Report - www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcHN0PTE3NDg4MjAwODcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZybXRjPXQmc2h1PTI2MTg0NDUzMmZjOWQwYWI2NjNiNDAyMzIwZGQyYTJlMGQyOGYwZmEwYzA1YmRhZDE1MDJjMDU5NzhjOGY0OTAyOWRiMjg0MmFhMzRkOTBmMzU2MTkwOTg2ODYyZTQyZGZlYmUzNWRjZDVlYjZiMmZlMTMxMTVlMTc0YTNjMTNkNTI2NDE2MjVkZjYyMDY1YmNiYWJiYzQyMTE3OTU4OTc0NWIwMjQwNjUxODc3Mzc4NDZiMyZwaWk9JmluPSZ1dWlkPQ

Report Overview

Visited public
2025-06-01 23:22:15
Tags
URL
www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcHN0PTE3NDg4MjAwODcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZybXRjPXQmc2h1PTI2MTg0NDUzMmZjOWQwYWI2NjNiNDAyMzIwZGQyYTJlMGQyOGYwZmEwYzA1YmRhZDE1MDJjMDU5NzhjOGY0OTAyOWRiMjg0MmFhMzRkOTBmMzU2MTkwOTg2ODYyZTQyZGZlYmUzNWRjZDVlYjZiMmZlMTMxMTVlMTc0YTNjMTNkNTI2NDE2MjVkZjYyMDY1YmNiYWJiYzQyMTE3OTU4OTc0NWIwMjQwNjUxODc3Mzc4NDZiMyZwaWk9JmluPSZ1dWlkPQ
Finishing URL
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
IP / ASN
172.240.108.76
#7979 SERVERS-COM
Title
Attention

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
press-continue.564a5a0rut08.top	unknown	2024-07-27	2025-06-01	2025-06-01	5.8 kB	1.1 MB	185.246.188.124
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-28	479 B	6.4 kB	142.250.74.10
loadingscripts.com	unknown	2023-04-27	2023-04-29	2025-05-26	2.5 kB	116 kB	194.63.143.61
www.profitableratecpm.com	unknown	2025-04-07	2025-04-11	2025-05-26	3.5 kB	36 kB	192.243.59.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-01 23:22:11	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-01	medium	profitableratecpm.com	Sinkholed
2025-06-01	medium	profitableratecpm.com	Sinkholed
2025-06-01	medium	profitableratecpm.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js	ScriptElement	2.8 kB	2023-03-29	2025-06-07
Pretty URL loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js IP 194.63.143.61 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:47 Last Seen2025-06-07 04:39 Times Seen938 Hash 01a2c61eb40ce8e341a0801f78da7735 1cb39b0674bc20c3208c16c53c131e74704759ed 03d593cbf7b72d3c70caedac0c0259330ce8b1a45b708e92e3f19245b6ca9929 Loading...

	press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/	ScriptElement	112 B	2023-05-25	2025-06-07
Pretty URL press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/ IP 185.246.188.124 ASN #200651 FlokiNET ehf Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-25 20:42 Last Seen2025-06-07 04:39 Times Seen476 Hash 7b556b5c53e6044f936419f783c82ae8 cf28d9e5c2e04442d6aba982caa3ebb601a99ac3 7ce041c3470f00f3cfa8146f92a512b45fd1cd480b8cc397e91e30b457ca2bd3 Loading...

	press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/	ScriptElement	281 B	2023-03-08	2025-06-01
Pretty URL press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/ IP 185.246.188.124 ASN #200651 FlokiNET ehf Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:39 Last Seen2025-06-01 23:22 Times Seen250 Hash 798eedd8ae39afa34b8e105e4a104bc7 610297e468632eb07629da7d1271ad63cae51661 8aec80ebfc35d71f78311f3f0eccd03d3ab141bb4e7890cba6fe71631c9bacb0 Loading...

	press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/	ScriptElement	1.6 kB	2023-03-08	2025-06-01
Pretty URL press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/ IP 185.246.188.124 ASN #200651 FlokiNET ehf Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:39 Last Seen2025-06-01 23:22 Times Seen250 Hash c04082450026da68c701a71154753008 c24fd70ad744a7667c0bd03afa99ac2962542524 e6dbeaee41683943b1c88da7ddb778c9994c56dc4c0620106c21265809e1a4ad Loading...

	www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZpbj0mZGxydD10	ScriptElement	4.5 kB	2025-06-01	2025-06-01
Pretty URL www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZpbj0mZGxydD10 IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-01 23:22 Last Seen2025-06-01 23:22 Times Seen1 Hash 0b56897497fe0451528098eac24946a2 8fafe2866c46cf89849e26ddf3b3cb2c620b45e0 0a23d8543f7ce3546fcfa6bec094c0af5a9c318134c7ee924b85aa8a1eabfd7b Loading...

	loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js	ScriptElement	1.8 kB	2023-05-25	2025-06-07
Pretty URL loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js IP 194.63.143.61 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 20:42 Last Seen2025-06-07 04:39 Times Seen482 Hash 8dc402b92b1ed0b13627e2ba1b928cc7 35d1e71cdea9a15b778c6137baaaac1eda4aabb3 b1d3e86c81061bd76770790bf5e2f0ffa7b45f2c4e3fc3400a7142bf9b3a53fb Loading...

HTTP Transactions (19)

URL IP Response Size

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/loading.svg

185.246.188.124

200 OK

386 B

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/loading.svg
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
SVG Scalable Vector Graphics image
Size
386 B (386 bytes)
Hash
484f8bcb59050331f28ec35ae84c3ef0
e083f687af91382e8485515369daffde1899a12a
d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/loading.svg HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/svg+xml
Content-Length: 386
Last-Modified: Mon, 15 Jul 2024 09:36:24 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed98-182"
Accept-Ranges: bytes

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/qr2.png

185.246.188.124

200 OK

7.2 kB

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/qr2.png
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
PNG image data, 1160 x 1160, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7190 bytes)
Hash
d697f8240f634a6bf3c59af9fada4fd4
703d294b81b2ff5a5f47dc4279c837a6aa8cead5
f18af212bbafbb0b86b7aff29d1d0b217e341e564041dabbed3563b8d692b2db

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/qr2.png HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/png
Content-Length: 7190
Last-Modified: Mon, 15 Jul 2024 09:36:25 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed99-1c16"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap

142.250.74.10

200 OK

5.7 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
ASCII text, with very long lines (1572)
Size
5.7 kB (5746 bytes)
Hash
59c83b5f7abdaa354b1e640b2520db04
cf89e164bd477ff1c243938a0e4be491bd935104
347bef745e5f4ef5fe826dac3b7be630f1cac99881976abf4ec43b9d4eeecaaf

HTTP Headers

GET /css2?family=Roboto:wght@300&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 01 Jun 2025 23:21:54 GMT
date: Sun, 01 Jun 2025 23:21:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/alertmicrosoft1.mp3

185.246.188.124

206 Partial Content

51 kB

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/alertmicrosoft1.mp3
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
Audio file with ID3 version 2.4.0, contains: - MPEG ADTS, layer III, v2, 48 kbps, 24 kHz, Monaural
Size
51 kB (51165 bytes)
Hash
fab1bbb4cc471451600f345364157ac7
9c14c555d07a32ce52fabcd4398e476ada6bbb1f
68d390582507c5639dc5b624fd8e3b302678428fecb1ccedb75b23e90a8cdfbf

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/alertmicrosoft1.mp3 HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: audio/mpeg
Content-Length: 51165
Last-Modified: Mon, 15 Jul 2024 09:36:23 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed97-c7dd"
Content-Range: bytes 0-51164/51165

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1

185.246.188.124

301 Moved Permanently

23 kB

URL User Request GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type

Size
23 kB (23333 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1 HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitableratecpm.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:53 GMT
Content-Type: text/html
Content-Length: 169
Location: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Connection: keep-alive
Keep-Alive: timeout=10

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/

185.246.188.124

200 OK

23 kB

URL User Request GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
HTML document, ASCII text, with very long lines (1849)
Size
23 kB (23333 bytes)
Hash
03277e8bff4782de05f2267fc761775d
7ed2779735fe3f6f1e54677634827027c9e724cb
6e0ba1505692b64b38399a6f247f7b50c44c5f8ed925741ea1e196c49874a00b

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/ HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitableratecpm.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:53 GMT
Content-Type: text/html
Last-Modified: Mon, 15 Jul 2024 09:36:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"6694ed94-5b25"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/animate.css

185.246.188.124

200 OK

79 kB

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/animate.css
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
ASCII text
Size
79 kB (79391 bytes)
Hash
97d64faca1f1a0422ecf3ae998026899
61bc4cbfc9fc6e0db503aa67ba92c7c768a4c7e1
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/animate.css HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:53 GMT
Content-Type: text/css
Last-Modified: Mon, 15 Jul 2024 09:36:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"6694ed97-1361f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/download-gif.gif

194.63.143.61

200 OK

104 kB

URL GET
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/download-gif.gif
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
FingerprintEA:8D:28:71:26:10:9B:6E:B1:FF:D3:C6:9C:53:9E:D1:3D:A7:B6:31
ValiditySun, 20 Apr 2025 22:24:36 GMT - Sat, 19 Jul 2025 22:24:35 GMT

File type
GIF image data, version 89a, 188 x 188
Size
104 kB (104467 bytes)
Hash
2d00d3926dd5bb55e7ab4100bacb86a7
9d3c247c6e1fe672b8ba0849f30ed18c45176883
0175bfd9afe9543559c705914fac010a6d609017f0a2edcffe599549561fb5d0

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/download-gif.gif HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/gif
Content-Length: 104467
Last-Modified: Thu, 25 May 2023 10:24:54 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "646f3776-19813"
Accept-Ranges: bytes

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/bg.gif

185.246.188.124

200 OK

854 kB

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/bg.gif
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
GIF image data, version 87a, 600 x 338
Size
854 kB (854531 bytes)
Hash
fb515d8640e8153526073e3dba53cef1
065dcee1850b622ab7e96586cc5ae737dd335587
306d7910500ae32624462375434beaab45581fdfb743af6f3efa5b096a403721

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/bg.gif HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/gif
Content-Length: 854531
Last-Modified: Mon, 15 Jul 2024 09:36:24 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed98-d0a03"
Accept-Ranges: bytes

www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcHN0PTE3NDg4MjAwODcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZybXRjPXQmc2h1PTI2MTg0NDUzMmZjOWQwYWI2NjNiNDAyMzIwZGQyYTJlMGQyOGYwZmEwYzA1YmRhZDE1MDJjMDU5NzhjOGY0OTAyOWRiMjg0MmFhMzRkOTBmMzU2MTkwOTg2ODYyZTQyZGZlYmUzNWRjZDVlYjZiMmZlMTMxMTVlMTc0YTNjMTNkNTI2NDE2MjVkZjYyMDY1YmNiYWJiYzQyMTE3OTU4OTc0NWIwMjQwNjUxODc3Mzc4NDZiMyZwaWk9JmluPSZ1dWlkPQ

192.243.59.12

307 Temporary Redirect

4.6 kB

URL User Request GET
www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcHN0PTE3NDg4MjAwODcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZybXRjPXQmc2h1PTI2MTg0NDUzMmZjOWQwYWI2NjNiNDAyMzIwZGQyYTJlMGQyOGYwZmEwYzA1YmRhZDE1MDJjMDU5NzhjOGY0OTAyOWRiMjg0MmFhMzRkOTBmMzU2MTkwOTg2ODYyZTQyZGZlYmUzNWRjZDVlYjZiMmZlMTMxMTVlMTc0YTNjMTNkNTI2NDE2MjVkZjYyMDY1YmNiYWJiYzQyMTE3OTU4OTc0NWIwMjQwNjUxODc3Mzc4NDZiMyZwaWk9JmluPSZ1dWlkPQ
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectprofitableratecpm.com
FingerprintD9:03:D3:8B:30:97:1C:18:3A:CE:B9:D9:9E:E9:D3:50:25:AF:AB:C6
ValidityMon, 07 Apr 2025 08:47:07 GMT - Sun, 06 Jul 2025 08:47:06 GMT

File type

Size
4.6 kB (4599 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcHN0PTE3NDg4MjAwODcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZybXRjPXQmc2h1PTI2MTg0NDUzMmZjOWQwYWI2NjNiNDAyMzIwZGQyYTJlMGQyOGYwZmEwYzA1YmRhZDE1MDJjMDU5NzhjOGY0OTAyOWRiMjg0MmFhMzRkOTBmMzU2MTkwOTg2ODYyZTQyZGZlYmUzNWRjZDVlYjZiMmZlMTMxMTVlMTc0YTNjMTNkNTI2NDE2MjVkZjYyMDY1YmNiYWJiYzQyMTE3OTU4OTc0NWIwMjQwNjUxODc3Mzc4NDZiMyZwaWk9JmluPSZ1dWlkPQ HTTP/1.1
Host: www.profitableratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZpbj0mZGxydD10
Host: www.profitableratecpm.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 9183f35dd17be168e4b098e0c20e7124
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js

194.63.143.61

200 OK

2.8 kB

URL GET
loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
FingerprintEA:8D:28:71:26:10:9B:6E:B1:FF:D3:C6:9C:53:9E:D1:3D:A7:B6:31
ValiditySun, 20 Apr 2025 22:24:36 GMT - Sat, 19 Jul 2025 22:24:35 GMT

File type
JavaScript source, ASCII text, with very long lines (2801), with no line terminators
Size
2.8 kB (2801 bytes)
Hash
01a2c61eb40ce8e341a0801f78da7735
1cb39b0674bc20c3208c16c53c131e74704759ed
03d593cbf7b72d3c70caedac0c0259330ce8b1a45b708e92e3f19245b6ca9929

HTTP Headers

GET /progress_p/pwa_links/default_scripts/notification.js HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: application/javascript
Content-Length: 2801
Last-Modified: Fri, 24 Mar 2023 17:31:52 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "641dde88-af1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/1.png

185.246.188.124

200 OK

50 kB

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/1.png
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
PNG image data, 980 x 980, 8-bit/color RGBA, non-interlaced
Size
50 kB (49867 bytes)
Hash
1143a7b3bc5051147099facc8dc1432e
3a01609fb60f785d3233a788dff4351a1d79d4c9
ff708dfd7d816c51832a47cebfaf051422ddd0ab0d96588b55a1a2b89c1f3f73

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/1.png HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/png
Content-Length: 49867
Last-Modified: Mon, 15 Jul 2024 09:36:23 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed97-c2cb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZpbj0mZGxydD10

192.243.59.12

200 OK

4.6 kB

URL User Request GET
www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZpbj0mZGxydD10
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectprofitableratecpm.com
FingerprintD9:03:D3:8B:30:97:1C:18:3A:CE:B9:D9:9E:E9:D3:50:25:AF:AB:C6
ValidityMon, 07 Apr 2025 08:47:07 GMT - Sun, 06 Jul 2025 08:47:06 GMT

File type
HTML document, ASCII text, with very long lines (4598)
Size
4.6 kB (4599 bytes)
Hash
37019ac46490965219cff628362523b4
3daf68a199c1e8c08978ef1f4b0b042c0508281c
fcb0772e2ec2cefaaa7d5ae6425637750b55086998b74037809e0dee4c810eff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2FhZmtoZno0dT9rZXk9MjgzZWQyODMwMmNiNzk0ODg3NzliM2UwNzZmYmE0MjcmcmVmZXI9aHR0cHMlM0ElMkYlMkZxeHA3MC5iZW1vYnRyY2tzLmNvbSUyRiZpbj0mZGxydD10 HTTP/1.1
Host: www.profitableratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyNjU5NDE1MSwiayI6IjI4M2VkMjgzMDJjYjc5NDg4Nzc5YjNlMDc2ZmJhNDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTQ0OTE4LCJwaWQiOjI3MDk2NjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjgsInB0Ijo0LCJwayI6ImFhZmtoZno0dSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcXhwNzAuYmVtb2J0cmNrcy5jb20vIiwiYXIiOltdfX0.qf5BLzUsf_2FoPS5BZUMMrIuv1d3vEW52bMlLzrG274; expires=Sun, 01 Jun 2025 23:22:52 GMT; path=/
Host: www.profitableratecpm.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: b6b14d3d2fd931fb6660a667eb1cf9e0
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9kbHJ0PXQmaW49JmtleT0yODNlZDI4MzAyY2I3OTQ4ODc3OWIzZTA3NmZiYTQyNyZwc3Q9MTc0ODgyMDE3MiZyZWZlcj1odHRwcyUzQSUyRiUyRnF4cDcwLmJlbW9idHJja3MuY29tJTJGJnJtdGM9dCZzaHU9OGM5NDQ0MTY5OTFjNGNlMGUyOThkOTlkMjQwNTljNDRmYjI3NmFhNzgwODE4YWM4OTAyODRkM2M4MTMzMGMxMzhiMWJjNTQ3YzUzOGViN2ZkOWE4OTU1OTU1ZThmMDU2MTczMGEyM2E3YjRlNzkwYWVjODI2ZDAyMDZkZTc2MWFkMTcwNzJmNDU2YmFlZmJhMzRjNjVlYTBkMWUyMmY0OTlkYmEzNzhiNjA5NjA5YzhmZWVkJnBpaT0maW49JnV1aWQ9

192.243.59.12

302 Found

23 kB

URL User Request GET
www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9kbHJ0PXQmaW49JmtleT0yODNlZDI4MzAyY2I3OTQ4ODc3OWIzZTA3NmZiYTQyNyZwc3Q9MTc0ODgyMDE3MiZyZWZlcj1odHRwcyUzQSUyRiUyRnF4cDcwLmJlbW9idHJja3MuY29tJTJGJnJtdGM9dCZzaHU9OGM5NDQ0MTY5OTFjNGNlMGUyOThkOTlkMjQwNTljNDRmYjI3NmFhNzgwODE4YWM4OTAyODRkM2M4MTMzMGMxMzhiMWJjNTQ3YzUzOGViN2ZkOWE4OTU1OTU1ZThmMDU2MTczMGEyM2E3YjRlNzkwYWVjODI2ZDAyMDZkZTc2MWFkMTcwNzJmNDU2YmFlZmJhMzRjNjVlYTBkMWUyMmY0OTlkYmEzNzhiNjA5NjA5YzhmZWVkJnBpaT0maW49JnV1aWQ9
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectprofitableratecpm.com
FingerprintD9:03:D3:8B:30:97:1C:18:3A:CE:B9:D9:9E:E9:D3:50:25:AF:AB:C6
ValidityMon, 07 Apr 2025 08:47:07 GMT - Sun, 06 Jul 2025 08:47:06 GMT

File type

Size
23 kB (23333 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2FhZmtoZno0dT9kbHJ0PXQmaW49JmtleT0yODNlZDI4MzAyY2I3OTQ4ODc3OWIzZTA3NmZiYTQyNyZwc3Q9MTc0ODgyMDE3MiZyZWZlcj1odHRwcyUzQSUyRiUyRnF4cDcwLmJlbW9idHJja3MuY29tJTJGJnJtdGM9dCZzaHU9OGM5NDQ0MTY5OTFjNGNlMGUyOThkOTlkMjQwNTljNDRmYjI3NmFhNzgwODE4YWM4OTAyODRkM2M4MTMzMGMxMzhiMWJjNTQ3YzUzOGViN2ZkOWE4OTU1OTU1ZThmMDU2MTczMGEyM2E3YjRlNzkwYWVjODI2ZDAyMDZkZTc2MWFkMTcwNzJmNDU2YmFlZmJhMzRjNjVlYTBkMWUyMmY0OTlkYmEzNzhiNjA5NjA5YzhmZWVkJnBpaT0maW49JnV1aWQ9 HTTP/1.1
Host: www.profitableratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.profitableratecpm.com/api/users?token=L2FhZmtoZno0dT9rZXk9MTBhZmFlYzM1NDA0ZmZkNWVkYmFkMDEzMWJiMzhlZTYmc3VibWV0cmljPTI2NTk0MTUx
Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyNjU5NDE1MSwiayI6IjI4M2VkMjgzMDJjYjc5NDg4Nzc5YjNlMDc2ZmJhNDI3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTQ0OTE4LCJwaWQiOjI3MDk2NjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjgsInB0Ijo0LCJwayI6ImFhZmtoZno0dSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcXhwNzAuYmVtb2J0cmNrcy5jb20vIiwiYXIiOltdfX0.qf5BLzUsf_2FoPS5BZUMMrIuv1d3vEW52bMlLzrG274; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:53 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1
Set-Cookie: pdhtkv=true; expires=Mon, 02 Jun 2025 23:21:53 GMT; path=/
uncs=1; expires=Mon, 02 Jun 2025 23:21:53 GMT; path=/
pdhtkv28=true; expires=Mon, 02 Jun 2025 23:21:53 GMT; path=/
uncs28=1; expires=Mon, 02 Jun 2025 23:21:53 GMT; path=/
u_pl26594151=1; expires=Mon, 02 Jun 2025 23:21:53 GMT; path=/
Host: www.profitableratecpm.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: db2262470f03bfc21d9d7459053f6d6a
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/new_free.svg

185.246.188.124

200 OK

1.5 kB

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/new_free.svg
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1545 bytes)
Hash
add28f2b5b2a568a5d5b49bd7b40ec03
66ad7a5ce73b4f84f2f54e5e6150cd5cc923d25e
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/new_free.svg HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/svg+xml
Content-Length: 1545
Last-Modified: Mon, 15 Jul 2024 09:36:25 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed99-609"
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/style.css

194.63.143.61

200 OK

4.1 kB

URL GET
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/style.css
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
FingerprintEA:8D:28:71:26:10:9B:6E:B1:FF:D3:C6:9C:53:9E:D1:3D:A7:B6:31
ValiditySun, 20 Apr 2025 22:24:36 GMT - Sat, 19 Jul 2025 22:24:35 GMT

File type
ASCII text, with CRLF line terminators
Size
4.1 kB (4071 bytes)
Hash
79d9dfa9f91948462f9069fd3e5f61ae
6c8c5a83d3c8180a16dd7e6c3065c81ad38bcc94
8c8549291722875346b6e050a092cdda6088d579aba282a66304299616c55871

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/style.css HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: text/css
Last-Modified: Thu, 25 May 2023 12:41:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"646f577b-fe7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js

194.63.143.61

200 OK

1.8 kB

URL GET
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
FingerprintEA:8D:28:71:26:10:9B:6E:B1:FF:D3:C6:9C:53:9E:D1:3D:A7:B6:31
ValiditySun, 20 Apr 2025 22:24:36 GMT - Sat, 19 Jul 2025 22:24:35 GMT

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1801 bytes)
Hash
8dc402b92b1ed0b13627e2ba1b928cc7
35d1e71cdea9a15b778c6137baaaac1eda4aabb3
b1d3e86c81061bd76770790bf5e2f0ffa7b45f2c4e3fc3400a7142bf9b3a53fb

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: application/javascript
Content-Length: 1801
Last-Modified: Thu, 25 May 2023 12:47:54 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "646f58fa-709"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/close.svg

194.63.143.61

200 OK

1.3 kB

URL GET
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/close.svg
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
FingerprintEA:8D:28:71:26:10:9B:6E:B1:FF:D3:C6:9C:53:9E:D1:3D:A7:B6:31
ValiditySun, 20 Apr 2025 22:24:36 GMT - Sat, 19 Jul 2025 22:24:35 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1279 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/close.svg HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/svg+xml
Content-Length: 1279
Last-Modified: Wed, 24 May 2023 13:06:32 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "646e0bd8-4ff"
Accept-Ranges: bytes

press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/fav.png

185.246.188.124

200 OK

545 B

URL GET
press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/fav.png
IP
185.246.188.124:443
ASN
#200651 FlokiNET ehf

Requested by
https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Certificate
IssuerLet's Encrypt
Subject564a5a0rut08.top
Fingerprint10:54:07:65:70:3F:59:27:DD:EE:41:D1:6C:EB:2E:5D:31:20:EF:2F
ValiditySat, 24 May 2025 20:40:01 GMT - Fri, 22 Aug 2025 20:40:00 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
545 B (545 bytes)
Hash
418a1f510d301f62a0976ebcf9cda640
89b5dbdf41afda654ad9f95e1b2672ffe4c51c20
34ca666275595ea71b9787f7269141b947e95af772221947f5ddb060448ed77f

HTTP Headers

GET /e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/assets/fav.png HTTP/1.1
Host: press-continue.564a5a0rut08.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-continue.564a5a0rut08.top/e102479204fcec81f6dfb01f2462a2dfa451531d/ww1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 01 Jun 2025 23:21:54 GMT
Content-Type: image/png
Content-Length: 545
Last-Modified: Mon, 15 Jul 2024 09:36:24 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "6694ed98-221"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size