| shimpeftie.com/contents/s/10/94/88/9db27a813b20a6306d5b6f65a0/0669571609554.jpeg | 172.67.133.247 | 200 OK | 32 kB |
URL GET HTTP/3shimpeftie.com/contents/s/10/94/88/9db27a813b20a6306d5b6f65a0/0669571609554.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hash1094889db27a813b20a6306d5b6f65a0 a6dc6c3466b1fd00891a5f3156a10f660bedcf60 370fe791a06f59c82fa518ef984b8fb282719fad49ce185294625ace39914f75
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/10/94/88/9db27a813b20a6306d5b6f65a0/0669571609554.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 31480
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-7af8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ow%2Bv2OZ1zl8zFQFtmUD51tjypOx91hbyj2XlcHAtG7ArUlYVtv7mBQ57BH%2FnjzSzQ0jvnV54XjrtL8pcuMGRN%2FvKM0Lm6Ea8abRaAXtQNYN1DOsdlaCjpKPPwA%2FcxUHsKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc024a4d56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/bc/61/6a/95e7d7a42116dbb9c79c580cd4/01314572001101.jpeg | 172.67.133.247 | 200 OK | 23 kB |
URL GET HTTP/3shimpeftie.com/contents/s/bc/61/6a/95e7d7a42116dbb9c79c580cd4/01314572001101.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hashbc616a95e7d7a42116dbb9c79c580cd4 cd09ed501afc16b2317e0b564543f3615bf14442 71631d37ec944bb2fa220d64475f0e666c0ee73ea1a829232bb591ae96914c25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/bc/61/6a/95e7d7a42116dbb9c79c580cd4/01314572001101.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 22827
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-592b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oax3scRJAxjdQuEA7HyQKSbqOPLmSez0PT3XtJ8SmaZL6ng%2FOgYtpCA%2FLhbBsayjdRkGAFqoSpUfI6w9Z5YktAUDb5Y8QONcbwPbdp8lZYJu5463wBKipSdvUPX7ryyjbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc024a6756c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/20/c7/be/0db7a3f51e5fe673960c51a051/01623157896108.jpeg | 172.67.133.247 | 200 OK | 24 kB |
URL GET HTTP/3shimpeftie.com/contents/s/20/c7/be/0db7a3f51e5fe673960c51a051/01623157896108.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hash20c7be0db7a3f51e5fe673960c51a051 168c33dbf5ddcd85c5b036c314534d412867b249 be32b303e8d41d73b76d61dabdfdc14a7456d6a086b13be807b8b31088fcb4a7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/20/c7/be/0db7a3f51e5fe673960c51a051/01623157896108.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 23619
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-5c43"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=57Mk2uhQ1lBs8LcNGDRtqy20w3AI9c93QPGyd%2B4gzo9W5W8wsn3PeaxdSwJ6w9AP9YcLq19FcSMvVobNF3waBd%2Fu8Cf%2F3fHn5Pl1G5WZap8%2F%2BxvrV5uCwWqUuP%2BGJuhuyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc024a6456c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/9b/38/43/83a6fba71740fde72685f48e65/044382413938.jpeg | 172.67.133.247 | 200 OK | 25 kB |
URL GET HTTP/3shimpeftie.com/contents/s/9b/38/43/83a6fba71740fde72685f48e65/044382413938.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hash9b384383a6fba71740fde72685f48e65 4aedfaafd5e131fa643628e04049aebc149bc18d c8f27b9f89a5cba7dd8e30b905f15fc27131ef8384261fa18d5d3f098c9b34a8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/9b/38/43/83a6fba71740fde72685f48e65/044382413938.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 25395
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-6333"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxKz%2FT69ns7H7BxIQ31iK2yDm0jN0LUUK7Pq5Ogm1pcg84cTOgpBSj0s10PdDaQhvJFfB9h%2FlIUT6X7kncod0oKZ%2BIBBIVDX1v5sfyQYcVVlLrDl4gwHMdKd7rLpjB%2BwZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc025a6e56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/a3/15/66/5fa629ff80d4ad787d339cc194/0510990695689.jpeg | 172.67.133.247 | 200 OK | 26 kB |
URL GET HTTP/3shimpeftie.com/contents/s/a3/15/66/5fa629ff80d4ad787d339cc194/0510990695689.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hasha315665fa629ff80d4ad787d339cc194 b0ac0c76c41311436299df90199633f03e8ef900 5f17595b3f6077f45588f6263c05018a61bfc87dcebd5733fc6fa1cedcf47be0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/a3/15/66/5fa629ff80d4ad787d339cc194/0510990695689.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 26402
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-6722"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjKNHMyM2l94o6xp6niUX5CNd5uE81jiurR71no5eS7j1hAWxdHMVWa0BjFX1LR708DsI%2BVpfwcLSi6%2BEmAzrdRaHXpfmEgKM%2FNc%2BsxSC9iGAUd0r6IWvm%2BEb8bJ829KFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc025a7356c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/e2/08/a3/a0c9244c259e1eb3ce17ad40d9/01261300091751.jpeg | 172.67.133.247 | 200 OK | 26 kB |
URL GET HTTP/3shimpeftie.com/contents/s/e2/08/a3/a0c9244c259e1eb3ce17ad40d9/01261300091751.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hashe208a3a0c9244c259e1eb3ce17ad40d9 f744cdc154f46d902271c864a135a8973d383562 4d0fb76ce0c2f3151772e5d5fab538b829d017d0dcf89ab3ba5fb889e6da0e04
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/e2/08/a3/a0c9244c259e1eb3ce17ad40d9/01261300091751.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 25882
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-651a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzAUdMpvBWJIgSpSkyn%2BYnhpk0I%2FgS%2BDdnxvjM8VpHgnDHA7bt8XQbY1FK7TLmBKXjTgshOibVhEDV%2FYc6GfQaayV7VZ0b44vXCw30bhZlqJX1UVabqR7Y98RBgAg2vCow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc024a4c56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/52/14/98/28753b416e73d5a7cb68f902c3/0299505312749.jpeg | 172.67.133.247 | 200 OK | 23 kB |
URL GET HTTP/3shimpeftie.com/contents/s/52/14/98/28753b416e73d5a7cb68f902c3/0299505312749.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hash52149828753b416e73d5a7cb68f902c3 2898d215615cc0168e19eb3428d08d4c41859987 9c6d0c2059a64b522906209a10e0dda5d4a1819a89e1185ab0bc5c76c49b05b5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/52/14/98/28753b416e73d5a7cb68f902c3/0299505312749.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 22787
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-5903"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQzrrW3HmqG70qwTgbCWdi9Fqkxypazx%2Fg6vXQ8vFxsaW2O0owvfh0i2wfCmbzbtq8%2BYTzzTAfuNAwwTlqGBWFdFff2Atl2pI2Nkpc8NDFRWlJTsUuAUpnSOlfSmf5UQHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc025a7456c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/contents/s/af/94/65/ea1b6a41dbcd5f58adfe6b8ad2/063832201551.jpeg | 172.67.133.247 | 200 OK | 22 kB |
URL GET HTTP/3shimpeftie.com/contents/s/af/94/65/ea1b6a41dbcd5f58adfe6b8ad2/063832201551.jpeg IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3 Hashaf9465ea1b6a41dbcd5f58adfe6b8ad2 ba58c8c1ab2e575b7c4599e9c72b8abbe4ea8453 7e05f3576f8cccec8b8b9d03df055434ac3866d34b52880962aadfe0e06483c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/af/94/65/ea1b6a41dbcd5f58adfe6b8ad2/063832201551.jpeg HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/jpeg
content-length: 21926
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-55a6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vP%2BQB8d%2FLZNvtKMp3bBVeRF1vcia95qoJpZGXumWbUIEBz%2B1UdhsfmLQ3Pnbf%2Fd6eMwh0aDC17w39jOcNv%2BnV9IjBJGE7zJIdDM2%2BVPATyjeLmBatAsRyRt8GZPRlmVisQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc025a7156c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=ea93e3de8188caff397200dde167f821 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=ea93e3de8188caff397200dde167f821 IP139.45.195.8:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash953294885cb1b14c2d51cc8920f841c0 11c7b20617e86dde605e528b9acae7580d38ec86 0c0b38ba475eb65f143b037e296413157c719f79ace4c19248d5a374ce489fe7
GET /gid.js?userId=ea93e3de8188caff397200dde167f821 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shimpeftie.com/
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://shimpeftie.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ea93e3de8188caff397200dde167f821; expires=Thu, 08 May 2025 22:02:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| shimpeftie.com/zone?&pub=0&zone_id=5256482&is_mobile=false&domain=shimpeftie.com&var=7455922&ymid=%7BSOURCE_ID%7D&var_3=20957148_&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=4c05840c-1042-42c3-816e-5da17e4a8629&action=prerequest | 172.67.133.247 | 200 OK | 0 B |
URL POST HTTP/3shimpeftie.com/zone?&pub=0&zone_id=5256482&is_mobile=false&domain=shimpeftie.com&var=7455922&ymid=%7BSOURCE_ID%7D&var_3=20957148_&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=4c05840c-1042-42c3-816e-5da17e4a8629&action=prerequest IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=5256482&is_mobile=false&domain=shimpeftie.com&var=7455922&ymid=%7BSOURCE_ID%7D&var_3=20957148_&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=4c05840c-1042-42c3-816e-5da17e4a8629&action=prerequest HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-length: 0
x-trace-id: 4f2c25b03d71df3eb008496d23ed986c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://shimpeftie.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Lcs8HZ5JppaJh2HdQdLvwUW4aIGRYqsietxtffjPX4L%2BD1mtlQ2PYSUeVjQ9ZPqEpA6WOxVUg36HgdtQt8w3BwvLCJDyl%2FlwviJKpMJtuMIf5GuFHw9R2vt96MXXfU1ZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc034b6956c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.shimpeftie.com/templates/_assets/sounds/blip1/default.mp3 | 188.114.97.1 | 206 Partial Content | 6.7 kB |
URL GET HTTP/2static.shimpeftie.com/templates/_assets/sounds/blip1/default.mp3 IP188.114.97.1:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural Hash6422f23e1751d74410347e02c0210a60 0e3e65be6b5fbb76f6a52191e973bd37368be204 4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /templates/_assets/sounds/blip1/default.mp3 HTTP/1.1
Host: static.shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
date: Wed, 08 May 2024 22:02:30 GMT
content-type: audio/mpeg
content-length: 6712
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: "663b7e85-1a38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
content-range: bytes 0-6711/6712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbrPlNidFyHv%2FF8TTWZD9gvRciwGT3uBsjT1LzlwVwOr1M3psuzKid26%2BT1cLLFdlsCE6wB%2FZriA3PzRnGv48TFrUwpRVE0WVCo%2B7Ix7pCPcp32iOQO1V2RyftcQB%2B2kQF0YkOlVDwc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc034805b51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash953294885cb1b14c2d51cc8920f841c0 11c7b20617e86dde605e528b9acae7580d38ec86 0c0b38ba475eb65f143b037e296413157c719f79ace4c19248d5a374ce489fe7
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shimpeftie.com/
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Cookie: ID=ea93e3de8188caff397200dde167f821
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://shimpeftie.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ea93e3de8188caff397200dde167f821; expires=Thu, 08 May 2025 22:02:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 547
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6277452da134b231872566eebb354f56
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://shimpeftie.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 549
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 259b0eec23010b0da290990ad86b09ca
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://shimpeftie.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 550
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e522b09e9286631cd86f2bfcc6dbe3f7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://shimpeftie.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://shimpeftie.com/
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 22:02:30 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://shimpeftie.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| shimpeftie.com/contents/s/0e/fb/85/890619b47119f3adc989dd89fa/061906112940.png | 172.67.133.247 | 200 OK | 2.2 kB |
URL GET HTTP/3shimpeftie.com/contents/s/0e/fb/85/890619b47119f3adc989dd89fa/061906112940.png IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typePNG image data, 60 x 60, 8-bit colormap, non-interlaced Hash0efb85890619b47119f3adc989dd89fa 1b6b7b64454fb94211d70dbe4198d5929cd1d263 27bbd8d374cc746b7892fa5c286b67efc5b891d91c2afb24b8ef8139da2be99a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /contents/s/0e/fb/85/890619b47119f3adc989dd89fa/061906112940.png HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: image/png
content-length: 2164
last-modified: Mon, 27 Mar 2023 14:48:52 GMT
vary: Accept-Encoding
etag: "6421acd4-874"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kLvcUlBBwCpd1AwLxt8a0amfDJoGr2cdeCoUlF7kFee9MSGtVyKImoDglnvXYv3lmIqIzxpowZPzJRkb6fdMc20mPb7JmXuvr6bOn4GrWazJ1Ks3uirjH%2FaVKdUPWU3slA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc03dc2f56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/track-impression-applab?z=7455922&b=20957148&ymid=ubxpq663bf65f000087b0&var={SOURCE_ID}&var_3=20957148_&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A7455922%253A%7BSOURCE_ID%7D%253A1%253A%7Bbrowser%7D%26mt_sub2%3D7455922%26mt_creative%3D20957148%26land_state%3Dbefore_render%26land_id%3D4dvkxpjd79Om2jV%26land_generation_time%3D2024-05-08_17%3A02%3A29%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dea93e3de8188caff397200dde167f821%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 | 172.67.133.247 | 200 OK | 554 B |
URL GET HTTP/3shimpeftie.com/track-impression-applab?z=7455922&b=20957148&ymid=ubxpq663bf65f000087b0&var={SOURCE_ID}&var_3=20957148_&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A7455922%253A%7BSOURCE_ID%7D%253A1%253A%7Bbrowser%7D%26mt_sub2%3D7455922%26mt_creative%3D20957148%26land_state%3Dbefore_render%26land_id%3D4dvkxpjd79Om2jV%26land_generation_time%3D2024-05-08_17%3A02%3A29%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dea93e3de8188caff397200dde167f821%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
Hash7df710826fea0ecfddcb374c78453efd f45434b89086edf97aa11f0a6c26ce7206dbeabf b2029be46618731daf826699c816a0400e6af2e72283fa207a35646aecb73a69
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track-impression-applab?z=7455922&b=20957148&ymid=ubxpq663bf65f000087b0&var={SOURCE_ID}&var_3=20957148_&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A7455922%253A%7BSOURCE_ID%7D%253A1%253A%7Bbrowser%7D%26mt_sub2%3D7455922%26mt_creative%3D20957148%26land_state%3Dbefore_render%26land_id%3D4dvkxpjd79Om2jV%26land_generation_time%3D2024-05-08_17%3A02%3A29%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dea93e3de8188caff397200dde167f821%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
DNT: 1
Connection: keep-alive
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: e04b06d5de6115d918ce251c4c60ee48
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ci%2BPKwnpXsdcSNf43enru%2FEaGgR%2BX9tP5uLQjvuy7KsGPfUlTnVEaxZgU1W2d8%2FROwVTu%2B%2FjIFzLYdJEa8EPALqCp9T9E8%2BqD9LnvJPrwjiy3NTu5msCKGoLcSz6uws%2Bhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc03dc3256c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/favicon.ico | 172.67.133.247 | 204 No Content | 0 B |
URL GET HTTP/3shimpeftie.com/favicon.ico IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 08 May 2024 22:02:30 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lefTXihWZCbsxoaxW88rWE3Hl7OVGFb%2FXAcTOSr1lpIAVCV5Tp1zDvjT80qggyMbCwrvPHQcMz80QIczo9IN8GMDEA%2BiwTyoHOJKTKGwn2uyopSfa%2BlpXdwz3xA2VHDXzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880cbc060ea556c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid={SOURCE_ID}&var=7455922&sw=/sw-check-permissions/5256482&var_3=20957148_&os_version=x86.64 | 172.67.133.247 | 200 OK | 24 kB |
URL GET HTTP/3shimpeftie.com/pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid={SOURCE_ID}&var=7455922&sw=/sw-check-permissions/5256482&var_3=20957148_&os_version=x86.64 IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid={SOURCE_ID}&var=7455922&sw=/sw-check-permissions/5256482&var_3=20957148_&os_version=x86.64 HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=86400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DN2%2B5isVFyw5J4OVxxzlEiAoScg9zk8asowuAPiY9POTjiussShWLILQ%2Fi2IZBMeS1wIzESjLjrQxKml17CS5xlkbpUNwHwcPC2UREGLm2GcV6Qhjf6gzvwk%2FdN4PhjidQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc025a7b56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 | 104.22.25.116 | 200 OK | 6.9 kB |
URL GET HTTP/2littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 IP104.22.25.116:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with very long lines (7345), with no line terminators Hash57f883f33e55218cea794ad4f6971357 d39f9e65da05862b37169425ccd72764da82dce0 be65cf329f062009996883e7d2ac5db7d2348e7121a45a775046e2f0e7822220
GET /apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: W/"663b7e85-1af3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 3890
server: cloudflare
cf-ray: 880cbc02aa3956aa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 | 172.67.133.247 | 200 OK | 54 kB |
URL User Request GET HTTP/2shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 IP172.67.133.247:443
CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeHTML document, ASCII text, with very long lines (3300), with CRLF, LF line terminators Hashfccbc9a1ec05764d7454b23f7645d3df 1e098fd05d25d01bbcce7cca61f975626b525ba1 329919cca82af15611b4033279bf4adc099ce0b192c954fc7c22ce9384bf1bfb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 22:02:29 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; expires=Wed, 08-May-2024 23:02:29 GMT; Max-Age=3600; path=/
OAID=ea93e3de8188caff397200dde167f821; expires=Thu, 14-Sep-2079 20:04:58 GMT; Max-Age=1746741749; path=/
oaidts=1715205749; expires=Thu, 14-Sep-2079 20:04:58 GMT; Max-Age=1746741749; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V7FYsliX%2Bk7oVFOWWLE6aTGnREnn1rMLjcu64VYkHj679Ox8CrOr1L2%2FRlKQIrT%2F1rYo61HKZ2W6JRUTpa0jgiWHLQlVqAzGke%2FJUtA3s%2BrqbOG0%2BjpMLwbx5gQxlTZQZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbbfe5abab4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/theme/btn-green.css?v=1.4 | 104.22.25.116 | 200 OK | 207 B |
URL GET HTTP/2littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/theme/btn-green.css?v=1.4 IP104.22.25.116:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with no line terminators Hash91d1b3d528826d88cd0f6aae451fa0e4 6c83396cca120e0e686d23d63eb5dd2d2f55d862 46e604551675ff54546bb0b899ff9296a208dc408d6c13f8e61a0ff7f9bdb258
GET /apps/templates/android-instructions/ios-sys-msg-icon/css/theme/btn-green.css?v=1.4 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: W/"663b7e85-cf"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 880cbc02ba4556aa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| shimpeftie.com/rotate?zz=5822560&var=7455922&ymid=%7BSOURCE_ID%7D&uid=ea93e3de8188caff397200dde167f821&var_4=ubxpq663bf65f000087b0&os_version=x86.64 | 172.67.133.247 | 200 OK | 852 B |
URL GET HTTP/3shimpeftie.com/rotate?zz=5822560&var=7455922&ymid=%7BSOURCE_ID%7D&uid=ea93e3de8188caff397200dde167f821&var_4=ubxpq663bf65f000087b0&os_version=x86.64 IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (862), with no line terminators Hashe6a1fefed2b37b8680df2bad987814c9 682303d7c08dc8dcdbd4986f27040932bfa6ca0a a25fd97e13ea9e5613e2aef5b73b3a1864d1d8d92b13858e2e0f79e07e4cea3e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=5822560&var=7455922&ymid=%7BSOURCE_ID%7D&uid=ea93e3de8188caff397200dde167f821&var_4=ubxpq663bf65f000087b0&os_version=x86.64 HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
DNT: 1
Connection: keep-alive
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: b19c1d9b13bcdbac2c6ceef49722a111
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
access-control-allow-origin: https://shimpeftie.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=ea93e3de8188caff397200dde167f821; expires=Thu, 08 May 2025 22:02:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ARF0bSi8%2BalKS6ht7UmOi%2BRfeXlP%2Bx4M93VgvDxPfkJiWIRT3WeUaISPEsszIiqCkk1XlApmll7DmZLnr3RlhWJFHH%2BjNTNcaaPyPHM0EJw6an7fpRBUJHvYOU6kRaoAuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc053d9156c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| shimpeftie.com/sw-check-permissions/5256482?var=7455922&var_3=20957148_&ymid=%7BSOURCE_ID%7D&uhd=1&zoneId=5256482 | 172.67.133.247 | 200 OK | 1.3 kB |
URL GET HTTP/3shimpeftie.com/sw-check-permissions/5256482?var=7455922&var_3=20957148_&ymid=%7BSOURCE_ID%7D&uhd=1&zoneId=5256482 IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
File typeASCII text, with very long lines (1418), with no line terminators Hash8dfea32733cfe6186411222b86d8db38 1d43182411da1bc445d1318e4412de3f75740dfd e1afbf262fb1d5659e5ed609cc4109fbb11796008d9a1900054f64c19fa7fb90
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw-check-permissions/5256482?var=7455922&var_3=20957148_&ymid=%7BSOURCE_ID%7D&uhd=1&zoneId=5256482 HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yMTV20UfHu%2FBgl%2BAx0OU5AbgXCbWLun9ySiri%2BEuVmVxonO6M4SwyUm59yxyOoZ0Wf2yFVW%2FCaQoAJ7kpGz7XbC4RIAOw4gYg48HwH%2FmPNy9V2U%2FPjrxr%2FmwCZ05Yc5iKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc056dc456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/theme/android.css?v=1.4 | 104.22.25.116 | 200 OK | 310 B |
URL GET HTTP/2littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/theme/android.css?v=1.4 IP104.22.25.116:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with very long lines (333), with no line terminators Hashe986b841ebc4b4f302ad38e01e4767ac fe2f25dbde4d8ae5fcc1156d3834a86371904c78 f32b9117ce5433f22260e4982e6d5d7347bf7eb644c26c8e2134260dfc9ea5bf
GET /apps/templates/android-instructions/ios-sys-msg-icon/css/theme/android.css?v=1.4 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: W/"663b7e85-136"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 880cbc02ba5556aa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/theme/bg-img-mini.css?v=1.1 | 104.22.25.116 | 200 OK | 287 B |
URL GET HTTP/2littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/theme/bg-img-mini.css?v=1.1 IP104.22.25.116:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with very long lines (306), with no line terminators Hashe23c5cb1cc3221066086a3ef054fb30e 7f53313c15c7b3eb34271afe3ad7f3a00f99c492 7b8f6c5616e8db0c64c6696729f16dbb28494e22804d3aedf0304dc14dbe8110
GET /apps/templates/android-instructions/ios-sys-msg-icon/css/theme/bg-img-mini.css?v=1.1 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: W/"663b7e85-11f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 880cbc02ba3e56aa-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922&mprtr=1&os_version=x86.64 | 172.67.133.247 | 200 OK | 2 B |
URL POST HTTP/3shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922&mprtr=1&os_version=x86.64 IP172.67.133.247:443
Requested byhttps://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922 CertificateIssuerGoogle Trust Services LLC Subjectshimpeftie.com FingerprintC0:68:F9:7C:00:02:20:95:0A:D3:1C:A1:9C:67:38:9C:56:56:79:DA ValidityMon, 29 Apr 2024 09:37:27 GMT - Sun, 28 Jul 2024 09:37:26 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922&mprtr=1&os_version=x86.64 HTTP/1.1
Host: shimpeftie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shimpeftie.com
DNT: 1
Connection: keep-alive
Referer: https://shimpeftie.com/?b=20957148&campaignId={campaignId}&campid={campaignid}&creativeId={creativeId}&l=4dvkxpjd79Om2jV&partnerId={partnerId}&projectId={projectId}&s={CLICK_ID}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=ubxpq663bf65f000087b0&z=7455922
Cookie: reverse=PhvjHMkC3d_lJiUEE1BSkbEisH7jOwQCfDvNPFJYqcA; OAID=ea93e3de8188caff397200dde167f821; oaidts=1715205749; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Wed, 08 May 2024 22:02:30 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5a5vayGuMXLe%2B8D5sDpAzESlPjl5lEstVBJ0nD5vSb0rZsyRybZUBqdqei%2FUiycVhk%2FogjM5ykkAhINbWbaR3A5fFflaFAif8SvxU%2FokGNn3T%2FJc7gMgc%2FslWMdc%2BqJUHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880cbc03dc3156c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|