Report - gitb.org/watch-link/?=xxx0305xxx

Report Overview

Submitted URL
gitb.org/watch-link/?=xxx0305xxx
IP
45.143.99.2
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Submitted
2024-05-04 05:54:12
Access
public
Website Title
(1) New Message!
Final URL
gitb.org/watch-link/?=xxx0305xxx
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
52

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gitb.org	unknown	unknown	No data	No data	3.7 kB	90 kB	45.143.99.2
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-05-01	1.3 kB	38 kB	192.243.59.20
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	338 B	942 B	3.164.222.26
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	848 B	830 B	18.185.9.67
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-03	2.3 kB	194 kB	45.133.44.9
misuseproductions.com	unknown	2024-04-29	2024-04-30	2024-04-30	2.8 kB	22 kB	192.243.61.225
hunchsewingproxy.com	unknown	2024-04-29	2024-04-30	2024-05-03	2.3 kB	6.1 kB	192.243.59.13
dudleynutmeg.com	unknown	2024-04-30	2024-05-01	2024-05-02	2.8 kB	37 kB	172.240.108.76
designingpupilintermediary.com	unknown	2024-04-29	2024-04-30	2024-05-03	4.8 kB	12 kB	192.243.61.225
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-03	2.1 kB	66 kB	216.58.207.227
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-02	952 B	3.4 kB	45.133.44.3
pl22839067.profitablegatecpm.com	unknown	unknown	No data	No data	444 B	17 kB	172.240.127.234
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-03	407 B	327 B	192.243.61.225
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-02	2.7 kB	44 kB	188.114.96.1
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-03	2.2 kB	1.3 kB	192.243.59.13
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-02	416 B	1.8 kB	142.250.74.106
decisivewade.com	unknown	2024-04-29	2024-04-30	2024-05-03	8.4 kB	14 kB	172.240.108.68
pl22839066.profitablegatecpm.com	unknown	unknown	No data	No data	444 B	31 kB	172.240.127.234
coexistsafetyghost.com	unknown	2024-04-29	2024-04-30	2024-05-03	481 B	467 B	172.240.108.68
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	417 B	30 kB	172.67.180.87

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	misuseproductions.com	Sinkholed
2024-05-03	medium	misuseproductions.com	Sinkholed
2024-05-03	medium	hunchsewingproxy.com	Sinkholed
2024-05-04	medium	dudleynutmeg.com	Sinkholed
2024-05-03	medium	misuseproductions.com	Sinkholed
2024-05-03	medium	coexistsafetyghost.com	Sinkholed
2024-05-03	medium	hunchsewingproxy.com	Sinkholed
2024-05-04	medium	dudleynutmeg.com	Sinkholed
2024-05-04	medium	dudleynutmeg.com	Sinkholed
2024-05-04	medium	designingpupilintermediary.com	Sinkholed
2024-05-04	medium	designingpupilintermediary.com	Sinkholed
2024-05-03	medium	unseenreport.com	Sinkholed
2024-05-03	medium	unseenreport.com	Sinkholed
2024-05-03	medium	unseenreport.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-04	medium	designingpupilintermediary.com	Sinkholed
2024-05-04	medium	designingpupilintermediary.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed
2024-05-03	medium	decisivewade.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (35)

	URL	Size	First Seen	Last Seen
	gitb.org/watch-link/?=xxx0305xxx	3.2 kB	2024-05-01	2024-05-07
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:37 Times Seen4 Hash 14f98528b44fae0366c62a06a09f5b51 a873413f3e9cea0077bc983ab60bc4f2a0ec4bc1 3aeb63dd5573fa6fd540c5c738a21d6f2aa563584898c868fef503145e64b0cf Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	3.8 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:19 Times Seen1 Hash f060065643c9048728e236a7d4576e54 6edbcd9b7cebf20afe4ef303e5785498f5779c17 88a6c7c7257f2e021c314a675995e190da91ada0b272cc953fc9a17e7ad8370a Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	84 kB	2023-03-07	2024-05-18
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-18 09:11:18 Times Seen16249 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	unknown	3.4 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:19 Times Seen1 Hash 678445add2b816aee0148b71d5e17eb0 5ed43818fe7ba47029dd9760309e4a86d34bb718 4058e58b46e7c5207ff824265af1b7169a714b4b6cb3d977f913539b1259ec58 Loading...

	unknown	3.8 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:19 Times Seen1 Hash eb9f43a142b803a667c3fb977a017b4b 6fba08924b949c009715b108a730784f0dcdd4bb 4929b58f9fb53b81a3ce8950302fb50a8150cf6a65464e7f107176443d70aae5 Loading...

	gitb.org/watch-link/?=xxx0305xxx	288 B	2024-05-01	2024-05-07
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:37 Times Seen4 Hash 488c586d0a39ceb0f38da9160a2db288 1e41de847684798fbd4b6d2e0b5a89772f6f67f1 e40a0fa0f4c1790a73d39088f8d6d76a73e9635f3ff2357621c08b2178aff8c3 Loading...

	pl22839066.profitablegatecpm.com/19/c3/3b/19c33ba37280f60914e325fce07da677.js	84 kB	2024-05-04	2024-05-04
Pretty URL pl22839066.profitablegatecpm.com/19/c3/3b/19c33ba37280f60914e325fce07da677.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:20 Times Seen2 Hash d40fa76516c600055f99177708d05ce8 69da4afd00a4ea99fbdaf8406c5be5c614c80ec8 d9fba480e8775fa1a93994009865997729dbed971201d4964c0dbe4b161a62ac Loading...

	gitb.org/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0	7.0 kB	2024-02-06	2024-05-18
Pretty URL gitb.org/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-06 20:30:22 Last Seen2024-05-18 04:40:36 Times Seen204 Hash 70bb4fab119eb133cae33105b69f65cb 0c78a77e06be020674ca82d28b02a712615f7b35 395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936 Loading...

	dudleynutmeg.com/83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js	84 kB	2024-05-04	2024-05-04
Pretty URL dudleynutmeg.com/83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:20 Times Seen2 Hash a5f53294a25794ca35d6aa434b37f838 73e951b59ca017873db57afd1a798a48151ec557 ab46321b18421fd84cddbae340b07eff65a39e15f1a27e953507707416a33a22 Loading...

	unknown	1.3 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:19 Times Seen1 Hash 99a699e0e1beb6f68bf83739b9612f7f 1d556f988e53a47ff401d7508b76f65f6fa22d05 cf2f03a0dea76d4f7e9717abf2b7f602f989056b29a33fcf09982ebd83913eff Loading...

	gitb.org/watch-link/?=xxx0305xxx	287 B	2024-05-01	2024-05-07
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:37 Times Seen4 Hash 9c1a01676615eb2722f319776fda5176 8ae919cb18a5b28c9650b12c2bc90e4055a92641 c3c21924206f5f4348fc3d62cda7b09bc714ac3c86a0bc87a8c51e27d47a8c0e Loading...

	gitb.org/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2	19 kB	2024-03-13	2024-05-18
Pretty URL gitb.org/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02:37 Last Seen2024-05-18 08:49:48 Times Seen5072 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	unknown	145 B	2024-05-01	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:38 Times Seen4 Hash c7846a4028ac8ca04437977f2f3cf944 92694638d5cc904ade8d5b84350e295e8792648d b7157b0026148ffe37b4fbc5f1b00ce29979187c89d2bb33fbc3639378b1b3c2 Loading...

	unknown	145 B	2024-05-01	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:38 Times Seen4 Hash c96667453bf9984193543fd0bb70c107 574015df56541caf055a850c5bafcccf40c61ef6 93ba06a8b3c827492c0cdad11dee72fc96935dc6e5420ac1bd85c422e337622a Loading...

	www.topcreativeformat.com/ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js	31 kB	2024-05-04	2024-05-04
Pretty URL www.topcreativeformat.com/ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:20 Times Seen2 Hash 17b22bb20de7f95f3f6b833381a5995f a13449fbaeef063a7403b325a15bccb9ecf8f4a6 b07ebf3cd0a0fe8da09ad0b7dec17463250ea91a8248a3fe4bfa3dc835092ac5 Loading...

	gitb.org/watch-link/?=xxx0305xxx	287 B	2024-05-01	2024-05-07
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:37 Times Seen4 Hash 2c402a7fb2778aa97c60c588c1780dee 1ea8971c15cf9ec6dea86a974ac0772269ecba32 a127dcb88f7f70ca6408fc81a2adc597d23ea174ed8454a5e3322816ee6f3e31 Loading...

	misuseproductions.com/93/14/a1/9314a111a083adac7140c7787c32a705.js	44 kB	2024-05-04	2024-05-04
Pretty URL misuseproductions.com/93/14/a1/9314a111a083adac7140c7787c32a705.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:20 Times Seen2 Hash ca0bf1d77c7c448638050dad1bd126e1 cd4cc11352645221bc9afbb8faae5f1c79e754d6 62a6ceda6f009b9e02705c5c78af1d9a316f0f2fd754800b3ca209eed1d81f50 Loading...

	pl22839067.profitablegatecpm.com/88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js	45 kB	2024-05-04	2024-05-04
Pretty URL pl22839067.profitablegatecpm.com/88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:19 Last Seen2024-05-04 07:54:20 Times Seen2 Hash d0b243c62397a6d409df847cd05cf326 c8610839b3f2aeb270d99c2b98259cb4d1c1666c e743472fcf1d0541dc2739a068c98cf5fda4abbecc6806d1a40fbac6b474e56b Loading...

	gitb.org/watch-link/?=xxx0305xxx	260 B	2023-03-07	2024-05-18
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:19 Last Seen2024-05-18 04:40:35 Times Seen2604 Hash 9b78b28b396646badfc6017235ee4be9 18103240bf0cb760cdf7febc628b56b8fca44319 215f517010a20f2f4c55d34dd3c574568bd0fb83662f0b915ddb6561f97c3904 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 10:11:52 Times Seen37779289 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	gitb.org/watch-link/?=xxx0305xxx	127 B	2023-03-07	2024-05-18
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:19 Last Seen2024-05-18 04:40:35 Times Seen1641 Hash e891393f0be3a6ffaa3923b307180e7e bc0a7332b9846a5762a71b9b9811c1a8b19df194 2d1778345d3607ceb641cc5f21b0a2c045fa70052361ac91a17c39b2c9d96f71 Loading...

	unknown	196 B	2024-05-03	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 17:17:35 Last Seen2024-05-07 21:38:37 Times Seen3 Hash 1e7e5bd56908b695c6d1c57af8798de6 f8ae4d6cbc4aea6744172c6951decf456f1cf175 de22140c3eedeb6fa70e8b0c5da85114e8be4e404dbf2cdd92189a4e34503a1a Loading...

	unknown	1.3 kB	2024-05-03	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 17:17:35 Last Seen2024-05-04 07:54:19 Times Seen2 Hash 0287e7360af95de8b013db330e72255f ddb13ada8c469d39dda36850cfbe3c90c77c2021 dfea05b4464172a022edebc914d83358c3c12843940e9063f737c4f5e85e2c7c Loading...

	gitb.org/watch-link/?=xxx0305xxx	82 kB	2023-11-02	2024-05-18
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-02 02:45:19 Last Seen2024-05-18 00:48:50 Times Seen445 Hash 8c0a7d3594f81dc58a669cfa13186a62 39d562d07f0444eb871e3cfe355bbb1b21cb8ccc ea0a1f06ec24432f09707d9f748f1bf059b5203a1af5a8560e0faf0cdef5e5e7 Loading...

	www.topcreativeformat.com/8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js	31 kB	2024-05-04	2024-05-04
Pretty URL www.topcreativeformat.com/8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:20 Last Seen2024-05-04 07:54:20 Times Seen2 Hash 9921c80fb502a3f4fa99a001853c1bb6 a6b109c7114afa4bc697734ab43dec72e18fab6f 29843ded9d65e0544f2d02bd37d0bcb8d161041a63596ce02d2a9d05cf5652cd Loading...

	www.topcreativeformat.com/de99a652586bb57820d519c7eb88870f/invoke.js	31 kB	2024-05-04	2024-05-04
Pretty URL www.topcreativeformat.com/de99a652586bb57820d519c7eb88870f/invoke.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 07:54:20 Last Seen2024-05-04 07:54:20 Times Seen2 Hash f074b1098b1ef59f588cfb79adde00f3 8fe4f0b7784cc1369273fd6a15030ff1183f5b13 1dc583b650cfa58d7194724fda3fb5a1d18b60330e9cd08cdeea574bacc177a0 Loading...

	gitb.org/watch-link/?=xxx0305xxx	424 B	2024-05-01	2024-05-07
Pretty URL gitb.org/watch-link/?=xxx0305xxx IP 45.143.99.2 ASN #207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 12:30:02 Last Seen2024-05-07 21:38:38 Times Seen4 Hash 67812ca09f377412e6ba09899f69da5d c6182bd325582cff1f434b2caef307147edd4afa cd9a4e1fdfe06122d9ae111623c86e8a92c16af30586b974ce266d15fb6be26b Loading...

	unknown	145 B	2024-05-01	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 12:30:01 Last Seen2024-05-07 21:38:38 Times Seen4 Hash 5f03d72e93861c5fae37dcad2acc887a a9686464f01ef46343bc3c6d6dcd5e00ea72b333 709c9325536330ba4f6368664dc165e45e03346dbc1b7839fca4492f30c84978 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ab76859c4abe6f05b9418aaee36ecd22	2.1 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 07:54:20 Last Seen2024-05-04 07:54:20 Times Seen1 Hash ab76859c4abe6f05b9418aaee36ecd22 353af6f6c553f4445867670c6fe19564ee800edb e97addfcdbf4e390ec6f65e0f98723fb7f1c2f60fca74b2bc9eee5ddfa1eaa78 Loading...

	#2 Eval - d3ba9f084d8e6998114f89429f84704f	2.1 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 07:54:20 Last Seen2024-05-04 07:54:20 Times Seen1 Hash d3ba9f084d8e6998114f89429f84704f 109e44882c3b3acac85da5bd94372c3a8ad3dec0 6761a786bffb5db03e18b6ce6b53291f3051998167030ed47725833d57bcf398 Loading...

	#3 Eval - 8c26adb5bac4a18c322fa43c803454b3	2.1 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 07:54:20 Last Seen2024-05-04 07:54:20 Times Seen1 Hash 8c26adb5bac4a18c322fa43c803454b3 8b25b6f1c032b5d7fc01de67eff7dab08bfd6e2c 0e2be5c54e8212d0578c71e094be6f39c052f18cba8df182654b27a926081f0f Loading...

		Size	First Seen	Last Seen
	#1 Write - cf4ae6e517237eba422afe094033f896	117 B	2024-05-01	2024-05-07
Pretty Observations First Seen2024-05-01 12:30:02 Last Seen2024-05-07 21:38:38 Times Seen4 Hash cf4ae6e517237eba422afe094033f896 f582c75a28124b4616645c50ffec7a1548fd329e 235d1e8dc50b36ca537f5ce97d528da3638df60b07131434177c5dad4c263813 Loading...

	#2 Write - 1467583edd65427c79c2e5b595c0604e	117 B	2024-05-01	2024-05-07
Pretty Observations First Seen2024-05-01 12:30:02 Last Seen2024-05-07 21:38:38 Times Seen4 Hash 1467583edd65427c79c2e5b595c0604e 8f99582fcf0280ad52f491ddea9cd248221bcda0 e0665c930d41f1534e8a25566101db94e849231baf3f3ffadc7d2207cdcb722c Loading...

	#3 Write - 8e17a2eb89c8123a96abd38a7de3439c	117 B	2024-05-01	2024-05-07
Pretty Observations First Seen2024-05-01 12:30:02 Last Seen2024-05-07 21:38:38 Times Seen4 Hash 8e17a2eb89c8123a96abd38a7de3439c 0636c89a547113e7d136807ffba7f3a73d669e12 f4593b3c53093628a1c68fd1876cd5466e5b1b373affd4bdb090069985ebb820 Loading...

HTTP Transactions (61)

URL IP Response Size

gitb.org/watch-link/?=xxx0305xxx

45.143.99.2

200 OK

35 kB

URL User Request GET HTTP/2
gitb.org/watch-link/?=xxx0305xxx
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
HTML document, ASCII text, with very long lines (9779), with CRLF, LF line terminators
Size
35 kB (34618 bytes)
Hash
0ad4e97ab68d90a431021405d3de5f3e
cdcbd91b24c7576c01a6fa8455a2298a6f6bad2e
5af4366570dc18b1d7b6ea71e009e15c78c742a9161963cd83ddd69a15754d15

HTTP Headers

GET /watch-link/?=xxx0305xxx HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.30
content-type: text/html; charset=UTF-8
x-ua-compatible: IE=edge
link: <https://gitb.org/wp-json/>; rel="https://api.w.org/", <https://gitb.org/wp-json/wp/v2/pages/52>; rel="alternate"; type="application/json", <https://gitb.org/?p=52>; rel=shortlink
content-length: 34618
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 05:53:43 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

gitb.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2

45.143.99.2

200 OK

13 kB

URL GET HTTP/3
gitb.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
ASCII text, with very long lines (59701)
Size
13 kB (12823 bytes)
Hash
51a8390b47aa0582cf2d9c96c5addee2
b16a640874025d085c38119a1a02a3460f83f2de
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 03:55:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12823
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

gitb.org/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0

45.143.99.2

200 OK

4.1 kB

URL GET HTTP/3
gitb.org/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
ASCII text, with very long lines (19564), with no line terminators
Size
4.1 kB (4101 bytes)
Hash
867585929ee8b21749cdefa675d9aa11
afbd7bc967068d4e804641f4b1df78ab37417144
bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d

HTTP Headers

GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: text/css
last-modified: Wed, 28 Feb 2024 13:10:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4101
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed

gitb.org/wp-content/uploads/2024/03/tg.png

45.143.99.2

200 OK

29 kB

URL GET HTTP/3
gitb.org/wp-content/uploads/2024/03/tg.png
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
PNG image data, 768 x 181, 8-bit/color RGBA, non-interlaced
Size
29 kB (28931 bytes)
Hash
860908cfa697542ec3589fc43c01f701
c229b515d6d48b51d6268c2a26877c6b1fc94b68
c1373a3e5458cb3fc4330c8bf2efaab4a07b61f178abdcc25ee860f95d9729dc

HTTP Headers

GET /wp-content/uploads/2024/03/tg.png HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: image/png
last-modified: Fri, 15 Mar 2024 20:57:28 GMT
accept-ranges: bytes
content-length: 28931
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed

gitb.org/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0

45.143.99.2

200 OK

1.5 kB

URL GET HTTP/3
gitb.org/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
JavaScript source, ASCII text, with very long lines (6957), with no line terminators
Size
1.5 kB (1460 bytes)
Hash
70bb4fab119eb133cae33105b69f65cb
0c78a77e06be020674ca82d28b02a712615f7b35
395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936

HTTP Headers

GET /wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: application/javascript
last-modified: Wed, 28 Feb 2024 13:10:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1460
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed

www.topcreativeformat.com/8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js

192.243.59.20

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31300), with no line terminators
Size
12 kB (11830 bytes)
Hash
9921c80fb502a3f4fa99a001853c1bb6
a6b109c7114afa4bc697734ab43dec72e18fab6f
29843ded9d65e0544f2d02bd37d0bcb8d161041a63596ce02d2a9d05cf5652cd

HTTP Headers

GET /8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de27f7121341af3087a218a785d5a931
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl22839067.profitablegatecpm.com/88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js

172.240.127.234

200 OK

16 kB

URL GET HTTP/1.1
pl22839067.profitablegatecpm.com/88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (45353), with no line terminators
Size
16 kB (15994 bytes)
Hash
d0b243c62397a6d409df847cd05cf326
c8610839b3f2aeb270d99c2b98259cb4d1c1666c
e743472fcf1d0541dc2739a068c98cf5fda4abbecc6806d1a40fbac6b474e56b

HTTP Headers

GET /88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js HTTP/1.1
Host: pl22839067.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Tue, 07 May 2024 08:53:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2cf81691e349ae6de11053546ea9c38
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl22839066.profitablegatecpm.com/19/c3/3b/19c33ba37280f60914e325fce07da677.js

172.240.127.234

200 OK

31 kB

URL GET HTTP/1.1
pl22839066.profitablegatecpm.com/19/c3/3b/19c33ba37280f60914e325fce07da677.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30595 bytes)
Hash
d40fa76516c600055f99177708d05ce8
69da4afd00a4ea99fbdaf8406c5be5c614c80ec8
d9fba480e8775fa1a93994009865997729dbed971201d4964c0dbe4b161a62ac

HTTP Headers

GET /19/c3/3b/19c33ba37280f60914e325fce07da677.js HTTP/1.1
Host: pl22839066.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 934a1063b3b3b0b6decd76cc60309b78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js

192.243.59.20

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31262), with no line terminators
Size
12 kB (11814 bytes)
Hash
17b22bb20de7f95f3f6b833381a5995f
a13449fbaeef063a7403b325a15bccb9ecf8f4a6
b07ebf3cd0a0fe8da09ad0b7dec17463250ea91a8248a3fe4bfa3dc835092ac5

HTTP Headers

GET /ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b20654786646d6dfaf0a57457221a079
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
353dbae1e1b45a750770ae51bef13ba7
465917a2a0bbb947e9727e7f08b584a82aa6fb81
9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 05:53:46 GMT
Last-Modified: Sat, 04 May 2024 05:04:56 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 42bac5f1aabdd1402109b9e5f2ab1414.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: ANssLR1ENA9GD2Muvh2KA1LWjZQG3X5Ovb2mK2FpfrYq3fkROksRsA==
Age: 2930

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3b0b0360c634fc9678cd14fddbeeee05
dd3cc1de563627a9e1b22253540f3594e587869a
b457f03b22f85c46bb0dd20e803d2ce8427cf8b0f2347d2325d9608148ad7dce

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitb.org
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ae4b3cd4-0306-480c-abf4-395aaac96b7e:2:1; expires=Tue, 02 May 2034 05:53:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b429eb24f709cac13fdb01bda0dda113
73c8457fd534f30982eb63461c35f5221ada310f
d39d626d55620260f02d852a85c691d26efd262ca308b7258bd6fb298d75a278

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitb.org
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Tue, 02 May 2034 05:53:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.topcreativeformat.com/de99a652586bb57820d519c7eb88870f/invoke.js

192.243.59.20

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/de99a652586bb57820d519c7eb88870f/invoke.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31281), with no line terminators
Size
12 kB (11833 bytes)
Hash
f074b1098b1ef59f588cfb79adde00f3
8fe4f0b7784cc1369273fd6a15030ff1183f5b13
1dc583b650cfa58d7194724fda3fb5a1d18b60330e9cd08cdeea574bacc177a0

HTTP Headers

GET /de99a652586bb57820d519c7eb88870f/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 480b94aebca341bd7b2e5ae4c5b89c79
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

gitb.org/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2

45.143.99.2

200 OK

4.0 kB

URL GET HTTP/3
gitb.org/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
4.0 kB (4037 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:45 GMT
content-type: application/javascript
last-modified: Wed, 03 Apr 2024 03:55:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4037
date: Sat, 04 May 2024 05:53:45 GMT
server: LiteSpeed

misuseproductions.com/93/14/a1/9314a111a083adac7140c7787c32a705.js

192.243.61.225

200 OK

16 kB

URL GET HTTP/1.1
misuseproductions.com/93/14/a1/9314a111a083adac7140c7787c32a705.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectmisuseproductions.com
FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6
ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT

File type
JavaScript source, ASCII text, with very long lines (44028), with no line terminators
Size
16 kB (15804 bytes)
Hash
ca0bf1d77c7c448638050dad1bd126e1
cd4cc11352645221bc9afbb8faae5f1c79e754d6
62a6ceda6f009b9e02705c5c78af1d9a316f0f2fd754800b3ca209eed1d81f50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /93/14/a1/9314a111a083adac7140c7787c32a705.js HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 08:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 412cf78b5a970fe7e064f53e3a75f032
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

misuseproductions.com/watch.437024946035.js?key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1

172.240.253.132

307 Temporary Redirect

0 B

URL GET HTTP/1.1
misuseproductions.com/watch.437024946035.js?key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectmisuseproductions.com
FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6
ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.437024946035.js?key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Location: https://misuseproductions.com/watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1
Set-Cookie: u_pl=22697098; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5OCwiayI6IjhkMDVhOTM0MjYxZGQ5ZTJhZWJiZGFhNDBhOWM2OGM0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoibXBlODh5a2VwZSIsImNwa3MiOnsiMjkiOiI5MzE0YTExMWEwODNhZGFjNzE0MGM3Nzg3YzMyYTcwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.OUoMeIpOxYy3BELm8S7DuOBCdg6913Dap8WksHYdQ6U; expires=Sat, 04 May 2024 05:54:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 438c6283b835aa5e6476427ffae535fc
Strict-Transport-Security: max-age=0; includeSubdomains

hunchsewingproxy.com/watch.1176979019121.js?key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
hunchsewingproxy.com/watch.1176979019121.js?key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjecthunchsewingproxy.com
FingerprintCF:1D:62:33:6B:D3:BF:31:A0:28:BB:E3:F3:E4:1F:F7:F1:90:3C:BE
ValidityMon, 29 Apr 2024 08:24:00 GMT - Sun, 28 Jul 2024 08:23:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1176979019121.js?key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: hunchsewingproxy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Location: https://hunchsewingproxy.com/watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
Set-Cookie: u_pl=22697095; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5NSwiayI6ImJhMTYwZWJkYjdhZTRjMmQzNzZmMGY4ZGMyMzhhYzk2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjcsInB0Ijo0LCJwayI6InE4eHZ4aDhrIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0Yi5vcmcvd2F0Y2gtbGluay8_PXh4eDAzMDV4eHgiLCJhciI6W119fQ.jK83ROVjkh9hsrggmGKdyIHO_S5xKHgvooD1tvRcJMY; expires=Sat, 04 May 2024 05:54:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 275bfbdcb3f8d4050018ca93934828b6
Strict-Transport-Security: max-age=0; includeSubdomains

dudleynutmeg.com/watch.1091538150120.js?key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1

172.240.108.76

307 Temporary Redirect

0 B

URL GET HTTP/1.1
dudleynutmeg.com/watch.1091538150120.js?key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1091538150120.js?key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Location: https://dudleynutmeg.com/watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
Set-Cookie: u_pl=22697121; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzEyMSwiayI6ImRlOTlhNjUyNTg2YmI1NzgyMGQ1MTljN2ViODg4NzBmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InRicjhzYTU3bSIsImNwa3MiOnsiMjgiOiI4M2EzM2E1YTYxNWRmNjMxZWI4M2IxZDA0MTFiNzJmZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.V7J0-H8OFffgz1zFrucwP5IEl7UjmL1pZg12cf1brn0; expires=Sat, 04 May 2024 05:54:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f29b81659f718f5eb48dfbbd1a9e44a7
Strict-Transport-Security: max-age=0; includeSubdomains

misuseproductions.com/watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1

192.243.61.225

200 OK

2.0 kB

URL GET HTTP/1.1
misuseproductions.com/watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectmisuseproductions.com
FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6
ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT

File type
JavaScript source, ASCII text, with very long lines (2514)
Size
2.0 kB (2026 bytes)
Hash
5f5fe04afd1f63a9329d5ebc461b818e
90a18141a3b9a89f8ab6c177581d252d789cea97
f35b271678cf437ae7a0b48c2773be5e221bb8af0b31fb35ab62e5710ac75c78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
Referer: https://gitb.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22697098; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5OCwiayI6IjhkMDVhOTM0MjYxZGQ5ZTJhZWJiZGFhNDBhOWM2OGM0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoibXBlODh5a2VwZSIsImNwa3MiOnsiMjkiOiI5MzE0YTExMWEwODNhZGFjNzE0MGM3Nzg3YzMyYTcwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.OUoMeIpOxYy3BELm8S7DuOBCdg6913Dap8WksHYdQ6U
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ae4b3cd4-0306-480c-abf4-395aaac96b7e:2:1; expires=Sat, 11 May 2024 05:53:47 GMT; secure; SameSite=None
iprce27e62c9fa571f62f5b081a27e1912fb=5191357; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a17fa43b626c71f6525226bd775b8d8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

coexistsafetyghost.com/pixel/purst?dl=0&th=0&sc=0&rs=1792&rd=1792&fd=782&bv=24.5.6485&tmpl=70

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
coexistsafetyghost.com/pixel/purst?dl=0&th=0&sc=0&rs=1792&rd=1792&fd=782&bv=24.5.6485&tmpl=70
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcoexistsafetyghost.com
Fingerprint4D:41:7B:FB:11:3F:3C:36:DB:78:BA:88:80:F1:D4:F5:CC:80:DD:9C
ValidityMon, 29 Apr 2024 13:15:24 GMT - Sun, 28 Jul 2024 13:15:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1792&rd=1792&fd=782&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: coexistsafetyghost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

hunchsewingproxy.com/watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1

192.243.59.13

200 OK

2.5 kB

URL GET HTTP/1.1
hunchsewingproxy.com/watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjecthunchsewingproxy.com
FingerprintCF:1D:62:33:6B:D3:BF:31:A0:28:BB:E3:F3:E4:1F:F7:F1:90:3C:BE
ValidityMon, 29 Apr 2024 08:24:00 GMT - Sun, 28 Jul 2024 08:23:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3131)
Size
2.5 kB (2453 bytes)
Hash
3e824f68338389b86ac0f6249f5b1790
e6663c8cfbc97ba0bc33c2650e5d15492eebaf32
8b410be7f8ab0b66bdb52a9aa2a43686a34ab7da8aa8f7f3b8ef82ca3b8b7eb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: hunchsewingproxy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
Referer: https://gitb.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22697095; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5NSwiayI6ImJhMTYwZWJkYjdhZTRjMmQzNzZmMGY4ZGMyMzhhYzk2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjcsInB0Ijo0LCJwayI6InE4eHZ4aDhrIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0Yi5vcmcvd2F0Y2gtbGluay8_PXh4eDAzMDV4eHgiLCJhciI6W119fQ.jK83ROVjkh9hsrggmGKdyIHO_S5xKHgvooD1tvRcJMY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:47 GMT; secure; SameSite=None
iprc0c3d680322549836492107fa1d328dfd=3569683; expires=Sat, 04 May 2024 09:53:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv27=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs27=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61230ef35ee9e12bb0cb9082d4d55bb5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dudleynutmeg.com/83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js

172.240.108.76

200 OK

30 kB

URL GET HTTP/1.1
dudleynutmeg.com/83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30375 bytes)
Hash
a5f53294a25794ca35d6aa434b37f838
73e951b59ca017873db57afd1a798a48151ec557
ab46321b18421fd84cddbae340b07eff65a39e15f1a27e953507707416a33a22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 660ac747ecd01258059bbfb673b1b473
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dudleynutmeg.com/watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1

172.240.108.76

200 OK

2.3 kB

URL GET HTTP/1.1
dudleynutmeg.com/watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdudleynutmeg.com
Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90
ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT

File type
JavaScript source, ASCII text, with very long lines (2930)
Size
2.3 kB (2347 bytes)
Hash
2ce5baca8624fb14f628051a3149900d
69d29d26f225379cc09afcf2d58592483773d2ae
f792baee922e107981a112dd38c91233b1523229aff68475d8c8d29d41fd285f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
Referer: https://gitb.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22697121; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzEyMSwiayI6ImRlOTlhNjUyNTg2YmI1NzgyMGQ1MTljN2ViODg4NzBmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InRicjhzYTU3bSIsImNwa3MiOnsiMjgiOiI4M2EzM2E1YTYxNWRmNjMxZWI4M2IxZDA0MTFiNzJmZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.V7J0-H8OFffgz1zFrucwP5IEl7UjmL1pZg12cf1brn0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 001c7d14cde07ff1710c277800c3ca9a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/17/19/34/171934cf2a024c013ac2c2b0805d9eae/1711620479.jpg

45.133.44.9

200 OK

75 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/17/19/34/171934cf2a024c013ac2c2b0805d9eae/1711620479.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, baseline, precision 8, 300x250, components 3
Size
75 kB (75237 bytes)
Hash
156f3383d85fab2d082c4d0e64549de1
0b475fdfafa1cfae8ddd899beb3d2e7120f99d06
ae5f621f49ad4c3cd9b5c19f1e244097c627a02349dc9c50da49455f4c44a107

HTTP Headers

GET /cti/17/19/34/171934cf2a024c013ac2c2b0805d9eae/1711620479.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:47 GMT
content-type: image/jpeg
content-length: 75237
server: nginx/1.21.6
last-modified: Thu, 28 Mar 2024 10:08:08 GMT
etag: "66054188-125e5"
expires: Mon, 06 May 2024 05:53:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/a7/81/a3/a781a3f5b0f5e23bdd2dd0518e7f7682/1658915583.png

45.133.44.9

200 OK

59 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/a7/81/a3/a781a3f5b0f5e23bdd2dd0518e7f7682/1658915583.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced
Size
59 kB (59343 bytes)
Hash
a8d87e991a22e21fd415f8484a2c798d
512ec0da7b33b71c73453271860fae0a0e23c627
a26bd031fca0ac99e2ee032b81812e714bb94834b7ca304fbdf2aafd5c192045

HTTP Headers

GET /cti/a7/81/a3/a781a3f5b0f5e23bdd2dd0518e7f7682/1658915583.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:47 GMT
content-type: image/png
content-length: 59343
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:53:11 GMT
etag: "62e10b07-e7cf"
expires: Mon, 06 May 2024 05:53:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/dd/13/a8/dd13a8a9f8fc637ee941ddb353b9ae48/1708593093.jpg

45.133.44.9

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/dd/13/a8/dd13a8a9f8fc637ee941ddb353b9ae48/1708593093.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3
Size
25 kB (25093 bytes)
Hash
f80ea110b43a5bb9f19df3c8c5a1177b
26d3866801fd818c2081a08a3c85b242c95ff841
db529015bce32b9bfc72833a9abfa366b60ddb0e46e2c470c1b66aa58a6dca15

HTTP Headers

GET /cti/dd/13/a8/dd13a8a9f8fc637ee941ddb353b9ae48/1708593093.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:47 GMT
content-type: image/jpeg
content-length: 25093
server: nginx/1.21.6
last-modified: Thu, 22 Feb 2024 09:11:41 GMT
etag: "65d70fcd-6205"
expires: Mon, 06 May 2024 05:53:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

capaciousdrewreligion.com/advertisers.js

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e387cb51e39873336bb7e0210a12fca9
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

29 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
29 kB (28699 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b8812bf7061a4dc53c147771156e4f07
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 05:53:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wam6Bru3Wu0EEJPBB1loHRuDGqjKGeY85l0oEQS5Kotq0HdQMRns34gWlvDoulAyoAzZvDmxxk%2F16ke3%2BKeSzEJDvBokjnzSyo4N7m3ypXUO13iDNnYk%2BvSHBvpaUpr4U4vFNxj3f9Qf3Btsp71i9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b7f1d6c56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

designingpupilintermediary.com/sbar.json?key=885fb415a08e7d05b93f88ca77ad22cc&psid=CF-3448_1&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1

192.243.61.225

200 OK

8.4 kB

URL GET HTTP/1.1
designingpupilintermediary.com/sbar.json?key=885fb415a08e7d05b93f88ca77ad22cc&psid=CF-3448_1&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdesigningpupilintermediary.com
FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78
ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT

File type
JSON text data
Size
8.4 kB (8433 bytes)
Hash
f7f827613f887fd18714606c74543a57
274627a28d53f6401ee25c775cfb172413d940dc
50515036af2808eac46b88ba22191cff484a7eb447f2a40cc682d5cd6be68ab7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=885fb415a08e7d05b93f88ca77ad22cc&psid=CF-3448_1&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22738568; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:48 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e55aa0108085fb9480bc03080ef1d5c1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

designingpupilintermediary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuunuT2gx8qe3IR5qCwgpl0z7%2FucQ%2BL2RgJxk3cXVG8LNVd1ZMyNV1NVdf0JBeDC5rj4CfoPJNsXF1k9yq4SGfBQ1DY8ZSDufgFRCFnmXFw9D3U%2B771PAVPPe%2F7%2BaG9IHVYer76ntoTUtLlVs2tXvvI865XN0RiB9VB0L7Xbl6v6v6bnXbNfb36Do921HLd9VzXc73qmtA8VoPlCQiRPup4tY5ba9ZrXquJgf5vb6wDQx2w%2FgV5CYKNF585VyCiEknv8So3O5lK33i7ZyXNlEafnXyQ7CQqT9Cbl7F2ECcnMzaUeb72FCo5nsqF6v9DDMWYOD8%2BRZiczEQi7B9NdYYSPEHI%2Foe8X4LLEoKWiNR9CPacABHDrU0kvQe3lM7p7t8onaBjsnj5J0Q%2BJou%2FXkHS%2B3ZFikH1jpI2EyoxGMQFxKCE6JZI7SmyvQpEfooo%2BwyC%2FUyWLzeQ9I42jVQQ7PzVmPnco8xf6rBOc6lJg2Cpw1rxUrtJvQ5tsVYn9KcGCVFCxCUkH4KaCqxxYIUDGzuwqYMeO69Gnuf5LouoG3SiqMF8HraZ61E%2F9qjntgPYaPKHIbJ0iEgOEel9pHofO2IIbX%2BA2S5g2AJMNibO%2B5%2BizwrknCA3BDklyAVBnhHk%2FeKYSVM3xQMmjQ29Wa7PcqMYqax7SI9V1uUJAdVDaFYcphfkxYmJzseXB9jh59UgaMVh02tRN%2BA%2Bc1thpxEHQUR9n7J6PYpgxMOba0uNZjO450GYCqhxsCfGxP%2F9C6RiTF7efQ0hPYWRp4jEC6D2FdC8AN0usJd81RVZWFO6C6YKpNkisl3nUF6Qq9NZrm8%2BAY%2FObvzWmAYiXSDVBT4Rzwi68mB0W%2BXk6LbKDXmymWaiJ%2FboZM53Mprxha%2Ff5bu50mx91QwfvhVNgEn56C432QZNmEi6hnyzIhjjek3piJPv182HPNyyZnvF6sSmG1s319Z7qebGCJWUoJOV%2FUMjEmPy%2F6t3pyt87bstCF1C2wI9e0ZmAaFKROk%2BTDrXbxSBlnNOmDrIbTHS9XB%2BKQWB5POehgXMv%2FpwXo80nbymojg0B%2BjqCmh2H0mvQF8X6MsCVA5h7MIoS%2FXZjV9mMkJZGYVSV45CqeWXU5snx2MYcV71Gw2Xtjstz%2Fcp98NmPYjbHqO03mzX223aQGbGcesn%2BRcAAAD%2F%2FwEAAP%2F%2FNwzqEJwEAAA%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
designingpupilintermediary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuunuT2gx8qe3IR5qCwgpl0z7%2FucQ%2BL2RgJxk3cXVG8LNVd1ZMyNV1NVdf0JBeDC5rj4CfoPJNsXF1k9yq4SGfBQ1DY8ZSDufgFRCFnmXFw9D3U%2B771PAVPPe%2F7%2BaG9IHVYer76ntoTUtLlVs2tXvvI865XN0RiB9VB0L7Xbl6v6v6bnXbNfb36Do921HLd9VzXc73qmtA8VoPlCQiRPup4tY5ba9ZrXquJgf5vb6wDQx2w%2FgV5CYKNF585VyCiEknv8So3O5lK33i7ZyXNlEafnXyQ7CQqT9Cbl7F2ECcnMzaUeb72FCo5nsqF6v9DDMWYOD8%2BRZiczEQi7B9NdYYSPEHI%2Foe8X4LLEoKWiNR9CPacABHDrU0kvQe3lM7p7t8onaBjsnj5J0Q%2BJou%2FXkHS%2B3ZFikH1jpI2EyoxGMQFxKCE6JZI7SmyvQpEfooo%2BwyC%2FUyWLzeQ9I42jVQQ7PzVmPnco8xf6rBOc6lJg2Cpw1rxUrtJvQ5tsVYn9KcGCVFCxCUkH4KaCqxxYIUDGzuwqYMeO69Gnuf5LouoG3SiqMF8HraZ61E%2F9qjntgPYaPKHIbJ0iEgOEel9pHofO2IIbX%2BA2S5g2AJMNibO%2B5%2BizwrknCA3BDklyAVBnhHk%2FeKYSVM3xQMmjQ29Wa7PcqMYqax7SI9V1uUJAdVDaFYcphfkxYmJzseXB9jh59UgaMVh02tRN%2BA%2Bc1thpxEHQUR9n7J6PYpgxMOba0uNZjO450GYCqhxsCfGxP%2F9C6RiTF7efQ0hPYWRp4jEC6D2FdC8AN0usJd81RVZWFO6C6YKpNkisl3nUF6Qq9NZrm8%2BAY%2FObvzWmAYiXSDVBT4Rzwi68mB0W%2BXk6LbKDXmymWaiJ%2FboZM53Mprxha%2Ff5bu50mx91QwfvhVNgEn56C432QZNmEi6hnyzIhjjek3piJPv182HPNyyZnvF6sSmG1s319Z7qebGCJWUoJOV%2FUMjEmPy%2F6t3pyt87bstCF1C2wI9e0ZmAaFKROk%2BTDrXbxSBlnNOmDrIbTHS9XB%2BKQWB5POehgXMv%2FpwXo80nbymojg0B%2BjqCmh2H0mvQF8X6MsCVA5h7MIoS%2FXZjV9mMkJZGYVSV45CqeWXU5snx2MYcV71Gw2Xtjstz%2Fcp98NmPYjbHqO03mzX223aQGbGcesn%2BRcAAAD%2F%2FwEAAP%2F%2FNwzqEJwEAAA%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdesigningpupilintermediary.com
FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78
ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuunuT2gx8qe3IR5qCwgpl0z7%2FucQ%2BL2RgJxk3cXVG8LNVd1ZMyNV1NVdf0JBeDC5rj4CfoPJNsXF1k9yq4SGfBQ1DY8ZSDufgFRCFnmXFw9D3U%2B771PAVPPe%2F7%2BaG9IHVYer76ntoTUtLlVs2tXvvI865XN0RiB9VB0L7Xbl6v6v6bnXbNfb36Do921HLd9VzXc73qmtA8VoPlCQiRPup4tY5ba9ZrXquJgf5vb6wDQx2w%2FgV5CYKNF585VyCiEknv8So3O5lK33i7ZyXNlEafnXyQ7CQqT9Cbl7F2ECcnMzaUeb72FCo5nsqF6v9DDMWYOD8%2BRZiczEQi7B9NdYYSPEHI%2Foe8X4LLEoKWiNR9CPacABHDrU0kvQe3lM7p7t8onaBjsnj5J0Q%2BJou%2FXkHS%2B3ZFikH1jpI2EyoxGMQFxKCE6JZI7SmyvQpEfooo%2BwyC%2FUyWLzeQ9I42jVQQ7PzVmPnco8xf6rBOc6lJg2Cpw1rxUrtJvQ5tsVYn9KcGCVFCxCUkH4KaCqxxYIUDGzuwqYMeO69Gnuf5LouoG3SiqMF8HraZ61E%2F9qjntgPYaPKHIbJ0iEgOEel9pHofO2IIbX%2BA2S5g2AJMNibO%2B5%2BizwrknCA3BDklyAVBnhHk%2FeKYSVM3xQMmjQ29Wa7PcqMYqax7SI9V1uUJAdVDaFYcphfkxYmJzseXB9jh59UgaMVh02tRN%2BA%2Bc1thpxEHQUR9n7J6PYpgxMOba0uNZjO450GYCqhxsCfGxP%2F9C6RiTF7efQ0hPYWRp4jEC6D2FdC8AN0usJd81RVZWFO6C6YKpNkisl3nUF6Qq9NZrm8%2BAY%2FObvzWmAYiXSDVBT4Rzwi68mB0W%2BXk6LbKDXmymWaiJ%2FboZM53Mprxha%2Ff5bu50mx91QwfvhVNgEn56C432QZNmEi6hnyzIhjjek3piJPv182HPNyyZnvF6sSmG1s319Z7qebGCJWUoJOV%2FUMjEmPy%2F6t3pyt87bstCF1C2wI9e0ZmAaFKROk%2BTDrXbxSBlnNOmDrIbTHS9XB%2BKQWB5POehgXMv%2FpwXo80nbymojg0B%2BjqCmh2H0mvQF8X6MsCVA5h7MIoS%2FXZjV9mMkJZGYVSV45CqeWXU5snx2MYcV71Gw2Xtjstz%2Fcp98NmPYjbHqO03mzX223aQGbGcesn%2BRcAAAD%2F%2FwEAAP%2F%2FNwzqEJwEAAA%3D HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22738568; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 46e60ae871b9f4a08f02edb5287f2bb6
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

188.114.96.1

200 OK

591 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 308164
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DjXb3mBdxHv968wKqxIrD67A2l%2F%2FM0tMN%2FecN3XYWwXb9cf6iYV4KPdLMgFiqQjE%2BlZQYjJjnMTxS1UIO0smlkDN5RcAtWKnBdo025J%2F676JD21d92%2BNwcVEPkSlFzkYIy2s%2FYxhMBif"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b882ecab524-OSL
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
16 kB (16093 bytes)
Hash
14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af

HTTP Headers

GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Mon, 06 May 2024 05:53:48 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

188.114.96.1

200 OK

31 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32025)
Size
31 kB (31083 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 304032
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sdxH4o7dmorRPgKqIvXK9GZpN3Zso9EN%2FobPzUJw%2F3x1pt6Hzpnu2EZvTefQoQcK5vYjnKvyAxeCOzUmP11kHLRTDt2Ye2X0gS5iKn9PW%2BhN9SNnGjx7hDEjwAF%2F7Xzg%2BWZuFsb9i5HG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b882eceb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=885fb415a08e7d05b93f88ca77ad22cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=885fb415a08e7d05b93f88ca77ad22cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=885fb415a08e7d05b93f88ca77ad22cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f3c4471463aebe1d6cd6f9b78adac8ac
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9314a111a083adac7140c7787c32a705&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9314a111a083adac7140c7787c32a705&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9314a111a083adac7140c7787c32a705&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a246d5f1ca73d4bff55dae9cba30bcac
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=19c33ba37280f60914e325fce07da677&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=19c33ba37280f60914e325fce07da677&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=19c33ba37280f60914e325fce07da677&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8dd3fa568317431bb13eb579e301d90
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1188 bytes)
Hash
dd491997885c21f2a9a000f9bc2bf3dc
6f5cc3a59e8c0d12ff076c4bf63ded3400600efe
f8f7c5e8bf2596838beaaccc5bc9f3406237d47b419623b33262aa6bf006ae80

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 05:53:48 GMT
date: Sat, 04 May 2024 05:53:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=67

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=67
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=67 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

188.114.96.1

200 OK

341 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
341 B (341 bytes)
Hash
0013fbb3bd9e7300fa1bc9f62501dcf0
447e4a8994979e2e158b9beff79b94e7d1b29508
4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 59501
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8v6Wjblhh%2BRm1dGry9FVoz%2BfYr9jcr9FwnVvyJIs84yqOTl%2FHLuCnSHZB5Z2QyBnehhaxKfgvYjPv8QHZH%2BLONOaJRfv7WJh4CPTno1LQqgyVWIxCGu72WDHyit%2Fn37D6zdASkjC4G3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b888f0fb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:40:35 GMT
expires: Fri, 02 May 2025 22:40:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 112394
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

designingpupilintermediary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4scxRuunuztBz9UcjIIc1CI4M52z0xP95hDMIkri2s2JhHFS6h%2FPSm3pqup6p6e3YvBgOY4%2BAl6n9lkjQZJroJBZgMeFoWMpz24F7%2BAKOxZZhwcfQ%2F1vm89T8FTz%2Ft%2BvleckCYKenzlPbOrtKZrYcOvn%2F8oCC7UN1VaDOvDuHOr075Qt4M3u52G%2F3r9Hcm3zVrTD3w%2F8IP6urIyMcO1GQiVPeoGja7faDcbQdjG0P63d4UHRz2IwQl5CUpMV555Z6H4BGn%2F8RXptnOTvfF2v9A0NxYDcfBBup2aMkV%2FWSbWQ5IeLNgw7vn6U5j0%2FlwuzOAfIlNT4v34FCw9WIgEG%2BzPdTINmYKJ%2F6EcTCD1BIpOwM1dKPGcAFzg6hbS%2FoOrxpZ052%2BUztApWTn9E6qckpVfzyLtf3tJq2H9htFFrkzqMEwqqOEEqjdBVhwi361BlYfg%2BWdQ4meydrqJtL%2B%2F5bSBEsevJiKSARXRald026ttGserXREmq502Dbo0FGGXRXODlJpAJRNoOQJ1NRTOQ6E8FImHIvPQF8d1HgRB5AtO%2FbjLeUtEknWEH9AoCWjgd2IUfPaHEfJsBK5H4PYOMnsH22oEW%2FwAd7uCE2fg8inx3v8UA1GhlASlIygpQakIypygHFT3hXZNVz0Q2hUsWOTmIreqscl7e%2FS%2ByXsyJaB2BCuqveyEvDgz0fv49B625XE9jsOEtYOQ%2BrGMhB%2BybiuJY06jiIpmk3M49fDy%2Bmqr3Y5vBVCuBuo87KopiX7%2FApmakpd3XgOjh3D6EFy9AFq8AlpWoLcr7KZf9VTOGsb2IEyFLF9BvuPt6RNybj7Lja0nkPzo4m%2BteYDbCpmt8Il6RtDT98bXTUn2r5vSkSdbWa76apfO5nwjp7k88%2FW7cqc0VmxccaOHb%2FEZMCsf3ZQu36SpUGnPkW8uKSGkXTeWS%2FL9hvtQsmuFu32psGmRbV67vL7Rz6x0Tpl0Ajpb2T8suJqS%2F5%2B7OV%2Fh899dg7IT2KJCvzgii4AyE%2FDsDly21O8MgdVLDss8lEU1tk22vNSKQMtlT1kF96%2BeLeuxpbPXVFV77h56tgaa30XarzCwFQa6AtUjuOLMOM%2Fs0cVfFjKYro2ZtrV9pq3%2Bcm7z7HgMp47rLV9ETCYyYrIdthPJBQtD5vOEs5aIY47cTZPwJ%2F0XAAAA%2F%2F8BAAD%2F%2F7fYP%2FicBAAA

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
designingpupilintermediary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4scxRuunuztBz9UcjIIc1CI4M52z0xP95hDMIkri2s2JhHFS6h%2FPSm3pqup6p6e3YvBgOY4%2BAl6n9lkjQZJroJBZgMeFoWMpz24F7%2BAKOxZZhwcfQ%2F1vm89T8FTz%2Ft%2BvleckCYKenzlPbOrtKZrYcOvn%2F8oCC7UN1VaDOvDuHOr075Qt4M3u52G%2F3r9Hcm3zVrTD3w%2F8IP6urIyMcO1GQiVPeoGja7faDcbQdjG0P63d4UHRz2IwQl5CUpMV555Z6H4BGn%2F8RXptnOTvfF2v9A0NxYDcfBBup2aMkV%2FWSbWQ5IeLNgw7vn6U5j0%2FlwuzOAfIlNT4v34FCw9WIgEG%2BzPdTINmYKJ%2F6EcTCD1BIpOwM1dKPGcAFzg6hbS%2FoOrxpZ052%2BUztApWTn9E6qckpVfzyLtf3tJq2H9htFFrkzqMEwqqOEEqjdBVhwi361BlYfg%2BWdQ4meydrqJtL%2B%2F5bSBEsevJiKSARXRald026ttGserXREmq502Dbo0FGGXRXODlJpAJRNoOQJ1NRTOQ6E8FImHIvPQF8d1HgRB5AtO%2FbjLeUtEknWEH9AoCWjgd2IUfPaHEfJsBK5H4PYOMnsH22oEW%2FwAd7uCE2fg8inx3v8UA1GhlASlIygpQakIypygHFT3hXZNVz0Q2hUsWOTmIreqscl7e%2FS%2ByXsyJaB2BCuqveyEvDgz0fv49B625XE9jsOEtYOQ%2BrGMhB%2BybiuJY06jiIpmk3M49fDy%2Bmqr3Y5vBVCuBuo87KopiX7%2FApmakpd3XgOjh3D6EFy9AFq8AlpWoLcr7KZf9VTOGsb2IEyFLF9BvuPt6RNybj7Lja0nkPzo4m%2BteYDbCpmt8Il6RtDT98bXTUn2r5vSkSdbWa76apfO5nwjp7k88%2FW7cqc0VmxccaOHb%2FEZMCsf3ZQu36SpUGnPkW8uKSGkXTeWS%2FL9hvtQsmuFu32psGmRbV67vL7Rz6x0Tpl0Ajpb2T8suJqS%2F5%2B7OV%2Fh899dg7IT2KJCvzgii4AyE%2FDsDly21O8MgdVLDss8lEU1tk22vNSKQMtlT1kF96%2BeLeuxpbPXVFV77h56tgaa30XarzCwFQa6AtUjuOLMOM%2Fs0cVfFjKYro2ZtrV9pq3%2Bcm7z7HgMp47rLV9ETCYyYrIdthPJBQtD5vOEs5aIY47cTZPwJ%2F0XAAAA%2F%2F8BAAD%2F%2F7fYP%2FicBAAA
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdesigningpupilintermediary.com
FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78
ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST4scxRuunuztBz9UcjIIc1CI4M52z0xP95hDMIkri2s2JhHFS6h%2FPSm3pqup6p6e3YvBgOY4%2BAl6n9lkjQZJroJBZgMeFoWMpz24F7%2BAKOxZZhwcfQ%2F1vm89T8FTz%2Ft%2BvleckCYKenzlPbOrtKZrYcOvn%2F8oCC7UN1VaDOvDuHOr075Qt4M3u52G%2F3r9Hcm3zVrTD3w%2F8IP6urIyMcO1GQiVPeoGja7faDcbQdjG0P63d4UHRz2IwQl5CUpMV555Z6H4BGn%2F8RXptnOTvfF2v9A0NxYDcfBBup2aMkV%2FWSbWQ5IeLNgw7vn6U5j0%2FlwuzOAfIlNT4v34FCw9WIgEG%2BzPdTINmYKJ%2F6EcTCD1BIpOwM1dKPGcAFzg6hbS%2FoOrxpZ052%2BUztApWTn9E6qckpVfzyLtf3tJq2H9htFFrkzqMEwqqOEEqjdBVhwi361BlYfg%2BWdQ4meydrqJtL%2B%2F5bSBEsevJiKSARXRald026ttGserXREmq502Dbo0FGGXRXODlJpAJRNoOQJ1NRTOQ6E8FImHIvPQF8d1HgRB5AtO%2FbjLeUtEknWEH9AoCWjgd2IUfPaHEfJsBK5H4PYOMnsH22oEW%2FwAd7uCE2fg8inx3v8UA1GhlASlIygpQakIypygHFT3hXZNVz0Q2hUsWOTmIreqscl7e%2FS%2ByXsyJaB2BCuqveyEvDgz0fv49B625XE9jsOEtYOQ%2BrGMhB%2BybiuJY06jiIpmk3M49fDy%2Bmqr3Y5vBVCuBuo87KopiX7%2FApmakpd3XgOjh3D6EFy9AFq8AlpWoLcr7KZf9VTOGsb2IEyFLF9BvuPt6RNybj7Lja0nkPzo4m%2BteYDbCpmt8Il6RtDT98bXTUn2r5vSkSdbWa76apfO5nwjp7k88%2FW7cqc0VmxccaOHb%2FEZMCsf3ZQu36SpUGnPkW8uKSGkXTeWS%2FL9hvtQsmuFu32psGmRbV67vL7Rz6x0Tpl0Ajpb2T8suJqS%2F5%2B7OV%2Fh899dg7IT2KJCvzgii4AyE%2FDsDly21O8MgdVLDss8lEU1tk22vNSKQMtlT1kF96%2BeLeuxpbPXVFV77h56tgaa30XarzCwFQa6AtUjuOLMOM%2Fs0cVfFjKYro2ZtrV9pq3%2Bcm7z7HgMp47rLV9ETCYyYrIdthPJBQtD5vOEs5aIY47cTZPwJ%2F0XAAAA%2F%2F8BAAD%2F%2F7fYP%2FicBAAA HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22738568; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32b2c835117b93c3ccbf9c45ed6c33b4
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 187129
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

designingpupilintermediary.com/pixel/sbs?c=1

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
designingpupilintermediary.com/pixel/sbs?c=1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdesigningpupilintermediary.com
FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78
ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22738568; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

decisivewade.com/sbar.json?key=9314a111a083adac7140c7787c32a705&psid=CF-3448_0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1

172.240.108.68

200 OK

8.3 kB

URL GET HTTP/1.1
decisivewade.com/sbar.json?key=9314a111a083adac7140c7787c32a705&psid=CF-3448_0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type
JSON text data
Size
8.3 kB (8273 bytes)
Hash
3fa99a27f7c916f950c51710818d4bd2
126b07560a9208ccc519c0e3153ad6b3b6e43e48
f3394480474f796cb286cfa972ba0e7caecb9f5376492b9ba155dd030a3a5477

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=9314a111a083adac7140c7787c32a705&psid=CF-3448_0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22730152; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:57 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee427cf4c0b909dd0246cd1f011c337d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

decisivewade.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfHXntteqhoS1BEaEJbBOJSzc6snSHjndXMjtfJKaIS9GjxCzafk6aFCrVXJCq0qcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHY6bUP9K5Uiq00a3714ieUXqquy8QNq8N263YruFQ1g7c7rZr%2FZvW9mG%2FrlbpPfZ%2F6tLoqTdzVw5UpCJk%2B7NBax68F9RptBhia%2F%2FfWebDMgxickVcgxWTpqXcekpdI%2Bo%2BuxXY70%2Blb7%2FadYpk2GIijj5LtROcJ%2Bouyazx0k6M5G9o%2BW30CnRzO5EIP%2FiVGckK8H58gSo7mIhENDmY6I4U4QSReQD4oEasSkpXg%2Bg6keEYALnB9A0n%2F3nVtcrbzD8qm6IQsPf8LMp%2BQpd%2FOI%2Bl%2Fe0XJYfWmVi6TOrEYdgvIYQnZK5G6Y2S7Fcj8GDz7HFL8TFaeryPpH2xYpSHF6etdEcaUiXC5IzrBcsDa7eWOaHaXWwGjHdYUzU4UzgySsoTsllDxCMxW4KwHJz24rgeXeuiL0yqnlIa%2B4MxvdzhviDCOWsKnLOxSRv1WG45P%2FzBClo7A1Qjc7CE1e9iWIxj3A%2BxWASuWYLMJ8T7MMRAF8pggtwQ5I8glQZ4R5IPiUChbt8U9oayL6DzX57lRjHXW22eHOuvFCQEzIxhR7Kdn5OWpid6nv97Hdnxa7TRowCilzG83mGA8pIHPw7Ad8kadhX4TVj64urrcCIL2bR%2FSVsCsh105IeEfXyKVE%2FLqzhuI2DGsOgaXL4G518DyAmyrwG5yvyezqKZND0IXSLMlZDvevjojF2azXNt4jJifXP69MQtwUyA1BT6TTwl66u74hs7JwQ2dW%2FJ4I81kX%2B6y6ZxvZiyLz339fryTayPWrtnRg3f4FJiWD2%2FFNltniZBJz5JvrkghYrOqDY%2FJ92v24zjadHbrijOJS9c3r66u9VMTWyt1UoJNV%2FZPAy4n5MULt2YrfPG7TUhTwrgCfXdC5gGpS%2FB0DzZd6LeawKgFJ0o95K4Ym3q0uFSSQMWLnkUF7H%2F6aFGPDZu%2BZrLYt3fRMxWw7A6SfoGBKTBQBZgawbpz4yw1J5d%2FmcuIVGUcKVM5iJRRX81snh6PYOVpNWw0fNbqNGkYsjiMgnq726KCsXrQqrdarIHMTrrNn9zfAAAA%2F%2F8BAAD%2F%2F0FjGC%2BcBAAA

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
decisivewade.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfHXntteqhoS1BEaEJbBOJSzc6snSHjndXMjtfJKaIS9GjxCzafk6aFCrVXJCq0qcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHY6bUP9K5Uiq00a3714ieUXqquy8QNq8N263YruFQ1g7c7rZr%2FZvW9mG%2FrlbpPfZ%2F6tLoqTdzVw5UpCJk%2B7NBax68F9RptBhia%2F%2FfWebDMgxickVcgxWTpqXcekpdI%2Bo%2BuxXY70%2Blb7%2FadYpk2GIijj5LtROcJ%2Bouyazx0k6M5G9o%2BW30CnRzO5EIP%2FiVGckK8H58gSo7mIhENDmY6I4U4QSReQD4oEasSkpXg%2Bg6keEYALnB9A0n%2F3nVtcrbzD8qm6IQsPf8LMp%2BQpd%2FOI%2Bl%2Fe0XJYfWmVi6TOrEYdgvIYQnZK5G6Y2S7Fcj8GDz7HFL8TFaeryPpH2xYpSHF6etdEcaUiXC5IzrBcsDa7eWOaHaXWwGjHdYUzU4UzgySsoTsllDxCMxW4KwHJz24rgeXeuiL0yqnlIa%2B4MxvdzhviDCOWsKnLOxSRv1WG45P%2FzBClo7A1Qjc7CE1e9iWIxj3A%2BxWASuWYLMJ8T7MMRAF8pggtwQ5I8glQZ4R5IPiUChbt8U9oayL6DzX57lRjHXW22eHOuvFCQEzIxhR7Kdn5OWpid6nv97Hdnxa7TRowCilzG83mGA8pIHPw7Ad8kadhX4TVj64urrcCIL2bR%2FSVsCsh105IeEfXyKVE%2FLqzhuI2DGsOgaXL4G518DyAmyrwG5yvyezqKZND0IXSLMlZDvevjojF2azXNt4jJifXP69MQtwUyA1BT6TTwl66u74hs7JwQ2dW%2FJ4I81kX%2B6y6ZxvZiyLz339fryTayPWrtnRg3f4FJiWD2%2FFNltniZBJz5JvrkghYrOqDY%2FJ92v24zjadHbrijOJS9c3r66u9VMTWyt1UoJNV%2FZPAy4n5MULt2YrfPG7TUhTwrgCfXdC5gGpS%2FB0DzZd6LeawKgFJ0o95K4Ym3q0uFSSQMWLnkUF7H%2F6aFGPDZu%2BZrLYt3fRMxWw7A6SfoGBKTBQBZgawbpz4yw1J5d%2FmcuIVGUcKVM5iJRRX81snh6PYOVpNWw0fNbqNGkYsjiMgnq726KCsXrQqrdarIHMTrrNn9zfAAAA%2F%2F8BAAD%2F%2F0FjGC%2BcBAAA
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfHXntteqhoS1BEaEJbBOJSzc6snSHjndXMjtfJKaIS9GjxCzafk6aFCrVXJCq0qcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHY6bUP9K5Uiq00a3714ieUXqquy8QNq8N263YruFQ1g7c7rZr%2FZvW9mG%2FrlbpPfZ%2F6tLoqTdzVw5UpCJk%2B7NBax68F9RptBhia%2F%2FfWebDMgxickVcgxWTpqXcekpdI%2Bo%2BuxXY70%2Blb7%2FadYpk2GIijj5LtROcJ%2Bouyazx0k6M5G9o%2BW30CnRzO5EIP%2FiVGckK8H58gSo7mIhENDmY6I4U4QSReQD4oEasSkpXg%2Bg6keEYALnB9A0n%2F3nVtcrbzD8qm6IQsPf8LMp%2BQpd%2FOI%2Bl%2Fe0XJYfWmVi6TOrEYdgvIYQnZK5G6Y2S7Fcj8GDz7HFL8TFaeryPpH2xYpSHF6etdEcaUiXC5IzrBcsDa7eWOaHaXWwGjHdYUzU4UzgySsoTsllDxCMxW4KwHJz24rgeXeuiL0yqnlIa%2B4MxvdzhviDCOWsKnLOxSRv1WG45P%2FzBClo7A1Qjc7CE1e9iWIxj3A%2BxWASuWYLMJ8T7MMRAF8pggtwQ5I8glQZ4R5IPiUChbt8U9oayL6DzX57lRjHXW22eHOuvFCQEzIxhR7Kdn5OWpid6nv97Hdnxa7TRowCilzG83mGA8pIHPw7Ad8kadhX4TVj64urrcCIL2bR%2FSVsCsh105IeEfXyKVE%2FLqzhuI2DGsOgaXL4G518DyAmyrwG5yvyezqKZND0IXSLMlZDvevjojF2azXNt4jJifXP69MQtwUyA1BT6TTwl66u74hs7JwQ2dW%2FJ4I81kX%2B6y6ZxvZiyLz339fryTayPWrtnRg3f4FJiWD2%2FFNltniZBJz5JvrkghYrOqDY%2FJ92v24zjadHbrijOJS9c3r66u9VMTWyt1UoJNV%2FZPAy4n5MULt2YrfPG7TUhTwrgCfXdC5gGpS%2FB0DzZd6LeawKgFJ0o95K4Ym3q0uFSSQMWLnkUF7H%2F6aFGPDZu%2BZrLYt3fRMxWw7A6SfoGBKTBQBZgawbpz4yw1J5d%2FmcuIVGUcKVM5iJRRX81snh6PYOVpNWw0fNbqNGkYsjiMgnq726KCsXrQqrdarIHMTrrNn9zfAAAA%2F%2F8BAAD%2F%2F0FjGC%2BcBAAA HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20ce56284ae1404bd601e769c08a7d5e
Strict-Transport-Security: max-age=0; includeSubdomains

decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

188.114.96.1

200 OK

591 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 308173
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=th1NOy17NoOecX9MJMUwih8DebrOYP6PFOaK3C4qFfNjq4IycQu9UYIw8LQYQGBkHnw3ZhcbgeeX34imErpqYe9YpOIByHwPpv85lTnx4Qi0wR%2BuebwRSoQ%2BOk0p6Ehha5tm8oRH4bXU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63bc09e3eb524-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

188.114.96.1

200 OK

961 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
961 B (961 bytes)
Hash
039a6734d79ed9aa51cf81c52479c5fe
9cf29c4ea1a3880681d50c7228374f8073b7778b
a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 291773
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QP%2F%2FbCMQUVTkC7WAORnsV8D5SkmOpHhD7XUdhaAVetjZN4wlI9v592%2F7f015Wn7PcTWOwVnSxF8FUzIpxIM5FwMNRJfzXx2Xu%2FFnR9S72uza7vqH4%2BRtRNPhl5PH5ZbFbqACk5CbnCZJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63bbffd9bb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
16 kB (16093 bytes)
Hash
14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af

HTTP Headers

GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Mon, 06 May 2024 05:53:57 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 187138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:40:35 GMT
expires: Fri, 02 May 2025 22:40:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 112403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css

188.114.96.1

200 OK

5.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
5.2 kB (5217 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 59511
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2B05NmUjMBsqNVLUbQVRD87H0rncs7OflpEwzmr2rn2SaS%2FFTKtjb%2BZIkrBmi1Myeahd4J0mtLZ93%2Fuo6jywQWSFl0TCWdp19REXTSGojEoqyWpll4ga51j02KPaIUYj9rEnLgB3ZDB4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63bbfed99b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

decisivewade.com/pixel/sbs?c=1

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/pixel/sbs?c=1
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

gitb.org/favicon.ico

45.143.99.2

404 Not Found

1.2 kB

URL GET HTTP/3
gitb.org/favicon.ico
IP
45.143.99.2:443
ASN
#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectgitb.org
Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3
ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT

File type
HTML document, ASCII text, with very long lines (1276), with no line terminators
Size
1.2 kB (1238 bytes)
Hash
24b426fea67958554911ff4c943fdfe4
b92889146d4c1bbddccabe58ca15c814ea066f72
335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1; sb_main_885fb415a08e7d05b93f88ca77ad22cc=1; sb_count_885fb415a08e7d05b93f88ca77ad22cc=1; pp_main_19c33ba37280f60914e325fce07da677=1; sb_main_9314a111a083adac7140c7787c32a705=1; sb_idelay_9314a111a083adac7140c7787c32a705=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 04 May 2024 05:53:46 GMT
server: LiteSpeed

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.3

200 OK

1.3 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text, with very long lines (1405), with no line terminators
Size
1.3 kB (1325 bytes)
Hash
5373f3c4843345dde67db670323b2d54
666b2db9872196e52a2bc902111de5e37aa1ae28
e398fbdac28494dec6505fb0143d4cd41cee83989517e12c13ea113fef006fda

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 06:53:57 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.3

200 OK

1.3 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text, with very long lines (1405), with no line terminators
Size
1.3 kB (1325 bytes)
Hash
5373f3c4843345dde67db670323b2d54
666b2db9872196e52a2bc902111de5e37aa1ae28
e398fbdac28494dec6505fb0143d4cd41cee83989517e12c13ea113fef006fda

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 06:53:48 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

decisivewade.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfXXntteqhoS1BEaEJbBOJSzc7MOkPGO6uZHa%2BTU0Ql6NHiF2w%2BJ00LFWqvSFTIqcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHo6bUP9K5Uiq40a3714idBcKm6LlM3qA7ardut8FLV9N%2FutGr%2Bm9X3BNvWK3U%2F8P3AD6qr0ohED1amIGT2sBPUOn4trNeCZoiB%2BX9vnQdLPfD%2BGXkFkk%2BWnnrnIdkYae%2FRNWG3c5299W7PKZprgz4%2F%2BijdTnWRorcoE%2BMhSY%2FmbGj7bPUJdHo4kwvd%2F5cYywnxfnyCOD2ai0TcP5jpjBVEipi%2FgKI%2FhlBjSDoG03cg%2BTMCMI7rG0h7965rU9Cdf1A6RSdk6flfkMWELP12Hmnv2ytKDqo3tXK51KnFICkhB2PI7hiZO0a%2BW4EsjsHyzyH5z2Tl%2BTrS3sGGVRqSn76e8EgElEfLHd4Jl0Pabi93eDNZboU06NAmb3biaGaQlGPIZAwlhqC2Amc9OOnBJR5c5qHHT6ssCILI54z67Q5jDR6JuMX9gEZJQAO%2F1YZj0z8MkWdDMDUEM3vIzB625RDG%2FQC7VcLyJdh8QrwPC%2FR5iUIQFJagoASFJChygqJfHnJl67a8x5V1cTDP9XlulCOdd%2Ffpoc67IiWgZgjDy%2F3sjLw8NdH79Nf72Ban1U4jCGkQBNRvNyinLApCn0VRO2KNOo38Jqx8cHV1uRGG7ds%2BpK2AWg%2B7ckKiP75EJifk1Z03ENNjWHUMJl8Cda%2BBFiXoVond9H5X5nFNmy64LpHlS8h3vH11Ri7MZrm28RiCnVz%2BvTELMFMiMyU%2Bk08Juuru6IYuyMENXVjyeCPLZU%2Fu0umcb%2BY0F%2Be%2Bfl%2FsFNrwtWt2%2BOAdNgWm5cNbwubrNOUy7VryzRXJuTCr2jBBvl%2BzH4t409mtK86kLlvfvLq61suMsFbqdAw6Xdk%2FDZickBcv3Jqt8MXvNiHNGMaV6LkTMg9IPQbL9mCzhX6rCYxacOLMQ%2BHKkanHi0slCZRY9DQuYf%2FTx4t6ZOj0NZXlvr2LrqmA5neQ9kr0TYm%2BKkHVENadG%2BWZObn8y1xGrCqjWJnKQayM%2Bmpm8%2FR4BCtPqw2fR7FIRBSLsBkmgvG42Yx9lrC4wdtthtxOkuZP7m8AAAD%2F%2FwEAAP%2F%2FwbfNx5wEAAA%3D

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
decisivewade.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfXXntteqhoS1BEaEJbBOJSzc7MOkPGO6uZHa%2BTU0Ql6NHiF2w%2BJ00LFWqvSFTIqcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHo6bUP9K5Uiq40a3714idBcKm6LlM3qA7ardut8FLV9N%2FutGr%2Bm9X3BNvWK3U%2F8P3AD6qr0ohED1amIGT2sBPUOn4trNeCZoiB%2BX9vnQdLPfD%2BGXkFkk%2BWnnrnIdkYae%2FRNWG3c5299W7PKZprgz4%2F%2BijdTnWRorcoE%2BMhSY%2FmbGj7bPUJdHo4kwvd%2F5cYywnxfnyCOD2ai0TcP5jpjBVEipi%2FgKI%2FhlBjSDoG03cg%2BTMCMI7rG0h7965rU9Cdf1A6RSdk6flfkMWELP12Hmnv2ytKDqo3tXK51KnFICkhB2PI7hiZO0a%2BW4EsjsHyzyH5z2Tl%2BTrS3sGGVRqSn76e8EgElEfLHd4Jl0Pabi93eDNZboU06NAmb3biaGaQlGPIZAwlhqC2Amc9OOnBJR5c5qHHT6ssCILI54z67Q5jDR6JuMX9gEZJQAO%2F1YZj0z8MkWdDMDUEM3vIzB625RDG%2FQC7VcLyJdh8QrwPC%2FR5iUIQFJagoASFJChygqJfHnJl67a8x5V1cTDP9XlulCOdd%2Ffpoc67IiWgZgjDy%2F3sjLw8NdH79Nf72Ban1U4jCGkQBNRvNyinLApCn0VRO2KNOo38Jqx8cHV1uRGG7ds%2BpK2AWg%2B7ckKiP75EJifk1Z03ENNjWHUMJl8Cda%2BBFiXoVond9H5X5nFNmy64LpHlS8h3vH11Ri7MZrm28RiCnVz%2BvTELMFMiMyU%2Bk08Juuru6IYuyMENXVjyeCPLZU%2Fu0umcb%2BY0F%2Be%2Bfl%2FsFNrwtWt2%2BOAdNgWm5cNbwubrNOUy7VryzRXJuTCr2jBBvl%2BzH4t409mtK86kLlvfvLq61suMsFbqdAw6Xdk%2FDZickBcv3Jqt8MXvNiHNGMaV6LkTMg9IPQbL9mCzhX6rCYxacOLMQ%2BHKkanHi0slCZRY9DQuYf%2FTx4t6ZOj0NZXlvr2LrqmA5neQ9kr0TYm%2BKkHVENadG%2BWZObn8y1xGrCqjWJnKQayM%2Bmpm8%2FR4BCtPqw2fR7FIRBSLsBkmgvG42Yx9lrC4wdtthtxOkuZP7m8AAAD%2F%2FwEAAP%2F%2FwbfNx5wEAAA%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://gitb.org/watch-link/?=xxx0305xxx
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfXXntteqhoS1BEaEJbBOJSzc7MOkPGO6uZHa%2BTU0Ql6NHiF2w%2BJ00LFWqvSFTIqcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHo6bUP9K5Uiq40a3714idBcKm6LlM3qA7ardut8FLV9N%2FutGr%2Bm9X3BNvWK3U%2F8P3AD6qr0ohED1amIGT2sBPUOn4trNeCZoiB%2BX9vnQdLPfD%2BGXkFkk%2BWnnrnIdkYae%2FRNWG3c5299W7PKZprgz4%2F%2BijdTnWRorcoE%2BMhSY%2FmbGj7bPUJdHo4kwvd%2F5cYywnxfnyCOD2ai0TcP5jpjBVEipi%2FgKI%2FhlBjSDoG03cg%2BTMCMI7rG0h7965rU9Cdf1A6RSdk6flfkMWELP12Hmnv2ytKDqo3tXK51KnFICkhB2PI7hiZO0a%2BW4EsjsHyzyH5z2Tl%2BTrS3sGGVRqSn76e8EgElEfLHd4Jl0Pabi93eDNZboU06NAmb3biaGaQlGPIZAwlhqC2Amc9OOnBJR5c5qHHT6ssCILI54z67Q5jDR6JuMX9gEZJQAO%2F1YZj0z8MkWdDMDUEM3vIzB625RDG%2FQC7VcLyJdh8QrwPC%2FR5iUIQFJagoASFJChygqJfHnJl67a8x5V1cTDP9XlulCOdd%2Ffpoc67IiWgZgjDy%2F3sjLw8NdH79Nf72Ban1U4jCGkQBNRvNyinLApCn0VRO2KNOo38Jqx8cHV1uRGG7ds%2BpK2AWg%2B7ckKiP75EJifk1Z03ENNjWHUMJl8Cda%2BBFiXoVond9H5X5nFNmy64LpHlS8h3vH11Ri7MZrm28RiCnVz%2BvTELMFMiMyU%2Bk08Juuru6IYuyMENXVjyeCPLZU%2Fu0umcb%2BY0F%2Be%2Bfl%2FsFNrwtWt2%2BOAdNgWm5cNbwubrNOUy7VryzRXJuTCr2jBBvl%2BzH4t409mtK86kLlvfvLq61suMsFbqdAw6Xdk%2FDZickBcv3Jqt8MXvNiHNGMaV6LkTMg9IPQbL9mCzhX6rCYxacOLMQ%2BHKkanHi0slCZRY9DQuYf%2FTx4t6ZOj0NZXlvr2LrqmA5neQ9kr0TYm%2BKkHVENadG%2BWZObn8y1xGrCqjWJnKQayM%2Bmpm8%2FR4BCtPqw2fR7FIRBSLsBkmgvG42Yx9lrC4wdtthtxOkuZP7m8AAAD%2F%2FwEAAP%2F%2FwbfNx5wEAAA%3D HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d83aeefc659bbe546af158c2dfce390d
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash