (71514 bytes)
Hash
a82ea99ccb667921cd7226619e1a6302
96d5f15c39205e7a269d18780b534da24f92c5cd
34da28d774ab0e8775d0563d67b611184de302bf5c744d828d9fdadeca8ca1ff

HTTP Headers

GET /gtag/js?id=UA-79429268-4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 13:04:38 GMT
expires: Wed, 24 Apr 2024 13:04:38 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 71514
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

arsnivyr.com/1?z=5561100&oo=1&oaid=0800485d44f4459aeffbf3bd21631bea

139.45.197.242

200 OK

967 B

URL GET HTTP/2
arsnivyr.com/1?z=5561100&oo=1&oaid=0800485d44f4459aeffbf3bd21631bea
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectarsnivyr.com
Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0
ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT

File type
JSON text data
Size
967 B (967 bytes)
Hash
c709b45c0d55dfa69b00a12cb8de58c2
bf657a4c4f6b8151ba22deb64bd498554095db68
9d928e0333f40e661d72bb3250074895fb0c9743b146c944780dbc006137b353

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=5561100&oo=1&oaid=0800485d44f4459aeffbf3bd21631bea HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0400484b66414020e0a6f34bdeeed3d5; oaidts=1713963878
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: application/json
content-length: 967
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 94f23dfcf8387c65b50663d5fdcba072
access-control-expose-headers: X-Sc
set-cookie: OAID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2

188.114.96.1

200 OK

16 kB

URL GET HTTP/3
gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

HTTP Headers

GET /Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
Cookie: _ga_6T0W0C33T6=GS1.1.1713963878.1.0.1713963878.0.0.0; _ga=GA1.1.651788870.1713963879
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: font/x-woff2
content-length: 15736
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:51 GMT
etag: "309b11c4f3bdd61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514258
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Airl2Z6V6tixHa%2BSV60zVuv%2FsPxMdsqD5h546fYsOyGUSXWXJPXZs882gKN91Bvt8pz8SW7W%2FG4ywysa6%2BM2vq%2BmD2hTp5h24NNMwu0u8%2B0VLeDdhA%2FhZyPgzoG0IZHYnDR0jx6jFG4A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce2dcfab527-OSL
alt-svc: h3=":443"; ma=86400

imasdk.googleapis.com/js/sdkloader/ima3.js

142.250.74.106

200 OK

136 kB

URL GET HTTP/2
imasdk.googleapis.com/js/sdkloader/ima3.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (1754)
Size
136 kB (136105 bytes)
Hash
022a46e0e26c7847859a60529b1c7d04
6423cfe52cc2792b5e9e76ed6ed069601fad0689
9b6570d449af422e59a77fd07da2e468276d453cfac63e427ae6a7cfade6f03e

HTTP Headers

GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 136105
date: Wed, 24 Apr 2024 13:04:38 GMT
expires: Wed, 24 Apr 2024 13:04:38 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

imasdk.googleapis.com/js/core/bridge3.636.0_en.html

142.250.74.106

249 kB

URL
imasdk.googleapis.com/js/core/bridge3.636.0_en.html
IP
142.250.74.106:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
HTML document, ASCII text, with very long lines (48587)
Size
249 kB (248977 bytes)
Hash
65d92d52f7232ed92245ad2c561c1844
32c9a69879d8840933930c3ef78ba44705953e6a
b18abbfc199ca7e65145e5bdb6a5dd710b7906c7b9c378f77c831f9315645ada

HTTP Headers

GET /js/core/bridge3.636.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 248977
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Apr 2024 19:49:31 GMT
expires: Tue, 22 Apr 2025 19:49:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 19:45:07 GMT
content-type: text/html
vary: Accept-Encoding
age: 148508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

arsnivyr.com/9?z=5561100&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=0800485d44f4459aeffbf3bd21631bea

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
arsnivyr.com/9?z=5561100&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=0800485d44f4459aeffbf3bd21631bea
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectarsnivyr.com
Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0
ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=5561100&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=0800485d44f4459aeffbf3bd21631bea HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://gbggu099.tryupkora.com/
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=107

139.45.197.242

200 OK

0 B

URL GET HTTP/2
arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=107
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectarsnivyr.com
Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0
ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=107 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0800485d44f4459aeffbf3bd21631bea; oaidts=1713963878
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: db7c85df008f05ff55595fb53ddedc7b
access-control-expose-headers: X-Sc
set-cookie: OAID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

interbuzznews.com/contents/s/49/ac/1b/d77767235d7ee6dc9694cd58fe/01361664324469.png

139.45.197.154

200 OK

11 kB

URL GET HTTP/2
interbuzznews.com/contents/s/49/ac/1b/d77767235d7ee6dc9694cd58fe/01361664324469.png
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0
ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
11 kB (10638 bytes)
Hash
49ac1bd77767235d7ee6dc9694cd58fe
cc3ca7a3b8e81c51db6025be30f81060f62d1b07
606c9bc83cddd3d980fe8f612c8f0fdf28844904072eb5655bdbc984aae657a5

HTTP Headers

GET /contents/s/49/ac/1b/d77767235d7ee6dc9694cd58fe/01361664324469.png HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/png
content-length: 10638
last-modified: Tue, 23 Apr 2024 06:14:18 GMT
vary: Accept-Encoding
etag: "662751ba-298e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interbuzznews.com/contents/s/f9/74/b5/01b7bc679ca6d1b07b17265767/01665758788495.jpeg

139.45.197.154

200 OK

97 kB

URL GET HTTP/2
interbuzznews.com/contents/s/f9/74/b5/01b7bc679ca6d1b07b17265767/01665758788495.jpeg
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0
ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x600, components 3
Size
97 kB (96998 bytes)
Hash
f974b501b7bc679ca6d1b07b17265767
01f54b97bd1f944c5c6e06f253a4ccdb23baaa91
7d1f878482d9dc4b29a49d240220d1020d13877acc3dcfc3d18f5628309222d4

HTTP Headers

GET /contents/s/f9/74/b5/01b7bc679ca6d1b07b17265767/01665758788495.jpeg HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/jpeg
content-length: 96998
last-modified: Wed, 17 Apr 2024 03:04:59 GMT
vary: Accept-Encoding
etag: "661f3c5b-17ae6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL GET HTTP/2
arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectarsnivyr.com
Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0
ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0800485d44f4459aeffbf3bd21631bea; oaidts=1713963878
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 20b7ecf4f9a803f50622dbe928f8b801
access-control-expose-headers: X-Sc
set-cookie: OAID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
oaidvc=1; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
CNT=1_v1_lSY-AQEAAAB9TQAA; expires=Wed, 24 Apr 2024 14:04:39 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

arsnivyr.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
arsnivyr.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectarsnivyr.com
Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0
ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (413423 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0800485d44f4459aeffbf3bd21631bea; oaidts=1713963878
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 66043195163c0edf9f1851c89723e6a3
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.154

200 OK

53 kB

URL GET HTTP/2
interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0
ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT

File type
HTML document, ASCII text, with very long lines (45774)
Size
53 kB (53403 bytes)
Hash
54b7747c4d222eff16eed4b886c0349a
a361deaba230b96f440b71ea7f60ac9417597ddd
c2a88a431a49ca391ceb06a10ca976f795465fa5425e4a78b19feb36ff52ac6e

HTTP Headers

GET /?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=DgnMQjKMLMObLrvL9eK5IM5OA1xRC8qTs2_kYWpYKW0; expires=Wed, 24-Apr-2024 14:04:39 GMT; Max-Age=3600; path=/
OAID=0da31050d01dbff443e6d2e2d5363173; expires=Thu, 17-Aug-2079 02:09:18 GMT; Max-Age=1745499879; path=/
oaidts=1713963879; expires=Thu, 17-Aug-2079 02:09:18 GMT; Max-Age=1745499879; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

arsnivyr.com/1?z=5561100

139.45.197.242

200 OK

42 kB

URL GET HTTP/2
arsnivyr.com/1?z=5561100
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerLet's Encrypt
Subjectarsnivyr.com
Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0
ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
42 kB (42483 bytes)
Hash
c09545276c48164f7ed48004d9b58a0f
a5cc60d298235e0be87746cba570a9fc2d3d39b6
5bad3de9a9d8f1304a766bfb6dac3a65027e7f06e6a8e7b036c65cafc47c8ce5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=5561100 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: b2a900cfb99a7c3f69043327b980a2a0
access-control-expose-headers: X-Sc
x-sc: XCjkgvy0W2E-cznwrosvDiIB1qg4EPdU2Y_-LCUdQpqDF44Mkxq3qWhbgH2LkgBU07_XDVgLGXIfvlvnnHBlTRCEgO0=
set-cookie: scm=1; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
OAID=0400484b66414020e0a6f34bdeeed3d5; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC

188.114.96.1

200 OK

16 kB

URL User Request GET HTTP/2
gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
JavaScript source, ASCII text, with very long lines (4052), with CRLF line terminators
Size
16 kB (16273 bytes)
Hash
0309093d11eabed977bcad5633d14996
b296ccb4ef7251a66f507517c1631f7355fe92f5
cfbe1c03ec3a1b72532f50e69201a967078a8b35810d23c74428cbdd3ebc3c0b

HTTP Headers

GET /embed/GGJOWIZAgdtyC HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 13:04:37 GMT
content-type: text/html; charset=utf-8
cache-control: private
x-aspnetmvc-version: 5.2
access-control-allow-origin: *, *
x-aspnet-version: 4.0.30319
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kgdvpko%2B6qhlGXBEygPjyOinlJPLMY36Q6xdsX7QXlR%2BfI1W6KWUBtzfO49BPTxWAyNMWPhzjlmgrOqtWC1PdU72IPsBufXXMluYonFUctrIq4pkyJ3CJp0CWcLybDnnZkkBLruZAU7g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdae9dd5693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gbggu099.tryupkora.com/PlayerAnalytics/TrackVideoHostStatus/279533

188.114.96.1

200 OK

109 B

URL POST HTTP/3
gbggu099.tryupkora.com/PlayerAnalytics/TrackVideoHostStatus/279533
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
109 B (109 bytes)
Hash
c1b27797ac93c1db9cd892b45cb46cb2
f9dcc27c14e7ead70890a26eecf1830f246092c7
6b67e7bdf7f3ba79d0055c7ab2abc11958b29dbdbac743aac2d007b21c694482

HTTP Headers

POST /PlayerAnalytics/TrackVideoHostStatus/279533 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Content-Type: application/json
Content-Length: 28
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Cookie: _ga_6T0W0C33T6=GS1.1.1713963878.1.0.1713963878.0.0.0; _ga=GA1.1.651788870.1713963879
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: application/json; charset=utf-8
cache-control: private
x-aspnetmvc-version: 5.2
access-control-allow-origin: same, *
x-aspnet-version: 4.0.30319
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I9Tex%2BgqYljYnpsy8SyuvKrH0IjJAy2vZy92SKoKAeITSKzFIDEOts2xeoXxbERyMIPh69t7AI8XeJ3362yPgp8Bk%2B%2FPRVtKd2hhHwpWTGppL%2BZYf6TgIAEzpS3fdiS%2BQMMO%2F2Lj10iP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964ce41f33b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css

188.114.96.1

200 OK

85 kB

URL GET HTTP/3
gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
ASCII text, with very long lines (65250)
Size
85 kB (85097 bytes)
Hash
f713845a32b9719a3e81afe9f749170c
f079c02774cda1f58707ce5741bd0f240e5daa94
f7ca66138172ef4bde41b0cb74053f628ece0e9e6e31a35d1cbb830b558c1a91

HTTP Headers

GET /Scripts/rmvmp511/css/rmp-s1.min.css HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: text/css
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:09 GMT
etag: W/"80ce8baaf3bdd61:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3i6ZuCLjPBoLFuOY8Qzbd7weM3yVHCePtinn4mWN23euKYfKNMwjbnggp4%2BiQoPDdS6hHlZV9F7tzN31M4VkewY9gDrP%2BnZSqqLhGtY9evVmQcBYkQR9%2BQNpp96OiJ6u1XEnHByiBBh1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdf3e60b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

imasdk.googleapis.com/js/core/bridge3.636.0_en.html

142.250.74.106

200 OK

780 kB

URL GET HTTP/3
imasdk.googleapis.com/js/core/bridge3.636.0_en.html
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
HTML document, ASCII text, with very long lines (48587)
Size
780 kB (780483 bytes)
Hash
65d92d52f7232ed92245ad2c561c1844
32c9a69879d8840933930c3ef78ba44705953e6a
b18abbfc199ca7e65145e5bdb6a5dd710b7906c7b9c378f77c831f9315645ada

HTTP Headers

GET /js/core/bridge3.636.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 248977
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Apr 2024 19:49:31 GMT
expires: Tue, 22 Apr 2025 19:49:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 19:45:07 GMT
content-type: text/html
vary: Accept-Encoding
age: 148508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

gbggu099.tryupkora.com/favicon.ico

188.114.96.1

200 OK

3.6 kB

URL GET HTTP/3
gbggu099.tryupkora.com/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
PNG image data, 25 x 20, 8-bit/color RGBA, non-interlaced
Size
3.6 kB (3589 bytes)
Hash
63617949e65161fb053f7767b40f3cf9
149ba4794c7dab30a86cfae4766fe4c11e307c4f
4e1902769489c2aa26a1ad2e5266fb996ef22d48119c51b5da38bd7c3d376535

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: image/x-icon
cache-control: public, max-age=25920000
last-modified: Mon, 29 Jun 2020 15:25:56 GMT
etag: W/"afdc395294ed61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pM5zoPrKURT3ZvTniB3XJgv5Nh1YdVxb6%2B83FLJywXt6c6zMScSFbYqYo3uXk73Cf2NGFgTooL%2B9%2FDQm0W4fgQFQNg0z9NLdnGG6CygYkixIo9hm5WfmPXJkchD8C1Qn5evHfVHt%2BiQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce0b829b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbggu099.tryupkora.com/Content/styles.css

188.114.96.1

200 OK

3.5 kB

URL GET HTTP/3
gbggu099.tryupkora.com/Content/styles.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjecttryupkora.com
Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E
ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT

File type
Unicode text, UTF-8 text, with very long lines (3820), with no line terminators
Size
3.5 kB (3545 bytes)
Hash
91223eb0465e29deebf7a5cbc3b43570
b75312c0b5bdf37aab6a6ee4cf34663b8b317ded
30c43327341c9038c2999b3c0ca2d0001ca2e21cc402ec009bfec6c73333e286

HTTP Headers

GET /Content/styles.css HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:37 GMT
content-type: text/css
cache-control: public, max-age=25920000
last-modified: Tue, 18 Sep 2018 11:34:56 GMT
etag: W/"0309f9f434fd41:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqWPpse486wENXEx3RYLN%2B5qVFcOZf%2B%2Fo4UkY92EavU62M%2BycPXlgudujKfX01lzS7gwS7oavR7LA6vS5aZ35vve6u9qVT1seh1Jhov9psoUkQcwXc%2B%2FZTZYWbzl3nlMKX%2FQ2fT4CB11"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdd4bc4b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bvv.dirgventures.net/UpFiles/2024/4/22/51/279533/0.png

104.21.53.100

200 OK

50 kB

URL GET HTTP/2
bvv.dirgventures.net/UpFiles/2024/4/22/51/279533/0.png
IP
104.21.53.100:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Certificate
IssuerGoogle Trust Services LLC
Subjectdirgventures.net
Fingerprint23:12:6A:9D:14:78:62:6C:37:B0:2B:17:BA:CA:9F:D7:EF:BC:6B:B6
ValidityWed, 27 Mar 2024 11:00:45 GMT - Tue, 25 Jun 2024 11:00:44 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.24.102", baseline, precision 8, 1280x720, components 3
Size
50 kB (49968 bytes)
Hash
a55507171c5170fc950ef6a5bd1d54d1
d3d1a2d05683b1286fb78ab75c9b2f2c7ee32729
e42e08847cf6ccc579c64874a2e818716e51fa068104f5e7644d27c69f0dd79c

HTTP Headers

GET /UpFiles/2024/4/22/51/279533/0.png HTTP/1.1
Host: bvv.dirgventures.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: image/png
content-length: 49968
cache-control: public, max-age=25920000
pragma: public
expires: 604800
last-modified: Mon, 22 Apr 2024 21:05:18 GMT
etag: "9127cdc7f894da1:0"
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, origin, content-type, accept
access-control-allow-origin: *
cf-cache-status: HIT
age: 143292
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iI3V7QCJp4OrrW5AuF1H9EkxAd%2FDoP%2BQWN2rs14imguP9SPKOeJ8QRIJ1yEL%2FTmEK2hXG1JCTHbywo9NR9cOlcY3JoPPNPPhdounK9cJfTaFBdZwgKv4XWIleRDzJJIe%2FRr%2FQ1ZGwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce02dac56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML