| gitb.org/watch-link/?=xxx0305xxx | 45.143.99.2 | 200 OK | 35 kB |
URL User Request GET HTTP/2gitb.org/watch-link/?=xxx0305xxx IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typeHTML document, ASCII text, with very long lines (9779), with CRLF, LF line terminators Hash0ad4e97ab68d90a431021405d3de5f3e cdcbd91b24c7576c01a6fa8455a2298a6f6bad2e 5af4366570dc18b1d7b6ea71e009e15c78c742a9161963cd83ddd69a15754d15
GET /watch-link/?=xxx0305xxx HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/8.0.30
content-type: text/html; charset=UTF-8
x-ua-compatible: IE=edge
link: <https://gitb.org/wp-json/>; rel="https://api.w.org/", <https://gitb.org/wp-json/wp/v2/pages/52>; rel="alternate"; type="application/json", <https://gitb.org/?p=52>; rel=shortlink
content-length: 34618
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 05:53:43 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| gitb.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 | 45.143.99.2 | 200 OK | 13 kB |
URL GET HTTP/3gitb.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typeASCII text, with very long lines (59701) Hash51a8390b47aa0582cf2d9c96c5addee2 b16a640874025d085c38119a1a02a3460f83f2de 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 03:55:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12823
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
|
|
| gitb.org/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 | 45.143.99.2 | 200 OK | 4.1 kB |
URL GET HTTP/3gitb.org/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typeASCII text, with very long lines (19564), with no line terminators Hash867585929ee8b21749cdefa675d9aa11 afbd7bc967068d4e804641f4b1df78ab37417144 bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d
GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: text/css
last-modified: Wed, 28 Feb 2024 13:10:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4101
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed
|
|
| gitb.org/wp-content/uploads/2024/03/tg.png | 45.143.99.2 | 200 OK | 29 kB |
URL GET HTTP/3gitb.org/wp-content/uploads/2024/03/tg.png IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typePNG image data, 768 x 181, 8-bit/color RGBA, non-interlaced Hash860908cfa697542ec3589fc43c01f701 c229b515d6d48b51d6268c2a26877c6b1fc94b68 c1373a3e5458cb3fc4330c8bf2efaab4a07b61f178abdcc25ee860f95d9729dc
GET /wp-content/uploads/2024/03/tg.png HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: image/png
last-modified: Fri, 15 Mar 2024 20:57:28 GMT
accept-ranges: bytes
content-length: 28931
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed
|
|
| gitb.org/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 | 45.143.99.2 | 200 OK | 1.5 kB |
URL GET HTTP/3gitb.org/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typeJavaScript source, ASCII text, with very long lines (6957), with no line terminators Hash70bb4fab119eb133cae33105b69f65cb 0c78a77e06be020674ca82d28b02a712615f7b35 395121e5b9981325951ef88bec68d065d23087b16a70d4459109e1dd84a10936
GET /wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.4.0 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:44 GMT
content-type: application/javascript
last-modified: Wed, 28 Feb 2024 13:10:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1460
date: Sat, 04 May 2024 05:53:44 GMT
server: LiteSpeed
|
|
| www.topcreativeformat.com/8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js | 192.243.59.20 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31300), with no line terminators Hash9921c80fb502a3f4fa99a001853c1bb6 a6b109c7114afa4bc697734ab43dec72e18fab6f 29843ded9d65e0544f2d02bd37d0bcb8d161041a63596ce02d2a9d05cf5652cd
GET /8d05a934261dd9e2aebbdaa40a9c68c4/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de27f7121341af3087a218a785d5a931
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pl22839067.profitablegatecpm.com/88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js | 172.240.127.234 | 200 OK | 16 kB |
URL GET HTTP/1.1pl22839067.profitablegatecpm.com/88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, ASCII text, with very long lines (45353), with no line terminators Hashd0b243c62397a6d409df847cd05cf326 c8610839b3f2aeb270d99c2b98259cb4d1c1666c e743472fcf1d0541dc2739a068c98cf5fda4abbecc6806d1a40fbac6b474e56b
GET /88/5f/b4/885fb415a08e7d05b93f88ca77ad22cc.js HTTP/1.1
Host: pl22839067.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Tue, 07 May 2024 08:53:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2cf81691e349ae6de11053546ea9c38
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pl22839066.profitablegatecpm.com/19/c3/3b/19c33ba37280f60914e325fce07da677.js | 172.240.127.234 | 200 OK | 31 kB |
URL GET HTTP/1.1pl22839066.profitablegatecpm.com/19/c3/3b/19c33ba37280f60914e325fce07da677.js IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd40fa76516c600055f99177708d05ce8 69da4afd00a4ea99fbdaf8406c5be5c614c80ec8 d9fba480e8775fa1a93994009865997729dbed971201d4964c0dbe4b161a62ac
GET /19/c3/3b/19c33ba37280f60914e325fce07da677.js HTTP/1.1
Host: pl22839066.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 934a1063b3b3b0b6decd76cc60309b78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js | 192.243.59.20 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31262), with no line terminators Hash17b22bb20de7f95f3f6b833381a5995f a13449fbaeef063a7403b325a15bccb9ecf8f4a6 b07ebf3cd0a0fe8da09ad0b7dec17463250ea91a8248a3fe4bfa3dc835092ac5
GET /ba160ebdb7ae4c2d376f0f8dc238ac96/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b20654786646d6dfaf0a57457221a079
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hash353dbae1e1b45a750770ae51bef13ba7 465917a2a0bbb947e9727e7f08b584a82aa6fb81 9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 05:53:46 GMT
Last-Modified: Sat, 04 May 2024 05:04:56 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 42bac5f1aabdd1402109b9e5f2ab1414.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: ANssLR1ENA9GD2Muvh2KA1LWjZQG3X5Ovb2mK2FpfrYq3fkROksRsA==
Age: 2930
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash3b0b0360c634fc9678cd14fddbeeee05 dd3cc1de563627a9e1b22253540f3594e587869a b457f03b22f85c46bb0dd20e803d2ce8427cf8b0f2347d2325d9608148ad7dce
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitb.org
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ae4b3cd4-0306-480c-abf4-395aaac96b7e:2:1; expires=Tue, 02 May 2034 05:53:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashb429eb24f709cac13fdb01bda0dda113 73c8457fd534f30982eb63461c35f5221ada310f d39d626d55620260f02d852a85c691d26efd262ca308b7258bd6fb298d75a278
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://gitb.org
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Tue, 02 May 2034 05:53:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/de99a652586bb57820d519c7eb88870f/invoke.js | 192.243.59.20 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/de99a652586bb57820d519c7eb88870f/invoke.js IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31281), with no line terminators Hashf074b1098b1ef59f588cfb79adde00f3 8fe4f0b7784cc1369273fd6a15030ff1183f5b13 1dc583b650cfa58d7194724fda3fb5a1d18b60330e9cd08cdeea574bacc177a0
GET /de99a652586bb57820d519c7eb88870f/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 480b94aebca341bd7b2e5ae4c5b89c79
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| gitb.org/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 | 45.143.99.2 | 200 OK | 4.0 kB |
URL GET HTTP/3gitb.org/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typeJavaScript source, ASCII text, with very long lines (15752) Hashb976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 05:53:45 GMT
content-type: application/javascript
last-modified: Wed, 03 Apr 2024 03:55:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4037
date: Sat, 04 May 2024 05:53:45 GMT
server: LiteSpeed
|
|
| misuseproductions.com/93/14/a1/9314a111a083adac7140c7787c32a705.js | 192.243.61.225 | 200 OK | 16 kB |
URL GET HTTP/1.1misuseproductions.com/93/14/a1/9314a111a083adac7140c7787c32a705.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectmisuseproductions.com FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6 ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT
File typeJavaScript source, ASCII text, with very long lines (44028), with no line terminators Hashca0bf1d77c7c448638050dad1bd126e1 cd4cc11352645221bc9afbb8faae5f1c79e754d6 62a6ceda6f009b9e02705c5c78af1d9a316f0f2fd754800b3ca209eed1d81f50
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /93/14/a1/9314a111a083adac7140c7787c32a705.js HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 08:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 412cf78b5a970fe7e064f53e3a75f032
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| misuseproductions.com/watch.437024946035.js?key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 | 172.240.253.132 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1misuseproductions.com/watch.437024946035.js?key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 IP172.240.253.132:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectmisuseproductions.com FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6 ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.437024946035.js?key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Location: https://misuseproductions.com/watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1
Set-Cookie: u_pl=22697098; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5OCwiayI6IjhkMDVhOTM0MjYxZGQ5ZTJhZWJiZGFhNDBhOWM2OGM0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoibXBlODh5a2VwZSIsImNwa3MiOnsiMjkiOiI5MzE0YTExMWEwODNhZGFjNzE0MGM3Nzg3YzMyYTcwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.OUoMeIpOxYy3BELm8S7DuOBCdg6913Dap8WksHYdQ6U; expires=Sat, 04 May 2024 05:54:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 438c6283b835aa5e6476427ffae535fc
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| hunchsewingproxy.com/watch.1176979019121.js?key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 | 192.243.59.13 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1hunchsewingproxy.com/watch.1176979019121.js?key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjecthunchsewingproxy.com FingerprintCF:1D:62:33:6B:D3:BF:31:A0:28:BB:E3:F3:E4:1F:F7:F1:90:3C:BE ValidityMon, 29 Apr 2024 08:24:00 GMT - Sun, 28 Jul 2024 08:23:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1176979019121.js?key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: hunchsewingproxy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Location: https://hunchsewingproxy.com/watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
Set-Cookie: u_pl=22697095; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5NSwiayI6ImJhMTYwZWJkYjdhZTRjMmQzNzZmMGY4ZGMyMzhhYzk2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjcsInB0Ijo0LCJwayI6InE4eHZ4aDhrIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0Yi5vcmcvd2F0Y2gtbGluay8_PXh4eDAzMDV4eHgiLCJhciI6W119fQ.jK83ROVjkh9hsrggmGKdyIHO_S5xKHgvooD1tvRcJMY; expires=Sat, 04 May 2024 05:54:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 275bfbdcb3f8d4050018ca93934828b6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| dudleynutmeg.com/watch.1091538150120.js?key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 | 172.240.108.76 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1dudleynutmeg.com/watch.1091538150120.js?key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 IP172.240.108.76:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1091538150120.js?key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&tz=0&dev=e&res=14.2071&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Location: https://dudleynutmeg.com/watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1
Set-Cookie: u_pl=22697121; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzEyMSwiayI6ImRlOTlhNjUyNTg2YmI1NzgyMGQ1MTljN2ViODg4NzBmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InRicjhzYTU3bSIsImNwa3MiOnsiMjgiOiI4M2EzM2E1YTYxNWRmNjMxZWI4M2IxZDA0MTFiNzJmZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.V7J0-H8OFffgz1zFrucwP5IEl7UjmL1pZg12cf1brn0; expires=Sat, 04 May 2024 05:54:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f29b81659f718f5eb48dfbbd1a9e44a7
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| misuseproductions.com/watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 | 192.243.61.225 | 200 OK | 2.0 kB |
URL GET HTTP/1.1misuseproductions.com/watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectmisuseproductions.com FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6 ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT
File typeJavaScript source, ASCII text, with very long lines (2514) Hash5f5fe04afd1f63a9329d5ebc461b818e 90a18141a3b9a89f8ab6c177581d252d789cea97 f35b271678cf437ae7a0b48c2773be5e221bb8af0b31fb35ab62e5710ac75c78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.437024946035.js?dev=e&key=8d05a934261dd9e2aebbdaa40a9c68c4&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=84e2d316c45642bb39d7c4543a5b27c7e88b858147ff7b3dccb0c3409b589ee6645f3c233802b05e00883f08acf1412bfb5fa838313a78bad1b8ca30bf3b86599d29b12e1aff9216a976da249d5b05ad1f39fea2830df5597f6e02e6539666&tz=0&uuid=ae4b3cd4-0306-480c-abf4-395aaac96b7e%3A2%3A1 HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
Referer: https://gitb.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22697098; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5OCwiayI6IjhkMDVhOTM0MjYxZGQ5ZTJhZWJiZGFhNDBhOWM2OGM0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoibXBlODh5a2VwZSIsImNwa3MiOnsiMjkiOiI5MzE0YTExMWEwODNhZGFjNzE0MGM3Nzg3YzMyYTcwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.OUoMeIpOxYy3BELm8S7DuOBCdg6913Dap8WksHYdQ6U
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ae4b3cd4-0306-480c-abf4-395aaac96b7e:2:1; expires=Sat, 11 May 2024 05:53:47 GMT; secure; SameSite=None
iprce27e62c9fa571f62f5b081a27e1912fb=5191357; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a17fa43b626c71f6525226bd775b8d8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| coexistsafetyghost.com/pixel/purst?dl=0&th=0&sc=0&rs=1792&rd=1792&fd=782&bv=24.5.6485&tmpl=70 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1coexistsafetyghost.com/pixel/purst?dl=0&th=0&sc=0&rs=1792&rd=1792&fd=782&bv=24.5.6485&tmpl=70 IP172.240.108.68:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcoexistsafetyghost.com Fingerprint4D:41:7B:FB:11:3F:3C:36:DB:78:BA:88:80:F1:D4:F5:CC:80:DD:9C ValidityMon, 29 Apr 2024 13:15:24 GMT - Sun, 28 Jul 2024 13:15:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=1792&rd=1792&fd=782&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: coexistsafetyghost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| hunchsewingproxy.com/watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 | 192.243.59.13 | 200 OK | 2.5 kB |
URL GET HTTP/1.1hunchsewingproxy.com/watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjecthunchsewingproxy.com FingerprintCF:1D:62:33:6B:D3:BF:31:A0:28:BB:E3:F3:E4:1F:F7:F1:90:3C:BE ValidityMon, 29 Apr 2024 08:24:00 GMT - Sun, 28 Jul 2024 08:23:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3131) Hash3e824f68338389b86ac0f6249f5b1790 e6663c8cfbc97ba0bc33c2650e5d15492eebaf32 8b410be7f8ab0b66bdb52a9aa2a43686a34ab7da8aa8f7f3b8ef82ca3b8b7eb3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1176979019121.js?dev=e&key=ba160ebdb7ae4c2d376f0f8dc238ac96&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=285bdf9f8178adfd57b3d1ec33c6f532694603740304703aa69789f66a392a236fdbb2eeb68467559afa01e2722f33f77ffc00c80f7b628ca637f38049af2af3934cd0de234d78a4803adab0d3cc3b73e3ef1b595a924f5dae362b11166347&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: hunchsewingproxy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
Referer: https://gitb.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22697095; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzA5NSwiayI6ImJhMTYwZWJkYjdhZTRjMmQzNzZmMGY4ZGMyMzhhYzk2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjcsInB0Ijo0LCJwayI6InE4eHZ4aDhrIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2l0Yi5vcmcvd2F0Y2gtbGluay8_PXh4eDAzMDV4eHgiLCJhciI6W119fQ.jK83ROVjkh9hsrggmGKdyIHO_S5xKHgvooD1tvRcJMY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:47 GMT; secure; SameSite=None
iprc0c3d680322549836492107fa1d328dfd=3569683; expires=Sat, 04 May 2024 09:53:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv27=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs27=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61230ef35ee9e12bb0cb9082d4d55bb5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| dudleynutmeg.com/83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js | 172.240.108.76 | 200 OK | 30 kB |
URL GET HTTP/1.1dudleynutmeg.com/83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js IP172.240.108.76:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha5f53294a25794ca35d6aa434b37f838 73e951b59ca017873db57afd1a798a48151ec557 ab46321b18421fd84cddbae340b07eff65a39e15f1a27e953507707416a33a22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /83/a3/3a/83a33a5a615df631eb83b1d0411b72fe.js HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 660ac747ecd01258059bbfb673b1b473
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| dudleynutmeg.com/watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 | 172.240.108.76 | 200 OK | 2.3 kB |
URL GET HTTP/1.1dudleynutmeg.com/watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 IP172.240.108.76:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeJavaScript source, ASCII text, with very long lines (2930) Hash2ce5baca8624fb14f628051a3149900d 69d29d26f225379cc09afcf2d58592483773d2ae f792baee922e107981a112dd38c91233b1523229aff68475d8c8d29d41fd285f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1091538150120.js?dev=e&key=de99a652586bb57820d519c7eb88870f&kw=%5B%5D&pst=1714802087&refer=https%3A%2F%2Fgitb.org%2Fwatch-link%2F%3F%3Dxxx0305xxx&res=14.2071&rmtc=t&shu=07f84a8be43c3db6b628c27d12f776d9d6661182c46bf9dc3f11b365824c85d4a6335c8499b9e0d6ce1f5b0b14d0696e5276e93e4d1561eccb23c5def55fb5b53e7118770b839b638d739b732451dded3ae5d4329701194c003cda679ac831&tz=0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
Referer: https://gitb.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22697121; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY5NzEyMSwiayI6ImRlOTlhNjUyNTg2YmI1NzgyMGQ1MTljN2ViODg4NzBmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjY2MDU1LCJwaWQiOjE3MzQ5NDksImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InRicjhzYTU3bSIsImNwa3MiOnsiMjgiOiI4M2EzM2E1YTYxNWRmNjMxZWI4M2IxZDA0MTFiNzJmZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9naXRiLm9yZy93YXRjaC1saW5rLz89eHh4MDMwNXh4eCIsImFyIjpbXX19.V7J0-H8OFffgz1zFrucwP5IEl7UjmL1pZg12cf1brn0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 05 May 2024 05:53:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 001c7d14cde07ff1710c277800c3ca9a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/17/19/34/171934cf2a024c013ac2c2b0805d9eae/1711620479.jpg | 45.133.44.9 | 200 OK | 75 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/17/19/34/171934cf2a024c013ac2c2b0805d9eae/1711620479.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, baseline, precision 8, 300x250, components 3 Hash156f3383d85fab2d082c4d0e64549de1 0b475fdfafa1cfae8ddd899beb3d2e7120f99d06 ae5f621f49ad4c3cd9b5c19f1e244097c627a02349dc9c50da49455f4c44a107
GET /cti/17/19/34/171934cf2a024c013ac2c2b0805d9eae/1711620479.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:47 GMT
content-type: image/jpeg
content-length: 75237
server: nginx/1.21.6
last-modified: Thu, 28 Mar 2024 10:08:08 GMT
etag: "66054188-125e5"
expires: Mon, 06 May 2024 05:53:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/a7/81/a3/a781a3f5b0f5e23bdd2dd0518e7f7682/1658915583.png | 45.133.44.9 | 200 OK | 59 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/a7/81/a3/a781a3f5b0f5e23bdd2dd0518e7f7682/1658915583.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced Hasha8d87e991a22e21fd415f8484a2c798d 512ec0da7b33b71c73453271860fae0a0e23c627 a26bd031fca0ac99e2ee032b81812e714bb94834b7ca304fbdf2aafd5c192045
GET /cti/a7/81/a3/a781a3f5b0f5e23bdd2dd0518e7f7682/1658915583.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:47 GMT
content-type: image/png
content-length: 59343
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:53:11 GMT
etag: "62e10b07-e7cf"
expires: Mon, 06 May 2024 05:53:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/dd/13/a8/dd13a8a9f8fc637ee941ddb353b9ae48/1708593093.jpg | 45.133.44.9 | 200 OK | 25 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/dd/13/a8/dd13a8a9f8fc637ee941ddb353b9ae48/1708593093.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, baseline, precision 8, 320x50, components 3 Hashf80ea110b43a5bb9f19df3c8c5a1177b 26d3866801fd818c2081a08a3c85b242c95ff841 db529015bce32b9bfc72833a9abfa366b60ddb0e46e2c470c1b66aa58a6dca15
GET /cti/dd/13/a8/dd13a8a9f8fc637ee941ddb353b9ae48/1708593093.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:47 GMT
content-type: image/jpeg
content-length: 25093
server: nginx/1.21.6
last-modified: Thu, 22 Feb 2024 09:11:41 GMT
etag: "65d70fcd-6205"
expires: Mon, 06 May 2024 05:53:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| capaciousdrewreligion.com/advertisers.js | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1capaciousdrewreligion.com/advertisers.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcapaciousdrewreligion.com Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e387cb51e39873336bb7e0210a12fca9
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| downstairsnegotiatebarren.com/sfp.js | 172.67.180.87 | 200 OK | 29 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP172.67.180.87:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b8812bf7061a4dc53c147771156e4f07
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 05:53:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wam6Bru3Wu0EEJPBB1loHRuDGqjKGeY85l0oEQS5Kotq0HdQMRns34gWlvDoulAyoAzZvDmxxk%2F16ke3%2BKeSzEJDvBokjnzSyo4N7m3ypXUO13iDNnYk%2BvSHBvpaUpr4U4vFNxj3f9Qf3Btsp71i9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b7f1d6c56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| designingpupilintermediary.com/sbar.json?key=885fb415a08e7d05b93f88ca77ad22cc&psid=CF-3448_1&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 | 192.243.61.225 | 200 OK | 8.4 kB |
URL GET HTTP/1.1designingpupilintermediary.com/sbar.json?key=885fb415a08e7d05b93f88ca77ad22cc&psid=CF-3448_1&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdesigningpupilintermediary.com FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78 ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT
Hashf7f827613f887fd18714606c74543a57 274627a28d53f6401ee25c775cfb172413d940dc 50515036af2808eac46b88ba22191cff484a7eb447f2a40cc682d5cd6be68ab7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=885fb415a08e7d05b93f88ca77ad22cc&psid=CF-3448_1&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22738568; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:48 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 05:53:48 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e55aa0108085fb9480bc03080ef1d5c1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| designingpupilintermediary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuunuT2gx8qe3IR5qCwgpl0z7%2FucQ%2BL2RgJxk3cXVG8LNVd1ZMyNV1NVdf0JBeDC5rj4CfoPJNsXF1k9yq4SGfBQ1DY8ZSDufgFRCFnmXFw9D3U%2B771PAVPPe%2F7%2BaG9IHVYer76ntoTUtLlVs2tXvvI865XN0RiB9VB0L7Xbl6v6v6bnXbNfb36Do921HLd9VzXc73qmtA8VoPlCQiRPup4tY5ba9ZrXquJgf5vb6wDQx2w%2FgV5CYKNF585VyCiEknv8So3O5lK33i7ZyXNlEafnXyQ7CQqT9Cbl7F2ECcnMzaUeb72FCo5nsqF6v9DDMWYOD8%2BRZiczEQi7B9NdYYSPEHI%2Foe8X4LLEoKWiNR9CPacABHDrU0kvQe3lM7p7t8onaBjsnj5J0Q%2BJou%2FXkHS%2B3ZFikH1jpI2EyoxGMQFxKCE6JZI7SmyvQpEfooo%2BwyC%2FUyWLzeQ9I42jVQQ7PzVmPnco8xf6rBOc6lJg2Cpw1rxUrtJvQ5tsVYn9KcGCVFCxCUkH4KaCqxxYIUDGzuwqYMeO69Gnuf5LouoG3SiqMF8HraZ61E%2F9qjntgPYaPKHIbJ0iEgOEel9pHofO2IIbX%2BA2S5g2AJMNibO%2B5%2BizwrknCA3BDklyAVBnhHk%2FeKYSVM3xQMmjQ29Wa7PcqMYqax7SI9V1uUJAdVDaFYcphfkxYmJzseXB9jh59UgaMVh02tRN%2BA%2Bc1thpxEHQUR9n7J6PYpgxMOba0uNZjO450GYCqhxsCfGxP%2F9C6RiTF7efQ0hPYWRp4jEC6D2FdC8AN0usJd81RVZWFO6C6YKpNkisl3nUF6Qq9NZrm8%2BAY%2FObvzWmAYiXSDVBT4Rzwi68mB0W%2BXk6LbKDXmymWaiJ%2FboZM53Mprxha%2Ff5bu50mx91QwfvhVNgEn56C432QZNmEi6hnyzIhjjek3piJPv182HPNyyZnvF6sSmG1s319Z7qebGCJWUoJOV%2FUMjEmPy%2F6t3pyt87bstCF1C2wI9e0ZmAaFKROk%2BTDrXbxSBlnNOmDrIbTHS9XB%2BKQWB5POehgXMv%2FpwXo80nbymojg0B%2BjqCmh2H0mvQF8X6MsCVA5h7MIoS%2FXZjV9mMkJZGYVSV45CqeWXU5snx2MYcV71Gw2Xtjstz%2Fcp98NmPYjbHqO03mzX223aQGbGcesn%2BRcAAAD%2F%2FwEAAP%2F%2FNwzqEJwEAAA%3D | 192.243.61.225 | 200 OK | 7 B |
URL GET HTTP/1.1designingpupilintermediary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuunuT2gx8qe3IR5qCwgpl0z7%2FucQ%2BL2RgJxk3cXVG8LNVd1ZMyNV1NVdf0JBeDC5rj4CfoPJNsXF1k9yq4SGfBQ1DY8ZSDufgFRCFnmXFw9D3U%2B771PAVPPe%2F7%2BaG9IHVYer76ntoTUtLlVs2tXvvI865XN0RiB9VB0L7Xbl6v6v6bnXbNfb36Do921HLd9VzXc73qmtA8VoPlCQiRPup4tY5ba9ZrXquJgf5vb6wDQx2w%2FgV5CYKNF585VyCiEknv8So3O5lK33i7ZyXNlEafnXyQ7CQqT9Cbl7F2ECcnMzaUeb72FCo5nsqF6v9DDMWYOD8%2BRZiczEQi7B9NdYYSPEHI%2Foe8X4LLEoKWiNR9CPacABHDrU0kvQe3lM7p7t8onaBjsnj5J0Q%2BJou%2FXkHS%2B3ZFikH1jpI2EyoxGMQFxKCE6JZI7SmyvQpEfooo%2BwyC%2FUyWLzeQ9I42jVQQ7PzVmPnco8xf6rBOc6lJg2Cpw1rxUrtJvQ5tsVYn9KcGCVFCxCUkH4KaCqxxYIUDGzuwqYMeO69Gnuf5LouoG3SiqMF8HraZ61E%2F9qjntgPYaPKHIbJ0iEgOEel9pHofO2IIbX%2BA2S5g2AJMNibO%2B5%2BizwrknCA3BDklyAVBnhHk%2FeKYSVM3xQMmjQ29Wa7PcqMYqax7SI9V1uUJAdVDaFYcphfkxYmJzseXB9jh59UgaMVh02tRN%2BA%2Bc1thpxEHQUR9n7J6PYpgxMOba0uNZjO450GYCqhxsCfGxP%2F9C6RiTF7efQ0hPYWRp4jEC6D2FdC8AN0usJd81RVZWFO6C6YKpNkisl3nUF6Qq9NZrm8%2BAY%2FObvzWmAYiXSDVBT4Rzwi68mB0W%2BXk6LbKDXmymWaiJ%2FboZM53Mprxha%2Ff5bu50mx91QwfvhVNgEn56C432QZNmEi6hnyzIhjjek3piJPv182HPNyyZnvF6sSmG1s319Z7qebGCJWUoJOV%2FUMjEmPy%2F6t3pyt87bstCF1C2wI9e0ZmAaFKROk%2BTDrXbxSBlnNOmDrIbTHS9XB%2BKQWB5POehgXMv%2FpwXo80nbymojg0B%2BjqCmh2H0mvQF8X6MsCVA5h7MIoS%2FXZjV9mMkJZGYVSV45CqeWXU5snx2MYcV71Gw2Xtjstz%2Fcp98NmPYjbHqO03mzX223aQGbGcesn%2BRcAAAD%2F%2FwEAAP%2F%2FNwzqEJwEAAA%3D IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdesigningpupilintermediary.com FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78 ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuunuT2gx8qe3IR5qCwgpl0z7%2FucQ%2BL2RgJxk3cXVG8LNVd1ZMyNV1NVdf0JBeDC5rj4CfoPJNsXF1k9yq4SGfBQ1DY8ZSDufgFRCFnmXFw9D3U%2B771PAVPPe%2F7%2BaG9IHVYer76ntoTUtLlVs2tXvvI865XN0RiB9VB0L7Xbl6v6v6bnXbNfb36Do921HLd9VzXc73qmtA8VoPlCQiRPup4tY5ba9ZrXquJgf5vb6wDQx2w%2FgV5CYKNF585VyCiEknv8So3O5lK33i7ZyXNlEafnXyQ7CQqT9Cbl7F2ECcnMzaUeb72FCo5nsqF6v9DDMWYOD8%2BRZiczEQi7B9NdYYSPEHI%2Foe8X4LLEoKWiNR9CPacABHDrU0kvQe3lM7p7t8onaBjsnj5J0Q%2BJou%2FXkHS%2B3ZFikH1jpI2EyoxGMQFxKCE6JZI7SmyvQpEfooo%2BwyC%2FUyWLzeQ9I42jVQQ7PzVmPnco8xf6rBOc6lJg2Cpw1rxUrtJvQ5tsVYn9KcGCVFCxCUkH4KaCqxxYIUDGzuwqYMeO69Gnuf5LouoG3SiqMF8HraZ61E%2F9qjntgPYaPKHIbJ0iEgOEel9pHofO2IIbX%2BA2S5g2AJMNibO%2B5%2BizwrknCA3BDklyAVBnhHk%2FeKYSVM3xQMmjQ29Wa7PcqMYqax7SI9V1uUJAdVDaFYcphfkxYmJzseXB9jh59UgaMVh02tRN%2BA%2Bc1thpxEHQUR9n7J6PYpgxMOba0uNZjO450GYCqhxsCfGxP%2F9C6RiTF7efQ0hPYWRp4jEC6D2FdC8AN0usJd81RVZWFO6C6YKpNkisl3nUF6Qq9NZrm8%2BAY%2FObvzWmAYiXSDVBT4Rzwi68mB0W%2BXk6LbKDXmymWaiJ%2FboZM53Mprxha%2Ff5bu50mx91QwfvhVNgEn56C432QZNmEi6hnyzIhjjek3piJPv182HPNyyZnvF6sSmG1s319Z7qebGCJWUoJOV%2FUMjEmPy%2F6t3pyt87bstCF1C2wI9e0ZmAaFKROk%2BTDrXbxSBlnNOmDrIbTHS9XB%2BKQWB5POehgXMv%2FpwXo80nbymojg0B%2BjqCmh2H0mvQF8X6MsCVA5h7MIoS%2FXZjV9mMkJZGYVSV45CqeWXU5snx2MYcV71Gw2Xtjstz%2Fcp98NmPYjbHqO03mzX223aQGbGcesn%2BRcAAAD%2F%2FwEAAP%2F%2FNwzqEJwEAAA%3D HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22738568; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 46e60ae871b9f4a08f02edb5287f2bb6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 188.114.96.1 | 200 OK | 591 B |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP188.114.96.1:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 308164
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DjXb3mBdxHv968wKqxIrD67A2l%2F%2FM0tMN%2FecN3XYWwXb9cf6iYV4KPdLMgFiqQjE%2BlZQYjJjnMTxS1UIO0smlkDN5RcAtWKnBdo025J%2F676JD21d92%2BNwcVEPkSlFzkYIy2s%2FYxhMBif"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b882ecab524-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.9 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Mon, 06 May 2024 05:53:48 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 188.114.96.1 | 200 OK | 31 kB |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP188.114.96.1:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 304032
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sdxH4o7dmorRPgKqIvXK9GZpN3Zso9EN%2FobPzUJw%2F3x1pt6Hzpnu2EZvTefQoQcK5vYjnKvyAxeCOzUmP11kHLRTDt2Ye2X0gS5iKn9PW%2BhN9SNnGjx7hDEjwAF%2F7Xzg%2BWZuFsb9i5HG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b882eceb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=885fb415a08e7d05b93f88ca77ad22cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 | 192.243.59.13 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=885fb415a08e7d05b93f88ca77ad22cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=885fb415a08e7d05b93f88ca77ad22cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f3c4471463aebe1d6cd6f9b78adac8ac
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9314a111a083adac7140c7787c32a705&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 | 192.243.59.13 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9314a111a083adac7140c7787c32a705&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9314a111a083adac7140c7787c32a705&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a246d5f1ca73d4bff55dae9cba30bcac
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=19c33ba37280f60914e325fce07da677&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 | 192.243.59.13 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=19c33ba37280f60914e325fce07da677&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=19c33ba37280f60914e325fce07da677&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 05:53:48 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8dd3fa568317431bb13eb579e301d90
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hashdd491997885c21f2a9a000f9bc2bf3dc 6f5cc3a59e8c0d12ff076c4bf63ded3400600efe f8f7c5e8bf2596838beaaccc5bc9f3406237d47b419623b33262aa6bf006ae80
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 05:53:48 GMT
date: Sat, 04 May 2024 05:53:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 IP172.240.108.68:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=67 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=67 IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=67 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 188.114.96.1 | 200 OK | 341 B |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP188.114.96.1:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash0013fbb3bd9e7300fa1bc9f62501dcf0 447e4a8994979e2e158b9beff79b94e7d1b29508 4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 59501
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8v6Wjblhh%2BRm1dGry9FVoz%2BfYr9jcr9FwnVvyJIs84yqOTl%2FHLuCnSHZB5Z2QyBnehhaxKfgvYjPv8QHZH%2BLONOaJRfv7WJh4CPTno1LQqgyVWIxCGu72WDHyit%2Fn37D6zdASkjC4G3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63b888f0fb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:40:35 GMT
expires: Fri, 02 May 2025 22:40:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 112394
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| designingpupilintermediary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4scxRuunuztBz9UcjIIc1CI4M52z0xP95hDMIkri2s2JhHFS6h%2FPSm3pqup6p6e3YvBgOY4%2BAl6n9lkjQZJroJBZgMeFoWMpz24F7%2BAKOxZZhwcfQ%2F1vm89T8FTz%2Ft%2BvleckCYKenzlPbOrtKZrYcOvn%2F8oCC7UN1VaDOvDuHOr075Qt4M3u52G%2F3r9Hcm3zVrTD3w%2F8IP6urIyMcO1GQiVPeoGja7faDcbQdjG0P63d4UHRz2IwQl5CUpMV555Z6H4BGn%2F8RXptnOTvfF2v9A0NxYDcfBBup2aMkV%2FWSbWQ5IeLNgw7vn6U5j0%2FlwuzOAfIlNT4v34FCw9WIgEG%2BzPdTINmYKJ%2F6EcTCD1BIpOwM1dKPGcAFzg6hbS%2FoOrxpZ052%2BUztApWTn9E6qckpVfzyLtf3tJq2H9htFFrkzqMEwqqOEEqjdBVhwi361BlYfg%2BWdQ4meydrqJtL%2B%2F5bSBEsevJiKSARXRald026ttGserXREmq502Dbo0FGGXRXODlJpAJRNoOQJ1NRTOQ6E8FImHIvPQF8d1HgRB5AtO%2FbjLeUtEknWEH9AoCWjgd2IUfPaHEfJsBK5H4PYOMnsH22oEW%2FwAd7uCE2fg8inx3v8UA1GhlASlIygpQakIypygHFT3hXZNVz0Q2hUsWOTmIreqscl7e%2FS%2ByXsyJaB2BCuqveyEvDgz0fv49B625XE9jsOEtYOQ%2BrGMhB%2BybiuJY06jiIpmk3M49fDy%2Bmqr3Y5vBVCuBuo87KopiX7%2FApmakpd3XgOjh3D6EFy9AFq8AlpWoLcr7KZf9VTOGsb2IEyFLF9BvuPt6RNybj7Lja0nkPzo4m%2BteYDbCpmt8Il6RtDT98bXTUn2r5vSkSdbWa76apfO5nwjp7k88%2FW7cqc0VmxccaOHb%2FEZMCsf3ZQu36SpUGnPkW8uKSGkXTeWS%2FL9hvtQsmuFu32psGmRbV67vL7Rz6x0Tpl0Ajpb2T8suJqS%2F5%2B7OV%2Fh899dg7IT2KJCvzgii4AyE%2FDsDly21O8MgdVLDss8lEU1tk22vNSKQMtlT1kF96%2BeLeuxpbPXVFV77h56tgaa30XarzCwFQa6AtUjuOLMOM%2Fs0cVfFjKYro2ZtrV9pq3%2Bcm7z7HgMp47rLV9ETCYyYrIdthPJBQtD5vOEs5aIY47cTZPwJ%2F0XAAAA%2F%2F8BAAD%2F%2F7fYP%2FicBAAA | 192.243.61.225 | 200 OK | 7 B |
URL GET HTTP/1.1designingpupilintermediary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4scxRuunuztBz9UcjIIc1CI4M52z0xP95hDMIkri2s2JhHFS6h%2FPSm3pqup6p6e3YvBgOY4%2BAl6n9lkjQZJroJBZgMeFoWMpz24F7%2BAKOxZZhwcfQ%2F1vm89T8FTz%2Ft%2BvleckCYKenzlPbOrtKZrYcOvn%2F8oCC7UN1VaDOvDuHOr075Qt4M3u52G%2F3r9Hcm3zVrTD3w%2F8IP6urIyMcO1GQiVPeoGja7faDcbQdjG0P63d4UHRz2IwQl5CUpMV555Z6H4BGn%2F8RXptnOTvfF2v9A0NxYDcfBBup2aMkV%2FWSbWQ5IeLNgw7vn6U5j0%2FlwuzOAfIlNT4v34FCw9WIgEG%2BzPdTINmYKJ%2F6EcTCD1BIpOwM1dKPGcAFzg6hbS%2FoOrxpZ052%2BUztApWTn9E6qckpVfzyLtf3tJq2H9htFFrkzqMEwqqOEEqjdBVhwi361BlYfg%2BWdQ4meydrqJtL%2B%2F5bSBEsevJiKSARXRald026ttGserXREmq502Dbo0FGGXRXODlJpAJRNoOQJ1NRTOQ6E8FImHIvPQF8d1HgRB5AtO%2FbjLeUtEknWEH9AoCWjgd2IUfPaHEfJsBK5H4PYOMnsH22oEW%2FwAd7uCE2fg8inx3v8UA1GhlASlIygpQakIypygHFT3hXZNVz0Q2hUsWOTmIreqscl7e%2FS%2ByXsyJaB2BCuqveyEvDgz0fv49B625XE9jsOEtYOQ%2BrGMhB%2BybiuJY06jiIpmk3M49fDy%2Bmqr3Y5vBVCuBuo87KopiX7%2FApmakpd3XgOjh3D6EFy9AFq8AlpWoLcr7KZf9VTOGsb2IEyFLF9BvuPt6RNybj7Lja0nkPzo4m%2BteYDbCpmt8Il6RtDT98bXTUn2r5vSkSdbWa76apfO5nwjp7k88%2FW7cqc0VmxccaOHb%2FEZMCsf3ZQu36SpUGnPkW8uKSGkXTeWS%2FL9hvtQsmuFu32psGmRbV67vL7Rz6x0Tpl0Ajpb2T8suJqS%2F5%2B7OV%2Fh899dg7IT2KJCvzgii4AyE%2FDsDly21O8MgdVLDss8lEU1tk22vNSKQMtlT1kF96%2BeLeuxpbPXVFV77h56tgaa30XarzCwFQa6AtUjuOLMOM%2Fs0cVfFjKYro2ZtrV9pq3%2Bcm7z7HgMp47rLV9ETCYyYrIdthPJBQtD5vOEs5aIY47cTZPwJ%2F0XAAAA%2F%2F8BAAD%2F%2F7fYP%2FicBAAA IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdesigningpupilintermediary.com FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78 ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST4scxRuunuztBz9UcjIIc1CI4M52z0xP95hDMIkri2s2JhHFS6h%2FPSm3pqup6p6e3YvBgOY4%2BAl6n9lkjQZJroJBZgMeFoWMpz24F7%2BAKOxZZhwcfQ%2F1vm89T8FTz%2Ft%2BvleckCYKenzlPbOrtKZrYcOvn%2F8oCC7UN1VaDOvDuHOr075Qt4M3u52G%2F3r9Hcm3zVrTD3w%2F8IP6urIyMcO1GQiVPeoGja7faDcbQdjG0P63d4UHRz2IwQl5CUpMV555Z6H4BGn%2F8RXptnOTvfF2v9A0NxYDcfBBup2aMkV%2FWSbWQ5IeLNgw7vn6U5j0%2FlwuzOAfIlNT4v34FCw9WIgEG%2BzPdTINmYKJ%2F6EcTCD1BIpOwM1dKPGcAFzg6hbS%2FoOrxpZ052%2BUztApWTn9E6qckpVfzyLtf3tJq2H9htFFrkzqMEwqqOEEqjdBVhwi361BlYfg%2BWdQ4meydrqJtL%2B%2F5bSBEsevJiKSARXRald026ttGserXREmq502Dbo0FGGXRXODlJpAJRNoOQJ1NRTOQ6E8FImHIvPQF8d1HgRB5AtO%2FbjLeUtEknWEH9AoCWjgd2IUfPaHEfJsBK5H4PYOMnsH22oEW%2FwAd7uCE2fg8inx3v8UA1GhlASlIygpQakIypygHFT3hXZNVz0Q2hUsWOTmIreqscl7e%2FS%2ByXsyJaB2BCuqveyEvDgz0fv49B625XE9jsOEtYOQ%2BrGMhB%2BybiuJY06jiIpmk3M49fDy%2Bmqr3Y5vBVCuBuo87KopiX7%2FApmakpd3XgOjh3D6EFy9AFq8AlpWoLcr7KZf9VTOGsb2IEyFLF9BvuPt6RNybj7Lja0nkPzo4m%2BteYDbCpmt8Il6RtDT98bXTUn2r5vSkSdbWa76apfO5nwjp7k88%2FW7cqc0VmxccaOHb%2FEZMCsf3ZQu36SpUGnPkW8uKSGkXTeWS%2FL9hvtQsmuFu32psGmRbV67vL7Rz6x0Tpl0Ajpb2T8suJqS%2F5%2B7OV%2Fh899dg7IT2KJCvzgii4AyE%2FDsDly21O8MgdVLDss8lEU1tk22vNSKQMtlT1kF96%2BeLeuxpbPXVFV77h56tgaa30XarzCwFQa6AtUjuOLMOM%2Fs0cVfFjKYro2ZtrV9pq3%2Bcm7z7HgMp47rLV9ETCYyYrIdthPJBQtD5vOEs5aIY47cTZPwJ%2F0XAAAA%2F%2F8BAAD%2F%2F7fYP%2FicBAAA HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22738568; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32b2c835117b93c3ccbf9c45ed6c33b4
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 187129
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| designingpupilintermediary.com/pixel/sbs?c=1 | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1designingpupilintermediary.com/pixel/sbs?c=1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdesigningpupilintermediary.com FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78 ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22738568; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:49 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| decisivewade.com/sbar.json?key=9314a111a083adac7140c7787c32a705&psid=CF-3448_0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 | 172.240.108.68 | 200 OK | 8.3 kB |
URL GET HTTP/1.1decisivewade.com/sbar.json?key=9314a111a083adac7140c7787c32a705&psid=CF-3448_0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 IP172.240.108.68:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hash3fa99a27f7c916f950c51710818d4bd2 126b07560a9208ccc519c0e3153ad6b3b6e43e48 f3394480474f796cb286cfa972ba0e7caecb9f5376492b9ba155dd030a3a5477
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=9314a111a083adac7140c7787c32a705&psid=CF-3448_0&uuid=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://gitb.org
Access-Control-Allow-Origin: https://gitb.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22730152; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; expires=Sat, 11 May 2024 05:53:57 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 05:53:57 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee427cf4c0b909dd0246cd1f011c337d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| decisivewade.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfHXntteqhoS1BEaEJbBOJSzc6snSHjndXMjtfJKaIS9GjxCzafk6aFCrVXJCq0qcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHY6bUP9K5Uiq00a3714ieUXqquy8QNq8N263YruFQ1g7c7rZr%2FZvW9mG%2FrlbpPfZ%2F6tLoqTdzVw5UpCJk%2B7NBax68F9RptBhia%2F%2FfWebDMgxickVcgxWTpqXcekpdI%2Bo%2BuxXY70%2Blb7%2FadYpk2GIijj5LtROcJ%2Bouyazx0k6M5G9o%2BW30CnRzO5EIP%2FiVGckK8H58gSo7mIhENDmY6I4U4QSReQD4oEasSkpXg%2Bg6keEYALnB9A0n%2F3nVtcrbzD8qm6IQsPf8LMp%2BQpd%2FOI%2Bl%2Fe0XJYfWmVi6TOrEYdgvIYQnZK5G6Y2S7Fcj8GDz7HFL8TFaeryPpH2xYpSHF6etdEcaUiXC5IzrBcsDa7eWOaHaXWwGjHdYUzU4UzgySsoTsllDxCMxW4KwHJz24rgeXeuiL0yqnlIa%2B4MxvdzhviDCOWsKnLOxSRv1WG45P%2FzBClo7A1Qjc7CE1e9iWIxj3A%2BxWASuWYLMJ8T7MMRAF8pggtwQ5I8glQZ4R5IPiUChbt8U9oayL6DzX57lRjHXW22eHOuvFCQEzIxhR7Kdn5OWpid6nv97Hdnxa7TRowCilzG83mGA8pIHPw7Ad8kadhX4TVj64urrcCIL2bR%2FSVsCsh105IeEfXyKVE%2FLqzhuI2DGsOgaXL4G518DyAmyrwG5yvyezqKZND0IXSLMlZDvevjojF2azXNt4jJifXP69MQtwUyA1BT6TTwl66u74hs7JwQ2dW%2FJ4I81kX%2B6y6ZxvZiyLz339fryTayPWrtnRg3f4FJiWD2%2FFNltniZBJz5JvrkghYrOqDY%2FJ92v24zjadHbrijOJS9c3r66u9VMTWyt1UoJNV%2FZPAy4n5MULt2YrfPG7TUhTwrgCfXdC5gGpS%2FB0DzZd6LeawKgFJ0o95K4Ym3q0uFSSQMWLnkUF7H%2F6aFGPDZu%2BZrLYt3fRMxWw7A6SfoGBKTBQBZgawbpz4yw1J5d%2FmcuIVGUcKVM5iJRRX81snh6PYOVpNWw0fNbqNGkYsjiMgnq726KCsXrQqrdarIHMTrrNn9zfAAAA%2F%2F8BAAD%2F%2F0FjGC%2BcBAAA | 172.240.108.68 | 200 OK | 7 B |
URL GET HTTP/1.1decisivewade.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfHXntteqhoS1BEaEJbBOJSzc6snSHjndXMjtfJKaIS9GjxCzafk6aFCrVXJCq0qcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHY6bUP9K5Uiq00a3714ieUXqquy8QNq8N263YruFQ1g7c7rZr%2FZvW9mG%2FrlbpPfZ%2F6tLoqTdzVw5UpCJk%2B7NBax68F9RptBhia%2F%2FfWebDMgxickVcgxWTpqXcekpdI%2Bo%2BuxXY70%2Blb7%2FadYpk2GIijj5LtROcJ%2Bouyazx0k6M5G9o%2BW30CnRzO5EIP%2FiVGckK8H58gSo7mIhENDmY6I4U4QSReQD4oEasSkpXg%2Bg6keEYALnB9A0n%2F3nVtcrbzD8qm6IQsPf8LMp%2BQpd%2FOI%2Bl%2Fe0XJYfWmVi6TOrEYdgvIYQnZK5G6Y2S7Fcj8GDz7HFL8TFaeryPpH2xYpSHF6etdEcaUiXC5IzrBcsDa7eWOaHaXWwGjHdYUzU4UzgySsoTsllDxCMxW4KwHJz24rgeXeuiL0yqnlIa%2B4MxvdzhviDCOWsKnLOxSRv1WG45P%2FzBClo7A1Qjc7CE1e9iWIxj3A%2BxWASuWYLMJ8T7MMRAF8pggtwQ5I8glQZ4R5IPiUChbt8U9oayL6DzX57lRjHXW22eHOuvFCQEzIxhR7Kdn5OWpid6nv97Hdnxa7TRowCilzG83mGA8pIHPw7Ad8kadhX4TVj64urrcCIL2bR%2FSVsCsh105IeEfXyKVE%2FLqzhuI2DGsOgaXL4G518DyAmyrwG5yvyezqKZND0IXSLMlZDvevjojF2azXNt4jJifXP69MQtwUyA1BT6TTwl66u74hs7JwQ2dW%2FJ4I81kX%2B6y6ZxvZiyLz339fryTayPWrtnRg3f4FJiWD2%2FFNltniZBJz5JvrkghYrOqDY%2FJ92v24zjadHbrijOJS9c3r66u9VMTWyt1UoJNV%2FZPAy4n5MULt2YrfPG7TUhTwrgCfXdC5gGpS%2FB0DzZd6LeawKgFJ0o95K4Ym3q0uFSSQMWLnkUF7H%2F6aFGPDZu%2BZrLYt3fRMxWw7A6SfoGBKTBQBZgawbpz4yw1J5d%2FmcuIVGUcKVM5iJRRX81snh6PYOVpNWw0fNbqNGkYsjiMgnq726KCsXrQqrdarIHMTrrNn9zfAAAA%2F%2F8BAAD%2F%2F0FjGC%2BcBAAA IP172.240.108.68:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfHXntteqhoS1BEaEJbBOJSzc6snSHjndXMjtfJKaIS9GjxCzafk6aFCrVXJCq0qcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHY6bUP9K5Uiq00a3714ieUXqquy8QNq8N263YruFQ1g7c7rZr%2FZvW9mG%2FrlbpPfZ%2F6tLoqTdzVw5UpCJk%2B7NBax68F9RptBhia%2F%2FfWebDMgxickVcgxWTpqXcekpdI%2Bo%2BuxXY70%2Blb7%2FadYpk2GIijj5LtROcJ%2Bouyazx0k6M5G9o%2BW30CnRzO5EIP%2FiVGckK8H58gSo7mIhENDmY6I4U4QSReQD4oEasSkpXg%2Bg6keEYALnB9A0n%2F3nVtcrbzD8qm6IQsPf8LMp%2BQpd%2FOI%2Bl%2Fe0XJYfWmVi6TOrEYdgvIYQnZK5G6Y2S7Fcj8GDz7HFL8TFaeryPpH2xYpSHF6etdEcaUiXC5IzrBcsDa7eWOaHaXWwGjHdYUzU4UzgySsoTsllDxCMxW4KwHJz24rgeXeuiL0yqnlIa%2B4MxvdzhviDCOWsKnLOxSRv1WG45P%2FzBClo7A1Qjc7CE1e9iWIxj3A%2BxWASuWYLMJ8T7MMRAF8pggtwQ5I8glQZ4R5IPiUChbt8U9oayL6DzX57lRjHXW22eHOuvFCQEzIxhR7Kdn5OWpid6nv97Hdnxa7TRowCilzG83mGA8pIHPw7Ad8kadhX4TVj64urrcCIL2bR%2FSVsCsh105IeEfXyKVE%2FLqzhuI2DGsOgaXL4G518DyAmyrwG5yvyezqKZND0IXSLMlZDvevjojF2azXNt4jJifXP69MQtwUyA1BT6TTwl66u74hs7JwQ2dW%2FJ4I81kX%2B6y6ZxvZiyLz339fryTayPWrtnRg3f4FJiWD2%2FFNltniZBJz5JvrkghYrOqDY%2FJ92v24zjadHbrijOJS9c3r66u9VMTWyt1UoJNV%2FZPAy4n5MULt2YrfPG7TUhTwrgCfXdC5gGpS%2FB0DzZd6LeawKgFJ0o95K4Ym3q0uFSSQMWLnkUF7H%2F6aFGPDZu%2BZrLYt3fRMxWw7A6SfoGBKTBQBZgawbpz4yw1J5d%2FmcuIVGUcKVM5iJRRX81snh6PYOVpNWw0fNbqNGkYsjiMgnq726KCsXrQqrdarIHMTrrNn9zfAAAA%2F%2F8BAAD%2F%2F0FjGC%2BcBAAA HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20ce56284ae1404bd601e769c08a7d5e
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=164 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=72 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 188.114.96.1 | 200 OK | 591 B |
URL GET HTTP/3cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP188.114.96.1:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 308173
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=th1NOy17NoOecX9MJMUwih8DebrOYP6PFOaK3C4qFfNjq4IycQu9UYIw8LQYQGBkHnw3ZhcbgeeX34imErpqYe9YpOIByHwPpv85lTnx4Qi0wR%2BuebwRSoQ%2BOk0p6Ehha5tm8oRH4bXU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63bc09e3eb524-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 188.114.96.1 | 200 OK | 961 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP188.114.96.1:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash039a6734d79ed9aa51cf81c52479c5fe 9cf29c4ea1a3880681d50c7228374f8073b7778b a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 291773
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QP%2F%2FbCMQUVTkC7WAORnsV8D5SkmOpHhD7XUdhaAVetjZN4wlI9v592%2F7f015Wn7PcTWOwVnSxF8FUzIpxIM5FwMNRJfzXx2Xu%2FFnR9S72uza7vqH4%2BRtRNPhl5PH5ZbFbqACk5CbnCZJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63bbffd9bb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.9 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Mon, 06 May 2024 05:53:57 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 IP172.240.108.68:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=18 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 187138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:40:35 GMT
expires: Fri, 02 May 2025 22:40:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 112403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 188.114.96.1 | 200 OK | 5.2 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP188.114.96.1:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 59511
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2B05NmUjMBsqNVLUbQVRD87H0rncs7OflpEwzmr2rn2SaS%2FFTKtjb%2BZIkrBmi1Myeahd4J0mtLZ93%2Fuo6jywQWSFl0TCWdp19REXTSGojEoqyWpll4ga51j02KPaIUYj9rEnLgB3ZDB4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e63bbfed99b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| decisivewade.com/pixel/sbs?c=1 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/pixel/sbs?c=1 IP172.240.127.234:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| gitb.org/favicon.ico | 45.143.99.2 | 404 Not Found | 1.2 kB |
IP45.143.99.2:443 ASN#207279 Markahost Telekomunikasyon Ve Ticaret Limited Sirketi
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectgitb.org Fingerprint0A:4B:6D:02:A6:3F:74:A9:11:CC:FC:4D:C6:87:81:EE:4A:96:AA:B3 ValidityMon, 22 Apr 2024 18:55:18 GMT - Sun, 21 Jul 2024 18:55:17 GMT
File typeHTML document, ASCII text, with very long lines (1276), with no line terminators Hash24b426fea67958554911ff4c943fdfe4 b92889146d4c1bbddccabe58ca15c814ea066f72 335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c
GET /favicon.ico HTTP/1.1
Host: gitb.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/watch-link/?=xxx0305xxx
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7%3A2%3A1; sb_main_885fb415a08e7d05b93f88ca77ad22cc=1; sb_count_885fb415a08e7d05b93f88ca77ad22cc=1; pp_main_19c33ba37280f60914e325fce07da677=1; sb_main_9314a111a083adac7140c7787c32a705=1; sb_idelay_9314a111a083adac7140c7787c32a705=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 04 May 2024 05:53:46 GMT
server: LiteSpeed
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 1.3 kB |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3 ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File typeHTML document, ASCII text, with very long lines (1405), with no line terminators Hash5373f3c4843345dde67db670323b2d54 666b2db9872196e52a2bc902111de5e37aa1ae28 e398fbdac28494dec6505fb0143d4cd41cee83989517e12c13ea113fef006fda
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:57 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 06:53:57 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 1.3 kB |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3 ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File typeHTML document, ASCII text, with very long lines (1405), with no line terminators Hash5373f3c4843345dde67db670323b2d54 666b2db9872196e52a2bc902111de5e37aa1ae28 e398fbdac28494dec6505fb0143d4cd41cee83989517e12c13ea113fef006fda
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gitb.org
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 05:53:48 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 06:53:48 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| decisivewade.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfXXntteqhoS1BEaEJbBOJSzc7MOkPGO6uZHa%2BTU0Ql6NHiF2w%2BJ00LFWqvSFTIqcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHo6bUP9K5Uiq40a3714idBcKm6LlM3qA7ardut8FLV9N%2FutGr%2Bm9X3BNvWK3U%2F8P3AD6qr0ohED1amIGT2sBPUOn4trNeCZoiB%2BX9vnQdLPfD%2BGXkFkk%2BWnnrnIdkYae%2FRNWG3c5299W7PKZprgz4%2F%2BijdTnWRorcoE%2BMhSY%2FmbGj7bPUJdHo4kwvd%2F5cYywnxfnyCOD2ai0TcP5jpjBVEipi%2FgKI%2FhlBjSDoG03cg%2BTMCMI7rG0h7965rU9Cdf1A6RSdk6flfkMWELP12Hmnv2ytKDqo3tXK51KnFICkhB2PI7hiZO0a%2BW4EsjsHyzyH5z2Tl%2BTrS3sGGVRqSn76e8EgElEfLHd4Jl0Pabi93eDNZboU06NAmb3biaGaQlGPIZAwlhqC2Amc9OOnBJR5c5qHHT6ssCILI54z67Q5jDR6JuMX9gEZJQAO%2F1YZj0z8MkWdDMDUEM3vIzB625RDG%2FQC7VcLyJdh8QrwPC%2FR5iUIQFJagoASFJChygqJfHnJl67a8x5V1cTDP9XlulCOdd%2Ffpoc67IiWgZgjDy%2F3sjLw8NdH79Nf72Ban1U4jCGkQBNRvNyinLApCn0VRO2KNOo38Jqx8cHV1uRGG7ds%2BpK2AWg%2B7ckKiP75EJifk1Z03ENNjWHUMJl8Cda%2BBFiXoVond9H5X5nFNmy64LpHlS8h3vH11Ri7MZrm28RiCnVz%2BvTELMFMiMyU%2Bk08Juuru6IYuyMENXVjyeCPLZU%2Fu0umcb%2BY0F%2Be%2Bfl%2FsFNrwtWt2%2BOAdNgWm5cNbwubrNOUy7VryzRXJuTCr2jBBvl%2BzH4t409mtK86kLlvfvLq61suMsFbqdAw6Xdk%2FDZickBcv3Jqt8MXvNiHNGMaV6LkTMg9IPQbL9mCzhX6rCYxacOLMQ%2BHKkanHi0slCZRY9DQuYf%2FTx4t6ZOj0NZXlvr2LrqmA5neQ9kr0TYm%2BKkHVENadG%2BWZObn8y1xGrCqjWJnKQayM%2Bmpm8%2FR4BCtPqw2fR7FIRBSLsBkmgvG42Yx9lrC4wdtthtxOkuZP7m8AAAD%2F%2FwEAAP%2F%2FwbfNx5wEAAA%3D | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1decisivewade.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfXXntteqhoS1BEaEJbBOJSzc7MOkPGO6uZHa%2BTU0Ql6NHiF2w%2BJ00LFWqvSFTIqcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHo6bUP9K5Uiq40a3714idBcKm6LlM3qA7ardut8FLV9N%2FutGr%2Bm9X3BNvWK3U%2F8P3AD6qr0ohED1amIGT2sBPUOn4trNeCZoiB%2BX9vnQdLPfD%2BGXkFkk%2BWnnrnIdkYae%2FRNWG3c5299W7PKZprgz4%2F%2BijdTnWRorcoE%2BMhSY%2FmbGj7bPUJdHo4kwvd%2F5cYywnxfnyCOD2ai0TcP5jpjBVEipi%2FgKI%2FhlBjSDoG03cg%2BTMCMI7rG0h7965rU9Cdf1A6RSdk6flfkMWELP12Hmnv2ytKDqo3tXK51KnFICkhB2PI7hiZO0a%2BW4EsjsHyzyH5z2Tl%2BTrS3sGGVRqSn76e8EgElEfLHd4Jl0Pabi93eDNZboU06NAmb3biaGaQlGPIZAwlhqC2Amc9OOnBJR5c5qHHT6ssCILI54z67Q5jDR6JuMX9gEZJQAO%2F1YZj0z8MkWdDMDUEM3vIzB625RDG%2FQC7VcLyJdh8QrwPC%2FR5iUIQFJagoASFJChygqJfHnJl67a8x5V1cTDP9XlulCOdd%2Ffpoc67IiWgZgjDy%2F3sjLw8NdH79Nf72Ban1U4jCGkQBNRvNyinLApCn0VRO2KNOo38Jqx8cHV1uRGG7ds%2BpK2AWg%2B7ckKiP75EJifk1Z03ENNjWHUMJl8Cda%2BBFiXoVond9H5X5nFNmy64LpHlS8h3vH11Ri7MZrm28RiCnVz%2BvTELMFMiMyU%2Bk08Juuru6IYuyMENXVjyeCPLZU%2Fu0umcb%2BY0F%2Be%2Bfl%2FsFNrwtWt2%2BOAdNgWm5cNbwubrNOUy7VryzRXJuTCr2jBBvl%2BzH4t409mtK86kLlvfvLq61suMsFbqdAw6Xdk%2FDZickBcv3Jqt8MXvNiHNGMaV6LkTMg9IPQbL9mCzhX6rCYxacOLMQ%2BHKkanHi0slCZRY9DQuYf%2FTx4t6ZOj0NZXlvr2LrqmA5neQ9kr0TYm%2BKkHVENadG%2BWZObn8y1xGrCqjWJnKQayM%2Bmpm8%2FR4BCtPqw2fR7FIRBSLsBkmgvG42Yx9lrC4wdtthtxOkuZP7m8AAAD%2F%2FwEAAP%2F%2FwbfNx5wEAAA%3D IP172.240.108.68:443
Requested byhttps://gitb.org/watch-link/?=xxx0305xxx CertificateIssuerLet's Encrypt Subjectdecisivewade.com Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSedXNDQoB6okLyAaQiEWfXXntteqhoS1BEaEJbBOJSzc7MOkPGO6uZHa%2BTU0Ql6NHiF2w%2BJ00LFWqvSFTIqcQhAqlGHHIgF%2F4AAqlnZGNheId57833jfTN994X%2B%2B6M1OHo6bUP9K5Uiq40a3714idBcKm6LlM3qA7ardut8FLV9N%2FutGr%2Bm9X3BNvWK3U%2F8P3AD6qr0ohED1amIGT2sBPUOn4trNeCZoiB%2BX9vnQdLPfD%2BGXkFkk%2BWnnrnIdkYae%2FRNWG3c5299W7PKZprgz4%2F%2BijdTnWRorcoE%2BMhSY%2FmbGj7bPUJdHo4kwvd%2F5cYywnxfnyCOD2ai0TcP5jpjBVEipi%2FgKI%2FhlBjSDoG03cg%2BTMCMI7rG0h7965rU9Cdf1A6RSdk6flfkMWELP12Hmnv2ytKDqo3tXK51KnFICkhB2PI7hiZO0a%2BW4EsjsHyzyH5z2Tl%2BTrS3sGGVRqSn76e8EgElEfLHd4Jl0Pabi93eDNZboU06NAmb3biaGaQlGPIZAwlhqC2Amc9OOnBJR5c5qHHT6ssCILI54z67Q5jDR6JuMX9gEZJQAO%2F1YZj0z8MkWdDMDUEM3vIzB625RDG%2FQC7VcLyJdh8QrwPC%2FR5iUIQFJagoASFJChygqJfHnJl67a8x5V1cTDP9XlulCOdd%2Ffpoc67IiWgZgjDy%2F3sjLw8NdH79Nf72Ban1U4jCGkQBNRvNyinLApCn0VRO2KNOo38Jqx8cHV1uRGG7ds%2BpK2AWg%2B7ckKiP75EJifk1Z03ENNjWHUMJl8Cda%2BBFiXoVond9H5X5nFNmy64LpHlS8h3vH11Ri7MZrm28RiCnVz%2BvTELMFMiMyU%2Bk08Juuru6IYuyMENXVjyeCPLZU%2Fu0umcb%2BY0F%2Be%2Bfl%2FsFNrwtWt2%2BOAdNgWm5cNbwubrNOUy7VryzRXJuTCr2jBBvl%2BzH4t409mtK86kLlvfvLq61suMsFbqdAw6Xdk%2FDZickBcv3Jqt8MXvNiHNGMaV6LkTMg9IPQbL9mCzhX6rCYxacOLMQ%2BHKkanHi0slCZRY9DQuYf%2FTx4t6ZOj0NZXlvr2LrqmA5neQ9kr0TYm%2BKkHVENadG%2BWZObn8y1xGrCqjWJnKQayM%2Bmpm8%2FR4BCtPqw2fR7FIRBSLsBkmgvG42Yx9lrC4wdtthtxOkuZP7m8AAAD%2F%2FwEAAP%2F%2FwbfNx5wEAAA%3D HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gitb.org/
Cookie: u_pl=22730152; uid_id2=fd7e1ad7-9d94-4a88-9d5f-64a19a5d59b7:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 05:53:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d83aeefc659bbe546af158c2dfce390d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|