Report - impa-vida.de/

Report Overview

Visited public
2023-12-07 22:27:32
Tags
URL
impa-vida.de/
Finishing URL
antivirus.landerhd.com/657246c930747200645afb95#
IP / ASN
5.44.111.15
#45031 dogado GmbH
Title
Din AVAST AntiVirus-lisens har utløpt!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
javaterm.com	unknown	2015-04-18	2014-02-18 12:35:14	2023-11-10 08:16:22	851 B	501 B	185.107.56.204
mcpuwpush.com	213242	2021-04-30	2021-04-30 14:36:24	2023-11-25 18:11:53	4.1 kB	4.4 kB	94.130.197.240
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-12-07 07:46:31	2.2 kB	7.3 kB	64.233.161.84
tq.minutelight-2.online	unknown	2023-11-10	2023-12-02 08:58:28	2023-12-06 00:29:55	654 B	16 kB	173.239.53.32
eu.easelegbike.com	unknown	2021-12-09	2022-10-21 12:38:38	2023-11-23 15:50:42	4.4 kB	15 kB	78.46.81.228
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-07 07:02:22	918 B	20 kB	151.101.129.229
antivirus.landerhd.com	unknown	2021-06-25	2022-07-12 16:32:23	2023-09-22 13:19:03	6.2 kB	62 kB	188.240.52.20
botd.fpapi.io	297160	2020-11-05	2021-06-11 12:56:14	2023-07-24 13:42:15	549 B	0 B	0.0.0.0
impa-vida.de	unknown	unknown	No data	No data	742 B	3.3 kB	5.44.111.15
okean-qoj.com	unknown	2023-09-20	2023-12-04 14:15:43	2023-12-06 14:34:21	1.8 kB	3.8 kB	34.206.73.7
xml-v4.minutelight-2.online	unknown	2023-11-10	2023-12-01 17:20:13	2023-12-06 21:17:31	2.2 kB	570 B	173.239.53.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-07 22:27:23	high	5.44.111.15	Client IP	ET WEB_CLIENT Malicious Redirect 8x8 script tag
2023-12-07 22:27:28	high	162.125.71.18	Client IP	ET POLICY Dropbox.com Offsite File Backup in Use

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	antivirus.landerhd.com/657246c930747200645afb95	ScriptElement	426 B	2023-06-27	2024-08-21
Pretty URL antivirus.landerhd.com/657246c930747200645afb95 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-27 04:17 Last Seen2024-08-21 07:04 Times Seen11 Hash bafc02dafcf27eb21beacbf93167b4a2 944d1e0b7ada28ce962a8a43f47ce388e6001aac 27a612044120aac0e5f783eeef1976a5605fd37241b3b91bff73de86dd41ce91 Loading...

	cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js	ScriptElement	34 kB	2023-07-07	2025-05-10
Pretty URL cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-07 04:22 Last Seen2025-05-10 06:08 Times Seen793 Hash 375436f436cc1022d7b4569a817c1a6b 9359415cc419874654000870ca54523875c12c16 99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae Loading...

	cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js	ScriptElement	9.0 kB	2023-03-07	2023-12-12
Pretty URL cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04 Last Seen2023-12-12 23:36 Times Seen47 Hash 47c385b50143101eb33518d4bdb62b8f 6683889617dc16e817a49c17ce38f358efdf1638 52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3 Loading...

	antivirus.landerhd.com/657246c930747200645afb95	ScriptElement	436 B	2023-06-27	2024-08-21
Pretty URL antivirus.landerhd.com/657246c930747200645afb95 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-27 04:17 Last Seen2024-08-21 07:04 Times Seen11 Hash 5a4ca65a0c2ce7df2dc7cdcc608be56f 817a851e781ccc3832d4271c195cf44d2e5d6044 567ffa22f05906b3a75ae0fefcda3f4c1239e9a58364dfe07ed11054c5349422 Loading...

	unknown	EventHandler	19 B	2023-04-14	2025-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-14 22:41 Last Seen2025-04-28 05:50 Times Seen270 Hash e8b2827c07188a15bcef5021ea701066 d3dc455bf87a97f1c0586e000822d105ed7954bf 5fa75694e781384b0761e89e37a55dc4016d63b5b09d5e8fdb071ed3eb4af2b8 Loading...

	unknown	EventHandler	10 B	2023-06-27	2024-08-21
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-06-27 04:17 Last Seen2024-08-21 09:44 Times Seen47 Hash e1acdc82e85bd76e1e61e41c84f759ec 9753215c96b7be2e07900aca7786dd392b19270d 2f2e1c6af944f2a848bf4a59f334d3be935d5213a9f08ceec664403bd1b12634 Loading...

	antivirus.landerhd.com/657246c930747200645afb95	ScriptElement	4.7 kB	2024-08-20	2024-08-20
Pretty URL antivirus.landerhd.com/657246c930747200645afb95 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:25 Last Seen2024-08-20 16:25 Times Seen1 Hash d1c405402134e2de43fa6e1fae9c258d 18c1c6e6d5e461dcaac5def3aab0ca79a50ffeca bd2a76c960bf12b7832d0e68c14a966414d6c9b511d35194fff1411740ca0e10 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9a47559ff60a9a2c9fa33592a9c33d38	5.6 kB	2024-08-20 16:25	2024-08-20 16:25
Pretty Observations First Seen2024-08-20 16:25 Last Seen2024-08-20 16:25 Times Seen1 Hash 9a47559ff60a9a2c9fa33592a9c33d38 5f0eee70e770cccd1a648b3a095fe6bc6317d145 fce4dcc6048a6194dec8582d072b4e911676be0835bb5854a82566880b1870d7 Loading...

		Size	First Seen	Last Seen
	#1 Write - e78a1c869dac2528ff6fa2ba712f1d25	16 B	2023-12-07 19:29	2024-08-20 16:26
Pretty Observations First Seen2023-12-07 19:29 Last Seen2024-08-20 16:26 Times Seen2 Hash e78a1c869dac2528ff6fa2ba712f1d25 69d4a533f5d77484cd4a4724456ae86475abca5d 6fbd40d0933319f8c2d33ca191ad0b35bebb583fe48c72d75842de54f24ce89b Loading...

	#2 Write - 0ba8d2f652ea755aed9c8aec99009d67	17 B	2023-12-07 19:29	2024-08-20 16:26
Pretty Observations First Seen2023-12-07 19:29 Last Seen2024-08-20 16:26 Times Seen2 Hash 0ba8d2f652ea755aed9c8aec99009d67 f42ffc2f1bc7c6520ca6814d6b054d5d1af8c29b 366919a7b2d41d23d28245e8f61b74dcb9977b512d7f2c55ea8d0241c7795665 Loading...

HTTP Transactions (25)

URL IP Response Size

impa-vida.de/

5.44.111.15

2.7 kB

URL
impa-vida.de/
IP
5.44.111.15:0
ASN
#45031 dogado GmbH

File type
data
Size
2.7 kB (2652 bytes)
Hash
46dc11ab78b3061916a6fadc0d0730f2
82889c54bc8f1509e3d4d76dd07bc20d3922493a
3b017af21466f126f924497dec4874bb9cbd7a4c8d5ef08ba16c1dd7ed4c8e35

Detections

NIDS	Severity	Alert
suricata	high	ET WEB_CLIENT Malicious Redirect 8x8 script tag

HTTP Headers

GET / HTTP/1.1
Host: impa-vida.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 22:27:15 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2652
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

impa-vida.de/favicon.ico

5.44.111.15

183 B

URL
impa-vida.de/favicon.ico
IP
5.44.111.15:0
ASN
#45031 dogado GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
183 B (183 bytes)
Hash
18ffb59b61525f781cf9251045be575d
bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: impa-vida.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://impa-vida.de/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Dec 2023 22:27:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

javaterm.com/green/backlinker.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcwMTk5NTIzNSwiaWF0IjoxNzAxOTg4MDM1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWZhcTZldGFnN2FhZjYxNzQwaDc1czEiLCJuYmYiOjE3MDE5ODgwMzUsInRzIjoxNzAxOTg4MDM1NzkxNTgxfQ.CprdZrj4L3qUcljlM3a1nn_Gb5U1bk8NLWAapNG7Ti0&sid=c65b97c3-954f-11ee-9781-00e5c519d44c

185.107.56.204

11 B

URL
javaterm.com/green/backlinker.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcwMTk5NTIzNSwiaWF0IjoxNzAxOTg4MDM1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWZhcTZldGFnN2FhZjYxNzQwaDc1czEiLCJuYmYiOjE3MDE5ODgwMzUsInRzIjoxNzAxOTg4MDM1NzkxNTgxfQ.CprdZrj4L3qUcljlM3a1nn_Gb5U1bk8NLWAapNG7Ti0&sid=c65b97c3-954f-11ee-9781-00e5c519d44c
IP
185.107.56.204:0
ASN
#43350 NForce Entertainment B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /green/backlinker.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcwMTk5NTIzNSwiaWF0IjoxNzAxOTg4MDM1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWZhcTZldGFnN2FhZjYxNzQwaDc1czEiLCJuYmYiOjE3MDE5ODgwMzUsInRzIjoxNzAxOTg4MDM1NzkxNTgxfQ.CprdZrj4L3qUcljlM3a1nn_Gb5U1bk8NLWAapNG7Ti0&sid=c65b97c3-954f-11ee-9781-00e5c519d44c HTTP/1.1
Host: javaterm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://impa-vida.de/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Thu, 07 Dec 2023 22:27:16 GMT
location: http://okean-qoj.com/zclkvisitor/c6e6e602-954f-11ee-bd4e-0a1c5e95490d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=c6f27ec0-954f-11ee-bd4e-0a1c5e95490d
server: Cowboy
set-cookie: sid=c65b97c3-954f-11ee-9781-00e5c519d44c; path=/; domain=.javaterm.com; expires=Wed, 26 Dec 2091 01:41:23 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

okean-qoj.com/zclkvisitor/c6e6e602-954f-11ee-bd4e-0a1c5e95490d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=c6f27ec0-954f-11ee-bd4e-0a1c5e95490d

34.206.73.7

1.1 kB

URL
okean-qoj.com/zclkvisitor/c6e6e602-954f-11ee-bd4e-0a1c5e95490d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=c6f27ec0-954f-11ee-bd4e-0a1c5e95490d
IP
34.206.73.7:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1102 bytes)
Hash
78df7d4f4d9d6af7ef91bae2df16b616
cf049eee03fc926a6b8761efda16c4d2458cdaa3
e79e0fb082a587dd9f6d9c9adff53a566b26f64bf358cf02d9de0fe02122a3c0

HTTP Headers

GET /zclkvisitor/c6e6e602-954f-11ee-bd4e-0a1c5e95490d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=c6f27ec0-954f-11ee-bd4e-0a1c5e95490d HTTP/1.1
Host: okean-qoj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://impa-vida.de/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 07 Dec 2023 22:27:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: LxIgWUSS

okean-qoj.com/zclkredirect?visitid=c6e6e602-954f-11ee-bd4e-0a1c5e95490d&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false

18.232.24.71

294 B

URL
okean-qoj.com/zclkredirect?visitid=c6e6e602-954f-11ee-bd4e-0a1c5e95490d&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
IP
18.232.24.71:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
294 B (294 bytes)
Hash
e31d718dfb0a222fdb0dab4069edda4a
051e28373f00dd4dd3c48d75e78a31499a7ae2c5
e1ab3160936459ce5e9581d2d76ebbbcebf26ae36aa2dd442c880b9b85d1fa86

HTTP Headers

GET /zclkredirect?visitid=c6e6e602-954f-11ee-bd4e-0a1c5e95490d&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: okean-qoj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://okean-qoj.com/zclkvisitor/c6e6e602-954f-11ee-bd4e-0a1c5e95490d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=c6f27ec0-954f-11ee-bd4e-0a1c5e95490d
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 07 Dec 2023 22:27:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: nyIkCuZG

okean-qoj.com/favicon.ico

18.232.24.71

653 B

URL
okean-qoj.com/favicon.ico
IP
18.232.24.71:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: okean-qoj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://okean-qoj.com/zclkredirect?visitid=c6e6e602-954f-11ee-bd4e-0a1c5e95490d&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Thu, 07 Dec 2023 22:27:18 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: vlCNRqSF

xml-v4.minutelight-2.online/click?i=sOtMyvNzq88_0

173.239.53.32

0 B

URL
xml-v4.minutelight-2.online/click?i=sOtMyvNzq88_0
IP
173.239.53.32:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=sOtMyvNzq88_0 HTTP/1.1
Host: xml-v4.minutelight-2.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://okean-qoj.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 07 Dec 2023 22:27:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: x3325799=1630608516; Domain=.minutelight-2.online
Location: https://tq.minutelight-2.online/filter?q=javaterm%2Cjavaterm.com%2Cjava+script&i=sOtMyvNzq88_0&ci=2465839670543388679&t=1656685662&h=24

tq.minutelight-2.online/filter?q=javaterm%2Cjavaterm.com%2Cjava+script&i=sOtMyvNzq88_0&ci=2465839670543388679&t=1656685662&h=24

173.239.53.32

15 kB

URL
tq.minutelight-2.online/filter?q=javaterm%2Cjavaterm.com%2Cjava+script&i=sOtMyvNzq88_0&ci=2465839670543388679&t=1656685662&h=24
IP
173.239.53.32:0
ASN
#27257 WEBAIR-INTERNET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (628)
Size
15 kB (15297 bytes)
Hash
0b6997b786726f17db4115b1ed4d56d7
052c6784a7b1c618f74282be98fd19e4c30eda62
88644f781bd751eb8d4950c846e1e14b829fdb2d9a2ef3e13cf7956dadf56c96

HTTP Headers

GET /filter?q=javaterm%2Cjavaterm.com%2Cjava+script&i=sOtMyvNzq88_0&ci=2465839670543388679&t=1656685662&h=24 HTTP/1.1
Host: tq.minutelight-2.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://okean-qoj.com/
DNT: 1
Connection: keep-alive
Cookie: x3325799=1630608516
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 22:27:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 15297
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: c1053173835=1630608516
x3325799=1630608516; Domain=.minutelight-2.online

xml-v4.minutelight-2.online/click2?i=sOtMyvNzq88_0&ci=2465839670543388679&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D7243%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D3%26rf%3Dokean-qoj.com%26lo%3Dtq.minutelight-2.online%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%29%2BGecko%252F20100101%2BFirefox%252F105.0%26tp%3D84%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26er%3D%26shs%3D%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D43%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3Dnull%26vrd%3Dnull%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0

173.239.53.32

0 B

URL
xml-v4.minutelight-2.online/click2?i=sOtMyvNzq88_0&ci=2465839670543388679&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D7243%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D3%26rf%3Dokean-qoj.com%26lo%3Dtq.minutelight-2.online%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%29%2BGecko%252F20100101%2BFirefox%252F105.0%26tp%3D84%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26er%3D%26shs%3D%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D43%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3Dnull%26vrd%3Dnull%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0
IP
173.239.53.32:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click2?i=sOtMyvNzq88_0&ci=2465839670543388679&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D7243%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D3%26rf%3Dokean-qoj.com%26lo%3Dtq.minutelight-2.online%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%29%2BGecko%252F20100101%2BFirefox%252F105.0%26tp%3D84%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26er%3D%26shs%3D%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D43%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3Dnull%26vrd%3Dnull%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0 HTTP/1.1
Host: xml-v4.minutelight-2.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tq.minutelight-2.online/
Cookie: x3325799=1630608516
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 07 Dec 2023 22:27:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://whitepark9.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021

mcpuwpush.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxMTg3Njc4MDIxIiwic3NwIjozNzU4LCJzcG90X2lkIjozNzQ4ODQsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiMzc0ODg0IiwicGFnZSI6Imh0dHBzOi8vdHEubWludXRlbGlnaHQtMi5vbmxpbmUvIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJ4ejN1Y3k0djF5Znp4dnFvb3U3MDZpIn0sImV4dCI6eyJkdCI6MTcwMTk4ODA0NjIzM319

94.130.197.240

0 B

URL
mcpuwpush.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxMTg3Njc4MDIxIiwic3NwIjozNzU4LCJzcG90X2lkIjozNzQ4ODQsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiMzc0ODg0IiwicGFnZSI6Imh0dHBzOi8vdHEubWludXRlbGlnaHQtMi5vbmxpbmUvIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJ4ejN1Y3k0djF5Znp4dnFvb3U3MDZpIn0sImV4dCI6eyJkdCI6MTcwMTk4ODA0NjIzM319
IP
94.130.197.240:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxMTg3Njc4MDIxIiwic3NwIjozNzU4LCJzcG90X2lkIjozNzQ4ODQsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiMzc0ODg0IiwicGFnZSI6Imh0dHBzOi8vdHEubWludXRlbGlnaHQtMi5vbmxpbmUvIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJ4ejN1Y3k0djF5Znp4dnFvb3U3MDZpIn0sImV4dCI6eyJkdCI6MTcwMTk4ODA0NjIzM319 HTTP/1.1
Host: mcpuwpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://whitepark9.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.16.0
date: Thu, 07 Dec 2023 22:27:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://mcpuwpush.com/popunder/in/click/?mid=7476172809598027064&pid=0&site=374884&sc=NO&usage_type=DCH&subid=1187678021&sid=0&cid=16705&price=0.0008714790000000001&is_cpm=0&cpm=0.8714790000000001&ecpm=0.8714790000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tq.minutelight-2.online&hostname=auc-popunder-hz-2&site_id=0&spot_id=374884&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1702074439&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=374884&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.142&placement_type_id=7&skin_test=&verify_hash=6161cab1a97b983a3916105b2bfba64f&score=190.5230091054849&durl=&ml=&tag_ab=&original_bid=0.0008714790000000001&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.142&url=https%3A%2F%2Feu.easelegbike.com%2Fclicks.php%3Fcountry%3DNO%26subid%3D1881_163_6%26aff%3D1881%26adv%3D1001%26url%3Dhttps%253A%252F%252F877563.novitrk6.com%252Fsmartlink%253Ftrack%253DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%253D%26bid%3D0.0008714790000000001%26eab%3Dbxzqyyyi%26transactionId%3D33y1881yc8e240d0-954f-11ee-a5e5-19c828304022%26ip%3D91.90.42.154%26ua%3DMozilla%252F5.0%2520%28Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0%29%2520Gecko%252F20100101%2520Firefox%252F105.0%26group%3D10%26userage%3D%26ref%3Dhttp%253A%252F%252Fmobipium.com%26dist%3D1%26subid_enc%3D374884&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=205&high_freq_clicks=0&dev_console_activity=0&topics=&o_d=&is_webview=0
X-Firefox-Spdy: h2

mcpuwpush.com/popunder/in/click/?mid=7476172809598027064&pid=0&site=374884&sc=NO&usage_type=DCH&subid=1187678021&sid=0&cid=16705&price=0.0008714790000000001&is_cpm=0&cpm=0.8714790000000001&ecpm=0.8714790000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tq.minutelight-2.online&hostname=auc-popunder-hz-2&site_id=0&spot_id=374884&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1702074439&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=374884&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.142&placement_type_id=7&skin_test=&verify_hash=6161cab1a97b983a3916105b2bfba64f&score=190.5230091054849&durl=&ml=&tag_ab=&original_bid=0.0008714790000000001&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.142&url=https%3A%2F%2Feu.easelegbike.com%2Fclicks.php%3Fcountry%3DNO%26subid%3D1881_163_6%26aff%3D1881%26adv%3D1001%26url%3Dhttps%253A%252F%252F877563.novitrk6.com%252Fsmartlink%253Ftrack%253DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%253D%26bid%3D0.0008714790000000001%26eab%3Dbxzqyyyi%26transactionId%3D33y1881yc8e240d0-954f-11ee-a5e5-19c828304022%26ip%3D91.90.42.154%26ua%3DMozilla%252F5.0%2520%28Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0%29%2520Gecko%252F20100101%2520Firefox%252F105.0%26group%3D10%26userage%3D%26ref%3Dhttp%253A%252F%252Fmobipium.com%26dist%3D1%26subid_enc%3D374884&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=205&high_freq_clicks=0&dev_console_activity=0&topics=&o_d=&is_webview=0

94.130.197.240

0 B

URL
mcpuwpush.com/popunder/in/click/?mid=7476172809598027064&pid=0&site=374884&sc=NO&usage_type=DCH&subid=1187678021&sid=0&cid=16705&price=0.0008714790000000001&is_cpm=0&cpm=0.8714790000000001&ecpm=0.8714790000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tq.minutelight-2.online&hostname=auc-popunder-hz-2&site_id=0&spot_id=374884&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1702074439&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=374884&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.142&placement_type_id=7&skin_test=&verify_hash=6161cab1a97b983a3916105b2bfba64f&score=190.5230091054849&durl=&ml=&tag_ab=&original_bid=0.0008714790000000001&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.142&url=https%3A%2F%2Feu.easelegbike.com%2Fclicks.php%3Fcountry%3DNO%26subid%3D1881_163_6%26aff%3D1881%26adv%3D1001%26url%3Dhttps%253A%252F%252F877563.novitrk6.com%252Fsmartlink%253Ftrack%253DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%253D%26bid%3D0.0008714790000000001%26eab%3Dbxzqyyyi%26transactionId%3D33y1881yc8e240d0-954f-11ee-a5e5-19c828304022%26ip%3D91.90.42.154%26ua%3DMozilla%252F5.0%2520%28Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0%29%2520Gecko%252F20100101%2520Firefox%252F105.0%26group%3D10%26userage%3D%26ref%3Dhttp%253A%252F%252Fmobipium.com%26dist%3D1%26subid_enc%3D374884&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=205&high_freq_clicks=0&dev_console_activity=0&topics=&o_d=&is_webview=0
IP
94.130.197.240:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /popunder/in/click/?mid=7476172809598027064&pid=0&site=374884&sc=NO&usage_type=DCH&subid=1187678021&sid=0&cid=16705&price=0.0008714790000000001&is_cpm=0&cpm=0.8714790000000001&ecpm=0.8714790000000001&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tq.minutelight-2.online&hostname=auc-popunder-hz-2&site_id=0&spot_id=374884&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1702074439&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=374884&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.142&placement_type_id=7&skin_test=&verify_hash=6161cab1a97b983a3916105b2bfba64f&score=190.5230091054849&durl=&ml=&tag_ab=&original_bid=0.0008714790000000001&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.142&url=https%3A%2F%2Feu.easelegbike.com%2Fclicks.php%3Fcountry%3DNO%26subid%3D1881_163_6%26aff%3D1881%26adv%3D1001%26url%3Dhttps%253A%252F%252F877563.novitrk6.com%252Fsmartlink%253Ftrack%253DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%253D%26bid%3D0.0008714790000000001%26eab%3Dbxzqyyyi%26transactionId%3D33y1881yc8e240d0-954f-11ee-a5e5-19c828304022%26ip%3D91.90.42.154%26ua%3DMozilla%252F5.0%2520%28Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0%29%2520Gecko%252F20100101%2520Firefox%252F105.0%26group%3D10%26userage%3D%26ref%3Dhttp%253A%252F%252Fmobipium.com%26dist%3D1%26subid_enc%3D374884&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=205&high_freq_clicks=0&dev_console_activity=0&topics=&o_d=&is_webview=0 HTTP/1.1
Host: mcpuwpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://whitepark9.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx/1.16.0
date: Thu, 07 Dec 2023 22:27:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://eu.easelegbike.com/clicks.php?country=NO&subid=1881_163_6&aff=1881&adv=1001&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.Glj!19pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj*mVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h!W4iOiJodHRwJTNBJTJGJTJG.W9i!XBpdW0uY29tIiwiZXh0*mFf!WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp*19ydGJfY2Ft*GFpZ24iOjE4MDkyLCJsYW5kZXJf!WQiOjE1NSwi.WVk!WFfdHlwZSI6ImFkdWx0Iiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjkxLjkwLjQyLjE1NCIsInNpdGVf!WQiOiIxODgxXzE2M182Iiwi*291*mNlX3R5*GUiOiJw.3B1.mRl*iIsInN1*3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm!WNf*291*mNlIjoidHJhZmZpY25v.WFk*yIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0%3D&bid=0.0008714790000000001&eab=bxzqyyyi&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&group=10&userage=&ref=http%3A%2F%2Fmobipium.com&dist=1&subid_enc=374884
X-Firefox-Spdy: h2

eu.easelegbike.com/clicks.php?country=NO&subid=1881_163_6&aff=1881&adv=1001&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.Glj!19pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj*mVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h!W4iOiJodHRwJTNBJTJGJTJG.W9i!XBpdW0uY29tIiwiZXh0*mFf!WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp*19ydGJfY2Ft*GFpZ24iOjE4MDkyLCJsYW5kZXJf!WQiOjE1NSwi.WVk!WFfdHlwZSI6ImFkdWx0Iiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjkxLjkwLjQyLjE1NCIsInNpdGVf!WQiOiIxODgxXzE2M182Iiwi*291*mNlX3R5*GUiOiJw.3B1.mRl*iIsInN1*3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm!WNf*291*mNlIjoidHJhZmZpY25v.WFk*yIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0%3D&bid=0.0008714790000000001&eab=bxzqyyyi&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&group=10&userage=&ref=http%3A%2F%2Fmobipium.com&dist=1&subid_enc=374884

78.46.81.228

12 kB

URL
eu.easelegbike.com/clicks.php?country=NO&subid=1881_163_6&aff=1881&adv=1001&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.Glj!19pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj*mVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h!W4iOiJodHRwJTNBJTJGJTJG.W9i!XBpdW0uY29tIiwiZXh0*mFf!WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp*19ydGJfY2Ft*GFpZ24iOjE4MDkyLCJsYW5kZXJf!WQiOjE1NSwi.WVk!WFfdHlwZSI6ImFkdWx0Iiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjkxLjkwLjQyLjE1NCIsInNpdGVf!WQiOiIxODgxXzE2M182Iiwi*291*mNlX3R5*GUiOiJw.3B1.mRl*iIsInN1*3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm!WNf*291*mNlIjoidHJhZmZpY25v.WFk*yIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0%3D&bid=0.0008714790000000001&eab=bxzqyyyi&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&group=10&userage=&ref=http%3A%2F%2Fmobipium.com&dist=1&subid_enc=374884
IP
78.46.81.228:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1344), with CRLF line terminators
Size
12 kB (11985 bytes)
Hash
03fcb5d3ca79998b1e3a2f608316c7ec
863e8b1b823a6f2edbd90b4b05a0847e7fa5db39
a2ee5f4d49c7d1efee9e7e661aac78b874b44847557ddd4555060c4b0ca774c7

HTTP Headers

GET /clicks.php?country=NO&subid=1881_163_6&aff=1881&adv=1001&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.Glj!19pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj*mVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h!W4iOiJodHRwJTNBJTJGJTJG.W9i!XBpdW0uY29tIiwiZXh0*mFf!WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp*19ydGJfY2Ft*GFpZ24iOjE4MDkyLCJsYW5kZXJf!WQiOjE1NSwi.WVk!WFfdHlwZSI6ImFkdWx0Iiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjkxLjkwLjQyLjE1NCIsInNpdGVf!WQiOiIxODgxXzE2M182Iiwi*291*mNlX3R5*GUiOiJw.3B1.mRl*iIsInN1*3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm!WNf*291*mNlIjoidHJhZmZpY25v.WFk*yIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0%3D&bid=0.0008714790000000001&eab=bxzqyyyi&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&group=10&userage=&ref=http%3A%2F%2Fmobipium.com&dist=1&subid_enc=374884 HTTP/1.1
Host: eu.easelegbike.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://whitepark9.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 07 Dec 2023 22:27:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: teste=teste; expires=Thu, 07-Dec-2023 22:29:00 GMT; Max-Age=100
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
X-Upstream-Addr: 116.202.246.251:80
X-Forwarded-By: 91.90.42.154

eu.easelegbike.com/pop_clicks.php?&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%3D&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&aff=1881&adv=1001&bid=0.000871479&eab=bxzqyyyi&subid=1881_163_6&country=NO&userage=&group=10&subid_enc=374884&ref=http%3A%2F%2Fmobipium.com&dist=1&timezone=UTC&wind=false&heigth=1024&width=1280&cookie=false&locationx=Verdade

78.46.81.228

1.8 kB

URL
eu.easelegbike.com/pop_clicks.php?&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%3D&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&aff=1881&adv=1001&bid=0.000871479&eab=bxzqyyyi&subid=1881_163_6&country=NO&userage=&group=10&subid_enc=374884&ref=http%3A%2F%2Fmobipium.com&dist=1&timezone=UTC&wind=false&heigth=1024&width=1280&cookie=false&locationx=Verdade
IP
78.46.81.228:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (756), with CRLF line terminators
Size
1.8 kB (1800 bytes)
Hash
54ebbbdbebdddb3ad71e75c97d2773ff
9c15992dc9df2b2490c8989605de758219156a0e
81e3e6010a665902297f6aaa49e70757269537a19f150abc85e4a7ea325df24e

HTTP Headers

GET /pop_clicks.php?&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv%2AiI6MC45OTksImJpZF90eXBlIjoi%2A21h%2AnRj%2AGEiLCJj.Glj%2119pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj%2AmVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h%21W4iOiJodHRwJTNBJTJGJTJG.W9i%21XBpdW0uY29tIiwiZXh0%2AmFf%21WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp%2A19ydGJfY2Ft%2AGFpZ24iOjE4MDkyLCJsYW5kZXJf%21WQiOjE1NSwi.WVk%21WFfdHlwZSI6ImFkdWx0Iiwi.mlj%21GUiOiJhdmFzdCIsInJ0Yl9p%2ACI6IjkxLjkwLjQyLjE1NCIsInNpdGVf%21WQiOiIxODgxXzE2M182Iiwi%2A291%2AmNlX3R5%2AGUiOiJw.3B1.mRl%2AiIsInN1%2A3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm%21WNf%2A291%2AmNlIjoidHJhZmZpY25v.WFk%2AyIsInVzZXJf%21WQiOjMsInZl%2AnRpY2FsIjoiYW50%21XZp%2AnVzIn0%3D&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&aff=1881&adv=1001&bid=0.000871479&eab=bxzqyyyi&subid=1881_163_6&country=NO&userage=&group=10&subid_enc=374884&ref=http%3A%2F%2Fmobipium.com&dist=1&timezone=UTC&wind=false&heigth=1024&width=1280&cookie=false&locationx=Verdade HTTP/1.1
Host: eu.easelegbike.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eu.easelegbike.com/clicks.php?country=NO&subid=1881_163_6&aff=1881&adv=1001&url=https%3A%2F%2F877563.novitrk6.com%2Fsmartlink%3Ftrack%3DeyJhZ2UiOiIwIiwiYWdlX2hvdXIiOiIwIiwiYmlkX2ZhY3Rv*iI6MC45OTksImJpZF90eXBlIjoi*21h*nRj*GEiLCJj.Glj!19pZCI6IjMzeTE4ODF5YzhlMjQwZDAtOTU0Zi0xMWVlLWE1ZTUtMTljODI4MzA0MDIyIiwiY29zdCI6MC4wMDIyMjU1NDIyMzAwMDAwMDA0LCJj*mVhdGl2ZV9pZCI6Mjk1OTE3LCJk.21h!W4iOiJodHRwJTNBJTJGJTJG.W9i!XBpdW0uY29tIiwiZXh0*mFf!WQiOiIxODgxIiwiZmVlZCI6IjEwMDQiLCJp*19ydGJfY2Ft*GFpZ24iOjE4MDkyLCJsYW5kZXJf!WQiOjE1NSwi.WVk!WFfdHlwZSI6ImFkdWx0Iiwi.mlj!GUiOiJhdmFzdCIsInJ0Yl9p*CI6IjkxLjkwLjQyLjE1NCIsInNpdGVf!WQiOiIxODgxXzE2M182Iiwi*291*mNlX3R5*GUiOiJw.3B1.mRl*iIsInN1*3BpY2lvdXMiOjAsInRp.WUiOjE3MDE5ODgwNDAsInRyYWZm!WNf*291*mNlIjoidHJhZmZpY25v.WFk*yIsInVzZXJf!WQiOjMsInZl*nRpY2FsIjoiYW50!XZp*nVzIn0%3D&bid=0.0008714790000000001&eab=bxzqyyyi&transactionId=33y1881yc8e240d0-954f-11ee-a5e5-19c828304022&ip=91.90.42.154&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&group=10&userage=&ref=http%3A%2F%2Fmobipium.com&dist=1&subid_enc=374884
Cookie: teste=teste
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 07 Dec 2023 22:27:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
X-Upstream-Addr: 116.202.50.29:80
X-Forwarded-By: 91.90.42.154

cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

151.101.129.229

15 kB

URL
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (33446)
Size
15 kB (15023 bytes)
Hash
375436f436cc1022d7b4569a817c1a6b
9359415cc419874654000870ca54523875c12c16
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

HTTP Headers

GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.4.2
x-jsd-version-type: version
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
content-encoding: br
accept-ranges: bytes
date: Thu, 07 Dec 2023 22:27:21 GMT
age: 14069
x-served-by: cache-fra-etou8220049-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15023
X-Firefox-Spdy: h2

antivirus.landerhd.com/landingpages/avast-no/avast-no.jpeg

188.240.52.20

23 kB

URL
antivirus.landerhd.com/landingpages/avast-no/avast-no.jpeg
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x95, components 3\012- data
Size
23 kB (23346 bytes)
Hash
e1bfd2e086d1409d4d9c8e039cede645
960a715fe6ea00063cb9470b55e65b99ad47532f
07dd7280258dda8258f35f2be71f6226f40d794e493c3b05e141b122c59ba87c

HTTP Headers

GET /landingpages/avast-no/avast-no.jpeg HTTP/1.1
Host: antivirus.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/657246c930747200645afb95
Cookie: XSRF-TOKEN=eyJpdiI6IlJyLzlqVC9DVjNSOEJIR2lOeWNWWmc9PSIsInZhbHVlIjoiS3doZ285ME1nVXZFKzJBVXc3NWk2N0REWVZsTmw3YXV5eTVwNDd4NTdsVytyM0RhRXRrcmJYS1QyUVh3WlUvRDBwek9SMEswblpQRU52TVJOSGJzMTNudmtBWEM3ZHkxYmphd09NMzVEclpCMmo2L01uWjg5enhCb2RVblJNamYiLCJtYWMiOiI5YzliOTBmMDMwODM0NDhiY2JkZDBjOGZkNjQwNTBiYTA4ZjA5MThhYjU1ODE5MTczNGMzZTRhZTJlNTUwODZlIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InNvb1p5bllJUHF6RVAzSHpwSVBYbFE9PSIsInZhbHVlIjoiM3hSTERPWG9lZWgwRmxQd1RiTmNUa2pEcXk3ZTUwSHAzRTBEcXBkd1VjM0QzWVZTUlgvZWl3SGdKWEYyV25BWGtTMVY3d3dXcStwM29Pb0Rha2FsWTlUTytQS0lqcHVBNkl3SllyOHV3QkdBakNZTWNWckx6Zkt5NTdTTE45aFkiLCJtYWMiOiI0NDZkMTE0OWM5YmM2MWUyZTViZWQxNmQ3ZjYyYTBiNDUyNTExMWZlNjFjNGM2NzNkOTc0YmFjNzkwN2MxNTAxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Thu, 07 Dec 2023 22:27:21 GMT
content-type: image/jpeg
content-length: 23346
last-modified: Wed, 06 Dec 2023 09:46:01 GMT
etag: "657042d9-5b32"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js

151.101.129.229

3.2 kB

URL
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (8836)
Size
3.2 kB (3173 bytes)
Hash
47c385b50143101eb33518d4bdb62b8f
6683889617dc16e817a49c17ce38f358efdf1638
52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3

HTTP Headers

GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: br
accept-ranges: bytes
date: Thu, 07 Dec 2023 22:27:21 GMT
age: 1797
x-served-by: cache-fra-eddf8230126-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3173
X-Firefox-Spdy: h2

antivirus.landerhd.com/landingpages/avast-no/license-no.jpg

188.240.52.20

26 kB

URL
antivirus.landerhd.com/landingpages/avast-no/license-no.jpg
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 285x168, components 3\012- data
Size
26 kB (25928 bytes)
Hash
75e867f62290c45fd58e752d4aca5390
b64b49fb1dd8438c7177f63091d087c011825887
1ac3c78efd13d6e1349c684da682c09892e911ba378e5c765a5f4b131ea0ba97

HTTP Headers

GET /landingpages/avast-no/license-no.jpg HTTP/1.1
Host: antivirus.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/657246c930747200645afb95
Cookie: XSRF-TOKEN=eyJpdiI6IlJyLzlqVC9DVjNSOEJIR2lOeWNWWmc9PSIsInZhbHVlIjoiS3doZ285ME1nVXZFKzJBVXc3NWk2N0REWVZsTmw3YXV5eTVwNDd4NTdsVytyM0RhRXRrcmJYS1QyUVh3WlUvRDBwek9SMEswblpQRU52TVJOSGJzMTNudmtBWEM3ZHkxYmphd09NMzVEclpCMmo2L01uWjg5enhCb2RVblJNamYiLCJtYWMiOiI5YzliOTBmMDMwODM0NDhiY2JkZDBjOGZkNjQwNTBiYTA4ZjA5MThhYjU1ODE5MTczNGMzZTRhZTJlNTUwODZlIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InNvb1p5bllJUHF6RVAzSHpwSVBYbFE9PSIsInZhbHVlIjoiM3hSTERPWG9lZWgwRmxQd1RiTmNUa2pEcXk3ZTUwSHAzRTBEcXBkd1VjM0QzWVZTUlgvZWl3SGdKWEYyV25BWGtTMVY3d3dXcStwM29Pb0Rha2FsWTlUTytQS0lqcHVBNkl3SllyOHV3QkdBakNZTWNWckx6Zkt5NTdTTE45aFkiLCJtYWMiOiI0NDZkMTE0OWM5YmM2MWUyZTViZWQxNmQ3ZjYyYTBiNDUyNTExMWZlNjFjNGM2NzNkOTc0YmFjNzkwN2MxNTAxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Thu, 07 Dec 2023 22:27:21 GMT
content-type: image/jpeg
content-length: 25928
last-modified: Wed, 06 Dec 2023 09:46:00 GMT
etag: "657042d8-6548"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

antivirus.landerhd.com/landingpages/avast-no/logo_css.png

188.240.52.20

9.5 kB

URL
antivirus.landerhd.com/landingpages/avast-no/logo_css.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 200 x 202, 8-bit/color RGBA, non-interlaced\012- data
Size
9.5 kB (9457 bytes)
Hash
f59d496b22c2c6c791746fbfce50c988
ac929ceb377f6055802ae04a8631e58da6179c90
e7886b744ef4e5c70189c9f488bbc44da14d40f25e23d3a3ab12e64a2dd76220

HTTP Headers

GET /landingpages/avast-no/logo_css.png HTTP/1.1
Host: antivirus.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/657246c930747200645afb95
Cookie: XSRF-TOKEN=eyJpdiI6IlJyLzlqVC9DVjNSOEJIR2lOeWNWWmc9PSIsInZhbHVlIjoiS3doZ285ME1nVXZFKzJBVXc3NWk2N0REWVZsTmw3YXV5eTVwNDd4NTdsVytyM0RhRXRrcmJYS1QyUVh3WlUvRDBwek9SMEswblpQRU52TVJOSGJzMTNudmtBWEM3ZHkxYmphd09NMzVEclpCMmo2L01uWjg5enhCb2RVblJNamYiLCJtYWMiOiI5YzliOTBmMDMwODM0NDhiY2JkZDBjOGZkNjQwNTBiYTA4ZjA5MThhYjU1ODE5MTczNGMzZTRhZTJlNTUwODZlIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InNvb1p5bllJUHF6RVAzSHpwSVBYbFE9PSIsInZhbHVlIjoiM3hSTERPWG9lZWgwRmxQd1RiTmNUa2pEcXk3ZTUwSHAzRTBEcXBkd1VjM0QzWVZTUlgvZWl3SGdKWEYyV25BWGtTMVY3d3dXcStwM29Pb0Rha2FsWTlUTytQS0lqcHVBNkl3SllyOHV3QkdBakNZTWNWckx6Zkt5NTdTTE45aFkiLCJtYWMiOiI0NDZkMTE0OWM5YmM2MWUyZTViZWQxNmQ3ZjYyYTBiNDUyNTExMWZlNjFjNGM2NzNkOTc0YmFjNzkwN2MxNTAxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Thu, 07 Dec 2023 22:27:22 GMT
content-type: image/png
content-length: 9457
last-modified: Wed, 06 Dec 2023 09:46:01 GMT
etag: "657042d9-24f1"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

antivirus.landerhd.com/landingpages/avast-no/check.gif

188.240.52.20

200 OK

107 B

URL GET HTTP/2
antivirus.landerhd.com/landingpages/avast-no/check.gif
IP
188.240.52.20:443
ASN
#20857 Signet B.V.

Requested by
https://antivirus.landerhd.com/657246c930747200645afb95
Certificate
IssuerLet's Encrypt
Subject*.landerhd.com
FingerprintEE:EF:56:EA:C9:00:A3:F8:D5:E3:DC:3A:CB:16:7F:73:E7:1E:B0:BB
ValiditySat, 25 Nov 2023 09:45:07 GMT - Fri, 23 Feb 2024 09:45:06 GMT

File type
GIF image data, version 89a, 14 x 15\012- data
Size
107 B (107 bytes)
Hash
dd061d206d2f7c42618d6a37e4ff3de0
4fc54c574b5fc9589dd517b3571a7776c808d30e
6b6b494b0e264b6d7e9210f4d548029b34be28ff6b7a074cc87f652c8cb81254

HTTP Headers

GET /landingpages/avast-no/check.gif HTTP/1.1
Host: antivirus.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/657246c930747200645afb95
Cookie: XSRF-TOKEN=eyJpdiI6IlJyLzlqVC9DVjNSOEJIR2lOeWNWWmc9PSIsInZhbHVlIjoiS3doZ285ME1nVXZFKzJBVXc3NWk2N0REWVZsTmw3YXV5eTVwNDd4NTdsVytyM0RhRXRrcmJYS1QyUVh3WlUvRDBwek9SMEswblpQRU52TVJOSGJzMTNudmtBWEM3ZHkxYmphd09NMzVEclpCMmo2L01uWjg5enhCb2RVblJNamYiLCJtYWMiOiI5YzliOTBmMDMwODM0NDhiY2JkZDBjOGZkNjQwNTBiYTA4ZjA5MThhYjU1ODE5MTczNGMzZTRhZTJlNTUwODZlIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InNvb1p5bllJUHF6RVAzSHpwSVBYbFE9PSIsInZhbHVlIjoiM3hSTERPWG9lZWgwRmxQd1RiTmNUa2pEcXk3ZTUwSHAzRTBEcXBkd1VjM0QzWVZTUlgvZWl3SGdKWEYyV25BWGtTMVY3d3dXcStwM29Pb0Rha2FsWTlUTytQS0lqcHVBNkl3SllyOHV3QkdBakNZTWNWckx6Zkt5NTdTTE45aFkiLCJtYWMiOiI0NDZkMTE0OWM5YmM2MWUyZTViZWQxNmQ3ZjYyYTBiNDUyNTExMWZlNjFjNGM2NzNkOTc0YmFjNzkwN2MxNTAxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Thu, 07 Dec 2023 22:27:22 GMT
content-type: image/gif
content-length: 107
last-modified: Wed, 06 Dec 2023 09:46:01 GMT
etag: "657042d9-6b"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

antivirus.landerhd.com/landingpages/avast-no/favicon.png

188.240.52.20

1.7 kB

URL
antivirus.landerhd.com/landingpages/avast-no/favicon.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1730 bytes)
Hash
bfdf8a413ff3eab4ebfece0a350407ca
d8c98338ef45717429992cfb6cb0774022a31c76
c0970ebc3304ede5d7e65a8bb0add7ba7c6ff0689ebaa41f86f9fd79b0f2be4a

HTTP Headers

GET /landingpages/avast-no/favicon.png HTTP/1.1
Host: antivirus.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://antivirus.landerhd.com/657246c930747200645afb95
Cookie: XSRF-TOKEN=eyJpdiI6IlJyLzlqVC9DVjNSOEJIR2lOeWNWWmc9PSIsInZhbHVlIjoiS3doZ285ME1nVXZFKzJBVXc3NWk2N0REWVZsTmw3YXV5eTVwNDd4NTdsVytyM0RhRXRrcmJYS1QyUVh3WlUvRDBwek9SMEswblpQRU52TVJOSGJzMTNudmtBWEM3ZHkxYmphd09NMzVEclpCMmo2L01uWjg5enhCb2RVblJNamYiLCJtYWMiOiI5YzliOTBmMDMwODM0NDhiY2JkZDBjOGZkNjQwNTBiYTA4ZjA5MThhYjU1ODE5MTczNGMzZTRhZTJlNTUwODZlIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InNvb1p5bllJUHF6RVAzSHpwSVBYbFE9PSIsInZhbHVlIjoiM3hSTERPWG9lZWgwRmxQd1RiTmNUa2pEcXk3ZTUwSHAzRTBEcXBkd1VjM0QzWVZTUlgvZWl3SGdKWEYyV25BWGtTMVY3d3dXcStwM29Pb0Rha2FsWTlUTytQS0lqcHVBNkl3SllyOHV3QkdBakNZTWNWckx6Zkt5NTdTTE45aFkiLCJtYWMiOiI0NDZkMTE0OWM5YmM2MWUyZTViZWQxNmQ3ZjYyYTBiNDUyNTExMWZlNjFjNGM2NzNkOTc0YmFjNzkwN2MxNTAxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Thu, 07 Dec 2023 22:27:22 GMT
content-type: image/png
content-length: 1730
last-modified: Wed, 06 Dec 2023 09:46:01 GMT
etag: "657042d9-6c2"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

64.233.161.84

0 B

URL
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
64.233.161.84:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:0PbvPYOgC6bc7iVoqJeVuMoDlLj-TQ:m4nSgXqHQ5AJGZFY; Expires=Sat, 06-Dec-2025 22:27:22 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 07 Dec 2023 22:27:22 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp26e3My3LUk0OhYkzy5yM95R8Fk1te2e77aFzjHNpONR8_LELjRIwEj4YcfsB_EpFKfKte-sw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-PSEUCcQAfRzn1Z7IM5g_ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

64.233.161.84

0 B

URL
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
64.233.161.84:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:KxxAmyFIRv8lM1Kb4rL0m66-P4CF-g:zPxFYgv-CPkwuWlK; Expires=Sat, 06-Dec-2025 22:27:22 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 07 Dec 2023 22:27:22 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3T4tK38HdWTCQVk9PuuQzz3v8fv8yCYxTknuJy5unyY892IypgNPDLLTrWIDK9N_ygFy0tPA
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-JhaWkeLJJ1oIQDda4UblBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp26e3My3LUk0OhYkzy5yM95R8Fk1te2e77aFzjHNpONR8_LELjRIwEj4YcfsB_EpFKfKte-sw

64.233.161.84

404 B

URL
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp26e3My3LUk0OhYkzy5yM95R8Fk1te2e77aFzjHNpONR8_LELjRIwEj4YcfsB_EpFKfKte-sw
IP
64.233.161.84:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Size
404 B (404 bytes)
Hash
67fe5d08081d76bf2634271da9512f72
d5271ac362983d5ea1e44ea9950d344188eaf36b
63df58b1616876dd5d0bac8d310772fb5bf91297bed6e491c67c07a51573a510

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp26e3My3LUk0OhYkzy5yM95R8Fk1te2e77aFzjHNpONR8_LELjRIwEj4YcfsB_EpFKfKte-sw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:7Mfpj_pqU0xMh_wZzS_oONOznRecvQ:82IlmVHhvAjYubcV;Path=/;Expires=Sat, 06-Dec-2025 22:27:22 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 07 Dec 2023 22:27:22 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp3MSUAwB3eyslD0UkObOYAEJaaxmjLsjqvm2LxgkVd0sSQ0_FSjuF6gaxHQbOgwl0OFZzAY9g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1022666631%3A1701988042690527&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-xd6zgtLACWEEvtC2vhPSKQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3T4tK38HdWTCQVk9PuuQzz3v8fv8yCYxTknuJy5unyY892IypgNPDLLTrWIDK9N_ygFy0tPA

64.233.161.84

402 B

URL
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3T4tK38HdWTCQVk9PuuQzz3v8fv8yCYxTknuJy5unyY892IypgNPDLLTrWIDK9N_ygFy0tPA
IP
64.233.161.84:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (398)
Size
402 B (402 bytes)
Hash
cd6a807c4fe1792d3e9335a1a2786adc
629c4f4b04f30bb2e3e9b4c313e0704e989c9660
693ef0e86138fc591704187cd957685210ae59f704f32bb04414ab211bd56424

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3T4tK38HdWTCQVk9PuuQzz3v8fv8yCYxTknuJy5unyY892IypgNPDLLTrWIDK9N_ygFy0tPA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:s-QU4Gtwqc_dh6dDp8FhYGnulV866A:2rwgkvuysgLMU32O;Path=/;Expires=Sat, 06-Dec-2025 22:27:22 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 07 Dec 2023 22:27:22 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1o6dgwWG04x9TFvcFhjbBLV8kxj7vGcidlyejHDzUpwpLIU6PEucZoxgwSu3W9DC66Vk0e6Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S386266443%3A1701988042695758&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-guM4jGp5UByBTLCjKyeXSg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20

0.0.0.0

0 B

URL POST
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP
0.0.0.0:0
ASN
#0

Requested by
https://antivirus.landerhd.com/657246c930747200645afb95

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://antivirus.landerhd.com/
Content-Type: text/plain
Content-Length: 26227
Origin: https://antivirus.landerhd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (25)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP