Report - artphot.pl/sig-trading-internship.htm

Report Overview

Visited public
2024-02-21 19:58:15
Tags
URL
artphot.pl/sig-trading-internship.htm
Finishing URL
www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF
IP / ASN
104.21.43.72
#13335 CLOUDFLARENET
Title
Viderekoblingsmerknad

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2024-02-18 20:57:46	591 B	1.0 kB	172.67.205.133
ak.kocairdo.net	unknown	2023-08-29	2023-08-29 17:57:38	2024-02-20 20:06:25	1.0 kB	2.6 kB	23.36.76.168
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-02-21 02:04:58	398 B	681 B	139.45.195.8
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-02-19 02:55:22	1.4 kB	3.9 kB	142.250.74.132
dilutegulpedshirt.com	unknown	2024-02-12	2024-02-12 10:23:07	2024-02-20 15:55:24	2.4 kB	4.3 kB	172.240.253.132
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2024-02-18 20:58:18	889 B	600 B	192.64.81.118
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-02-21 00:59:36	527 B	16 kB	142.250.74.99
resionsfrester.com	unknown	2023-06-07	2023-06-08 10:22:33	2024-02-21 18:25:47	801 B	1.0 kB	54.230.111.95
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2024-02-21 06:09:02	3.1 kB	73 kB	142.250.74.99
a.steambeard.top	unknown	2024-01-24	2024-02-18 09:53:23	2024-02-21 02:18:51	3.9 kB	91 kB	172.67.157.74
i98kb.go-cpa.click	unknown	2023-11-27	2023-11-27 17:39:30	2024-02-20 23:33:50	878 B	597 B	192.64.81.118
artphot.pl	unknown	2024-02-20	2019-07-15 01:49:38	2024-02-21 07:16:48	491 B	19 kB	104.21.43.72
drugstoredemuretake.com	unknown	2024-02-15	2024-02-15 09:40:10	2024-02-21 04:09:16	524 B	2.9 kB	172.240.108.76
vvfal.steambeard.top	unknown	2024-01-24	2024-02-18 13:27:47	2024-02-18 20:57:46	1.9 kB	28 kB	172.67.157.74
cdnstatic.steambeard.top	unknown	2024-01-24	2024-02-18 10:24:40	2024-02-21 00:51:17	1.9 kB	42 kB	172.67.157.74
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2024-02-21 02:14:27	2.4 kB	4.3 kB	172.240.253.132
xhkls.canopusacrux.top	unknown	2023-07-20	2023-11-29 01:41:57	2024-02-20 23:33:51	589 B	1.0 kB	172.67.150.155
xhkls.steambeard.top	unknown	2024-01-24	2024-02-18 15:42:39	2024-02-21 05:35:56	2.5 kB	69 kB	172.67.157.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-02-21	medium	canopusacrux.top	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-02-21	medium	dilutegulpedshirt.com	Sinkholed
2024-02-21	medium	dilutegulpedshirt.com	Sinkholed
2024-02-21	medium	canopusacrux.top	Sinkholed
2024-02-21	medium	drugstoredemuretake.com	Sinkholed
2024-02-21	medium	kocairdo.net	Sinkholed
2024-02-21	medium	kocairdo.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF	ScriptElement	490 B	2023-04-07	2024-10-18
Pretty URL www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 05:11 Last Seen2024-10-18 10:07 Times Seen953 Hash 24a5a451dbbce4bbb98a7d6f4e7d5a05 3e2b1bc144cf6708bdcd9e92ac27bcd6018c28b9 0b9ae8dc4cdf88f688b4b3f351fbfc420c3d16bef7eda6536d94f31aa9e6a892 Loading...

HTTP Transactions (40)

URL IP Response Size

dilutegulpedshirt.com/e5brjnmx1i?key=bdc28126b586fd0115226ecef976af4b&cid=376l60j128gp

172.240.253.132

1.4 kB

URL
dilutegulpedshirt.com/e5brjnmx1i?key=bdc28126b586fd0115226ecef976af4b&cid=376l60j128gp
IP
172.240.253.132:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (436)
Size
1.4 kB (1377 bytes)
Hash
d470c17f3f52c36642745567ce99ea12
d17bd851b403a9d2f6eb910b516a9e6d7be54414
7cc22950505ff49f9b75bf5c499f9d08a661f576b9849d50b326c50413f89d03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e5brjnmx1i?key=bdc28126b586fd0115226ecef976af4b&cid=376l60j128gp HTTP/1.1
Host: dilutegulpedshirt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 21 Feb 2024 19:57:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17500115; expires=Thu, 22 Feb 2024 19:57:51 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzUwMDExNSwiayI6ImJkYzI4MTI2YjU4NmZkMDExNTIyNmVjZWY5NzZhZjRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTMxMTg1LCJwaWQiOjcxOTY2LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjgsInB0Ijo0LCJwayI6ImU1YnJqbm14MWkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.Bkjrpia1jstvY4XDT3YyIoFrel27TKSw-ofTHbmt-fI; expires=Wed, 21 Feb 2024 19:58:51 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d7b4a8640f4d672086d273fd8a376d7a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dilutegulpedshirt.com/api/users?token=L2U1YnJqbm14MWk_Y2lkPTM3Nmw2MGoxMjhncCZrZXk9YmRjMjgxMjZiNTg2ZmQwMTE1MjI2ZWNlZjk3NmFmNGImcHN0PTE3MDg1NDU1MzEmcm10Yz10JnNodT1kNmVmMzI1ZDE5NGRhYzhkMTViMTM5NWEzMGVkMzUwMGIwYzNmYWYxMjE0YmQwNGU0ZmUxZWZkM2I2OGUxODJiYzAyZDEwNDQzZGE1NzhjOGMxOWI3ODhjNDA0ZmIwMmExZDM5MDAxOGNjNTRiM2M1YWQ1MDgyZmM4NTY1NmI1ODI5ZDdiNmFmMTg1YTUyNjAyOGJlMDA4YzY3ZDdmZjIxNzA1NTY4MTMxMTJmNGJhNDc3N2U3MmE0MzdlNzE5ODU%3D&uuid=&pii=&in=false

172.240.108.68

0 B

URL
dilutegulpedshirt.com/api/users?token=L2U1YnJqbm14MWk_Y2lkPTM3Nmw2MGoxMjhncCZrZXk9YmRjMjgxMjZiNTg2ZmQwMTE1MjI2ZWNlZjk3NmFmNGImcHN0PTE3MDg1NDU1MzEmcm10Yz10JnNodT1kNmVmMzI1ZDE5NGRhYzhkMTViMTM5NWEzMGVkMzUwMGIwYzNmYWYxMjE0YmQwNGU0ZmUxZWZkM2I2OGUxODJiYzAyZDEwNDQzZGE1NzhjOGMxOWI3ODhjNDA0ZmIwMmExZDM5MDAxOGNjNTRiM2M1YWQ1MDgyZmM4NTY1NmI1ODI5ZDdiNmFmMTg1YTUyNjAyOGJlMDA4YzY3ZDdmZjIxNzA1NTY4MTMxMTJmNGJhNDc3N2U3MmE0MzdlNzE5ODU%3D&uuid=&pii=&in=false
IP
172.240.108.68:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2U1YnJqbm14MWk_Y2lkPTM3Nmw2MGoxMjhncCZrZXk9YmRjMjgxMjZiNTg2ZmQwMTE1MjI2ZWNlZjk3NmFmNGImcHN0PTE3MDg1NDU1MzEmcm10Yz10JnNodT1kNmVmMzI1ZDE5NGRhYzhkMTViMTM5NWEzMGVkMzUwMGIwYzNmYWYxMjE0YmQwNGU0ZmUxZWZkM2I2OGUxODJiYzAyZDEwNDQzZGE1NzhjOGMxOWI3ODhjNDA0ZmIwMmExZDM5MDAxOGNjNTRiM2M1YWQ1MDgyZmM4NTY1NmI1ODI5ZDdiNmFmMTg1YTUyNjAyOGJlMDA4YzY3ZDdmZjIxNzA1NTY4MTMxMTJmNGJhNDc3N2U3MmE0MzdlNzE5ODU%3D&uuid=&pii=&in=false HTTP/1.1
Host: dilutegulpedshirt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dilutegulpedshirt.com/api/users?token=L2U1YnJqbm14MWk_a2V5PTBmMjJjMWZkNjA5ZjEzY2I3OTQ3YzhjYWJmZTFhOTBkJnN1Ym1ldHJpYz0xNzUwMDExNQ%3D%3D
Cookie: u_pl=17500115; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzUwMDExNSwiayI6ImJkYzI4MTI2YjU4NmZkMDExNTIyNmVjZWY5NzZhZjRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTMxMTg1LCJwaWQiOjcxOTY2LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjgsInB0Ijo0LCJwayI6ImU1YnJqbm14MWkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.Bkjrpia1jstvY4XDT3YyIoFrel27TKSw-ofTHbmt-fI; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Wed, 21 Feb 2024 19:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=lrtt9bcyy81j4th6thki&SUB_ID_SHORT=350955430b74c523e56b17bc44c623cb&COST_CPA=0.240000&PLACEMENT_ID=17500115&CAMPAIGN_ID=976477&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2788015
Set-Cookie: iprc70f32a03d11c1a16c872c814b021c417=5000483; expires=Thu, 22 Feb 2024 19:57:52 GMT
pdhtkv=true; expires=Thu, 22 Feb 2024 19:57:52 GMT
uncs=1; expires=Thu, 22 Feb 2024 19:57:52 GMT
pdhtkv28=true; expires=Thu, 22 Feb 2024 19:57:52 GMT
uncs28=1; expires=Thu, 22 Feb 2024 19:57:52 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a75a15dcc60f5b01c063af0601cb0a7
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=lrtt9bcyy81j4th6thki&SUB_ID_SHORT=350955430b74c523e56b17bc44c623cb&COST_CPA=0.240000&PLACEMENT_ID=17500115&CAMPAIGN_ID=976477&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2788015

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=lrtt9bcyy81j4th6thki&SUB_ID_SHORT=350955430b74c523e56b17bc44c623cb&COST_CPA=0.240000&PLACEMENT_ID=17500115&CAMPAIGN_ID=976477&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2788015
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=lrtt9bcyy81j4th6thki&SUB_ID_SHORT=350955430b74c523e56b17bc44c623cb&COST_CPA=0.240000&PLACEMENT_ID=17500115&CAMPAIGN_ID=976477&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2788015 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dilutegulpedshirt.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 21 Feb 2024 19:57:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=q59zm737uq; expires=Thu, 22-Feb-2024 19:57:52 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=q59zm737uq-q59zm737uq-uoc8-0-pmc80-hou3vr-hou3i4-6ad976; expires=Thu, 22-Feb-2024 19:57:52 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=rYqoU5pT-kKNvrtUFZzyNQ&click_id=74658q59zm737uqf22&sub_id=17500115
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=rYqoU5pT-kKNvrtUFZzyNQ&click_id=74658q59zm737uqf22&sub_id=17500115

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=rYqoU5pT-kKNvrtUFZzyNQ&click_id=74658q59zm737uqf22&sub_id=17500115
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=rYqoU5pT-kKNvrtUFZzyNQ&click_id=74658q59zm737uqf22&sub_id=17500115 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dilutegulpedshirt.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 21 Feb 2024 19:57:53 GMT
content-length: 0
location: https://vvfal.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
set-cookie: rYqoU5pT-kKNvrtUFZzyNQ=1; max-age=345600; path=/; samesite=lax
__pl=6115c884-4583-48d6-a29a-efd97c62ab24; expires=Sat, 21 Feb 2026 19:57:53 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BghOWPaBf1Z8ZclzHL%2BVWGZiZvJb65089wR%2B6FXrnPXPAA3e0%2FDPJaCiRHD%2Boo6kcFa11CxyXlIBbWS7Ff5yHf0DAPti28zy%2BG35VmYFhbfyONLtDK3DDLDEIW8b5T%2FFd5DV10Hwo5AayTvz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85918f95ee421bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.steambeard.top/space-robot/assets/corner.png

172.67.157.74

300 B

URL
vvfal.steambeard.top/space-robot/assets/corner.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: vvfal.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:53 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-12c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiABqBAzpynRFz1ynuVK5UnsXMXXVvICqWZHtPuJVe1yYJJOwMihmrWbd0ToesuwHmijJLCfA7oJpcFZJLf8f8tikUikM564AOuzxekFkhCQ4GEfNWHKWlSzcHScNSnuR5CX2gL25g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f99381456b4-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.99

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vvfal.steambeard.top
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Feb 2024 15:39:18 GMT
expires: Sun, 16 Feb 2025 15:39:18 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 361115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

vvfal.steambeard.top/space-robot/assets/apple-touch-icon.png

172.67.157.74

23 kB

URL
vvfal.steambeard.top/space-robot/assets/apple-touch-icon.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: vvfal.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:53 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-5a89"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUfEsQCfZqJPcxboh3nLHwKIMet%2BPXrvPbN3zrkZ3VNR4UMPxtrkpRvixlqpxFlebajxesliy%2Ba6uxQeH57oVn1P4BDQUaAq1bMNtLi1qGN%2BoZhAzbPrCU39Ak3I8VuxWE24fvn5HA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f9b8b4456b4-OSL
alt-svc: h3=":443"; ma=86400

vvfal.steambeard.top/space-robot/assets/style.css?v=4

172.67.157.74

3.0 kB

URL
vvfal.steambeard.top/space-robot/assets/style.css?v=4
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6532), with CRLF line terminators
Size
3.0 kB (3020 bytes)
Hash
8335155a7c4004d8296b7727a24273c4
387b7723ba35057b631809e1437c64cdd89f13bb
0b758313cde9005f3f2082f616558a3db63019d03a5f1376f3a49e64d874909e

HTTP Headers

GET /space-robot/assets/style.css?v=4 HTTP/1.1
Host: vvfal.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:53 GMT
content-type: text/css
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: W/"65cb6f7e-1986"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFbMtn1Bz0eewm14uZ%2FCOsmUMTeT8DhvhcDXXa4gCe0X8pvs7i%2Frw6jfga%2FNqovLjHvq67Rxtlc6S83WqRveCQfVebb1xEIBljLwHJfh3ZHKSvaFF5%2FZ1KLCw4Hx7zdpM7JR%2BM3EeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f99381356b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.99

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Feb 2024 07:18:15 GMT
expires: Sun, 16 Feb 2025 07:18:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 391178
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.99

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Feb 2024 03:03:15 GMT
expires: Fri, 14 Feb 2025 03:03:15 GMT
cache-control: public, max-age=31536000
age: 579278
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnstatic.steambeard.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&appspot=&d=https%3A%2F%2Fcdnstatic.steambeard.top&timeout=30&tb=true&nrid=1c5d9b11b838461c9df7a9fa4870f01a

172.67.157.74

13 kB

URL
cdnstatic.steambeard.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&appspot=&d=https%3A%2F%2Fcdnstatic.steambeard.top&timeout=30&tb=true&nrid=1c5d9b11b838461c9df7a9fa4870f01a
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31203), with no line terminators
Size
13 kB (13311 bytes)
Hash
a9f4e341587e4008549174411484206c
91df27c4d97901694acb1d66fb01668f0870ac6d
feef5d5c2ef8c3aca06dc45e204265cb85ff98df6709a1dcb3d344cf2353fc80

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&appspot=&d=https%3A%2F%2Fcdnstatic.steambeard.top&timeout=30&tb=true&nrid=1c5d9b11b838461c9df7a9fa4870f01a HTTP/1.1
Host: cdnstatic.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:53 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __psu=34d19e35-82be-408c-8d87-2a4d40214bb0; expires=Sat, 21 Feb 2026 19:57:53 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wgi%2BE5hWVqiKng%2FKOEjp9he4BNg8BFmsjEePRa%2FaRI899MTvReCnQBdJtFt0dVJBBbP9ZKIKDLh1y4UD8EivX%2Bvn9BZoKuvpTmAk0IfSgsC2fce%2B2pXSSqcWYsTIU4j4EgQis3CFBJX6gOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f9afa7f56b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773

172.67.157.74

21 kB

URL
a.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (474)
Size
21 kB (20935 bytes)
Hash
01041709ecf6a3f0b549820730593c03
55775e4279d24a34f601bf8180d9f280b8131e0d
51907b3319c05ec1c1a7466f4017f4dcc7b6dc59a29ed962bfd36572f223bb51

HTTP Headers

GET /space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773 HTTP/1.1
Host: a.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.steambeard.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:54 GMT
content-type: text/html
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JhszquUKUQe6GBsU5crPDYx02CqDgGEKMiYNqV0kv0Ziw6vyWdVwYsPmiOjRByYD95lcfm3XzWWliD0qNq1gbQ8c4dfWLTd2RpEiLspHORq28FGRrP430i5JNrqEyQMzYLJr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85918f9cbd6256b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.steambeard.top/space-robot/assets/apple-touch-icon.png

172.67.157.74

23 kB

URL
a.steambeard.top/space-robot/assets/apple-touch-icon.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: a.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:54 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-5a89"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3584
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJUUUTcd80gKaeVsE576WyKRCbAE%2B8hm%2F1yOIjwIbEwZjtxbJVmYJANAGHfHC8rXui45VaOSfMr5EK93XPcIMaI9QPjlMY%2F9J4A%2BSbRJqrJ0ohBXfdlFMkJEKrN1vWQTFYhe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f9e7fee56b4-OSL
alt-svc: h3=":443"; ma=86400

a.steambeard.top/space-robot/assets/favicon-16x16.png

172.67.157.74

1.2 kB

URL
a.steambeard.top/space-robot/assets/favicon-16x16.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: a.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/space-robot/?pl=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&nrid=1c5d9b11b838461c9df7a9fa4870f01a&hash=aolCscSyCXChKy9kRmeGjw&exp=1708545773
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:54 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-48b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqGC3zVvTG7t6CcDHty1f4Ty40LrJlS3zNBZhinh7laD1iIeGwrFGzuZP3jxWSFa5pByWyz%2FEuhBS0tj5O6JZ4mx5TSCELby4iYcTN0Kg1BzWWbbKtv%2FzROJJm4kOJnj6CrN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f9e7ff456b4-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.99

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Feb 2024 07:18:15 GMT
expires: Sun, 16 Feb 2025 07:18:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 391179
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnstatic.steambeard.top/ps/config.js?id=rYqoU5pT-kKNvrtUFZzyNQ

172.67.157.74

10 kB

URL
cdnstatic.steambeard.top/ps/config.js?id=rYqoU5pT-kKNvrtUFZzyNQ
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
10 kB (10161 bytes)
Hash
ed9e3e7fcb651937515bbbb4cee25fc7
94c0d29bd29e9ca12b8cd4095adad543f162f51c
fbd44a847c9cbfb1d254b2f62b11c9a7a9da3a0d7fd41ec69433c15130fe5f15

HTTP Headers

GET /ps/config.js?id=rYqoU5pT-kKNvrtUFZzyNQ HTTP/1.1
Host: cdnstatic.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/
Cookie: __psu=34d19e35-82be-408c-8d87-2a4d40214bb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:54 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GfcVP4CcGP%2BULPTR1yEqab4eQBWygy4hNeboUmgy2or3HCGpF5xcxDELDGbjUrYQzNYZaedSZ%2F%2B2XL12ELQWF5CFD%2FT7ss8d0atR0u4V2zYCISZqWTgKbUZEl3T6SUqeXKBu%2Fiq2cNSCH1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f9ea81d56b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d

172.240.253.132

1.4 kB

URL
www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
IP
172.240.253.132:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (412)
Size
1.4 kB (1353 bytes)
Hash
05b8feada58f5906649e3abe573a946b
39ce73015b0aa793c4088943e0d98be1c051c6a3
24d89bb1d8e1d63429740633cadc703fb5a7c0c31ddcf356e661a760039f6f8a

HTTP Headers

GET /zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 21 Feb 2024 19:57:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19854905; expires=Thu, 22 Feb 2024 19:57:54 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.F-HnZx8hSwMIuoXUis1dKGsY-EeObInfRoFPLPKLhdo; expires=Wed, 21 Feb 2024 19:58:54 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d8ea74436b3e618156a4141892703ee
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzA4NTQ1NTM0JnJtdGM9dCZzaHU9M2JjYWMxNzNmZjQ1ZTQyZTM0YmMxYzY2YzNiOGE1NTU4MTIxNzA5MjU1ZDVmZjQ2NzljMDczNGYyMjY4NDE1MTZhODU5NzI4Yjg4NmNiYTZlYjJkMTA0MmJiNmQ0ZWE2ZTRkOGY4NjI4MjQyNWFiOWM5MGFkNTE5YmE0MTJiODEwMTUzOTJhZTJmYmNlZTA1Yjk4OGQ5ZGUxNmY1OGYwOTMxZGNjYjk0ZjA4ZDBjNGZhZTg2MTQzNmM2Y2FkNw%3D%3D&uuid=&pii=&in=false

172.240.108.76

0 B

URL
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzA4NTQ1NTM0JnJtdGM9dCZzaHU9M2JjYWMxNzNmZjQ1ZTQyZTM0YmMxYzY2YzNiOGE1NTU4MTIxNzA5MjU1ZDVmZjQ2NzljMDczNGYyMjY4NDE1MTZhODU5NzI4Yjg4NmNiYTZlYjJkMTA0MmJiNmQ0ZWE2ZTRkOGY4NjI4MjQyNWFiOWM5MGFkNTE5YmE0MTJiODEwMTUzOTJhZTJmYmNlZTA1Yjk4OGQ5ZGUxNmY1OGYwOTMxZGNjYjk0ZjA4ZDBjNGZhZTg2MTQzNmM2Y2FkNw%3D%3D&uuid=&pii=&in=false
IP
172.240.108.76:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzA4NTQ1NTM0JnJtdGM9dCZzaHU9M2JjYWMxNzNmZjQ1ZTQyZTM0YmMxYzY2YzNiOGE1NTU4MTIxNzA5MjU1ZDVmZjQ2NzljMDczNGYyMjY4NDE1MTZhODU5NzI4Yjg4NmNiYTZlYjJkMTA0MmJiNmQ0ZWE2ZTRkOGY4NjI4MjQyNWFiOWM5MGFkNTE5YmE0MTJiODEwMTUzOTJhZTJmYmNlZTA1Yjk4OGQ5ZGUxNmY1OGYwOTMxZGNjYjk0ZjA4ZDBjNGZhZTg2MTQzNmM2Y2FkNw%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTBmMjJjMWZkNjA5ZjEzY2I3OTQ3YzhjYWJmZTFhOTBkJnN1Ym1ldHJpYz0xOTg1NDkwNQ%3D%3D
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.F-HnZx8hSwMIuoXUis1dKGsY-EeObInfRoFPLPKLhdo; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Wed, 21 Feb 2024 19:57:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://i98kb.go-cpa.click/c9b2l0k.php?key=8rhe441j24mxlhzf4tib&SUB_ID_SHORT=35006acb71c0dc61c1852a2d55089885&COST_CPC=&PLACEMENT_ID=19854905&CAMPAIGN_ID=978213&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2791862
Set-Cookie: iprca0b67c0a20b667fd78f1ded8fa592f46=5009026; expires=Thu, 22 Feb 2024 19:57:55 GMT
pdhtkv=true; expires=Thu, 22 Feb 2024 19:57:55 GMT
uncs=1; expires=Thu, 22 Feb 2024 19:57:55 GMT
pdhtkv28=true; expires=Thu, 22 Feb 2024 19:57:55 GMT
uncs28=1; expires=Thu, 22 Feb 2024 19:57:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9814b68bd2fa533e27f354658c10638
Strict-Transport-Security: max-age=0; includeSubdomains

i98kb.go-cpa.click/c9b2l0k.php?key=8rhe441j24mxlhzf4tib&SUB_ID_SHORT=35006acb71c0dc61c1852a2d55089885&COST_CPC=&PLACEMENT_ID=19854905&CAMPAIGN_ID=978213&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2791862

192.64.81.118

0 B

URL
i98kb.go-cpa.click/c9b2l0k.php?key=8rhe441j24mxlhzf4tib&SUB_ID_SHORT=35006acb71c0dc61c1852a2d55089885&COST_CPC=&PLACEMENT_ID=19854905&CAMPAIGN_ID=978213&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2791862
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=8rhe441j24mxlhzf4tib&SUB_ID_SHORT=35006acb71c0dc61c1852a2d55089885&COST_CPC=&PLACEMENT_ID=19854905&CAMPAIGN_ID=978213&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2791862 HTTP/1.1
Host: i98kb.go-cpa.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 21 Feb 2024 19:57:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=q59zm7rnxs; expires=Thu, 22-Feb-2024 19:57:56 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=q59zm7rnxs-q59zm7rnxs-fvfv-0-pmmywj-hoa00-1nqq3y-232707; expires=Thu, 22-Feb-2024 19:57:56 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://xhkls.canopusacrux.top/?pl=hBzUMyF92U-yfJAmvZZ9Lw&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905
Strict-Transport-Security: max-age=31536000

xhkls.canopusacrux.top/?pl=hBzUMyF92U-yfJAmvZZ9Lw&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905

172.67.150.155

0 B

URL
xhkls.canopusacrux.top/?pl=hBzUMyF92U-yfJAmvZZ9Lw&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905
IP
172.67.150.155:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?pl=hBzUMyF92U-yfJAmvZZ9Lw&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905 HTTP/1.1
Host: xhkls.canopusacrux.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 21 Feb 2024 19:57:56 GMT
content-length: 0
location: https://xhkls.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
set-cookie: hBzUMyF92U-yfJAmvZZ9Lw=1; max-age=345600; path=/; samesite=lax
__pl=9b898099-6369-420a-9b83-14d8630e5efc; expires=Sat, 21 Feb 2026 19:57:56 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGk9yxhq6ZuwbnhZvezhDCAQYzd%2F9L0Y0G%2B%2BnYy6%2BS%2FGIJUN1lDcMokPpW18KhhLnN9gHyAFjPRONyL6mHF6K6OfWWXERjVS85Nd5KVjF4LKbTQh31%2FdaytUi%2BDOKOxQ20aMlkr%2BNmHD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85918fab087a56b1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xhkls.steambeard.top/space-robot/assets/corner.png

172.67.157.74

300 B

URL
xhkls.steambeard.top/space-robot/assets/corner.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: xhkls.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xhkls.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:56 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LegEuIhOqATrA9tauCHZ2a76YEIzTJlKHM6fGl8BNBB8WgaVmYN4rBOXPoFmOtwMffQQVWTDA5PzsVVToNQE2WsKz5BYHW195Ckp2d15qZEQIMEZjjzCtMKR30koUUTdLE6dqu8B%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918facdf0e56b4-OSL
alt-svc: h3=":443"; ma=86400

xhkls.steambeard.top/space-robot/assets/trls.js

172.67.157.74

20 kB

URL
xhkls.steambeard.top/space-robot/assets/trls.js
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (357), with CRLF line terminators
Size
20 kB (20517 bytes)
Hash
7f5c725b2c23b9687fa08d162a17427a
94973f1227871750d2ef13a367ce691f1a062527
c9611ce748d6c7c99d3f374a0b687db2e2428fc5ec9c4e7ae71b2e4305ac60e3

HTTP Headers

GET /space-robot/assets/trls.js HTTP/1.1
Host: xhkls.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xhkls.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:56 GMT
content-type: application/javascript
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: W/"65cb6f7e-2f4d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2352
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OInZ1oxzaAuc58Bd7Jazx0vMCX8XQQPCpOExo%2Fzc7jhFYLTItjMF6%2B7GOTQoX6BY1%2FfIUmctkRq7VeW0LDVtBlWgEVdE81%2Bge2%2FXWnLzsbedzdLzWYV%2FIRVuP7yhv3ODkhsYHMyr2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918faccf0456b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xhkls.steambeard.top/space-robot/assets/apple-touch-icon.png

172.67.157.74

23 kB

URL
xhkls.steambeard.top/space-robot/assets/apple-touch-icon.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: xhkls.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xhkls.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:56 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-5a89"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5579
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8LH64VOKJzdk81n9rbBqWKG%2FMk2VmX%2BnwH9gH4HYqvkwAgy4wWTmdOidRRdv1D7pKotncWfG3eaoXLmd4n5u0a0vWlrJe8MfeesTAp53026tziGYeZacvVm38N7xq%2FhorqEI98Bk7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918fadb83056b4-OSL
alt-svc: h3=":443"; ma=86400

artphot.pl/sig-trading-internship.htm

104.21.43.72

18 kB

URL
artphot.pl/sig-trading-internship.htm
IP
104.21.43.72:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
18 kB (17699 bytes)
Hash
49ddbc49da1f9a541d608456de6acace
1b5f84665ed6c6131ed733dd1234265ec1c69f6e
d8a80097bc7c8750b95c3a80f25d67f5317fc226c42848ea365f4e1871616eb8

HTTP Headers

GET /sig-trading-internship.htm HTTP/1.1
Host: artphot.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 21 Feb 2024 19:57:50 GMT
content-type: text/html; charset=UTF-8
location: https://dilutegulpedshirt.com/e5brjnmx1i?key=bdc28126b586fd0115226ecef976af4b&cid=376l60j128gp
set-cookie: PHPSESSID=tibeeg13pka836fmr9ilfu30he; path=/
_subid=376l60j128gp; expires=Thu, 22 Feb 2024 19:57:50 GMT; Max-Age=86400; path=/; domain=.artphot.pl
f748d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjVcIjoxNzA4NTQ1NDcwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzA4NTQ1NDcwfSxcInRpbWVcIjoxNzA4NTQ1NDcwfSJ9.8bJtTmMTcSxQ-AksAzsmoAheNa-rqoAaqFZDmhG3w50; expires=Thu, 22 Feb 2024 19:57:50 GMT; Max-Age=86400; path=/; domain=.artphot.pl
_token=uuid_376l60j128gp_376l60j128gp65d655be896dd7.23909194; expires=Thu, 22 Feb 2024 19:57:50 GMT; Max-Age=86400; path=/; domain=.artphot.pl
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GWzIHwcs8La5w8ZdWyO28s7ftbNqgxI%2Fh8d9YEkQfXEkwAkv2F6Vc09iEOxANWdfIr1TMkH586x7BSClxb9EozU5Fi1zTq21alsLHSFISjWJpvptedAWwz2Y0Ymg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85918f867f655684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.99

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xhkls.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Feb 2024 07:18:15 GMT
expires: Sun, 16 Feb 2025 07:18:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 391181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.99

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xhkls.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Feb 2024 03:03:15 GMT
expires: Fri, 14 Feb 2025 03:03:15 GMT
cache-control: public, max-age=31536000
age: 579281
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.steambeard.top/space-robot/assets/corner.png

172.67.157.74

300 B

URL
a.steambeard.top/space-robot/assets/corner.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: a.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:57 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1496
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BV4oIECZaISbKJ8rX1pz0MztBnxJAbaxTQRjhf%2Ffkibqz17loICc3SSRb0Y87BcriliNKcnMgElUMcOAX6UvQ%2Fx0u7%2BDdNZLxxo9Y5IGzHx902thcR2t4L%2BNM2MqKtDsfSe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918faf5a3956b4-OSL
alt-svc: h3=":443"; ma=86400

xhkls.steambeard.top/space-robot/assets/main.js?v=3

172.67.157.74

22 kB

URL
xhkls.steambeard.top/space-robot/assets/main.js?v=3
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2745)
Size
22 kB (22188 bytes)
Hash
01c51ed0a287b5ddf6793778cfa3a72c
ebd2613cd806b8e080f556b0d254c0f7a6c738a9
4c0224d810d4f0ac617ddd4ab215e0084aeec230d8944780a129c0046de2dad5

HTTP Headers

GET /space-robot/assets/main.js?v=3 HTTP/1.1
Host: xhkls.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xhkls.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:56 GMT
content-type: application/javascript
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: W/"65cb6f7e-1255"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2352
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RA34uS%2FYJe1B8E4CXZv7784mWV5qznLzEpui30TtfT6ouD%2Fk49%2FtDJ%2FWpDOgbZbMMu%2BNJnC%2BdqB2bycm%2Bcw9DbHknCYhF4mD1SZuQymRiWHZ3GrLCfCdj4TDwU3C%2B7gryLkaKwVozw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918facdf1256b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

172.67.157.74

16 kB

URL
cdnstatic.steambeard.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&appspot=&d=https%3A%2F%2Fcdnstatic.steambeard.top&timeout=30&tb=true&nrid=1c5d9b11b838461c9df7a9fa4870f01a
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31203), with no line terminators
Size
16 kB (16031 bytes)
Hash
ed66b6e1522c34cb5eb4568a2c263e7c
dc9e96ee37ed9205cad1c2e6c17771b1c111a37b
f6155b8aa1033933a9efde8126f89ed0cad2e287e9cc194ca42df6769e7c579a

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=rYqoU5pT-kKNvrtUFZzyNQ&sm=space-robot&click_id=74658q59zm737uqf22&sub_id=17500115&appspot=&d=https%3A%2F%2Fcdnstatic.steambeard.top&timeout=30&tb=true&nrid=1c5d9b11b838461c9df7a9fa4870f01a HTTP/1.1
Host: cdnstatic.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/
Cookie: __psu=34d19e35-82be-408c-8d87-2a4d40214bb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:54 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8wxxP20108v88gmXIFifs7LanrX4Lu%2BCMBiWfHLIkxLPpNw%2F8hwa4vZi9zyn%2FNAKDd8f3B%2BitkT4IxYmQmqmDKo6LIsmGaOwjaBFNnDpnOEovgDiwQGKBNWUXSq%2BJzpXUzUZ6pNxH%2Fvpe8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918f9dff3656b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.steambeard.top/space-robot/assets/apple-touch-icon.png

172.67.157.74

23 kB

URL
a.steambeard.top/space-robot/assets/apple-touch-icon.png
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: a.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:57 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: "65cb6f7e-5a89"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3587
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MHiJMnhwKDiO6Mr01kwXlZ3Yk5G9uiQFiPPxVRxn785uqSqjxhFM%2FYnsp2Yk6%2BaQKycrifgYD2ASbDFPc4CrfAMObRhNnDJtAkVj1VG26ZtOZNvqOuZuKEuu4zyAQE34j%2Frd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918fb00b3556b4-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.99

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Feb 2024 07:18:15 GMT
expires: Sun, 16 Feb 2025 07:18:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 391182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.99

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Feb 2024 03:03:15 GMT
expires: Fri, 14 Feb 2025 03:03:15 GMT
cache-control: public, max-age=31536000
age: 579282
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

drugstoredemuretake.com/mg0530hg7?key=5e36c0a048c685cbef3797a5b91ac38a

172.240.108.76

1.3 kB

URL
drugstoredemuretake.com/mg0530hg7?key=5e36c0a048c685cbef3797a5b91ac38a
IP
172.240.108.76:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (408)
Size
1.3 kB (1337 bytes)
Hash
022d412c6287cda2cd0904ba29be1fae
8c1a03b91d8d94a22c8718773951d843099d374d
cf02b867d8314354bac663d362a7de44b7e51d3fb5229ef4f39460d77051ed60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mg0530hg7?key=5e36c0a048c685cbef3797a5b91ac38a HTTP/1.1
Host: drugstoredemuretake.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 21 Feb 2024 19:57:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=22422233; expires=Thu, 22 Feb 2024 19:57:58 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQyMjIzMywiayI6IjVlMzZjMGEwNDhjNjg1Y2JlZjM3OTdhNWI5MWFjMzhhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNTc1NDY3LCJwaWQiOjE5NTg0NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoibWcwNTMwaGc3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIiLCJhciI6W119fQ.SOK7js2Qyi8R-qj4LBcU9AsWARDvHO3w6JLvTuyaDCE; expires=Wed, 21 Feb 2024 19:58:58 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2516e4f772ebbea0a2464a9c6b73acb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

a.steambeard.top/space-robot/assets/trls.js

172.67.157.74

18 kB

URL
a.steambeard.top/space-robot/assets/trls.js
IP
172.67.157.74:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (357), with CRLF line terminators
Size
18 kB (17974 bytes)
Hash
7f5c725b2c23b9687fa08d162a17427a
94973f1227871750d2ef13a367ce691f1a062527
c9611ce748d6c7c99d3f374a0b687db2e2428fc5ec9c4e7ae71b2e4305ac60e3

HTTP Headers

GET /space-robot/assets/trls.js HTTP/1.1
Host: a.steambeard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.steambeard.top/space-robot/?pl=hBzUMyF92U-yfJAmvZZ9Lw&sm=space-robot&click_id=0ba81q59zm7rnxsf1b&sub_id=19854905&nrid=88f0c83a593047f99a039d8b4b245ef9&hash=dG8XJBsE9V38OiV8nj1OGA&exp=1708545776
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 21 Feb 2024 19:57:57 GMT
content-type: application/javascript
last-modified: Tue, 13 Feb 2024 13:32:46 GMT
etag: W/"65cb6f7e-2f4d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1465
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZuZl5g3bBftvTb6nPS4a5Aqq3%2F3Tfot3yjT1iBksxaO9YwbTofzvv6wIf2QhdJQfEIUNie47SvGdaF5HxZ3jZcpuO7%2B%2BItRK9kCXFKCeIVyhE%2FuYEb8f4gNrUtwhXykVgown"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85918faf4a2956b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ak.kocairdo.net/4/6611099/?var=22422233&ymid=3509afc5f7364f3b5ead1b6bcc4215c9

23.36.76.168

923 B

URL
ak.kocairdo.net/4/6611099/?var=22422233&ymid=3509afc5f7364f3b5ead1b6bcc4215c9
IP
23.36.76.168:0
ASN
#20940 Akamai International B.V.

File type
HTML document, ASCII text, with very long lines (453)
Size
923 B (923 bytes)
Hash
cd89f2c4572a4da7a6a2ddf4fe5f1ddd
db3a9735f8521afbec9ced51c3a69ee19a46d320
d19b505ce3f06d77a50a8ffb1106a2f6992aaad888aa1d3b59d84d1124653342

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/6611099/?var=22422233&ymid=3509afc5f7364f3b5ead1b6bcc4215c9 HTTP/1.1
Host: ak.kocairdo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drugstoredemuretake.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 539ed053c7fcfa9b0b08bcec266d433d
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://resionsfrester.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding, favicon
content-encoding: gzip
expires: Wed, 21 Feb 2024 19:57:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 21 Feb 2024 19:57:59 GMT
content-length: 923
vary: Accept-Encoding
set-cookie: OAID=00800900f1684380fa62185d13e05bda; expires=Thu, 20 Feb 2025 19:57:59 GMT; path=/; secure; SameSite=None
oaidts=1708545479; expires=Thu, 20 Feb 2025 19:57:59 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2

resionsfrester.com/fe088660-59a5-4eea-a5b4-943132c44bb1?zoneid=6611099&bannerid=20392286&zonetype={zone_type}&campaignid=7954052&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.000600&visitor_id=784259185968951534

54.230.111.95

0 B

URL
resionsfrester.com/fe088660-59a5-4eea-a5b4-943132c44bb1?zoneid=6611099&bannerid=20392286&zonetype={zone_type}&campaignid=7954052&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.000600&visitor_id=784259185968951534
IP
54.230.111.95:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fe088660-59a5-4eea-a5b4-943132c44bb1?zoneid=6611099&bannerid=20392286&zonetype={zone_type}&campaignid=7954052&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.000600&visitor_id=784259185968951534 HTTP/1.1
Host: resionsfrester.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://href.li/?https://www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF
date: Wed, 21 Feb 2024 19:57:59 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: fe088660-59a5-4eea-a5b4-943132c44bb1-v4=Y53Ga5m8Vy-u-huP0ShH2ibyxvWb2iSjy3YtaT0xsMA; Max-Age=86400; Expires=Thu, 22-Feb-2024 19:57:59 GMT; Domain=resionsfrester.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22woh95tr0373esjbv2o2sr2oo%22%2C%22caid%22%3A%22fe088660-59a5-4eea-a5b4-943132c44bb1%22%7D; Max-Age=31536000; Expires=Thu, 20-Feb-2025 19:57:59 GMT; Domain=resionsfrester.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZC6cOoKDx0YRidYe4eTy-scvEWMtNYugGJQ2j_mR8-4Ro1CJtqu-kw==
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=00800900f1684380fa62185d13e05bda

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=00800900f1684380fa62185d13e05bda
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

POST /img.gif?f=merge&userId=00800900f1684380fa62185d13e05bda HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 21 Feb 2024 19:57:59 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00800900f1684380fa62185d13e05bda; expires=Thu, 20 Feb 2025 19:57:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ak.kocairdo.net/favicon.ico

23.36.76.168

0 B

URL
ak.kocairdo.net/favicon.ico
IP
23.36.76.168:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ak.kocairdo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00800900f1684380fa62185d13e05bda; oaidts=1708545479
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
expires: Wed, 21 Feb 2024 19:57:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 21 Feb 2024 19:57:59 GMT
X-Firefox-Spdy: h2

www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF

142.250.74.132

200 OK

655 B

URL User Request GET HTTP/2
www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint2A:14:A8:9A:EA:5B:44:20:C3:AE:90:FF:4D:2F:4C:22:15:54:F9:7C
ValidityMon, 29 Jan 2024 08:20:23 GMT - Mon, 22 Apr 2024 08:20:22 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1445), with no line terminators
Size
655 B (655 bytes)
Hash
c27afb9727e43aa96be6f37360f9dcaa
905fb49ab071b3919548b93070fdad3091bb59aa
9c0ac1aa2a4834f8f8c817f4239283b793f256825f36fb3d23d3d354d4b2dbbc

HTTP Headers

GET /url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 21 Feb 2024 19:58:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Ov6-M8oU12oyW5QpFgDemA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 655
x-xss-protection: 0
set-cookie: __Secure-ENID=17.SE=gNni7GrpAJA2lj3Dty-Uw_WjOc7dhj8Oeqvlr90QVpCI8z4J_GMf50ZHiBminE_4NYA7FyGch7Y8Pwlqj-1E_TU4bvbV9nKkkY4IKBqSs_GJTr-LBHlhj-DKMZidNf4WfMdZMdhJ0ftWm-A8snaqARe4dl6NZwBylf9Px4XZ0n8; expires=Sun, 23-Mar-2025 12:16:18 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/favicon.ico

142.250.74.132

200 OK

1.5 kB

URL GET HTTP/3
www.google.com/favicon.ico
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint66:92:08:3D:8D:29:C3:CF:50:3F:34:A3:87:1B:18:29:A9:9A:66:A2
ValidityMon, 29 Jan 2024 08:04:47 GMT - Mon, 22 Apr 2024 08:04:46 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
1.5 kB (1494 bytes)
Hash
f3418a443e7d841097c714d69ec4bcb8
49263695f6b0cdd72f45cf1b775e660fdc36c606
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/url?q=https://spillcasino.eu/&;source=gmail&;ust=1708622236685000&;usg=AOvVaw2yHfV7aWjsCqSF8WU0wmiF
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=17.SE=gNni7GrpAJA2lj3Dty-Uw_WjOc7dhj8Oeqvlr90QVpCI8z4J_GMf50ZHiBminE_4NYA7FyGch7Y8Pwlqj-1E_TU4bvbV9nKkkY4IKBqSs_GJTr-LBHlhj-DKMZidNf4WfMdZMdhJ0ftWm-A8snaqARe4dl6NZwBylf9Px4XZ0n8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1494
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Feb 2024 10:59:45 GMT
expires: Wed, 28 Feb 2024 10:59:45 GMT
cache-control: public, max-age=691200
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
age: 118695
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (40)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL