| ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js | 142.250.74.138 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP142.250.74.138:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeJavaScript source, ASCII text, with very long lines (32030) Hashe071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 20:37:52 GMT
expires: Sat, 19 Apr 2025 20:37:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 404806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-6T0W0C33T6 | 142.250.74.168 | 200 OK | 100 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-6T0W0C33T6 IP142.250.74.168:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (7711) Hash98b49e2e1179a4210ace2a5a818f0c89 e470a4d5c79846ff03e8f6357b5a7bb0e007e280 d468c3314bbc3f679a3f164c649471c7e61393ac91ab0f8561c7ad9f50d1257a
GET /gtag/js?id=G-6T0W0C33T6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 13:04:38 GMT
expires: Wed, 24 Apr 2024 13:04:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 99817
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/rmp-font.woff2?s73jsd | 188.114.96.1 | 200 OK | 9.2 kB |
URL GET HTTP/3gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/rmp-font.woff2?s73jsd IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 9204, version 1.0 Hash110ee660dc64362b5945138daff98480 9474ffb5f1bdd9a14bc1e2b321bf5aa9ebe53be3 0f61c0b0df63d46075f6c7b82cfdcf833dcee642cfa41b55bbdec201c893359c
GET /Scripts/rmvmp511/css/fonts/rmp-font.woff2?s73jsd HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: font/x-woff2
content-length: 9204
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:44 GMT
etag: "cf3f81bff3bdd61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514258
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2wMV%2FIn8zvhveDc8%2FqXDAtIwgd%2BHzruLGh5VWnO2qw2IoeMhrVfZ6oMUjIkBl27wazsYw8gD5PAr3YG%2Ba1xF%2BQJE%2FmxGWbrMoByRQxn8n%2B%2FFSQu%2F1kLqRRLdTiMXcBk6o13%2BRdXY8NsF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964cdfef05b527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 | 188.114.96.1 | 200 OK | 16 kB |
URL GET HTTP/3gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15736, version 1.0 Hash479970ffb74f2117317f9d24d9e317fe 81c796737cbe44d4a719777f0aff14b73a3efb1e 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
GET /Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: font/x-woff2
content-length: 15736
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:51 GMT
etag: "309b11c4f3bdd61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514258
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2B%2Fui3MzSsr5xMnwi20q1pbWbm%2FYK4euiiuX7fKNGkUiyjdxVjSAyRh9lLLo5do5liOwZS4hhmrKwq1HXvWTQmFaNTGoFcvTnj95oJx7Pr31ZzJRklu2EyLqzieKakrtXO8DDvmoGD2S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce01f57b527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gbggu099.tryupkora.com/Scripts/rmvmp511/crmv-vast511.min.js?v=6 | 188.114.96.1 | 200 OK | 366 kB |
URL GET HTTP/3gbggu099.tryupkora.com/Scripts/rmvmp511/crmv-vast511.min.js?v=6 IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeJavaScript source, ASCII text, with very long lines (1278), with CRLF line terminators Size366 kB (365720 bytes) Hash046c526447361209ef1a22d579cceaf3 7756ec1c636c62e7ce482ecf8d5275756819ac61 81a156e37622cc61287598efb40f5cf7008d0f6866e6983c8dd409f436ec588b
GET /Scripts/rmvmp511/crmv-vast511.min.js?v=6 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:37 GMT
content-type: application/javascript
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:55:29 GMT
etag: W/"801e6287f5bdd61:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H1yE7%2BIF6DM8d3Du7REAVTCvC8YMIZTekCQUflILZLTcNqtpud2HI8iBk3p6O0VdftGFNQadiYZ82ayuWb12CpJya%2Bou4JvXEXgdJEMX%2B2qMtibCLNgcBTvJ%2Bq8UXBvY1CMKZm4939t1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdd5bc6b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash8b9f609b2d2bf0ceef65efd3bf628534 3d608705d0876be39655518fedcb7252c77bb107 46247054c5ae2e577c625a23f56a5c7e4a758e57a89ed8161d6938d0ee6fe0f1
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-79429268-4&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 72 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=UA-79429268-4&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (2165) Hasha82ea99ccb667921cd7226619e1a6302 96d5f15c39205e7a269d18780b534da24f92c5cd 34da28d774ab0e8775d0563d67b611184de302bf5c744d828d9fdadeca8ca1ff
GET /gtag/js?id=UA-79429268-4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 13:04:38 GMT
expires: Wed, 24 Apr 2024 13:04:38 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 71514
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| arsnivyr.com/1?z=5561100&oo=1&oaid=0800485d44f4459aeffbf3bd21631bea | 139.45.197.242 | 200 OK | 967 B |
URL GET HTTP/2arsnivyr.com/1?z=5561100&oo=1&oaid=0800485d44f4459aeffbf3bd21631bea IP139.45.197.242:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectarsnivyr.com Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0 ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT
Hashc709b45c0d55dfa69b00a12cb8de58c2 bf657a4c4f6b8151ba22deb64bd498554095db68 9d928e0333f40e661d72bb3250074895fb0c9743b146c944780dbc006137b353
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=5561100&oo=1&oaid=0800485d44f4459aeffbf3bd21631bea HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0400484b66414020e0a6f34bdeeed3d5; oaidts=1713963878
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: application/json
content-length: 967
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 94f23dfcf8387c65b50663d5fdcba072
access-control-expose-headers: X-Sc
set-cookie: OAID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 | 188.114.96.1 | 200 OK | 16 kB |
URL GET HTTP/3gbggu099.tryupkora.com/Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15736, version 1.0 Hash479970ffb74f2117317f9d24d9e317fe 81c796737cbe44d4a719777f0aff14b73a3efb1e 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
GET /Scripts/rmvmp511/css/fonts/roboto-v20-latin-regular.woff2 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css
Cookie: _ga_6T0W0C33T6=GS1.1.1713963878.1.0.1713963878.0.0.0; _ga=GA1.1.651788870.1713963879
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: font/x-woff2
content-length: 15736
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:51 GMT
etag: "309b11c4f3bdd61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514258
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Airl2Z6V6tixHa%2BSV60zVuv%2FsPxMdsqD5h546fYsOyGUSXWXJPXZs882gKN91Bvt8pz8SW7W%2FG4ywysa6%2BM2vq%2BmD2hTp5h24NNMwu0u8%2B0VLeDdhA%2FhZyPgzoG0IZHYnDR0jx6jFG4A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce2dcfab527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| imasdk.googleapis.com/js/sdkloader/ima3.js | 142.250.74.106 | 200 OK | 136 kB |
URL GET HTTP/2imasdk.googleapis.com/js/sdkloader/ima3.js IP142.250.74.106:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeJavaScript source, ASCII text, with very long lines (1754) Size136 kB (136105 bytes) Hash022a46e0e26c7847859a60529b1c7d04 6423cfe52cc2792b5e9e76ed6ed069601fad0689 9b6570d449af422e59a77fd07da2e468276d453cfac63e427ae6a7cfade6f03e
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 136105
date: Wed, 24 Apr 2024 13:04:38 GMT
expires: Wed, 24 Apr 2024 13:04:38 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imasdk.googleapis.com/js/core/bridge3.636.0_en.html | 142.250.74.106 | | 249 kB |
URL imasdk.googleapis.com/js/core/bridge3.636.0_en.html IP142.250.74.106:0
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeHTML document, ASCII text, with very long lines (48587) Size249 kB (248977 bytes) Hash65d92d52f7232ed92245ad2c561c1844 32c9a69879d8840933930c3ef78ba44705953e6a b18abbfc199ca7e65145e5bdb6a5dd710b7906c7b9c378f77c831f9315645ada
GET /js/core/bridge3.636.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 248977
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Apr 2024 19:49:31 GMT
expires: Tue, 22 Apr 2025 19:49:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 19:45:07 GMT
content-type: text/html
vary: Accept-Encoding
age: 148508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| arsnivyr.com/9?z=5561100&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=0800485d44f4459aeffbf3bd21631bea | 139.45.197.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/2arsnivyr.com/9?z=5561100&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=0800485d44f4459aeffbf3bd21631bea IP139.45.197.242:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectarsnivyr.com Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0 ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /9?z=5561100&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&oaid=0800485d44f4459aeffbf3bd21631bea HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://gbggu099.tryupkora.com/
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=107 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=107 IP139.45.197.242:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectarsnivyr.com Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0 ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ot=107 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0800485d44f4459aeffbf3bd21631bea; oaidts=1713963878
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: db7c85df008f05ff55595fb53ddedc7b
access-control-expose-headers: X-Sc
set-cookie: OAID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| interbuzznews.com/contents/s/49/ac/1b/d77767235d7ee6dc9694cd58fe/01361664324469.png | 139.45.197.154 | 200 OK | 11 kB |
URL GET HTTP/2interbuzznews.com/contents/s/49/ac/1b/d77767235d7ee6dc9694cd58fe/01361664324469.png IP139.45.197.154:443
Requested byhttps://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 CertificateIssuerLet's Encrypt Subjectinterbuzznews.com Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0 ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT
File typePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced Hash49ac1bd77767235d7ee6dc9694cd58fe cc3ca7a3b8e81c51db6025be30f81060f62d1b07 606c9bc83cddd3d980fe8f612c8f0fdf28844904072eb5655bdbc984aae657a5
GET /contents/s/49/ac/1b/d77767235d7ee6dc9694cd58fe/01361664324469.png HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/png
content-length: 10638
last-modified: Tue, 23 Apr 2024 06:14:18 GMT
vary: Accept-Encoding
etag: "662751ba-298e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| interbuzznews.com/contents/s/f9/74/b5/01b7bc679ca6d1b07b17265767/01665758788495.jpeg | 139.45.197.154 | 200 OK | 97 kB |
URL GET HTTP/2interbuzznews.com/contents/s/f9/74/b5/01b7bc679ca6d1b07b17265767/01665758788495.jpeg IP139.45.197.154:443
Requested byhttps://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 CertificateIssuerLet's Encrypt Subjectinterbuzznews.com Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0 ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x600, components 3 Hashf974b501b7bc679ca6d1b07b17265767 01f54b97bd1f944c5c6e06f253a4ccdb23baaa91 7d1f878482d9dc4b29a49d240220d1020d13877acc3dcfc3d18f5628309222d4
GET /contents/s/f9/74/b5/01b7bc679ca6d1b07b17265767/01665758788495.jpeg HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/jpeg
content-length: 96998
last-modified: Wed, 17 Apr 2024 03:04:59 GMT
vary: Accept-Encoding
etag: "661f3c5b-17ae6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2arsnivyr.com/11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.242:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectarsnivyr.com Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0 ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=2037075062&z=5561100&b=20850325&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=lVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk=&ruid=d22dee4a-0042-41c2-8edc-4d5e5057ce15&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgbggu099.tryupkora.com%2Fembed%2FGGJOWIZAgdtyC&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0800485d44f4459aeffbf3bd21631bea; oaidts=1713963878
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://gbggu099.tryupkora.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 20b7ecf4f9a803f50622dbe928f8b801
access-control-expose-headers: X-Sc
set-cookie: OAID=0800485d44f4459aeffbf3bd21631bea; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
oaidvc=1; expires=Thu, 24 Apr 2025 13:04:39 GMT; secure; SameSite=None
CNT=1_v1_lSY-AQEAAAB9TQAA; expires=Wed, 24 Apr 2024 14:04:39 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| arsnivyr.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a | 139.45.197.242 | 200 OK | 413 kB |
URL GET HTTP/2arsnivyr.com/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP139.45.197.242:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectarsnivyr.com Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0 ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65523) Size413 kB (413423 bytes) Hash297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Cookie: scm=1; OAID=0800485d44f4459aeffbf3bd21631bea; oaidts=1713963878
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 66043195163c0edf9f1851c89723e6a3
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 | 139.45.197.154 | 200 OK | 53 kB |
URL GET HTTP/2interbuzznews.com/?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP139.45.197.154:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectinterbuzznews.com Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0 ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT
File typeHTML document, ASCII text, with very long lines (45774) Hash54b7747c4d222eff16eed4b886c0349a a361deaba230b96f440b71ea7f60ac9417597ddd c2a88a431a49ca391ceb06a10ca976f795465fa5425e4a78b19feb36ff52ac6e
GET /?l=mos1TZJMzVSxLcK&cd_meta_crid=387600&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D1401552169%26z%3D5561100%26b%3D20850325%26c%3D8129750%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fchat.whatsapp.com%252FK9kf7X2poq61V1mwtFE9j5%253Fcost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DlVry9JpckHxXbn_w3AIpZZWS1BD_PZmCoQpCoAQJNJ9gxRK33pClDqto1aByi7v0Ad6H_XbBXtqT8T6nxD460liB4adWoCo03xtH6Gf7gOev2Inze7MkiAaPMchcKLIb2sR4b9pVNjvGu5IT-0HC-VVm6Ob7xN2wa5-4nlwXcRfn05aWvnVIvuCPkt2XaZiADqGEpAerrEyHPPluwFABUoogWqjgS-XJYd-JJMnCV2xUKHKGVMatio3AcJHzTFNeKPAeGSSb8QEBFOz_ehf6Rinh-JChckbMWl8qe654ypdbxsxE3XX4l8iZYhXQnVV2jTx7f-SFgpxWcmz0IvOPh6NL2fUJzfPDwtcDtIu6_MdQgxj4nKRcM16Y1KP2lS_0LxmqsdR5GJvDploVi8MFE0R6SUBz_9lipSJBPvTpv43OnX2nN9ycAFj6m5vr6l3EyA76T6Jj3kDGZeE9VAbyn_PNpJ1gLDk584_DIHTMoEpP9o2WA7TRzINiZnLEeHpEdOBdiqQyB7ZpO4bNqiAsd8uWfxciMfM3ehiBdmNQXbuCk8AHkbE_yeBwv_XUL260FjB_PtjKUNAaPikgsvkMlUXsNcgDacVUG1QodF0ANTp4bksKNNILS4_CDfDh09zmk_Kedv0MKO7Q4WFnP73pYHGHEgiir9NVIPrbUHjcObQJcNtTDd8UNj1D4C8T8o6F-a5qhGWBscZpdrJFPpUX9KtPsVCqcdP-8CI9hzJBSp-lQ_2c1LVSiBb7ayk%3D%26bag%3DsKsRD2ywzFB-1TOUO1g_Ypl4oh4Afhgk%26ruid%3Dd22dee4a-0042-41c2-8edc-4d5e5057ce15%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fgbggu099.tryupkora.com%252Fembed%252FGGJOWIZAgdtyC%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D2%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=DgnMQjKMLMObLrvL9eK5IM5OA1xRC8qTs2_kYWpYKW0; expires=Wed, 24-Apr-2024 14:04:39 GMT; Max-Age=3600; path=/
OAID=0da31050d01dbff443e6d2e2d5363173; expires=Thu, 17-Aug-2079 02:09:18 GMT; Max-Age=1745499879; path=/
oaidts=1713963879; expires=Thu, 17-Aug-2079 02:09:18 GMT; Max-Age=1745499879; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
|
|
| arsnivyr.com/1?z=5561100 | 139.45.197.242 | 200 OK | 42 kB |
IP139.45.197.242:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerLet's Encrypt Subjectarsnivyr.com Fingerprint4B:EB:80:36:EA:81:4F:3D:2C:D2:E6:15:55:89:69:FF:F2:F5:A0:A0 ValiditySat, 23 Mar 2024 19:22:24 GMT - Fri, 21 Jun 2024 19:22:23 GMT
File typeJavaScript source, ASCII text, with very long lines (42427) Hashc09545276c48164f7ed48004d9b58a0f a5cc60d298235e0be87746cba570a9fc2d3d39b6 5bad3de9a9d8f1304a766bfb6dac3a65027e7f06e6a8e7b036c65cafc47c8ce5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=5561100 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: b2a900cfb99a7c3f69043327b980a2a0
access-control-expose-headers: X-Sc
x-sc: XCjkgvy0W2E-cznwrosvDiIB1qg4EPdU2Y_-LCUdQpqDF44Mkxq3qWhbgH2LkgBU07_XDVgLGXIfvlvnnHBlTRCEgO0=
set-cookie: scm=1; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
OAID=0400484b66414020e0a6f34bdeeed3d5; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
oaidts=1713963878; expires=Thu, 24 Apr 2025 13:04:38 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC | 188.114.96.1 | 200 OK | 16 kB |
URL User Request GET HTTP/2gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeJavaScript source, ASCII text, with very long lines (4052), with CRLF line terminators Hash0309093d11eabed977bcad5633d14996 b296ccb4ef7251a66f507517c1631f7355fe92f5 cfbe1c03ec3a1b72532f50e69201a967078a8b35810d23c74428cbdd3ebc3c0b
GET /embed/GGJOWIZAgdtyC HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 13:04:37 GMT
content-type: text/html; charset=utf-8
cache-control: private
x-aspnetmvc-version: 5.2
access-control-allow-origin: *, *
x-aspnet-version: 4.0.30319
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kgdvpko%2B6qhlGXBEygPjyOinlJPLMY36Q6xdsX7QXlR%2BfI1W6KWUBtzfO49BPTxWAyNMWPhzjlmgrOqtWC1PdU72IPsBufXXMluYonFUctrIq4pkyJ3CJp0CWcLybDnnZkkBLruZAU7g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdae9dd5693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| gbggu099.tryupkora.com/PlayerAnalytics/TrackVideoHostStatus/279533 | 188.114.96.1 | 200 OK | 109 B |
URL POST HTTP/3gbggu099.tryupkora.com/PlayerAnalytics/TrackVideoHostStatus/279533 IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc1b27797ac93c1db9cd892b45cb46cb2 f9dcc27c14e7ead70890a26eecf1830f246092c7 6b67e7bdf7f3ba79d0055c7ab2abc11958b29dbdbac743aac2d007b21c694482
POST /PlayerAnalytics/TrackVideoHostStatus/279533 HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Content-Type: application/json
Content-Length: 28
Origin: https://gbggu099.tryupkora.com
DNT: 1
Connection: keep-alive
Cookie: _ga_6T0W0C33T6=GS1.1.1713963878.1.0.1713963878.0.0.0; _ga=GA1.1.651788870.1713963879
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:39 GMT
content-type: application/json; charset=utf-8
cache-control: private
x-aspnetmvc-version: 5.2
access-control-allow-origin: same, *
x-aspnet-version: 4.0.30319
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I9Tex%2BgqYljYnpsy8SyuvKrH0IjJAy2vZy92SKoKAeITSKzFIDEOts2xeoXxbERyMIPh69t7AI8XeJ3362yPgp8Bk%2B%2FPRVtKd2hhHwpWTGppL%2BZYf6TgIAEzpS3fdiS%2BQMMO%2F2Lj10iP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964ce41f33b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css | 188.114.96.1 | 200 OK | 85 kB |
URL GET HTTP/3gbggu099.tryupkora.com/Scripts/rmvmp511/css/rmp-s1.min.css IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeASCII text, with very long lines (65250) Hashf713845a32b9719a3e81afe9f749170c f079c02774cda1f58707ce5741bd0f240e5daa94 f7ca66138172ef4bde41b0cb74053f628ece0e9e6e31a35d1cbb830b558c1a91
GET /Scripts/rmvmp511/css/rmp-s1.min.css HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: text/css
cache-control: public, max-age=25920000
last-modified: Wed, 18 Nov 2020 21:42:09 GMT
etag: W/"80ce8baaf3bdd61:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3i6ZuCLjPBoLFuOY8Qzbd7weM3yVHCePtinn4mWN23euKYfKNMwjbnggp4%2BiQoPDdS6hHlZV9F7tzN31M4VkewY9gDrP%2BnZSqqLhGtY9evVmQcBYkQR9%2BQNpp96OiJ6u1XEnHByiBBh1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdf3e60b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| imasdk.googleapis.com/js/core/bridge3.636.0_en.html | 142.250.74.106 | 200 OK | 780 kB |
URL GET HTTP/3imasdk.googleapis.com/js/core/bridge3.636.0_en.html IP142.250.74.106:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeHTML document, ASCII text, with very long lines (48587) Size780 kB (780483 bytes) Hash65d92d52f7232ed92245ad2c561c1844 32c9a69879d8840933930c3ef78ba44705953e6a b18abbfc199ca7e65145e5bdb6a5dd710b7906c7b9c378f77c831f9315645ada
GET /js/core/bridge3.636.0_en.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 248977
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Apr 2024 19:49:31 GMT
expires: Tue, 22 Apr 2025 19:49:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 19:45:07 GMT
content-type: text/html
vary: Accept-Encoding
age: 148508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| gbggu099.tryupkora.com/favicon.ico | 188.114.96.1 | 200 OK | 3.6 kB |
URL GET HTTP/3gbggu099.tryupkora.com/favicon.ico IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typePNG image data, 25 x 20, 8-bit/color RGBA, non-interlaced Hash63617949e65161fb053f7767b40f3cf9 149ba4794c7dab30a86cfae4766fe4c11e307c4f 4e1902769489c2aa26a1ad2e5266fb996ef22d48119c51b5da38bd7c3d376535
GET /favicon.ico HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: image/x-icon
cache-control: public, max-age=25920000
last-modified: Mon, 29 Jun 2020 15:25:56 GMT
etag: W/"afdc395294ed61:0"
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pM5zoPrKURT3ZvTniB3XJgv5Nh1YdVxb6%2B83FLJywXt6c6zMScSFbYqYo3uXk73Cf2NGFgTooL%2B9%2FDQm0W4fgQFQNg0z9NLdnGG6CygYkixIo9hm5WfmPXJkchD8C1Qn5evHfVHt%2BiQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce0b829b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gbggu099.tryupkora.com/Content/styles.css | 188.114.96.1 | 200 OK | 3.5 kB |
URL GET HTTP/3gbggu099.tryupkora.com/Content/styles.css IP188.114.96.1:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjecttryupkora.com Fingerprint91:33:2D:C9:BE:4D:49:47:50:6B:71:50:D7:01:BD:DD:B6:46:53:3E ValiditySun, 07 Apr 2024 02:43:23 GMT - Sat, 06 Jul 2024 02:43:22 GMT
File typeUnicode text, UTF-8 text, with very long lines (3820), with no line terminators Hash91223eb0465e29deebf7a5cbc3b43570 b75312c0b5bdf37aab6a6ee4cf34663b8b317ded 30c43327341c9038c2999b3c0ca2d0001ca2e21cc402ec009bfec6c73333e286
GET /Content/styles.css HTTP/1.1
Host: gbggu099.tryupkora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 13:04:37 GMT
content-type: text/css
cache-control: public, max-age=25920000
last-modified: Tue, 18 Sep 2018 11:34:56 GMT
etag: W/"0309f9f434fd41:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: false
access-control-allow-headers: content-type, accept
cf-cache-status: HIT
age: 1514923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqWPpse486wENXEx3RYLN%2B5qVFcOZf%2B%2Fo4UkY92EavU62M%2BycPXlgudujKfX01lzS7gwS7oavR7LA6vS5aZ35vve6u9qVT1seh1Jhov9psoUkQcwXc%2B%2FZTZYWbzl3nlMKX%2FQ2fT4CB11"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87964cdd4bc4b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| bvv.dirgventures.net/UpFiles/2024/4/22/51/279533/0.png | 104.21.53.100 | 200 OK | 50 kB |
URL GET HTTP/2bvv.dirgventures.net/UpFiles/2024/4/22/51/279533/0.png IP104.21.53.100:443
Requested byhttps://gbggu099.tryupkora.com/embed/GGJOWIZAgdtyC CertificateIssuerGoogle Trust Services LLC Subjectdirgventures.net Fingerprint23:12:6A:9D:14:78:62:6C:37:B0:2B:17:BA:CA:9F:D7:EF:BC:6B:B6 ValidityWed, 27 Mar 2024 11:00:45 GMT - Tue, 25 Jun 2024 11:00:44 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.24.102", baseline, precision 8, 1280x720, components 3 Hasha55507171c5170fc950ef6a5bd1d54d1 d3d1a2d05683b1286fb78ab75c9b2f2c7ee32729 e42e08847cf6ccc579c64874a2e818716e51fa068104f5e7644d27c69f0dd79c
GET /UpFiles/2024/4/22/51/279533/0.png HTTP/1.1
Host: bvv.dirgventures.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbggu099.tryupkora.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 13:04:38 GMT
content-type: image/png
content-length: 49968
cache-control: public, max-age=25920000
pragma: public
expires: 604800
last-modified: Mon, 22 Apr 2024 21:05:18 GMT
etag: "9127cdc7f894da1:0"
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, origin, content-type, accept
access-control-allow-origin: *
cf-cache-status: HIT
age: 143292
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iI3V7QCJp4OrrW5AuF1H9EkxAd%2FDoP%2BQWN2rs14imguP9SPKOeJ8QRIJ1yEL%2FTmEK2hXG1JCTHbywo9NR9cOlcY3JoPPNPPhdounK9cJfTaFBdZwgKv4XWIleRDzJJIe%2FRr%2FQ1ZGwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87964ce02dac56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|