Report - savefromnets.com/

Report Overview

Visited public
2023-12-05 16:07:28
Tags
URL
savefromnets.com/
Finishing URL
savefromnets.com/
IP / ASN
172.67.203.84
#13335 CLOUDFLARENET
Title
Online Converter and Downloader - SavefromNets.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.profitabledisplayformat.com	unknown	2022-11-01	2022-11-02 23:04:21	2023-11-14 15:48:34	463 B	30 kB	173.233.137.52
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-05 11:45:58	350 B	942 B	143.204.53.97
pubtrky.com	unknown	2023-11-21	2023-11-21 12:12:26	2023-12-04 16:49:42	488 B	566 B	104.21.8.108
www.profitabledisplaycontent.com	138390	2020-10-14	2020-10-16 04:07:47	2023-12-01 16:49:53	3.1 kB	30 kB	173.233.137.36
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-05 11:19:54	2.0 kB	155 kB	45.133.44.9
youradexchange.com	273384	2012-11-09	2013-02-04 17:25:46	2023-12-04 09:45:29	9.0 kB	12 kB	172.64.197.7
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-05 05:10:30	449 B	62 kB	151.101.129.229
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-05 07:43:32	1.5 kB	847 B	192.243.61.227
crrepo.com	82002	2017-11-10	2017-11-14 19:58:13	2023-12-04 23:34:57	1.5 kB	370 kB	104.21.233.200
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-04 19:07:45	412 B	29 kB	172.64.172.31
incurableyankmarshal.com	unknown	2023-10-17	2023-10-17 15:48:45	2023-12-04 16:43:04	504 B	467 B	192.243.59.13
savefromnets.com	683163	2015-03-01	2016-02-03 02:32:16	2023-08-06 11:05:22	7.5 kB	589 kB	104.21.22.70
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-04 18:39:56	962 B	722 B	18.184.210.76
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-05 05:14:35	1.9 kB	100 kB	172.64.140.13
nossairt.net	unknown	2022-10-25	2022-10-26 02:40:03	2023-11-27 18:37:44	2.0 kB	110 kB	139.45.197.238
lotclergyman.com	unknown	unknown	No data	No data	9.9 kB	44 kB	173.233.137.60
orqrdm.com	unknown	2023-06-28	2023-06-28 17:36:32	2023-12-05 10:09:04	492 B	21 kB	217.67.179.205
acscdn.com	93608	2020-05-05	2020-05-06 10:07:13	2023-12-03 18:39:47	1.3 kB	176 kB	172.67.165.20
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-05 06:24:59	435 B	87 kB	142.250.74.168
storagelassitudeblend.com	unknown	2023-01-06	2023-01-06 11:48:27	2023-05-19 01:36:43	455 B	10 kB	173.233.137.52
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-05 05:52:37	477 B	745 B	139.45.195.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	storagelassitudeblend.com	Sinkholed
2023-12-05	medium	nossairt.net	Sinkholed
2023-12-05	medium	nossairt.net	Sinkholed
2023-12-05	medium	lotclergyman.com	Sinkholed
2023-12-05	medium	lotclergyman.com	Sinkholed
2023-12-05	medium	lotclergyman.com	Sinkholed
2023-12-05	medium	lotclergyman.com	Sinkholed
2023-12-05	medium	lotclergyman.com	Sinkholed
2023-12-05	medium	incurableyankmarshal.com	Sinkholed
2023-12-05	medium	unseenreport.com	Sinkholed
2023-12-05	medium	lotclergyman.com	Sinkholed
2023-12-05	medium	nossairt.net	Sinkholed
2023-12-05	medium	profitabledisplayformat.com	Sinkholed
2023-12-05	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (36)

	URL	From	Size	First Seen	Last Seen
	savefromnets.com/	ScriptElement	9.7 kB	2024-08-20	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash c03e6270d20e0292d90d215cd03f2c83 40911e25edf09b2d355b443430aeb30ea4b725b5 4f0b1f82bab02f49fb573bc54f3c6cee27324ecddb6dceb4bb0b71864a61aa76 Loading...

	savefromnets.com/	ScriptElement	2.3 kB	2023-04-16	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen4 Hash c78e339b56267bced0c3bda72e0cbc40 1c53e53a924f7a14656186cf0d14a76391fd59d8 81a701beccb819e355da4e2890aff201f66231e0f4ad3c0ac5e27a35db088083 Loading...

	savefromnets.com/	ScriptElement	74 B	2023-12-04	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 16:50 Last Seen2024-08-20 16:48 Times Seen4 Hash 2e8623c955eef7fd22da39fc93349fd9 9fd840c4d037fffe2e7a46c37a6b73474f6daf5f be29b02ce82de5fd8d10eb63f799acb79d74d2f54e21f8d0a131c76e071b343c Loading...

	savefromnets.com/js/jquery-ui.min.js	ScriptElement	238 kB	2023-03-07	2025-05-06
Pretty URL savefromnets.com/js/jquery-ui.min.js IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-05-06 09:38 Times Seen862 Hash e436a692a06f26c45eca6061e44095ea f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b 7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040 Loading...

	storagelassitudeblend.com/b0352495eace3900f41cda8683d2fa42/invoke.js	ScriptElement	25 kB	2023-12-05	2023-12-05
Pretty URL storagelassitudeblend.com/b0352495eace3900f41cda8683d2fa42/invoke.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 17:07 Last Seen2023-12-05 17:07 Times Seen1 Hash 265fc1de0cbc199a79bee28654eb8ebe 63f08d0c4f3b4f601a57bdd0c9441711d242769e e6dd732788fd4c8cbbc3e7668531f5c0ee4356d91986b9ab57989736325f0c67 Loading...

	unknown	ScriptElement	145 B	2023-04-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen3 Hash b9e9200e9ba430d14874596395240368 43983f8cdf2895f5a6741bafee09e54d809d36f6 96061edaa8632fba29575cb1367be8580ccbbfda71ded9de769086b1f1408fc4 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash cab4ced043ef1b5b5211745d90282f31 99448ff9917a65289952962e3806336da1e7bc15 f92130324a76940a10f10e1daba7270c4b9b4b7f2b32ba3c73a0599dae0626d2 Loading...

	lotclergyman.com/28/1d/8b/281d8b8bc59f012afa70b91d1d56da19.js	ScriptElement	43 kB	2023-12-05	2023-12-05
Pretty URL lotclergyman.com/28/1d/8b/281d8b8bc59f012afa70b91d1d56da19.js IP 173.233.137.60 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 17:07 Last Seen2023-12-05 17:07 Times Seen1 Hash 6a7ed49911508eff27a97cc2246ecebd c48f96cee4011045a5a75436a0f9bbb3eb819811 05fb3765c44a2d98ab1214648ffbbdf879ba3d3587f78e6fc9783c3608359668 Loading...

	savefromnets.com/	ScriptElement	74 B	2023-12-04	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 16:50 Last Seen2024-08-20 16:48 Times Seen4 Hash a0dd1ee0232e264f34be893d84995aba 05d7ac13b825c70b5611020838217c7ba6f0e943 1be0c5cdeac4d0d0d408b71c8d22277095439bd1d37f95fa71100d87d9ba3423 Loading...

	www.profitabledisplayformat.com/264c9f64cf573c035742dea8f4383277/invoke.js	ScriptElement	30 kB	2023-12-04	2023-12-05
Pretty URL www.profitabledisplayformat.com/264c9f64cf573c035742dea8f4383277/invoke.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 16:50 Last Seen2023-12-05 17:07 Times Seen2 Hash 98dd2e33c848aa636034382f7cfff0ba a760aabf664317b41ae1c034732444e05221df73 dda68ec06532611b3124611564278429373e7a89fc26314c0adea4e0963f44e4 Loading...

	savefromnets.com/js/jquery.ui.touch-punch.min.js	ScriptElement	1.3 kB	2023-03-07	2025-05-07
Pretty URL savefromnets.com/js/jquery.ui.touch-punch.min.js IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-07 10:57 Times Seen348 Hash 1e0adfa6441bc911392c10e9c96e2865 0ce2410294e2f81161d82c5e4082896db287cdd7 80583b000cf3233a28609fa79cfc84bc659b98d097f8ae64852d1027dd612823 Loading...

	savefromnets.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL savefromnets.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 05:32 Times Seen341358 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	acscdn.com/script/aclib.js	ScriptElement	173 kB	2023-12-04	2024-08-20
Pretty URL acscdn.com/script/aclib.js IP 172.67.165.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 16:50 Last Seen2024-08-20 16:48 Times Seen14 Hash b5792c41da704b5a620ccd5a85d15025 2e822e9ab079b043f4fdf77fa9be8f8efdd295f5 f9f4816d19c85f1eef557f6f8cfb546627a3f7f3389e4940e84fe9a50a2b39bb Loading...

	acscdn.com/script/banner.js	ScriptElement	107 kB	2023-12-04	2024-08-20
Pretty URL acscdn.com/script/banner.js IP 172.67.165.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 16:50 Last Seen2024-08-20 16:48 Times Seen10 Hash d242bea47de9744de232a16a00fb76a5 069e2161256fa7d30b6156a52afc7c1a7b1a98e9 1e91dc879e1510408e3feb4d8324588595de2fb73d3b4b8016a7906f5b367cdc Loading...

	www.googletagmanager.com/gtag/js?id=G-R57FEEXBHL	ScriptElement	250 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-R57FEEXBHL IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 17:07 Last Seen2023-12-05 17:07 Times Seen1 Hash 9d654729dea18cef36024931a43e2c28 b17df76f77a167a970e6ad8d4cf354807245f5b2 71a5d7a9b71dfd9673209e195f196885826d78f08daa58f02bda80360a5e1958 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 05:32 Times Seen340558 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 172.64.172.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	savefromnets.com/js/jquery.min.js	ScriptElement	93 kB	2023-03-07	2025-05-09
Pretty URL savefromnets.com/js/jquery.min.js IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 04:04 Times Seen14335 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	savefromnets.com/	ScriptElement	386 B	2023-04-16	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen3 Hash aaf99cf3968ae23a54fb4fbf94035816 9c9b993fc4d1ba3b0f47fe8d0fefc9a597659a52 62eb7a8a6d2f3e14dbf3671eaf83b9deb02982e877b5478ef484d93c1d0640c0 Loading...

	acscdn.com/script/ut.js?cb=1701792435222	ScriptElement	82 kB	2023-12-04	2023-12-12
Pretty URL acscdn.com/script/ut.js?cb=1701792435222 IP 172.67.165.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 16:50 Last Seen2023-12-12 09:30 Times Seen61 Hash 1edfed807930c1dea818ac18c299154c 922ff86c6fccd84cce5f2cc1ff4be0ce5940da6e bf7f34e550f5f6bead66bbd8baa61274bf0cf3ae804661c4b441d240212b8010 Loading...

	savefromnets.com/	ScriptElement	403 B	2023-04-16	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen4 Hash 5a20bc087254ddea50adfcf8d2452605 3c27e3ca11551d68acca89ec2eeb1941da22e2fc 9843ba52e5e3d8dfae7e35cfbc16b8fac47ca2ecda5d793e33e6e98dfb0a368d Loading...

	savefromnets.com/	ScriptElement	153 B	2023-04-16	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen5 Hash 395fb512f19d721fa899d080f1a98d5d a2a26709867ba8a55fb70df6f0c1eb70c38a3875 f3bd2b9458d0429c0cb705ef0a16da48d3eb5d3eb00351767d12d436461b8ba0 Loading...

	savefromnets.com/js/bootstrap.min.js	ScriptElement	36 kB	2023-03-07	2025-04-26
Pretty URL savefromnets.com/js/bootstrap.min.js IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17 Last Seen2025-04-26 02:15 Times Seen311 Hash b6d6c550cb657155feb06fdcd34b73cb 27947c0c0fa837da9bdfdfc36f649c25f54bd1c0 267a83092a5fd6ec5fb746bce12d440abd37f1d649c072f653e17d0c800eb647 Loading...

	savefromnets.com/	ScriptElement	396 B	2023-03-07	2025-04-15
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:17 Last Seen2025-04-15 03:02 Times Seen59 Hash 0a2eeea044774d403b7ca5a01441d884 c266d1836bcd05d4b24b77647f429cce0bfaa5bc c400ddfaedf3805ec2dc31532affcca0c4a34b4a7e35a36ba3c6eb924230a4b1 Loading...

	savefromnets.com/	ScriptElement	59 kB	2023-12-04	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 16:50 Last Seen2024-08-20 16:48 Times Seen4 Hash 4ba6e15b2dadb3d36b40d185dd669bc7 24d17a3f3c906d10bdef4d04aaa3cd794d3bc1da f2dbf0ced4de76e83c58ecb9c5f908f2337c2ffa052d22c330be1e230dc12994 Loading...

	use.fontawesome.com/c6831c4d58.js	ScriptElement	9.5 kB	2023-04-16	2024-08-20
Pretty URL use.fontawesome.com/c6831c4d58.js IP 172.64.140.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen5 Hash 892cac5bd0fb5250e91ee1cab7e573d5 50d3b6dbf0e83085cdbff88e88add3d6ad778c1c 97a1431c5840d68438e745fd8b47268d38444ffc5de79b2570af0bf132e4be28 Loading...

	savefromnets.com/js/modernizr.min.js	ScriptElement	15 kB	2023-03-07	2025-05-07
Pretty URL savefromnets.com/js/modernizr.min.js IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-07 22:25 Times Seen309 Hash da2c1b8dc967ad0e19eb25638216cdc6 31b4a3d08be6d586d1f96a07e03ec6f250517f4c 0b2a741489fb323cd96e2b546693ca1fc7151cfa0f2111eee4dd512e6b359941 Loading...

	nossairt.net/tag.min.js	ScriptElement	81 kB	2023-12-05	2023-12-06
Pretty URL nossairt.net/tag.min.js IP 139.45.197.238 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 16:17 Last Seen2023-12-06 16:27 Times Seen28 Hash 20bfd0fb50dd41c960911f2e18a89ba7 398d0addd9eb7d82090ae7de7c89b237379150d8 2c8669e1a3ee4da3132e73f02c27ff2139c8b5fe0dd429f78af173a6253f6fed Loading...

	cdn.jsdelivr.net/gh/Arlina-Design/quasar@master/arlinablock.js	ScriptElement	91 kB	2023-03-07	2025-04-15
Pretty URL cdn.jsdelivr.net/gh/Arlina-Design/quasar@master/arlinablock.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17 Last Seen2025-04-15 03:02 Times Seen110 Hash 2b77703699738a0afe4785cb1b853a75 27b1ae11bc11f614ed04ed5221ca3203775d1f0f 7479748bad5793b25b90b43aec31d698a6dc56b094c4b5d26ac884bce952931c Loading...

	savefromnets.com/sandbox%20eval%20code		128 B	2023-05-06	2025-05-09
Pretty URL savefromnets.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-09 04:29 Times Seen24326 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	savefromnets.com/	ScriptElement	446 B	2023-12-04	2024-08-20
Pretty URL savefromnets.com/ IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 16:50 Last Seen2024-08-20 16:48 Times Seen4 Hash fed64e8ccf6a2ebb129154f9607ecdda 472e3310fa948b8a8725e6ef22206f171a8d0cb3 e897f0445113b8e90a74f8cff6aa0d45efbf9ccd1d6575b40a8f433ead1fae45 Loading...

	savefromnets.com/js/navbar_language_fix.js	ScriptElement	2.1 kB	2023-04-16	2024-08-20
Pretty URL savefromnets.com/js/navbar_language_fix.js IP 104.21.22.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen4 Hash 3fe91723eef22d2f84712d173b3dabdd 185e1d339a669c0b7221ab1759f78391ff151497 9fc650beccb762a9b1df9cde1e7244ded5c308c30f3662b0e79aa7890a355a58 Loading...

	www.profitabledisplaycontent.com/b4/c4/22/b4c4227f43a96a93ff53aa54f93f0019.js	ScriptElement	60 kB	2023-12-05	2023-12-05
Pretty URL www.profitabledisplaycontent.com/b4/c4/22/b4c4227f43a96a93ff53aa54f93f0019.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 17:07 Last Seen2023-12-05 17:07 Times Seen1 Hash ceba0259b81ff6ab41b79279adf3d07f 7b46d298fd91d81a3e9fc2721fc15d680098cacf 0ddb134f5f0e565da653c25f1293a74b49f8b0ab217ae83ea558b2483bf72839 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-05-09
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-09 04:29 Times Seen24117 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

		Size	First Seen	Last Seen
	#1 Eval - f2f03474114723a1fc37480c6cc49b3c	2.1 kB	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash f2f03474114723a1fc37480c6cc49b3c 596ec7e1d5dd732fe1278f94feba40c359cec7d4 1da2adb858afb40347315fa7ec5b43b5b359315ceb563f330eae6ce9cf50e8fa Loading...

		Size	First Seen	Last Seen
	#1 Write - e572c7e68e010a9fa9eebfc40d0b9df0	129 B	2023-04-16 18:16	2024-08-20 16:48
Pretty Observations First Seen2023-04-16 18:16 Last Seen2024-08-20 16:48 Times Seen3 Hash e572c7e68e010a9fa9eebfc40d0b9df0 7f479426f8fcedd42e4d356601831ad223106e1a 20ae8b20067ec444bb97d3a4815c577862898e86e405114afe3cb2b5d5dfea8d Loading...

HTTP Transactions (62)

URL IP Response Size

savefromnets.com/css/images/liveGF.gif

104.21.22.70

200 OK

241 kB

URL GET HTTP/3
savefromnets.com/css/images/liveGF.gif
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
GIF image data, version 89a, 320 x 240\012- data
Size
241 kB (240627 bytes)
Hash
8b4efd144722894ad2dd53dac381a72c
5200e656059a9194e3ff207187aba269fc5fc9bf
db950e8e7762c847b4ede8ef12b2b5b173e5807a8555ff387a54edfca06bb642

HTTP Headers

GET /css/images/liveGF.gif HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: image/gif
content-length: 240627
last-modified: Mon, 04 Dec 2023 07:16:44 GMT
etag: "3abf3-60ba9e67a38bc"
cache-control: max-age=2592000
expires: Wed, 03 Jan 2024 07:17:48 GMT
cf-cache-status: HIT
age: 87448
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQn4me7smhaTXIT0ShAMbISOGJflmLG2tFpkq21WeIwtN2R1uEOg%2FEfGvDgTtB606hVrofvfn0uurl%2FnkgdhX2wZi4cakPGkYWSaZVnqnLs154FjRpnxeArPlTDRzNfnoNT5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a58ca9fb50f-OSL
alt-svc: h3=":443"; ma=86400

savefromnets.com/css/images/movieflims-streaming.jpg

104.21.22.70

200 OK

11 kB

URL GET HTTP/3
savefromnets.com/css/images/movieflims-streaming.jpg
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x60, components 3\012- data
Size
11 kB (11442 bytes)
Hash
264552be95312c2fd2dd58a7b4e28634
bc81e9654ab4c83b1d20ff20986a3cb5bc9b3a39
954f3c44424c943e1b5d6d1a3dbc0e11b3f5724dc30e32962c715548b1376963

HTTP Headers

GET /css/images/movieflims-streaming.jpg HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: image/jpeg
content-length: 11442
last-modified: Fri, 10 Mar 2023 12:36:35 GMT
etag: "2cb2-5f68b03037ac0"
cache-control: max-age=2592000
expires: Fri, 01 Dec 2023 06:16:03 GMT
cf-cache-status: HIT
age: 1048386
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QksROwkGs2tRB3Mj9EDYorqaQD6pMzecvUmiOUib%2F4En57iIeejrkeglYG1DnWOLL9GNhvFkGqEsN8RVMp8HdA87AzTy6jzxN18Z%2F9kf9qfoaWDj9xRCpKed3UbIWez2Enl6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a58daaab50f-OSL
alt-svc: h3=":443"; ma=86400

acscdn.com/script/aclib.js

172.67.165.20

200 OK

53 kB

URL GET HTTP/2
acscdn.com/script/aclib.js
IP
172.67.165.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectacscdn.com
FingerprintAA:F8:50:9E:3E:B3:E7:D9:8E:7B:8D:2D:35:4D:33:15:6A:34:04:62
ValidityThu, 02 Nov 2023 07:42:44 GMT - Wed, 31 Jan 2024 07:42:43 GMT

File type
Unicode text, UTF-8 text, with very long lines (65436)
Size
53 kB (53282 bytes)
Hash
b5792c41da704b5a620ccd5a85d15025
2e822e9ab079b043f4fdf77fa9be8f8efdd295f5
f9f4816d19c85f1eef557f6f8cfb546627a3f7f3389e4940e84fe9a50a2b39bb

HTTP Headers

GET /script/aclib.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPojYB1EqBukFDtMsmygleTHwQr1Kw0E94wfdOYi6nqNuRmts2WIlSP5-V8RAB9k9ps9jWI
x-goog-generation: 1701698017973321
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 172787
x-goog-hash: crc32c=13hwkw==, md5=tXksQdpwS1piDM1ahdFQJQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Tue, 05 Dec 2023 15:51:10 GMT
cache-control: public, max-age=3600
last-modified: Mon, 04 Dec 2023 13:53:38 GMT
etag: W/"b5792c41da704b5a620ccd5a85d15025"
age: 3175
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2B9%2Bhgr0Mf98%2FknJfNC2BSL8SogZizemwgGRRsCBlYTBBjzP4ycezLVIfC2WOfUBvPJsbSJeMpKXAoFXdRBTrLdI%2FfGDFtui1wR1Nqf2uRWI%2BTaxOwAODUwi3vyJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a590ed4712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-R57FEEXBHL

142.250.74.168

200 OK

86 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-R57FEEXBHL
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (3034)
Size
86 kB (86188 bytes)
Hash
9d654729dea18cef36024931a43e2c28
b17df76f77a167a970e6ad8d4cf354807245f5b2
71a5d7a9b71dfd9673209e195f196885826d78f08daa58f02bda80360a5e1958

HTTP Headers

GET /gtag/js?id=G-R57FEEXBHL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 16:07:09 GMT
expires: Tue, 05 Dec 2023 16:07:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86188
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CgjfnNjantGU3B5-GH0dEdHP3xP.cd9%252CZNJFmLGUeyb-xbioBvej9sgJTACvrxeu7WfSIVIj7t4GltJL0fF4LpkhV14odfXI57Q9Hly2Ulaf3SZzzqzP8yohps3BpOK2ZVgEZK5PNbWQJyIsAfe2Q-anxyAJlWvKMYL8Y6VSR_vS8VAAAHypqqsPWsPB3D-ZH7trbANDWuJZOW8JvQdU8lo-ulDtl0g2f1kaChs-o9T40HD_9JS2ubOsjUi-_xbB6y39nAB_pV97SI8xuOhEDRD8lQARGRTSjxcFkf2GKrvtMYIjBxIi4fgt1_8FTkE8CzAwvPy45C6Lmp4tidCNqHu7J34fXtIGAkyBQifD7IXyjTO40kMJsAFAPeH07qLNXfwi2oLpCMWRSia1kJlsBew3tBn1NPKJjpKygr4Q8LIpNJhQvPg-jiDzN3yb053WAtVidBikG8y5HLBJJlTQarSD96B7qtcIc6HnMZvmUmRFDTVVJOEtefkHtwAzqorV0lET7KnL3NNOwHP-kg9qzX9xrU8852flRaCLJDN57c77QdnUqL7QYRla5FwGZo6KsM-iEn8Rs9iqiLUJMuQaJBwOaQUb0BgjBVveBJdIWx685WWRnBJ3Ew%252C%252C

172.64.197.7

204 No Content

0 B

URL GET HTTP/3
youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CgjfnNjantGU3B5-GH0dEdHP3xP.cd9%252CZNJFmLGUeyb-xbioBvej9sgJTACvrxeu7WfSIVIj7t4GltJL0fF4LpkhV14odfXI57Q9Hly2Ulaf3SZzzqzP8yohps3BpOK2ZVgEZK5PNbWQJyIsAfe2Q-anxyAJlWvKMYL8Y6VSR_vS8VAAAHypqqsPWsPB3D-ZH7trbANDWuJZOW8JvQdU8lo-ulDtl0g2f1kaChs-o9T40HD_9JS2ubOsjUi-_xbB6y39nAB_pV97SI8xuOhEDRD8lQARGRTSjxcFkf2GKrvtMYIjBxIi4fgt1_8FTkE8CzAwvPy45C6Lmp4tidCNqHu7J34fXtIGAkyBQifD7IXyjTO40kMJsAFAPeH07qLNXfwi2oLpCMWRSia1kJlsBew3tBn1NPKJjpKygr4Q8LIpNJhQvPg-jiDzN3yb053WAtVidBikG8y5HLBJJlTQarSD96B7qtcIc6HnMZvmUmRFDTVVJOEtefkHtwAzqorV0lET7KnL3NNOwHP-kg9qzX9xrU8852flRaCLJDN57c77QdnUqL7QYRla5FwGZo6KsM-iEn8Rs9iqiLUJMuQaJBwOaQUb0BgjBVveBJdIWx685WWRnBJ3Ew%252C%252C
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/i.php?t=1&stamat=m%257C%252C%252CgjfnNjantGU3B5-GH0dEdHP3xP.cd9%252CZNJFmLGUeyb-xbioBvej9sgJTACvrxeu7WfSIVIj7t4GltJL0fF4LpkhV14odfXI57Q9Hly2Ulaf3SZzzqzP8yohps3BpOK2ZVgEZK5PNbWQJyIsAfe2Q-anxyAJlWvKMYL8Y6VSR_vS8VAAAHypqqsPWsPB3D-ZH7trbANDWuJZOW8JvQdU8lo-ulDtl0g2f1kaChs-o9T40HD_9JS2ubOsjUi-_xbB6y39nAB_pV97SI8xuOhEDRD8lQARGRTSjxcFkf2GKrvtMYIjBxIi4fgt1_8FTkE8CzAwvPy45C6Lmp4tidCNqHu7J34fXtIGAkyBQifD7IXyjTO40kMJsAFAPeH07qLNXfwi2oLpCMWRSia1kJlsBew3tBn1NPKJjpKygr4Q8LIpNJhQvPg-jiDzN3yb053WAtVidBikG8y5HLBJJlTQarSD96B7qtcIc6HnMZvmUmRFDTVVJOEtefkHtwAzqorV0lET7KnL3NNOwHP-kg9qzX9xrU8852flRaCLJDN57c77QdnUqL7QYRla5FwGZo6KsM-iEn8Rs9iqiLUJMuQaJBwOaQUb0BgjBVveBJdIWx685WWRnBJ3Ew%252C%252C HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:07:09 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Rjz3S0VJJhVWeaKqygRf%2Boi2SwY5OJVc3Gr2ncFYi0oEJmSshuRA5IFSqgvVeTqnhtf6HZMdIb99put%2FRXgJPgks3RQsODPv3%2FyysjNUUS2urdkiPnbILJxDjKucU1nMnxNG2E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5e089223c0-LHR
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CAiJqI2IuoGU3B5-GH0dEdHP3xP.28d%252C9n-jKSPn1OS-qLtWBFXqYSWepEv-zO7XY0hk4tGsJ2R0aVvkrKziSSQxxb6vsmv_jfpNcZZ1I4WWnUNijYOhAfWvu0QuYpiPunQscJG8Jxl8lRNNJs4aQSUWOEwnSY7y480IEh2D3eixPsvBvTD64XsJkyIgvQ7OC4vaWU_tOFWJjwxkBsVssNhE3p6F31CDWWufI4XTJX_UytRXWEDXq0odsk8dDg7j2rZimoFNazKs_jVC9CGbL8oUkLjq9Mo-0-Yp9bTUQCv1J5C-N_aSiBbM65yibR64gvf8wIaJXMuNZALUjPS2_DWZ14-gMIwT0vPoat4bAEmm7Jj-XUglXqlEsct-943_FHStOc3Zf77zn9szUd8HoTxKALqSxqYbZQOF8XeBTIulYwxMW2YRbiOBDOToxlmIycBRsH4kCatzjWnIwXfq_lSjcbTdLOPdGwi7Cuc6uJta_jwhItKxirFovwpSmt74LBu2Nt0eM7AVdJVqmdsM4CY2-Q96fo_RXfbHAuUcEAXMVCFDI7FMg42VRBwTti39ZHuC_tjEYQFqpNqgilYMQ3sSlvdplZgYC5ouIhU35b4KKHlavqrEVA%252C%252C

172.64.197.7

204 No Content

0 B

URL GET HTTP/3
youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CAiJqI2IuoGU3B5-GH0dEdHP3xP.28d%252C9n-jKSPn1OS-qLtWBFXqYSWepEv-zO7XY0hk4tGsJ2R0aVvkrKziSSQxxb6vsmv_jfpNcZZ1I4WWnUNijYOhAfWvu0QuYpiPunQscJG8Jxl8lRNNJs4aQSUWOEwnSY7y480IEh2D3eixPsvBvTD64XsJkyIgvQ7OC4vaWU_tOFWJjwxkBsVssNhE3p6F31CDWWufI4XTJX_UytRXWEDXq0odsk8dDg7j2rZimoFNazKs_jVC9CGbL8oUkLjq9Mo-0-Yp9bTUQCv1J5C-N_aSiBbM65yibR64gvf8wIaJXMuNZALUjPS2_DWZ14-gMIwT0vPoat4bAEmm7Jj-XUglXqlEsct-943_FHStOc3Zf77zn9szUd8HoTxKALqSxqYbZQOF8XeBTIulYwxMW2YRbiOBDOToxlmIycBRsH4kCatzjWnIwXfq_lSjcbTdLOPdGwi7Cuc6uJta_jwhItKxirFovwpSmt74LBu2Nt0eM7AVdJVqmdsM4CY2-Q96fo_RXfbHAuUcEAXMVCFDI7FMg42VRBwTti39ZHuC_tjEYQFqpNqgilYMQ3sSlvdplZgYC5ouIhU35b4KKHlavqrEVA%252C%252C
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/i.php?t=1&stamat=m%257C%252C%252CAiJqI2IuoGU3B5-GH0dEdHP3xP.28d%252C9n-jKSPn1OS-qLtWBFXqYSWepEv-zO7XY0hk4tGsJ2R0aVvkrKziSSQxxb6vsmv_jfpNcZZ1I4WWnUNijYOhAfWvu0QuYpiPunQscJG8Jxl8lRNNJs4aQSUWOEwnSY7y480IEh2D3eixPsvBvTD64XsJkyIgvQ7OC4vaWU_tOFWJjwxkBsVssNhE3p6F31CDWWufI4XTJX_UytRXWEDXq0odsk8dDg7j2rZimoFNazKs_jVC9CGbL8oUkLjq9Mo-0-Yp9bTUQCv1J5C-N_aSiBbM65yibR64gvf8wIaJXMuNZALUjPS2_DWZ14-gMIwT0vPoat4bAEmm7Jj-XUglXqlEsct-943_FHStOc3Zf77zn9szUd8HoTxKALqSxqYbZQOF8XeBTIulYwxMW2YRbiOBDOToxlmIycBRsH4kCatzjWnIwXfq_lSjcbTdLOPdGwi7Cuc6uJta_jwhItKxirFovwpSmt74LBu2Nt0eM7AVdJVqmdsM4CY2-Q96fo_RXfbHAuUcEAXMVCFDI7FMg42VRBwTti39ZHuC_tjEYQFqpNqgilYMQ3sSlvdplZgYC5ouIhU35b4KKHlavqrEVA%252C%252C HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:07:09 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EuU9zeT9HwCaLCU4U6KkRH8r8eRpqhkruNwUxJqvyoo%2FW2bg7ql%2ByRVpT%2Fi8vsKof8QVfX4vQ1cpYP%2FBz9tW9lvi4e7uw47T0EdKS23FgklO4E0kVxLV7nKQRgkfZxPayEMNw8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5e089523c0-LHR
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CAhIq4jOmtGU3B5-GH0dEdHP3xP.b74%252C9JdRjep3hDxejPTGtFwBHjJGqUMdKP6WkOXx64po992OQKFkfeJ7IO8GDa-fK7sbqkEtld72h41ak_S6Ej1NrxWRDyE4U2sVaoOKd24NUyheRugTu_eHJH-hejlE3CmNBCgvMu16s3-GRr4sLi31PoQMufhIUnys26__0TyF2xrgQ51P4VrIjzncR3CR3fOUgMQhexLGKqNLa1h4VMimvQZkz3Qn_3Hahlx7Kv0N7wW6Zovw8tzPv_2zeQZx3YkcE5g-IwvGUv-0IEp7i4TT_lbdIxxX6nxvmH9baERsLOPgl-Eg93cCy0qEq_EUG0e2qFczd1xRoSQMPGbGLPxW8XiRA8z3tg7_Urk6NiOC4nGPUC-I4fQhYBJOirtq68IBl1wyEchXV-zbBiw-M9ZGYZ7d38xAgcTKLkvPueNXZBZ_CATzUrajIDPMDB5EaNZMFn3GnWzj9j8qKr55yPgOPOrK7MSMgJRGAuEoMQ-v7RNQ-qo91e_p2J5v6Q2WQBW7xGll2o-IWTRjGALL-zQRpXK13Z5OkHMgHgDELx0EQdH07eDVX2veWg9Q2RJm8bsz5Y9TQ2BVoL2vfZX2sbateQ%252C%252C

172.64.197.7

204 No Content

0 B

URL GET HTTP/3
youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CAhIq4jOmtGU3B5-GH0dEdHP3xP.b74%252C9JdRjep3hDxejPTGtFwBHjJGqUMdKP6WkOXx64po992OQKFkfeJ7IO8GDa-fK7sbqkEtld72h41ak_S6Ej1NrxWRDyE4U2sVaoOKd24NUyheRugTu_eHJH-hejlE3CmNBCgvMu16s3-GRr4sLi31PoQMufhIUnys26__0TyF2xrgQ51P4VrIjzncR3CR3fOUgMQhexLGKqNLa1h4VMimvQZkz3Qn_3Hahlx7Kv0N7wW6Zovw8tzPv_2zeQZx3YkcE5g-IwvGUv-0IEp7i4TT_lbdIxxX6nxvmH9baERsLOPgl-Eg93cCy0qEq_EUG0e2qFczd1xRoSQMPGbGLPxW8XiRA8z3tg7_Urk6NiOC4nGPUC-I4fQhYBJOirtq68IBl1wyEchXV-zbBiw-M9ZGYZ7d38xAgcTKLkvPueNXZBZ_CATzUrajIDPMDB5EaNZMFn3GnWzj9j8qKr55yPgOPOrK7MSMgJRGAuEoMQ-v7RNQ-qo91e_p2J5v6Q2WQBW7xGll2o-IWTRjGALL-zQRpXK13Z5OkHMgHgDELx0EQdH07eDVX2veWg9Q2RJm8bsz5Y9TQ2BVoL2vfZX2sbateQ%252C%252C
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/i.php?t=1&stamat=m%257C%252C%252CAhIq4jOmtGU3B5-GH0dEdHP3xP.b74%252C9JdRjep3hDxejPTGtFwBHjJGqUMdKP6WkOXx64po992OQKFkfeJ7IO8GDa-fK7sbqkEtld72h41ak_S6Ej1NrxWRDyE4U2sVaoOKd24NUyheRugTu_eHJH-hejlE3CmNBCgvMu16s3-GRr4sLi31PoQMufhIUnys26__0TyF2xrgQ51P4VrIjzncR3CR3fOUgMQhexLGKqNLa1h4VMimvQZkz3Qn_3Hahlx7Kv0N7wW6Zovw8tzPv_2zeQZx3YkcE5g-IwvGUv-0IEp7i4TT_lbdIxxX6nxvmH9baERsLOPgl-Eg93cCy0qEq_EUG0e2qFczd1xRoSQMPGbGLPxW8XiRA8z3tg7_Urk6NiOC4nGPUC-I4fQhYBJOirtq68IBl1wyEchXV-zbBiw-M9ZGYZ7d38xAgcTKLkvPueNXZBZ_CATzUrajIDPMDB5EaNZMFn3GnWzj9j8qKr55yPgOPOrK7MSMgJRGAuEoMQ-v7RNQ-qo91e_p2J5v6Q2WQBW7xGll2o-IWTRjGALL-zQRpXK13Z5OkHMgHgDELx0EQdH07eDVX2veWg9Q2RJm8bsz5Y9TQ2BVoL2vfZX2sbateQ%252C%252C HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:07:09 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVFxzWR%2FpfM0%2Fls%2Fs64vwmFCGHGHMmRvt6rVmyH5KRe6nAwpqtmgb96t2HS2wqP%2FCHJm5JleWSja%2B9nyW%2FrlquU25doB%2FZLy3FREQ8lzvJBMct3l62SaqlDSpXtTFLSdDf3EOGk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5e690823c0-LHR
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CAjZ7IjLyoGU3B5-GH0dEdHP3xP.def%252CMCjuMcDPQISLP7In-LvoB7JZo-FbSINhPqq4W5OBbULQXEIbb3Sa_Azp8tYQvNPzMP1P4C88CDWxIVlyn28gjmbnqyFhxGGh_8yweGL4Pk-nwe4vZcrKKe8B8lr0JRU5yunftzX27cl6y0QVzy4g4RZF_FDI46udcJvBPNwNy7RM5zyqSAahnfi6ljrDit4ZSJhEeZeeEphcjrqd0B6my8oNiXH5GMTC_3PIk5ADa-NDu50YZOhOv5qy7CswnO-nibOp7S4bZNoQaRlBIyDMDwyEaiSGtKcyFwxlz7Zcv5CgHQ-qKbbIumpcefrK4Xyq_ZgJvOQKrIkfiWmCF7BZZSMEMe8eMoMmFQSFte7WYCdMihbmsBZ0_DDWjDMAJvbenVawONiYSxrFr3Jpk8rKWUESOpuhBXnoJSH9JzywfRfzfw18zr6gKBUrPwLZ2rnMYeJBG66eSzdViTz3xEvVSHWHLFy_gIKaBamm5Y9NUJPLm7-rIM1eQ73w3e_XE7tJTwLYZU4iic18azByNGM_A-WmzOLe78OdHi8umiaKswogu6Ehv0JwqMIAGisGzTX85LVV3PS1Z7Cwdvza_lATcg%252C%252C

172.64.197.7

204 No Content

0 B

URL GET HTTP/3
youradexchange.com/script/i.php?t=1&stamat=m%257C%252C%252CAjZ7IjLyoGU3B5-GH0dEdHP3xP.def%252CMCjuMcDPQISLP7In-LvoB7JZo-FbSINhPqq4W5OBbULQXEIbb3Sa_Azp8tYQvNPzMP1P4C88CDWxIVlyn28gjmbnqyFhxGGh_8yweGL4Pk-nwe4vZcrKKe8B8lr0JRU5yunftzX27cl6y0QVzy4g4RZF_FDI46udcJvBPNwNy7RM5zyqSAahnfi6ljrDit4ZSJhEeZeeEphcjrqd0B6my8oNiXH5GMTC_3PIk5ADa-NDu50YZOhOv5qy7CswnO-nibOp7S4bZNoQaRlBIyDMDwyEaiSGtKcyFwxlz7Zcv5CgHQ-qKbbIumpcefrK4Xyq_ZgJvOQKrIkfiWmCF7BZZSMEMe8eMoMmFQSFte7WYCdMihbmsBZ0_DDWjDMAJvbenVawONiYSxrFr3Jpk8rKWUESOpuhBXnoJSH9JzywfRfzfw18zr6gKBUrPwLZ2rnMYeJBG66eSzdViTz3xEvVSHWHLFy_gIKaBamm5Y9NUJPLm7-rIM1eQ73w3e_XE7tJTwLYZU4iic18azByNGM_A-WmzOLe78OdHi8umiaKswogu6Ehv0JwqMIAGisGzTX85LVV3PS1Z7Cwdvza_lATcg%252C%252C
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/i.php?t=1&stamat=m%257C%252C%252CAjZ7IjLyoGU3B5-GH0dEdHP3xP.def%252CMCjuMcDPQISLP7In-LvoB7JZo-FbSINhPqq4W5OBbULQXEIbb3Sa_Azp8tYQvNPzMP1P4C88CDWxIVlyn28gjmbnqyFhxGGh_8yweGL4Pk-nwe4vZcrKKe8B8lr0JRU5yunftzX27cl6y0QVzy4g4RZF_FDI46udcJvBPNwNy7RM5zyqSAahnfi6ljrDit4ZSJhEeZeeEphcjrqd0B6my8oNiXH5GMTC_3PIk5ADa-NDu50YZOhOv5qy7CswnO-nibOp7S4bZNoQaRlBIyDMDwyEaiSGtKcyFwxlz7Zcv5CgHQ-qKbbIumpcefrK4Xyq_ZgJvOQKrIkfiWmCF7BZZSMEMe8eMoMmFQSFte7WYCdMihbmsBZ0_DDWjDMAJvbenVawONiYSxrFr3Jpk8rKWUESOpuhBXnoJSH9JzywfRfzfw18zr6gKBUrPwLZ2rnMYeJBG66eSzdViTz3xEvVSHWHLFy_gIKaBamm5Y9NUJPLm7-rIM1eQ73w3e_XE7tJTwLYZU4iic18azByNGM_A-WmzOLe78OdHi8umiaKswogu6Ehv0JwqMIAGisGzTX85LVV3PS1Z7Cwdvza_lATcg%252C%252C HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 16:07:09 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1RYGpG4HJKHKz0zAHKQ8Xt9d%2FHPKuh%2BIkkOdrJtvGxVump7h8j5azji2tM8esASIB4CdTc%2FKh2su1knteoDt3bX7sEEv9N1%2Fe%2B8ixF43OiGT%2BWAOqNUq0in2EZew1fwCVenvuk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5e690a23c0-LHR
alt-svc: h3=":443"; ma=86400

savefromnets.com/js/jquery.ui.touch-punch.min.js

104.21.22.70

200 OK

12 kB

URL GET HTTP/3
savefromnets.com/js/jquery.ui.touch-punch.min.js
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
Unicode text, UTF-8 text, with very long lines (1090), with CRLF line terminators
Size
12 kB (11525 bytes)
Hash
1e0adfa6441bc911392c10e9c96e2865
0ce2410294e2f81161d82c5e4082896db287cdd7
80583b000cf3233a28609fa79cfc84bc659b98d097f8ae64852d1027dd612823

HTTP Headers

GET /js/jquery.ui.touch-punch.min.js HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: application/javascript
last-modified: Sun, 22 Feb 2015 15:13:48 GMT
etag: W/"515-50faebb7fe300-gzip"
cache-control: max-age=604800
expires: Wed, 06 Dec 2023 03:33:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 87448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Pyf9hts7X89yjqLAbqNDvkfBwXkNo87AiDw4sUzNHryhPCbyriOrLWL3%2F2i3ggQu9YAe8lXUJa%2Fjib9S1ZxK3KaHil%2BBGhTsZMEjSOaqJrPDxqD4MyFn2ZJCOa0ztskHDlc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58eab5b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

storagelassitudeblend.com/b0352495eace3900f41cda8683d2fa42/invoke.js

173.233.137.52

200 OK

9.3 kB

URL GET HTTP/1.1
storagelassitudeblend.com/b0352495eace3900f41cda8683d2fa42/invoke.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectstoragelassitudeblend.com
Fingerprint67:81:3F:73:C7:E9:75:84:EE:41:15:6B:66:FF:A2:B5:E3:3D:BC:FC
ValidityFri, 03 Nov 2023 07:08:09 GMT - Thu, 01 Feb 2024 07:08:08 GMT

File type
Unicode text, UTF-8 text, with very long lines (25130), with no line terminators
Size
9.3 kB (9325 bytes)
Hash
265fc1de0cbc199a79bee28654eb8ebe
63f08d0c4f3b4f601a57bdd0c9441711d242769e
e6dd732788fd4c8cbbc3e7668531f5c0ee4356d91986b9ab57989736325f0c67

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b0352495eace3900f41cda8683d2fa42/invoke.js HTTP/1.1
Host: storagelassitudeblend.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e332118ddb7ace53ed3ee4fc716c9662
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

savefromnets.com/

104.21.22.70

200 OK

0 B

URL User Request GET HTTP/2
savefromnets.com/
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vhOavOLnDpCGSD76Yx76t%2FeO2aujw%2Bn8BP8V7JkeIzKkWZy8R7N19puHDCLYVJ%2FmD7WfXjwsiQUMTUE%2FWB8TczEKw8J5tukFIPzvCSmmeDSyttkxJbcMWJhmoPbqiSVMp3AU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a604be6b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
24a776b1f2e9d3fff472472cff5e9b16
38a6b9ce7b18c9204f5ace875325ca74c863d1a9
108f3caa2c7db8c122fcea5f02f4f0f1e058d4da8e913dc2b4e8ace4e5a50e81

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 05 Dec 2023 16:07:10 GMT
Last-Modified: Tue, 05 Dec 2023 14:34:59 GMT
Server: ECAcc (ska/F7A7)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ysLYpWd3zK3R75GEY3VER4AL9JYPWxVSLIzY_YgzimUNzCj_cjg50Q==
Age: 5531

proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://savefromnets.com/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c8029a946e321c309f600c6e23181bca
e5bd4c95b71d30ad2839f46976d64c7b22cf343c
fef5581e14df35dd191efa01e88306a53a29664abf39352e8b1dd8b46899c195

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://savefromnets.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=32afe120-6ebc-454d-ac7c-5db5af68eb76:2:1; expires=Fri, 02 Dec 2033 16:07:10 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

use.fontawesome.com/c6831c4d58.css

172.64.140.13

200 OK

863 B

URL GET HTTP/2
use.fontawesome.com/c6831c4d58.css
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text
Size
863 B (863 bytes)
Hash
0683b45009a4ed5e8b4dec74469f1c9a
425be56ec963de9ba0c3ce9725412168806aac54
0fece82b64e04e4420d976200e434f796ddcf338ee7b4a7da07d882be95e40c9

HTTP Headers

GET /c6831c4d58.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: text/css
etag: W/"0683b45009a4ed5e8b4dec74469f1c9a"
last-modified: Fri, 22 Sep 2023 01:26:30 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3195
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PlKk3lgII9blC9n0228o4wNW2J5m%2Fn%2FH4nJKnTdQft%2BQ5C%2BUtmSEwDjyiy8kJcSKwZS9JGepMcGV4X%2F3h6cwaEoBI2yqRvhXbk9f%2FU9aoMboVhH%2FHyEE1YDlSFSm0ic38jh3hjxJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a60dc7223fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://savefromnets.com/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c8029a946e321c309f600c6e23181bca
e5bd4c95b71d30ad2839f46976d64c7b22cf343c
fef5581e14df35dd191efa01e88306a53a29664abf39352e8b1dd8b46899c195

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: uid_id2=32afe120-6ebc-454d-ac7c-5db5af68eb76:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://savefromnets.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

nossairt.net/tag.min.js

139.45.197.238

200 OK

26 kB

URL GET HTTP/2
nossairt.net/tag.min.js
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectnossairt.net
Fingerprint17:8C:0F:06:91:F3:CD:5F:A6:BB:CB:C8:33:40:E4:95:72:24:A7:9C
ValidityWed, 29 Nov 2023 05:16:21 GMT - Tue, 27 Feb 2024 05:16:20 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25672 bytes)
Hash
20bfd0fb50dd41c960911f2e18a89ba7
398d0addd9eb7d82090ae7de7c89b237379150d8
2c8669e1a3ee4da3132e73f02c27ff2139c8b5fe0dd429f78af173a6253f6fed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: text/javascript; charset=utf-8
content-length: 25672
content-encoding: br
x-trace-id: 9eef7fa789e8f16655609f9604304973
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Tue, 05 Dec 2023 14:45:18 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pubtrky.com/ut/hb.php?cb=0.8059348907897118&v=1

104.21.8.108

204 No Content

0 B

URL POST HTTP/2
pubtrky.com/ut/hb.php?cb=0.8059348907897118&v=1
IP
104.21.8.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectpubtrky.com
FingerprintA5:A1:14:4B:51:48:70:73:A4:B5:3C:89:63:1B:21:45:6C:F5:96:8E
ValidityTue, 21 Nov 2023 10:09:43 GMT - Mon, 19 Feb 2024 10:09:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ut/hb.php?cb=0.8059348907897118&v=1 HTTP/1.1
Host: pubtrky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 1256
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Tue, 05 Dec 2023 16:07:10 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Wgg%2Bv9o2syVLZu4KP%2F00pVlp%2FjvFYdTSSj4P21lbgyIV8EBXuLEPPoonlfMb7y0HLT78644zGICDKI20LaBOFyV%2Fs78CDwEC8Ci2OI%2Bfd%2BPTOTapf1pe%2FoPpKhFqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a623b5656ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.profitabledisplaycontent.com/b4/c4/22/b4c4227f43a96a93ff53aa54f93f0019.js

173.233.137.36

200 OK

24 kB

URL GET HTTP/1.1
www.profitabledisplaycontent.com/b4/c4/22/b4c4227f43a96a93ff53aa54f93f0019.js
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subject*.profitabledisplaycontent.com
Fingerprint5B:BD:54:33:2B:86:AB:1A:82:90:2C:D6:FE:04:C7:39:78:8E:80:0E
ValidityFri, 01 Dec 2023 06:55:29 GMT - Thu, 29 Feb 2024 06:55:28 GMT

File type
ASCII text, with very long lines (59888)
Size
24 kB (23559 bytes)
Hash
ceba0259b81ff6ab41b79279adf3d07f
7b46d298fd91d81a3e9fc2721fc15d680098cacf
0ddb134f5f0e565da653c25f1293a74b49f8b0ab217ae83ea558b2483bf72839

HTTP Headers

GET /b4/c4/22/b4c4227f43a96a93ff53aa54f93f0019.js HTTP/1.1
Host: www.profitabledisplaycontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_AN-1159_new=1; expires=Sat, 09 Dec 2023 20:07:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f05904e77bc89f52283d4138c74bcb88
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

nossairt.net/5/6596574/?oo=1&aab=1

139.45.197.238

200 OK

78 kB

URL GET HTTP/2
nossairt.net/5/6596574/?oo=1&aab=1
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectnossairt.net
Fingerprint17:8C:0F:06:91:F3:CD:5F:A6:BB:CB:C8:33:40:E4:95:72:24:A7:9C
ValidityWed, 29 Nov 2023 05:16:21 GMT - Tue, 27 Feb 2024 05:16:20 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
78 kB (78512 bytes)
Hash
76dd30eca53df65f00fbf9cb4d777ee6
6f74de3616dd8fd01ac61b9393cea068a5f97762
d0acb7880eb2b377d4babcf00eaeb3fdb023219907769d2d9c5864eaa0470797

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6596574/?oo=1&aab=1 HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: application/json
x-trace-id: 317fdb4f11ee5ea3b049599685c55156
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://savefromnets.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=efea478599514ca0a5d7d0656e62988e; expires=Wed, 04 Dec 2024 16:07:10 GMT; path=/; secure; SameSite=None
oaidts=1701792430; expires=Wed, 04 Dec 2024 16:07:10 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

173.233.137.36

307 Temporary Redirect

0 B

URL GET HTTP/1.1
www.profitabledisplaycontent.com/watch.820347976074.js?key=264c9f64cf573c035742dea8f4383277&kw=%5B%22online%22%2C%22converter%22%2C%22and%22%2C%22downloader%22%2C%22-%22%2C%22savefromnets%22%2C%22com%22%5D&refer=https%3A%2F%2Fsavefromnets.com%2F&tz=0&dev=e&res=14.3095&uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subject*.profitabledisplaycontent.com
Fingerprint5B:BD:54:33:2B:86:AB:1A:82:90:2C:D6:FE:04:C7:39:78:8E:80:0E
ValidityFri, 01 Dec 2023 06:55:29 GMT - Thu, 29 Feb 2024 06:55:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.820347976074.js?key=264c9f64cf573c035742dea8f4383277&kw=%5B%22online%22%2C%22converter%22%2C%22and%22%2C%22downloader%22%2C%22-%22%2C%22savefromnets%22%2C%22com%22%5D&refer=https%3A%2F%2Fsavefromnets.com%2F&tz=0&dev=e&res=14.3095&uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1 HTTP/1.1
Host: www.profitabledisplaycontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://savefromnets.com
Access-Control-Allow-Origin: https://savefromnets.com
Access-Control-Allow-Credentials: true
Location: https://www.profitabledisplaycontent.com/watch.820347976074.js?key=264c9f64cf573c035742dea8f4383277&kw=%5B%22online%22%2C%22converter%22%2C%22and%22%2C%22downloader%22%2C%22-%22%2C%22savefromnets%22%2C%22com%22%5D&refer=https%3A%2F%2Fsavefromnets.com%2F&tz=0&dev=e&res=14.3095&uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1&shu=666730ba2b863e93db1280cedd47388669809c2e98e0d351695f827ffa743043a97bb2e4049780879add65cb5db90c108740662ddefa89ac078a3b61f93104ffaa2245b6bc57d578be431a7da6f748a7a1f6b13294fb6bc3de2604a75cba61ebc4&pst=1701792490&rmtc=t
Set-Cookie: u_pl=16380; expires=Wed, 06 Dec 2023 16:07:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM4MCwiayI6IjI2NGM5ZjY0Y2Y1NzNjMDM1NzQyZGVhOGY0MzgzMjc3Iiwic2lkIjoiIiwiaXNpZCI6NCwiYXNpZCI6MSwiemlkIjo5MTc4LCJwaWQiOjUyMDgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjAsImFpZCI6NSwicHQiOjQsInBrIjoidXkzYjl5c2IiLCJjcGtzIjp7IjI4IjoiYjRjNDIyN2Y0M2E5NmE5M2ZmNTNhYTU0ZjkzZjAwMTkiLCI0NiI6ImIxNTk3NGU4M2IyNGU4YzA2ZjZmYTc3Zjk3NDMwZDg5In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3NhdmVmcm9tbmV0cy5jb20vIiwiYXIiOltdfX0.LHL2fm0KYitGEZrV3U27glODErZt8J_36JapfDBifb4; expires=Tue, 05 Dec 2023 16:08:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce2f030e935e212fa9f834c236569512
Strict-Transport-Security: max-age=0; includeSubdomains

my.rtmark.net/gid.js?userId=efea478599514ca0a5d7d0656e62988e

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=efea478599514ca0a5d7d0656e62988e
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
73e3f2eb532b715c8a4de68633f4e704
a345c09fc53ba0f1ef6a18b36adbf2fdc8d9ca4d
7f89562a88c73fd6efd49081a38b76b327a66f76abad6988130a47d9d4fc283b

HTTP Headers

GET /gid.js?userId=efea478599514ca0a5d7d0656e62988e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://savefromnets.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=efea478599514ca0a5d7d0656e62988e; expires=Wed, 04 Dec 2024 16:07:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.profitabledisplaycontent.com/watch.820347976074.js?key=264c9f64cf573c035742dea8f4383277&kw=%5B%22online%22%2C%22converter%22%2C%22and%22%2C%22downloader%22%2C%22-%22%2C%22savefromnets%22%2C%22com%22%5D&refer=https%3A%2F%2Fsavefromnets.com%2F&tz=0&dev=e&res=14.3095&uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1&shu=666730ba2b863e93db1280cedd47388669809c2e98e0d351695f827ffa743043a97bb2e4049780879add65cb5db90c108740662ddefa89ac078a3b61f93104ffaa2245b6bc57d578be431a7da6f748a7a1f6b13294fb6bc3de2604a75cba61ebc4&pst=1701792490&rmtc=t

173.233.137.36

200 OK

2.0 kB

URL GET HTTP/1.1
www.profitabledisplaycontent.com/watch.820347976074.js?key=264c9f64cf573c035742dea8f4383277&kw=%5B%22online%22%2C%22converter%22%2C%22and%22%2C%22downloader%22%2C%22-%22%2C%22savefromnets%22%2C%22com%22%5D&refer=https%3A%2F%2Fsavefromnets.com%2F&tz=0&dev=e&res=14.3095&uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1&shu=666730ba2b863e93db1280cedd47388669809c2e98e0d351695f827ffa743043a97bb2e4049780879add65cb5db90c108740662ddefa89ac078a3b61f93104ffaa2245b6bc57d578be431a7da6f748a7a1f6b13294fb6bc3de2604a75cba61ebc4&pst=1701792490&rmtc=t
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subject*.profitabledisplaycontent.com
Fingerprint5B:BD:54:33:2B:86:AB:1A:82:90:2C:D6:FE:04:C7:39:78:8E:80:0E
ValidityFri, 01 Dec 2023 06:55:29 GMT - Thu, 29 Feb 2024 06:55:28 GMT

File type
HTML document, ASCII text, with very long lines (2437)
Size
2.0 kB (1981 bytes)
Hash
25aba7172999b7d519297c6c5ba3d1f5
80175fdd867cbffd7756d572ac24cf9efe046936
682b4a39aad2e61152364fee6fa79814b96ba7edb916a231b9187059eab88986

HTTP Headers

GET /watch.820347976074.js?key=264c9f64cf573c035742dea8f4383277&kw=%5B%22online%22%2C%22converter%22%2C%22and%22%2C%22downloader%22%2C%22-%22%2C%22savefromnets%22%2C%22com%22%5D&refer=https%3A%2F%2Fsavefromnets.com%2F&tz=0&dev=e&res=14.3095&uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1&shu=666730ba2b863e93db1280cedd47388669809c2e98e0d351695f827ffa743043a97bb2e4049780879add65cb5db90c108740662ddefa89ac078a3b61f93104ffaa2245b6bc57d578be431a7da6f748a7a1f6b13294fb6bc3de2604a75cba61ebc4&pst=1701792490&rmtc=t HTTP/1.1
Host: www.profitabledisplaycontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
Referer: https://savefromnets.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16380; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM4MCwiayI6IjI2NGM5ZjY0Y2Y1NzNjMDM1NzQyZGVhOGY0MzgzMjc3Iiwic2lkIjoiIiwiaXNpZCI6NCwiYXNpZCI6MSwiemlkIjo5MTc4LCJwaWQiOjUyMDgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjAsImFpZCI6NSwicHQiOjQsInBrIjoidXkzYjl5c2IiLCJjcGtzIjp7IjI4IjoiYjRjNDIyN2Y0M2E5NmE5M2ZmNTNhYTU0ZjkzZjAwMTkiLCI0NiI6ImIxNTk3NGU4M2IyNGU4YzA2ZjZmYTc3Zjk3NDMwZDg5In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3NhdmVmcm9tbmV0cy5jb20vIiwiYXIiOltdfX0.LHL2fm0KYitGEZrV3U27glODErZt8J_36JapfDBifb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://savefromnets.com
Access-Control-Allow-Origin: https://savefromnets.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=32afe120-6ebc-454d-ac7c-5db5af68eb76:2:1; expires=Tue, 12 Dec 2023 16:07:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:07:10 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:07:10 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 06 Dec 2023 16:07:10 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 06 Dec 2023 16:07:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 63e7580c83063a3cef7fc0a2e5bbb326
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

savefromnets.com/js/jquery-ui.min.js

104.21.22.70

200 OK

64 kB

URL GET HTTP/3
savefromnets.com/js/jquery-ui.min.js
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
ASCII text, with very long lines (64562)
Size
64 kB (64247 bytes)
Hash
e436a692a06f26c45eca6061e44095ea
f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b
7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040

HTTP Headers

GET /js/jquery-ui.min.js HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: application/javascript
last-modified: Wed, 13 Apr 2022 08:46:44 GMT
etag: W/"3a0a6-5dc8537886500-gzip"
cache-control: max-age=604800
expires: Thu, 07 Dec 2023 05:40:42 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 87448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITESZrQtWyOGzE0Tr2hfyquurOw8yJ2074iTb0x1urUR3vgGsHw8E6mTbjiyedYh0vCeNSBIPdFhpSh5lTP9vzfC8vyKfLR3YgOKMGk601VHPF4DPQkbiXWsstr7NndSA%2BV%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58eab2b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

acscdn.com/script/banner.js

172.67.165.20

200 OK

37 kB

URL GET HTTP/3
acscdn.com/script/banner.js
IP
172.67.165.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectacscdn.com
FingerprintAA:F8:50:9E:3E:B3:E7:D9:8E:7B:8D:2D:35:4D:33:15:6A:34:04:62
ValidityThu, 02 Nov 2023 07:42:44 GMT - Wed, 31 Jan 2024 07:42:43 GMT

File type
Unicode text, UTF-8 text, with very long lines (65435)
Size
37 kB (37422 bytes)
Hash
d242bea47de9744de232a16a00fb76a5
069e2161256fa7d30b6156a52afc7c1a7b1a98e9
1e91dc879e1510408e3feb4d8324588595de2fb73d3b4b8016a7906f5b367cdc

HTTP Headers

GET /script/banner.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPoEa639Kkb1J5iHmDW4pngbXQKBo8lU2Juvbp8M4yVT-lQamotJWj4WkTS4aC20ZXAqjn4PeMUlWfC-yzP1nh6Ivw
x-goog-generation: 1701698150696204
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 107419
x-goog-hash: crc32c=4bHFNQ==, md5=0kK+pH3pdE3iMqFqAPt2pQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Tue, 05 Dec 2023 16:07:55 GMT
cache-control: public, max-age=3600
last-modified: Mon, 04 Dec 2023 13:55:50 GMT
etag: W/"d242bea47de9744de232a16a00fb76a5"
age: 3552
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7Jgd%2BJDGYRuukd0DzEH4kSltJ6QEm09WndiBU9btZ4WtZWsoRKpg%2BWiruM%2FizrMyGQ%2BNmvwKzl%2FDWosyEL4Aa%2B22Jf76BrhNx45l7SeTveT%2FC2ywqiIXepjxkWv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a5adf400b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

172.64.172.31

200 OK

28 kB

URL GET HTTP/3
friendshipmale.com/sfp.js
IP
172.64.172.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27625 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 9769fbf37226cac859162ed6a16544fb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 05 Dec 2023 16:07:10 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Idl%2BhmtBcrARFehDVUR32%2BAaDvSnerWhwLK9o8Fldk5ii5JNVnm4si357z76OSYjCPOSIEjZNVPq23yIpUJ5VVWzLK19qAGb5oFj6RMBqp%2Biqu2hazFtGN9%2FeIjzOcm38WQib70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a646a9a24f2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css

172.64.140.13

200 OK

9.1 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30343)
Size
9.1 kB (9053 bytes)
Hash
36082410df2ef7f83932219089dc1443
7961402d7d01e19387fe609a38454b0bc8c6cca4
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

HTTP Headers

GET /releases/v4.7.0/css/font-awesome-css.min.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/c6831c4d58.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"36082410df2ef7f83932219089dc1443"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 647868
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iL5xDuhg9A10b6Jh1NCyGud59FvN33aYrzjqoDohYuFs6MoS0JsDuosl1cXPwYqfzoGkMb1CRNqJCrWI2uzHwE53nAfzLcSyV%2FfoUkdkRr0iEbXXkCr%2F%2BXdpNOSD9g0ud8NR3rYF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a628f8c23fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png

45.133.44.9

200 OK

96 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced\012- data
Size
96 kB (96103 bytes)
Hash
0ba904126a4592e4866c657f761ddc25
6b40223686b8ce5bf58ec0375a09de7c0c3bec7a
f0e24a117d128140b403f57dc94cf263cf5e6ed39c757f7e0f39988cb32bc00b

HTTP Headers

GET /cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/png
content-length: 96103
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:53:29 GMT
etag: "610806e9-17767"
expires: Thu, 07 Dec 2023 16:07:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

lotclergyman.com/28/1d/8b/281d8b8bc59f012afa70b91d1d56da19.js

173.233.137.60

200 OK

16 kB

URL GET HTTP/1.1
lotclergyman.com/28/1d/8b/281d8b8bc59f012afa70b91d1d56da19.js
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectlotclergyman.com
Fingerprint4D:40:39:11:E0:27:47:DF:86:BF:5E:B5:51:40:08:D7:AB:31:7D:11
ValidityTue, 28 Nov 2023 07:49:04 GMT - Mon, 26 Feb 2024 07:49:03 GMT

File type
ASCII text, with very long lines (42836), with no line terminators
Size
16 kB (15457 bytes)
Hash
6a7ed49911508eff27a97cc2246ecebd
c48f96cee4011045a5a75436a0f9bbb3eb819811
05fb3765c44a2d98ab1214648ffbbdf879ba3d3587f78e6fc9783c3608359668

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /28/1d/8b/281d8b8bc59f012afa70b91d1d56da19.js HTTP/1.1
Host: lotclergyman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bd986e8d243c1c23e3636470fb90e5af
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

lotclergyman.com/ntv.json?key=b0352495eace3900f41cda8683d2fa42&vstc=4

173.233.137.60

200 OK

24 kB

URL GET HTTP/1.1
lotclergyman.com/ntv.json?key=b0352495eace3900f41cda8683d2fa42&vstc=4
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectlotclergyman.com
Fingerprint4D:40:39:11:E0:27:47:DF:86:BF:5E:B5:51:40:08:D7:AB:31:7D:11
ValidityTue, 28 Nov 2023 07:49:04 GMT - Mon, 26 Feb 2024 07:49:03 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (23917), with no line terminators
Size
24 kB (23968 bytes)
Hash
d8676ddbbf8fd65b10278420cc5cd357
20fe50e534dfaf29eeda3f8453a59d52b5c619e1
47c2fa8d4dbefaacaa2f8f312de63ba5f2a3556e6241513857c9c0dbb532e6f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=b0352495eace3900f41cda8683d2fa42&vstc=4 HTTP/1.1
Host: lotclergyman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Type: application/json
Content-Length: 23968
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://savefromnets.com
Access-Control-Allow-Origin: https://savefromnets.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18580915; expires=Wed, 06 Dec 2023 16:07:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 16:07:11 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 16:07:11 GMT; secure; SameSite=None
pdhtkv49=true; expires=Wed, 06 Dec 2023 16:07:11 GMT; secure; SameSite=None
uncs49=1; expires=Wed, 06 Dec 2023 16:07:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 961e87f0c9ee050f23d352a4bc55559e
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/bi/0b/19/be/0b19be6173f32e7ac49b9f8c21af72ee/1665143625.jpg

45.133.44.9

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/bi/0b/19/be/0b19be6173f32e7ac49b9f8c21af72ee/1665143625.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Size
20 kB (20297 bytes)
Hash
98af18ae8fab09814e7df082c27f2265
815fd0757e96d4ef80d93f83b4c7bdc336fa9458
9841456129f6192f48317f9dcb9bf73706a5861454eef55df41493be0f77519c

HTTP Headers

GET /bi/0b/19/be/0b19be6173f32e7ac49b9f8c21af72ee/1665143625.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/jpeg
content-length: 20297
server: nginx/1.21.6
last-modified: Fri, 07 Oct 2022 11:53:53 GMT
etag: "63401351-4f49"
expires: Thu, 07 Dec 2023 16:07:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/cf/9a/1a/cf9a1a6be47faa84d59d72f395d3c54b/1627974537.jpg

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/cf/9a/1a/cf9a1a6be47faa84d59d72f395d3c54b/1627974537.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
16 kB (16514 bytes)
Hash
c9feca4d1dff10168c373b1029aafcc3
0413da55cc8bc34da4e6fcc9c8a1fca106b242b0
680cbd88a7ef98b11ab30c858bce8da880e768fcb283b71edffdea63574249b2

HTTP Headers

GET /cti/cf/9a/1a/cf9a1a6be47faa84d59d72f395d3c54b/1627974537.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/jpeg
content-length: 16514
server: nginx/1.21.6
last-modified: Tue, 03 Aug 2021 07:09:06 GMT
etag: "6108eb92-4082"
expires: Thu, 07 Dec 2023 16:07:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/53/6a/c1/536ac1df6445adbccaa87d2cdf492b82/1606718897.jpg

45.133.44.9

200 OK

21 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/53/6a/c1/536ac1df6445adbccaa87d2cdf492b82/1606718897.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
21 kB (20878 bytes)
Hash
6f7f2755adcefeb4b04c46e5a8e66bec
46315e2aa0d251191313d3ef176a3a04eea06ff9
f097c1c5dedbd17afd477318a0038dd6e54edcb5a8a05654aaeff6da648c0c54

HTTP Headers

GET /cti/53/6a/c1/536ac1df6445adbccaa87d2cdf492b82/1606718897.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/jpeg
content-length: 20878
server: nginx/1.21.6
last-modified: Mon, 30 Nov 2020 06:48:25 GMT
etag: "5fc495b9-518e"
expires: Thu, 07 Dec 2023 16:07:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuuXmb38H0nJRcRZEAQhWXSPT%2BSGfcgxjWSNSZxdyV6rK6qnpSprmqquqcnuRhclD0O4kG92Hkm2aCuuotnQTpelgUhDSIRzD8h7FlmdmD0har3fd6nDs%2FzvvXpYXZBAmT0fOsdsy%2BVooudhl9%2FeVtqbnJX37hdD%2FyGf62%2BLfVS%2B1p9OLns4NXA7zT8V%2BpvCbZrFpt%2B4PuBH9RXpRWRGS5OWcjkfi9o9PxGu9kIOm0M7X%2Bxyzw46oEPLsizkLy6vPPoISQroeMH14XbTU1y9c04UzQ1FgN%2B8p7e1SbXiOdlZD1E%2BmT2GsZVhHxxCUafzBzADI4mDhDKinh%2FBAj1yUwmwsHxU6WhgtAI%2Bf%2BRD0oIVULSEszcgeRnBGAcG5vQ8b0NY3O695SlE7YitSd%2FQ%2BYVqf21AB3%2FsKLksH7LqCyVRjsMowJyWEL2SyTZKdJ9DzI%2FBUs%2FhuS%2FkcUn69Dx0aZTBpIXU%2FdSlpBRCSVGoM5DNjnSQxZ5yBIPMT%2Bv004v8v3lKIxarW6bMdZqMdbpLvEOb7W7kY%2BMTeSNkCYjMDUCswdI7AF25Qg2%2BwVup4DjHlxaEe%2FdAwx4gVwQ5I4gpwS5JMhTgnxQHHPlmq64x5XLwmCWm7PcKsYm7R%2FSY5P2hSagdnSYXJBnJrPxnv%2FkJ%2ByK83rotzrNdq8jKBOtnu9H7YBx2l3qtngzou0mnCwg3aWp3X159uKfSOTZwvsI6SmcOgWTC6BZAJqPl5s%2B6M643fWxrx84OhCRNbEWqWswE4ObAklaQ7rnHaoL8tx0R92vb0Cwx2QWYLZAYgt8KH8l6Ku745smJ0c3Te7Iw80klbHcp5P93UppKq58%2B7bYy43la9fd6JvX2YSYlPdvC5euU82l7jvy3YrkXNhVY5kgP6%2B5bRFuZW5nJbM6S9a33lhdixMrnJNGl6Dy7IPPwGRFLouPpj%2FzhSu%2FQ9oSNisQZ3Ol0pRgyQFcMu85Q2DVHIeJhzwrxrYZzptKEigxxzQs4P6Fw3l96O6ib2ug6R3ouMDAFhioAlSN4LL%2FjdPEPn7t0ZeT%2BAqhqo1DZWtHobLq8%2BloK3J16fuKLDZqFXkJGZw8r4tO5EfCb4ow6oXRMvV5L2r3QtoLxHLYoQFSVwlz48d%2FAAAA%2F%2F8BAAD%2F%2FyFXgYuABAAA

173.233.137.60

200 OK

7 B

URL GET HTTP/1.1
lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuuXmb38H0nJRcRZEAQhWXSPT%2BSGfcgxjWSNSZxdyV6rK6qnpSprmqquqcnuRhclD0O4kG92Hkm2aCuuotnQTpelgUhDSIRzD8h7FlmdmD0har3fd6nDs%2FzvvXpYXZBAmT0fOsdsy%2BVooudhl9%2FeVtqbnJX37hdD%2FyGf62%2BLfVS%2B1p9OLns4NXA7zT8V%2BpvCbZrFpt%2B4PuBH9RXpRWRGS5OWcjkfi9o9PxGu9kIOm0M7X%2Bxyzw46oEPLsizkLy6vPPoISQroeMH14XbTU1y9c04UzQ1FgN%2B8p7e1SbXiOdlZD1E%2BmT2GsZVhHxxCUafzBzADI4mDhDKinh%2FBAj1yUwmwsHxU6WhgtAI%2Bf%2BRD0oIVULSEszcgeRnBGAcG5vQ8b0NY3O695SlE7YitSd%2FQ%2BYVqf21AB3%2FsKLksH7LqCyVRjsMowJyWEL2SyTZKdJ9DzI%2FBUs%2FhuS%2FkcUn69Dx0aZTBpIXU%2FdSlpBRCSVGoM5DNjnSQxZ5yBIPMT%2Bv004v8v3lKIxarW6bMdZqMdbpLvEOb7W7kY%2BMTeSNkCYjMDUCswdI7AF25Qg2%2BwVup4DjHlxaEe%2FdAwx4gVwQ5I4gpwS5JMhTgnxQHHPlmq64x5XLwmCWm7PcKsYm7R%2FSY5P2hSagdnSYXJBnJrPxnv%2FkJ%2ByK83rotzrNdq8jKBOtnu9H7YBx2l3qtngzou0mnCwg3aWp3X159uKfSOTZwvsI6SmcOgWTC6BZAJqPl5s%2B6M643fWxrx84OhCRNbEWqWswE4ObAklaQ7rnHaoL8tx0R92vb0Cwx2QWYLZAYgt8KH8l6Ku745smJ0c3Te7Iw80klbHcp5P93UppKq58%2B7bYy43la9fd6JvX2YSYlPdvC5euU82l7jvy3YrkXNhVY5kgP6%2B5bRFuZW5nJbM6S9a33lhdixMrnJNGl6Dy7IPPwGRFLouPpj%2FzhSu%2FQ9oSNisQZ3Ol0pRgyQFcMu85Q2DVHIeJhzwrxrYZzptKEigxxzQs4P6Fw3l96O6ib2ug6R3ouMDAFhioAlSN4LL%2FjdPEPn7t0ZeT%2BAqhqo1DZWtHobLq8%2BloK3J16fuKLDZqFXkJGZw8r4tO5EfCb4ow6oXRMvV5L2r3QtoLxHLYoQFSVwlz48d%2FAAAA%2F%2F8BAAD%2F%2FyFXgYuABAAA
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectlotclergyman.com
Fingerprint4D:40:39:11:E0:27:47:DF:86:BF:5E:B5:51:40:08:D7:AB:31:7D:11
ValidityTue, 28 Nov 2023 07:49:04 GMT - Mon, 26 Feb 2024 07:49:03 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuuXmb38H0nJRcRZEAQhWXSPT%2BSGfcgxjWSNSZxdyV6rK6qnpSprmqquqcnuRhclD0O4kG92Hkm2aCuuotnQTpelgUhDSIRzD8h7FlmdmD0har3fd6nDs%2FzvvXpYXZBAmT0fOsdsy%2BVooudhl9%2FeVtqbnJX37hdD%2FyGf62%2BLfVS%2B1p9OLns4NXA7zT8V%2BpvCbZrFpt%2B4PuBH9RXpRWRGS5OWcjkfi9o9PxGu9kIOm0M7X%2Bxyzw46oEPLsizkLy6vPPoISQroeMH14XbTU1y9c04UzQ1FgN%2B8p7e1SbXiOdlZD1E%2BmT2GsZVhHxxCUafzBzADI4mDhDKinh%2FBAj1yUwmwsHxU6WhgtAI%2Bf%2BRD0oIVULSEszcgeRnBGAcG5vQ8b0NY3O695SlE7YitSd%2FQ%2BYVqf21AB3%2FsKLksH7LqCyVRjsMowJyWEL2SyTZKdJ9DzI%2FBUs%2FhuS%2FkcUn69Dx0aZTBpIXU%2FdSlpBRCSVGoM5DNjnSQxZ5yBIPMT%2Bv004v8v3lKIxarW6bMdZqMdbpLvEOb7W7kY%2BMTeSNkCYjMDUCswdI7AF25Qg2%2BwVup4DjHlxaEe%2FdAwx4gVwQ5I4gpwS5JMhTgnxQHHPlmq64x5XLwmCWm7PcKsYm7R%2FSY5P2hSagdnSYXJBnJrPxnv%2FkJ%2ByK83rotzrNdq8jKBOtnu9H7YBx2l3qtngzou0mnCwg3aWp3X159uKfSOTZwvsI6SmcOgWTC6BZAJqPl5s%2B6M643fWxrx84OhCRNbEWqWswE4ObAklaQ7rnHaoL8tx0R92vb0Cwx2QWYLZAYgt8KH8l6Ku745smJ0c3Te7Iw80klbHcp5P93UppKq58%2B7bYy43la9fd6JvX2YSYlPdvC5euU82l7jvy3YrkXNhVY5kgP6%2B5bRFuZW5nJbM6S9a33lhdixMrnJNGl6Dy7IPPwGRFLouPpj%2FzhSu%2FQ9oSNisQZ3Ol0pRgyQFcMu85Q2DVHIeJhzwrxrYZzptKEigxxzQs4P6Fw3l96O6ib2ug6R3ouMDAFhioAlSN4LL%2FjdPEPn7t0ZeT%2BAqhqo1DZWtHobLq8%2BloK3J16fuKLDZqFXkJGZw8r4tO5EfCb4ow6oXRMvV5L2r3QtoLxHLYoQFSVwlz48d%2FAAAA%2F%2F8BAAD%2F%2FyFXgYuABAAA HTTP/1.1
Host: lotclergyman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: u_pl=18580915; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 39925750389860bc447c11fb0e70c0ce
Strict-Transport-Security: max-age=0; includeSubdomains

savefromnets.com/js/bootstrap.min.js

104.21.22.70

200 OK

9.9 kB

URL GET HTTP/3
savefromnets.com/js/bootstrap.min.js
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
ASCII text, with very long lines (32148)
Size
9.9 kB (9898 bytes)
Hash
b6d6c550cb657155feb06fdcd34b73cb
27947c0c0fa837da9bdfdfc36f649c25f54bd1c0
267a83092a5fd6ec5fb746bce12d440abd37f1d649c072f653e17d0c800eb647

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: application/javascript
last-modified: Wed, 13 Apr 2022 08:49:12 GMT
etag: W/"8c6f-5dc85405ab200-gzip"
cache-control: max-age=604800
expires: Wed, 06 Dec 2023 09:46:42 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 87448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Io%2FaGYJlugUAWChEmgJcIK79T7k048YL%2FzyNSy99etn2l4e7LXGyNCzGs0vltKMDFKLamcm9QMrUUA218JhxkmBdx6NSonOtcQ3yol4fHHvpgtSyqCcbbVTdJB%2BqycvKK%2BM8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58eac1b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXmY96EnNRbwMCqKwTLrnRzLjHsS4G8kak7i7Eq%2FVVdWTMtVVTVX39CSn4KLscQ4e1Iudb5IN6qq7eBak48FlQUhfJIL5J4RljzLJwLgPqt773leH73uvvtjPzkiAjJ5ufGh2pVJ0vtPw629uSs1N7uprt%2BuB3%2FCv1jelXmhfrQ8nlx28Hfidhv9W%2FX3Bts180w98P%2FCD%2BrK0IjLD%2BXMWMrnfCxo9v9FuNoJOG0P7LHaZB0c98MEZeQmSV5e3Hj2EZCV0%2FOCacNupSa5cjzNFU2Mx4Ecf621tco14VkbWQ6SPpq9hXEXIV5dg9NHUAczgYOIAoayI91eAUB9NZSIcHF4oDRWERshfQD4oIVQJSUswcweSnxCAcaytQ8f31ozN6c4FSydsRWpP%2FoXMK1L7Zw46%2FmlJyWH9llFZKo12GEYF5LCE7JdIsmOkux5kfgyWfgbJ%2FyTzT1ah44N1pwwkL87dS1lCRiWUGIE6D9nkSA9Z5CFLPMT8tE47vcj3F6MwarW6bcZYq8VYp7vAO7zV7kY%2BMjaRN0KajMDUCMzuIbF72JYj2Ow3uK0CjntwaUW8j%2FYw4AVyQZA7gpwS5JIgTwnyQXHIlWu64h5XLguDaW5Oc6sYm7S%2FTw9N2heagNrRfnJGXpzMxnv181%2BwLU7rod%2FqNNu9jqBMtHq%2BH7UDxml3odvizYi2m3CygHSXzu3uypPX%2F0YiT%2BY%2BQUiP4dQxmJwDzQLQfLzY9EG3xu2uj139wNGBiKyJtUhdg5kY3BRI0hrSHW9fnZFXznf0BjII9phMA8wWSGyBT%2BXvBH11d3zT5OTgpskdebiepDKWu3Syv1spTcVz338gdnJj%2Bco1N%2FruXTYhJuX928Klq1RzqfuO%2FLAkORd22VgmyK8rblOEG5nbWsqszpLVjfeWV%2BLECuek0SWoPFl%2FCiYrcvnpa%2Bc%2F8%2BXrf0DaEjYrEGczpdKUYMkeXDLrOUNg1QyHSQ15VoxtM5w1lSRQYoZpWMD9D4ezet%2FdRd%2FWQNM70HGBgS0wUAWoGsFlz4%2FTxD5%2B59HXk%2FgGoaqNQ2VrB6Gy6suKdL%2B9UZErCz9WZL5Ru5i0k6d10Yn8SPhNEUa9MFqkPu9F7V5Ie4FYDDs0QOoqYW78%2FB8AAAD%2F%2FwEAAP%2F%2F7t%2BhZYAEAAA%3D

173.233.137.60

200 OK

7 B

URL GET HTTP/1.1
lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXmY96EnNRbwMCqKwTLrnRzLjHsS4G8kak7i7Eq%2FVVdWTMtVVTVX39CSn4KLscQ4e1Iudb5IN6qq7eBak48FlQUhfJIL5J4RljzLJwLgPqt773leH73uvvtjPzkiAjJ5ufGh2pVJ0vtPw629uSs1N7uprt%2BuB3%2FCv1jelXmhfrQ8nlx28Hfidhv9W%2FX3Bts180w98P%2FCD%2BrK0IjLD%2BXMWMrnfCxo9v9FuNoJOG0P7LHaZB0c98MEZeQmSV5e3Hj2EZCV0%2FOCacNupSa5cjzNFU2Mx4Ecf621tco14VkbWQ6SPpq9hXEXIV5dg9NHUAczgYOIAoayI91eAUB9NZSIcHF4oDRWERshfQD4oIVQJSUswcweSnxCAcaytQ8f31ozN6c4FSydsRWpP%2FoXMK1L7Zw46%2FmlJyWH9llFZKo12GEYF5LCE7JdIsmOkux5kfgyWfgbJ%2FyTzT1ah44N1pwwkL87dS1lCRiWUGIE6D9nkSA9Z5CFLPMT8tE47vcj3F6MwarW6bcZYq8VYp7vAO7zV7kY%2BMjaRN0KajMDUCMzuIbF72JYj2Ow3uK0CjntwaUW8j%2FYw4AVyQZA7gpwS5JIgTwnyQXHIlWu64h5XLguDaW5Oc6sYm7S%2FTw9N2heagNrRfnJGXpzMxnv181%2BwLU7rod%2FqNNu9jqBMtHq%2BH7UDxml3odvizYi2m3CygHSXzu3uypPX%2F0YiT%2BY%2BQUiP4dQxmJwDzQLQfLzY9EG3xu2uj139wNGBiKyJtUhdg5kY3BRI0hrSHW9fnZFXznf0BjII9phMA8wWSGyBT%2BXvBH11d3zT5OTgpskdebiepDKWu3Syv1spTcVz338gdnJj%2Bco1N%2FruXTYhJuX928Klq1RzqfuO%2FLAkORd22VgmyK8rblOEG5nbWsqszpLVjfeWV%2BLECuek0SWoPFl%2FCiYrcvnpa%2Bc%2F8%2BXrf0DaEjYrEGczpdKUYMkeXDLrOUNg1QyHSQ15VoxtM5w1lSRQYoZpWMD9D4ezet%2FdRd%2FWQNM70HGBgS0wUAWoGsFlz4%2FTxD5%2B59HXk%2FgGoaqNQ2VrB6Gy6suKdL%2B9UZErCz9WZL5Ru5i0k6d10Yn8SPhNEUa9MFqkPu9F7V5Ie4FYDDs0QOoqYW78%2FB8AAAD%2F%2FwEAAP%2F%2F7t%2BhZYAEAAA%3D
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectlotclergyman.com
Fingerprint4D:40:39:11:E0:27:47:DF:86:BF:5E:B5:51:40:08:D7:AB:31:7D:11
ValidityTue, 28 Nov 2023 07:49:04 GMT - Mon, 26 Feb 2024 07:49:03 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXmY96EnNRbwMCqKwTLrnRzLjHsS4G8kak7i7Eq%2FVVdWTMtVVTVX39CSn4KLscQ4e1Iudb5IN6qq7eBak48FlQUhfJIL5J4RljzLJwLgPqt773leH73uvvtjPzkiAjJ5ufGh2pVJ0vtPw629uSs1N7uprt%2BuB3%2FCv1jelXmhfrQ8nlx28Hfidhv9W%2FX3Bts180w98P%2FCD%2BrK0IjLD%2BXMWMrnfCxo9v9FuNoJOG0P7LHaZB0c98MEZeQmSV5e3Hj2EZCV0%2FOCacNupSa5cjzNFU2Mx4Ecf621tco14VkbWQ6SPpq9hXEXIV5dg9NHUAczgYOIAoayI91eAUB9NZSIcHF4oDRWERshfQD4oIVQJSUswcweSnxCAcaytQ8f31ozN6c4FSydsRWpP%2FoXMK1L7Zw46%2FmlJyWH9llFZKo12GEYF5LCE7JdIsmOkux5kfgyWfgbJ%2FyTzT1ah44N1pwwkL87dS1lCRiWUGIE6D9nkSA9Z5CFLPMT8tE47vcj3F6MwarW6bcZYq8VYp7vAO7zV7kY%2BMjaRN0KajMDUCMzuIbF72JYj2Ow3uK0CjntwaUW8j%2FYw4AVyQZA7gpwS5JIgTwnyQXHIlWu64h5XLguDaW5Oc6sYm7S%2FTw9N2heagNrRfnJGXpzMxnv181%2BwLU7rod%2FqNNu9jqBMtHq%2BH7UDxml3odvizYi2m3CygHSXzu3uypPX%2F0YiT%2BY%2BQUiP4dQxmJwDzQLQfLzY9EG3xu2uj139wNGBiKyJtUhdg5kY3BRI0hrSHW9fnZFXznf0BjII9phMA8wWSGyBT%2BXvBH11d3zT5OTgpskdebiepDKWu3Syv1spTcVz338gdnJj%2Bco1N%2FruXTYhJuX928Klq1RzqfuO%2FLAkORd22VgmyK8rblOEG5nbWsqszpLVjfeWV%2BLECuek0SWoPFl%2FCiYrcvnpa%2Bc%2F8%2BXrf0DaEjYrEGczpdKUYMkeXDLrOUNg1QyHSQ15VoxtM5w1lSRQYoZpWMD9D4ezet%2FdRd%2FWQNM70HGBgS0wUAWoGsFlz4%2FTxD5%2B59HXk%2FgGoaqNQ2VrB6Gy6suKdL%2B9UZErCz9WZL5Ru5i0k6d10Yn8SPhNEUa9MFqkPu9F7V5Ie4FYDDs0QOoqYW78%2FB8AAAD%2F%2FwEAAP%2F%2F7t%2BhZYAEAAA%3D HTTP/1.1
Host: lotclergyman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: u_pl=18580915; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 43a41c418c3c4f0a49d7058080498ecc
Strict-Transport-Security: max-age=0; includeSubdomains

orqrdm.com/.cdn/5531a5/d3d944/c8f51104d8bf48838cf653862be24392/d0b652221c335034.jpeg

217.67.179.205

200 OK

21 kB

URL GET HTTP/2
orqrdm.com/.cdn/5531a5/d3d944/c8f51104d8bf48838cf653862be24392/d0b652221c335034.jpeg
IP
217.67.179.205:443
ASN
#29226 JSC Mastertel

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectorqrdm.com
Fingerprint98:DC:47:99:08:A5:C8:F0:6D:17:2E:27:A1:A0:A1:BA:01:EB:35:3E
ValiditySat, 18 Nov 2023 02:20:12 GMT - Fri, 16 Feb 2024 02:20:11 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 250x250, components 3\012- data
Size
21 kB (20770 bytes)
Hash
e24e094708fda30178397743aceba37e
0c48babd6604fbc01fd9b30e332f383833a05656
b999ffbdd5fb1cc985127816e7bcbb85421151381dbfc1e085a9b95bffebc952

HTTP Headers

GET /.cdn/5531a5/d3d944/c8f51104d8bf48838cf653862be24392/d0b652221c335034.jpeg HTTP/1.1
Host: orqrdm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/jpeg
content-length: 20770
last-modified: Sun, 08 Oct 2023 03:28:03 GMT
etag: "652221c3-5122"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F%2BxWy6skZ%2Fmuk8yPH%2BhKCYi6aXJkUEifrmt3VUIYuqvv96quPlV9FjZ17f6q69Z16epuCUxmULLLQVyom%2FS8M8mgJjrJKAnGGeSMmzCi3WcTJuCAf4GCkI0b6ZPRSXb%2BAb5Q9b3v87wU71NfPdT3gxvJY4yARH3U7%2Fhr5DhqjjnCM9%2BWkWf4aZTpShkCP8JfysjIy9MvZZb7W7h4kcCZI%2Fw7mZqpz%2FwciRM4TuBEpopC0%2FKXuQsWUPA2Rxxx%2BBFNHhEMDcvwi3WUHECkHoCxeIx9FZBx%2Fn%2FTj94FpJ%2BB594pm9Es9oMXKm7iqLEfwsK4PfRmnp964D5NrfAALO%2F2k27wo3MM%2B%2FEz4Hu3nygAf3FrrwA0dI4dfEyA5t1%2BMiZoizc%2Fm1RzwPRAM74M6eIMTOcMkHoGun8dkLHDAHQDuj3w3Le6fpiqq89Ydc%2BeY5c%2B%2FQeg9By79JfnwHN%2FWXLQMjPwnSRGvhfB0toAWp4BmpxBkDyAeH0AKH0AenwNkPEnLPdpGzz3Vi9yfEDG5kI9QmeArDNwzFNQowNI9hc6gMQ6gCQ4ANd4lFEZzsLxgqVZFMXSuq5TlK4zbN5gDIpmLRwSfT%2FeKcTBKejOKejhVQjCqzBDpxAmv4douoHIOIAoPscOhKuwMDaQmhikEQapikGKMEhjDNLF5k3Dicho85bhRIlGPFnJJyu1uenHkxvqm348MT0M1PD0RvAY%2B8r%2B3Rx88%2Ft3YWY%2Bymg4xZA0x5iqblIcjls0oRsqm2cpg7RUmoQIbQBFz1zIXaPd4ScQoN1zCmjqA4icB6Cj50BNCFDTmwUSB3V6k2ZxWHt3InVhWqHvemYcHem%2BC4a%2FgSC%2BBPHq4IbzGPv6xR7lji6BqT%2B8Yuh%2Fvkt8QwI93EAQbsBGf8Bg4rx2U%2FRT7JbopxH2bi%2BIkYvW6n7%2FBrEam9jPW%2BYq9UOjUY5Of1bU98Q%2BfVsyo7itegbyJhH2ixIyDDOs%2BqFuYvcakWxq%2FSSalpLQS4J2n6823CA0owj53hmo6BzD%2Fvo30NE59v8fqxff5tf%2BqQAKH0CYfPLMH6dxHEQv5nJ%2BOA8Ndy8st6BzVIFm8JzuIH12ZfLyTG61Yr7FZEnkjAbNbqlDTKTYqPiOXzKaLtNuO0XV8Fhx0mTCPuXaWr0slgljPFSr1aHgrkPba06MsMXVQ6tvO90YXyUFcVitasMsu64mThYv8SPW5Ec6GrVWuJzlrCRcnaSjklDjK2q%2FPuZ9Vc%2BSvje0ezWtFLcJc37SyKoiojSyIgSOoee7y0Qh1mGz55loEgXVsVns9E64WVVQeiolDLkkEsuksiBbnGt6VCfrFpspV6qjKs602oreHvYkUx5nhVV15EY9vNpqm%2BvOsNAp44Qa5fvD4%2B4qb08qpOqslNaAjMpac5D1C%2BWxFQS%2BPRUkw2qsR2xMkdqJXXfynXkvqzSTqauOUMCSbldWm6Ytq3y4ksXBehl4AztfnisUHpOFqteqDd1sZVrKeifZoqJL3Hg%2BoxjWTZkxWta8kTKqtMb6UC42SkF8LNn9rLdslTR7XhXMDnncCARW1Cor19b64SDo99ZKmfEtWpx147KTd5YDmUcBZ4SkhPi6PahzayIlCg43qGojhU1CZeqU3JnY6s6PS2q7g086EY1wat0NaLrV7fIzVZ%2Bl6axSQoW5INSKJ1LfnB0rS2okajUhrIhi7bh%2FYo0Ky9oSzzprriYMEGfXe6UO36RZpdfVlpLglFrMgqj4tqoMCosoIfgxIbdqI8IT29Qoolxpmid6tndsaawzmsu1aeja2Wl9ZHTxAV70TC0vaJPLZoiMcezPTO%2FlthHzLVNTEnCTh1f%2Bjl0EIP8M9OD6ncNDqSG1K%2BNau1cqtg8PH3nbH%2B5e3b2e2b26u7a7ur2zvbe9k9m%2Bt31%2F%2B%2Bvd1e397d3tvd317Yd78P7uWmZ7b3t%2F%2B94Ffj%2Bz%2FSCzvXvR9bvtb%2F%2BNvb%2B9s3t9%2B972w%2B1vtve2H%2Bxez2zf2F3fXdt%2BsH%2F0u4eH%2Fd5AKhX51ngotgeHh588%2B93n%2F2M7M4qD%2BRdt5yWhM9Z9z0Kh%2Bz%2F3%2FZfuC5pVZUYmrlPU%2BlOpZiW10axXN3RGmC6aeFGOQn40jOsn%2FJjKN0RdmPZiuzVaLRQ90eeLbq0Sks2%2BwtqC1hZZIVBPWG8xJ9IRp0dEtVxxhAIr8JqUZZqtxmxYMXuiPK8Vp7XOeFmQKgU9e9K1hr6%2FUFoLXp6jep70vLbUUYqrtdxIGjWaK3DWuunII8U3ZblHLyrjVI37jeJ8cazxolwZ92sG8spmvRMu0uZcruvCMpaL42PmpOz4rfKwVu5rSRGV5FVVqgoWKWkFEpWEdt7i283ZeiA7rGKRWjiYDBe0H9WcWZ7PWpLaOmm0SyPJNmor53g4LxXlZNyYarxHDmrrxgCfWsWuIk34sC25heK47bpiynXydjCpzjpppBjj4bIvBE2bNysakZe6i2Gp4XX6olY35rRLt62BINaZpZZIE5Po9fNzRlTCucP5zXlMuPllU7PqK%2BlELJaytpg%2FzraFKRPXVZsVtaLs%2BdlsPSBtZNdtma72htXRrNAx%2BKJQNGrtYp6bC801JVxWg5e%2F9b3ikJcave64Lzb4yiuXVf1zGD8UxUqXH73y%2FDuHh41OsVbZ%2B%2B3w8NHxF%2F5uR7rh5RiGIlQmZ1AGR9M5nbUYgsBpg9UsmmUpVrfyDMXmSc0kaYojcwau5RmSJAmdohicoo%2FswJxAFDzEngREPgah87TWgmchTTY3Q1J7ehhwEAaO%2BbRJ1TYQfa7WnuY3otdgEl4CNb4OnruBRbiBhbMB1TmFKPnSzTgIH1756Cf7%2BClozqWbmhNeuqU5ofOjc4x9o3mOvZB%2F5%2BI4co5dhgQi9ChjMhZumThpahanWQUVNziL5jSVI8yCxqgExNG56Td%2F9S8AAAD%2F%2FwEAAP%2F%2FJxNhxKoLAAA%3D

173.233.137.60

200 OK

7 B

URL GET HTTP/1.1
lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F%2BxWy6skZ%2Fmuk8yPH%2BhKCYi6aXJkUEifrmt3VUIYuqvv96quPlV9FjZ17f6q69Z16epuCUxmULLLQVyom%2FS8M8mgJjrJKAnGGeSMmzCi3WcTJuCAf4GCkI0b6ZPRSXb%2BAb5Q9b3v87wU71NfPdT3gxvJY4yARH3U7%2Fhr5DhqjjnCM9%2BWkWf4aZTpShkCP8JfysjIy9MvZZb7W7h4kcCZI%2Fw7mZqpz%2FwciRM4TuBEpopC0%2FKXuQsWUPA2Rxxx%2BBFNHhEMDcvwi3WUHECkHoCxeIx9FZBx%2Fn%2FTj94FpJ%2BB594pm9Es9oMXKm7iqLEfwsK4PfRmnp964D5NrfAALO%2F2k27wo3MM%2B%2FEz4Hu3nygAf3FrrwA0dI4dfEyA5t1%2BMiZoizc%2Fm1RzwPRAM74M6eIMTOcMkHoGun8dkLHDAHQDuj3w3Le6fpiqq89Ydc%2BeY5c%2B%2FQeg9By79JfnwHN%2FWXLQMjPwnSRGvhfB0toAWp4BmpxBkDyAeH0AKH0AenwNkPEnLPdpGzz3Vi9yfEDG5kI9QmeArDNwzFNQowNI9hc6gMQ6gCQ4ANd4lFEZzsLxgqVZFMXSuq5TlK4zbN5gDIpmLRwSfT%2FeKcTBKejOKejhVQjCqzBDpxAmv4douoHIOIAoPscOhKuwMDaQmhikEQapikGKMEhjDNLF5k3Dicho85bhRIlGPFnJJyu1uenHkxvqm348MT0M1PD0RvAY%2B8r%2B3Rx88%2Ft3YWY%2Bymg4xZA0x5iqblIcjls0oRsqm2cpg7RUmoQIbQBFz1zIXaPd4ScQoN1zCmjqA4icB6Cj50BNCFDTmwUSB3V6k2ZxWHt3InVhWqHvemYcHem%2BC4a%2FgSC%2BBPHq4IbzGPv6xR7lji6BqT%2B8Yuh%2Fvkt8QwI93EAQbsBGf8Bg4rx2U%2FRT7JbopxH2bi%2BIkYvW6n7%2FBrEam9jPW%2BYq9UOjUY5Of1bU98Q%2BfVsyo7itegbyJhH2ixIyDDOs%2BqFuYvcakWxq%2FSSalpLQS4J2n6823CA0owj53hmo6BzD%2Fvo30NE59v8fqxff5tf%2BqQAKH0CYfPLMH6dxHEQv5nJ%2BOA8Ndy8st6BzVIFm8JzuIH12ZfLyTG61Yr7FZEnkjAbNbqlDTKTYqPiOXzKaLtNuO0XV8Fhx0mTCPuXaWr0slgljPFSr1aHgrkPba06MsMXVQ6tvO90YXyUFcVitasMsu64mThYv8SPW5Ec6GrVWuJzlrCRcnaSjklDjK2q%2FPuZ9Vc%2BSvje0ezWtFLcJc37SyKoiojSyIgSOoee7y0Qh1mGz55loEgXVsVns9E64WVVQeiolDLkkEsuksiBbnGt6VCfrFpspV6qjKs602oreHvYkUx5nhVV15EY9vNpqm%2BvOsNAp44Qa5fvD4%2B4qb08qpOqslNaAjMpac5D1C%2BWxFQS%2BPRUkw2qsR2xMkdqJXXfynXkvqzSTqauOUMCSbldWm6Ytq3y4ksXBehl4AztfnisUHpOFqteqDd1sZVrKeifZoqJL3Hg%2BoxjWTZkxWta8kTKqtMb6UC42SkF8LNn9rLdslTR7XhXMDnncCARW1Cor19b64SDo99ZKmfEtWpx147KTd5YDmUcBZ4SkhPi6PahzayIlCg43qGojhU1CZeqU3JnY6s6PS2q7g086EY1wat0NaLrV7fIzVZ%2Bl6axSQoW5INSKJ1LfnB0rS2okajUhrIhi7bh%2FYo0Ky9oSzzprriYMEGfXe6UO36RZpdfVlpLglFrMgqj4tqoMCosoIfgxIbdqI8IT29Qoolxpmid6tndsaawzmsu1aeja2Wl9ZHTxAV70TC0vaJPLZoiMcezPTO%2FlthHzLVNTEnCTh1f%2Bjl0EIP8M9OD6ncNDqSG1K%2BNau1cqtg8PH3nbH%2B5e3b2e2b26u7a7ur2zvbe9k9m%2Bt31%2F%2B%2Bvd1e397d3tvd317Yd78P7uWmZ7b3t%2F%2B94Ffj%2Bz%2FSCzvXvR9bvtb%2F%2BNvb%2B9s3t9%2B972w%2B1vtve2H%2Bxez2zf2F3fXdt%2BsH%2F0u4eH%2Fd5AKhX51ngotgeHh588%2B93n%2F2M7M4qD%2BRdt5yWhM9Z9z0Kh%2Bz%2F3%2FZfuC5pVZUYmrlPU%2BlOpZiW10axXN3RGmC6aeFGOQn40jOsn%2FJjKN0RdmPZiuzVaLRQ90eeLbq0Sks2%2BwtqC1hZZIVBPWG8xJ9IRp0dEtVxxhAIr8JqUZZqtxmxYMXuiPK8Vp7XOeFmQKgU9e9K1hr6%2FUFoLXp6jep70vLbUUYqrtdxIGjWaK3DWuunII8U3ZblHLyrjVI37jeJ8cazxolwZ92sG8spmvRMu0uZcruvCMpaL42PmpOz4rfKwVu5rSRGV5FVVqgoWKWkFEpWEdt7i283ZeiA7rGKRWjiYDBe0H9WcWZ7PWpLaOmm0SyPJNmor53g4LxXlZNyYarxHDmrrxgCfWsWuIk34sC25heK47bpiynXydjCpzjpppBjj4bIvBE2bNysakZe6i2Gp4XX6olY35rRLt62BINaZpZZIE5Po9fNzRlTCucP5zXlMuPllU7PqK%2BlELJaytpg%2FzraFKRPXVZsVtaLs%2BdlsPSBtZNdtma72htXRrNAx%2BKJQNGrtYp6bC801JVxWg5e%2F9b3ikJcave64Lzb4yiuXVf1zGD8UxUqXH73y%2FDuHh41OsVbZ%2B%2B3w8NHxF%2F5uR7rh5RiGIlQmZ1AGR9M5nbUYgsBpg9UsmmUpVrfyDMXmSc0kaYojcwau5RmSJAmdohicoo%2FswJxAFDzEngREPgah87TWgmchTTY3Q1J7ehhwEAaO%2BbRJ1TYQfa7WnuY3otdgEl4CNb4OnruBRbiBhbMB1TmFKPnSzTgIH1756Cf7%2BClozqWbmhNeuqU5ofOjc4x9o3mOvZB%2F5%2BI4co5dhgQi9ChjMhZumThpahanWQUVNziL5jSVI8yCxqgExNG56Td%2F9S8AAAD%2F%2FwEAAP%2F%2FJxNhxKoLAAA%3D
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectlotclergyman.com
Fingerprint4D:40:39:11:E0:27:47:DF:86:BF:5E:B5:51:40:08:D7:AB:31:7D:11
ValidityTue, 28 Nov 2023 07:49:04 GMT - Mon, 26 Feb 2024 07:49:03 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F%2BxWy6skZ%2Fmuk8yPH%2BhKCYi6aXJkUEifrmt3VUIYuqvv96quPlV9FjZ17f6q69Z16epuCUxmULLLQVyom%2FS8M8mgJjrJKAnGGeSMmzCi3WcTJuCAf4GCkI0b6ZPRSXb%2BAb5Q9b3v87wU71NfPdT3gxvJY4yARH3U7%2Fhr5DhqjjnCM9%2BWkWf4aZTpShkCP8JfysjIy9MvZZb7W7h4kcCZI%2Fw7mZqpz%2FwciRM4TuBEpopC0%2FKXuQsWUPA2Rxxx%2BBFNHhEMDcvwi3WUHECkHoCxeIx9FZBx%2Fn%2FTj94FpJ%2BB594pm9Es9oMXKm7iqLEfwsK4PfRmnp964D5NrfAALO%2F2k27wo3MM%2B%2FEz4Hu3nygAf3FrrwA0dI4dfEyA5t1%2BMiZoizc%2Fm1RzwPRAM74M6eIMTOcMkHoGun8dkLHDAHQDuj3w3Le6fpiqq89Ydc%2BeY5c%2B%2FQeg9By79JfnwHN%2FWXLQMjPwnSRGvhfB0toAWp4BmpxBkDyAeH0AKH0AenwNkPEnLPdpGzz3Vi9yfEDG5kI9QmeArDNwzFNQowNI9hc6gMQ6gCQ4ANd4lFEZzsLxgqVZFMXSuq5TlK4zbN5gDIpmLRwSfT%2FeKcTBKejOKejhVQjCqzBDpxAmv4douoHIOIAoPscOhKuwMDaQmhikEQapikGKMEhjDNLF5k3Dicho85bhRIlGPFnJJyu1uenHkxvqm348MT0M1PD0RvAY%2B8r%2B3Rx88%2Ft3YWY%2Bymg4xZA0x5iqblIcjls0oRsqm2cpg7RUmoQIbQBFz1zIXaPd4ScQoN1zCmjqA4icB6Cj50BNCFDTmwUSB3V6k2ZxWHt3InVhWqHvemYcHem%2BC4a%2FgSC%2BBPHq4IbzGPv6xR7lji6BqT%2B8Yuh%2Fvkt8QwI93EAQbsBGf8Bg4rx2U%2FRT7JbopxH2bi%2BIkYvW6n7%2FBrEam9jPW%2BYq9UOjUY5Of1bU98Q%2BfVsyo7itegbyJhH2ixIyDDOs%2BqFuYvcakWxq%2FSSalpLQS4J2n6823CA0owj53hmo6BzD%2Fvo30NE59v8fqxff5tf%2BqQAKH0CYfPLMH6dxHEQv5nJ%2BOA8Ndy8st6BzVIFm8JzuIH12ZfLyTG61Yr7FZEnkjAbNbqlDTKTYqPiOXzKaLtNuO0XV8Fhx0mTCPuXaWr0slgljPFSr1aHgrkPba06MsMXVQ6tvO90YXyUFcVitasMsu64mThYv8SPW5Ec6GrVWuJzlrCRcnaSjklDjK2q%2FPuZ9Vc%2BSvje0ezWtFLcJc37SyKoiojSyIgSOoee7y0Qh1mGz55loEgXVsVns9E64WVVQeiolDLkkEsuksiBbnGt6VCfrFpspV6qjKs602oreHvYkUx5nhVV15EY9vNpqm%2BvOsNAp44Qa5fvD4%2B4qb08qpOqslNaAjMpac5D1C%2BWxFQS%2BPRUkw2qsR2xMkdqJXXfynXkvqzSTqauOUMCSbldWm6Ytq3y4ksXBehl4AztfnisUHpOFqteqDd1sZVrKeifZoqJL3Hg%2BoxjWTZkxWta8kTKqtMb6UC42SkF8LNn9rLdslTR7XhXMDnncCARW1Cor19b64SDo99ZKmfEtWpx147KTd5YDmUcBZ4SkhPi6PahzayIlCg43qGojhU1CZeqU3JnY6s6PS2q7g086EY1wat0NaLrV7fIzVZ%2Bl6axSQoW5INSKJ1LfnB0rS2okajUhrIhi7bh%2FYo0Ky9oSzzprriYMEGfXe6UO36RZpdfVlpLglFrMgqj4tqoMCosoIfgxIbdqI8IT29Qoolxpmid6tndsaawzmsu1aeja2Wl9ZHTxAV70TC0vaJPLZoiMcezPTO%2FlthHzLVNTEnCTh1f%2Bjl0EIP8M9OD6ncNDqSG1K%2BNau1cqtg8PH3nbH%2B5e3b2e2b26u7a7ur2zvbe9k9m%2Bt31%2F%2B%2Bvd1e397d3tvd317Yd78P7uWmZ7b3t%2F%2B94Ffj%2Bz%2FSCzvXvR9bvtb%2F%2BNvb%2B9s3t9%2B972w%2B1vtve2H%2Bxez2zf2F3fXdt%2BsH%2F0u4eH%2Fd5AKhX51ngotgeHh588%2B93n%2F2M7M4qD%2BRdt5yWhM9Z9z0Kh%2Bz%2F3%2FZfuC5pVZUYmrlPU%2BlOpZiW10axXN3RGmC6aeFGOQn40jOsn%2FJjKN0RdmPZiuzVaLRQ90eeLbq0Sks2%2BwtqC1hZZIVBPWG8xJ9IRp0dEtVxxhAIr8JqUZZqtxmxYMXuiPK8Vp7XOeFmQKgU9e9K1hr6%2FUFoLXp6jep70vLbUUYqrtdxIGjWaK3DWuunII8U3ZblHLyrjVI37jeJ8cazxolwZ92sG8spmvRMu0uZcruvCMpaL42PmpOz4rfKwVu5rSRGV5FVVqgoWKWkFEpWEdt7i283ZeiA7rGKRWjiYDBe0H9WcWZ7PWpLaOmm0SyPJNmor53g4LxXlZNyYarxHDmrrxgCfWsWuIk34sC25heK47bpiynXydjCpzjpppBjj4bIvBE2bNysakZe6i2Gp4XX6olY35rRLt62BINaZpZZIE5Po9fNzRlTCucP5zXlMuPllU7PqK%2BlELJaytpg%2FzraFKRPXVZsVtaLs%2BdlsPSBtZNdtma72htXRrNAx%2BKJQNGrtYp6bC801JVxWg5e%2F9b3ikJcave64Lzb4yiuXVf1zGD8UxUqXH73y%2FDuHh41OsVbZ%2B%2B3w8NHxF%2F5uR7rh5RiGIlQmZ1AGR9M5nbUYgsBpg9UsmmUpVrfyDMXmSc0kaYojcwau5RmSJAmdohicoo%2FswJxAFDzEngREPgah87TWgmchTTY3Q1J7ehhwEAaO%2BbRJ1TYQfa7WnuY3otdgEl4CNb4OnruBRbiBhbMB1TmFKPnSzTgIH1756Cf7%2BClozqWbmhNeuqU5ofOjc4x9o3mOvZB%2F5%2BI4co5dhgQi9ChjMhZumThpahanWQUVNziL5jSVI8yCxqgExNG56Td%2F9S8AAAD%2F%2FwEAAP%2F%2FJxNhxKoLAAA%3D HTTP/1.1
Host: lotclergyman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: u_pl=18580915; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f9bdce80ff96a31505fa8357004663f9
Strict-Transport-Security: max-age=0; includeSubdomains

savefromnets.com/js/modernizr.min.js

104.21.22.70

200 OK

7.4 kB

URL GET HTTP/3
savefromnets.com/js/modernizr.min.js
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
HTML document, ASCII text, with very long lines (14586), with no line terminators
Size
7.4 kB (7409 bytes)
Hash
da2c1b8dc967ad0e19eb25638216cdc6
31b4a3d08be6d586d1f96a07e03ec6f250517f4c
0b2a741489fb323cd96e2b546693ca1fc7151cfa0f2111eee4dd512e6b359941

HTTP Headers

GET /js/modernizr.min.js HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: application/javascript
last-modified: Wed, 13 Apr 2022 08:49:38 GMT
etag: W/"38fa-5dc8541e76c80-gzip"
cache-control: max-age=604800
expires: Wed, 06 Dec 2023 03:59:39 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 87448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44ofiFzovYGuyMC7jQokFI9zx6HANzSTylJMywpbqgDtBihEfK55V5pivI7v6sdcNy8iKoZ86WQ4yS3M9Sj7Vk0skk1k8yhqUMPdLZipEKOyk%2Bq67MbxST%2FcdLXYJjABdpCc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58eac2b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

savefromnets.com/svicons/android-icon-192x192.png

104.21.22.70

200 OK

39 kB

URL GET HTTP/3
savefromnets.com/svicons/android-icon-192x192.png
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
39 kB (39025 bytes)
Hash
58bb8f328141a22b6ba2da9d1bc6e9a7
d2b9fd4cb18c27b03abbbd20cb7fcd54a3aa6d32
775a509f99c4bf552ae581fa74ae95ef203ed720de520b8a64462fd4cc674d48

HTTP Headers

GET /svicons/android-icon-192x192.png HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4; _ga_R57FEEXBHL=GS1.1.1701792436.1.0.1701792436.0.0.0; _ga=GA1.1.1317342655.1701792436; dom3ic8zudi28v8lr6fgphwffqoz0j6c=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1; prefetchAd_6596574=true; pp_idelay_b4c4227f43a96a93ff53aa54f93f0019=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=lotclergyman.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/png
content-length: 39025
last-modified: Sat, 01 Jul 2017 01:06:44 GMT
etag: "9871-5533725adb100"
cache-control: max-age=2592000
expires: Thu, 14 Dec 2023 06:25:40 GMT
cf-cache-status: HIT
age: 948665
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uk%2B58r7LLtLVKZJQa58zBUx7Mvl7stniBVJci%2B5aVbjzkhA%2F150IaTmEJ8n6dULm%2FRzTQJubDqhGQUGHJ973bgyr8rME%2BwokEdDXNwgMHS7ooxpZ20N8y96OBeUQScuIO8zv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a6a1f65b50f-OSL
alt-svc: h3=":443"; ma=86400

incurableyankmarshal.com/pixel/purst?dl=0&th=0&sc=0&rs=2359&rd=2359&fd=578&bv=23.12.v.2&tmpl=136

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
incurableyankmarshal.com/pixel/purst?dl=0&th=0&sc=0&rs=2359&rd=2359&fd=578&bv=23.12.v.2&tmpl=136
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectincurableyankmarshal.com
Fingerprint27:8D:20:90:2C:CE:6C:5B:CA:85:05:4D:BF:55:1E:B2:FB:AF:60:B3
ValidityTue, 17 Oct 2023 12:46:41 GMT - Mon, 15 Jan 2024 12:46:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2359&rd=2359&fd=578&bv=23.12.v.2&tmpl=136 HTTP/1.1
Host: incurableyankmarshal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.jsdelivr.net/gh/Arlina-Design/quasar@master/arlinablock.js

151.101.129.229

200 OK

61 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/Arlina-Design/quasar@master/arlinablock.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://savefromnets.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
61 kB (61382 bytes)
Hash
2b77703699738a0afe4785cb1b853a75
27b1ae11bc11f614ed04ed5221ca3203775d1f0f
7479748bad5793b25b90b43aec31d698a6dc56b094c4b5d26ac884bce952931c

HTTP Headers

GET /gh/Arlina-Design/quasar@master/arlinablock.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"162b7-J7GuEbwR9hTtBO1SIcoyA3ddHw8"
content-encoding: br
accept-ranges: bytes
date: Tue, 05 Dec 2023 16:07:11 GMT
age: 40093
x-served-by: cache-fra-etou8220062-FRA, cache-bma1660-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 61382
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b4c4227f43a96a93ff53aa54f93f0019&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b4c4227f43a96a93ff53aa54f93f0019&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b4c4227f43a96a93ff53aa54f93f0019&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5051527ce473386020b0bd9c9a3daf58
Strict-Transport-Security: max-age=0; includeSubdomains

crrepo.com/extban/280030620/creatives/23426586/a2c04e05ae6eb7cce360b2af1bf43a70_8771.jpg

104.21.233.200

200 OK

126 kB

URL GET HTTP/2
crrepo.com/extban/280030620/creatives/23426586/a2c04e05ae6eb7cce360b2af1bf43a70_8771.jpg
IP
104.21.233.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcrrepo.com
Fingerprint75:90:20:07:51:99:F7:F2:A9:7E:2F:3F:89:EB:3C:E9:ED:21:B5:65
ValidityWed, 08 Nov 2023 08:39:04 GMT - Tue, 06 Feb 2024 08:39:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Size
126 kB (126466 bytes)
Hash
0d3e7df5d0c7226dda631b6f61a84814
f4b06a9ed407cc8e675928da1a060a33deda904a
63f94bfa7ba0c7cc8afa8d6d36aa50ce724a0a9f2a2461467a049b80a653d26b

HTTP Headers

GET /extban/280030620/creatives/23426586/a2c04e05ae6eb7cce360b2af1bf43a70_8771.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:47:21 GMT
etag: W/"6220f119-1ee01"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0M60cBAdKuu%2F78rOTmt4%2FRZAePl5V8WRxhC9GzfpGNwgXSr3fU%2FNLwSjESKiWIjGKuUxW%2FZmXN7thqd2N9mW7YSojbfxiMvHBXBGddq7fDGu4iqPBrHbVHN%2BPBq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a5e8f0b5696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

acscdn.com/script/ut.js?cb=1701792435222

172.67.165.20

200 OK

82 kB

URL GET HTTP/3
acscdn.com/script/ut.js?cb=1701792435222
IP
172.67.165.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectacscdn.com
FingerprintAA:F8:50:9E:3E:B3:E7:D9:8E:7B:8D:2D:35:4D:33:15:6A:34:04:62
ValidityThu, 02 Nov 2023 07:42:44 GMT - Wed, 31 Jan 2024 07:42:43 GMT

File type

Size
82 kB (82092 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1701792435222 HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPoobjzh6wLCC3F8_-GXVp0K60GuN9VO61JNIzwVSe7aUF1wbMtbRKbGU10Mrvh0aokb4e9dDzabA_4GW684NT08RA
x-goog-generation: 1701698737164870
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 82092
x-goog-hash: crc32c=2nkS8g==, md5=Ht/tgHkwwd6oGKwYwpkVTA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Tue, 05 Dec 2023 15:27:31 GMT
cache-control: public, max-age=3600
age: 3228
last-modified: Mon, 04 Dec 2023 14:05:37 GMT
etag: W/"1edfed807930c1dea818ac18c299154c"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9xJLyOhJqQ70%2B89Jdc8dT2kxWSMpScraI4%2BKUpKI29I6TCOFj8W5yH5%2FdRZBPIYLGMrpby5P%2FUKjHrlWVHRhYLWl1Sw%2BSJjdOV2xLV1T8oo7AXxdCcmsmZ8XMGD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a5b4f8b0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/banner.php?r=7777950&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4

172.64.197.7

200 OK

1.7 kB

URL GET HTTP/2
youradexchange.com/script/banner.php?r=7777950&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1749), with no line terminators
Size
1.7 kB (1695 bytes)
Hash
043df59e47b3c280cc835b6d63036bb9
c465802366357cb3a4a5f807023595bf42e3d368
2b886bcee445df622ce11f4e27517fd97bdd3325a70fa16f3efd4520af17d05d

HTTP Headers

GET /script/banner.php?r=7777950&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://savefromnets.com/
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSfVEi%2BaE%2BQRiWrxQgLf%2B00IRX6BSQj8oosK8eS%2FtTXzDp%2BEG4YL9VbvPU67iint%2BGO4y%2FwGF6YoQNypc8hSaHRXQSw9qH7sjEFQHjYmx930CgARGpUyHDZP7xM9F5YqctSmZXc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5c596b532f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

savefromnets.com/css/fonts/media-icons.woff

104.21.22.70

200 OK

3.2 kB

URL GET HTTP/3
savefromnets.com/css/fonts/media-icons.woff
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
Web Open Font Format, CFF, length 3160, version 1.0\012- data
Size
3.2 kB (3160 bytes)
Hash
775fc127c1f061e353aa1c26cda3c5aa
55306fac5136ec566c577639433d3fe0cdd78a19
f4d8c97e0a8a7f445b9bb8420c5e1126624f79ee00c5f3427fe6000bbcca038a

HTTP Headers

GET /css/fonts/media-icons.woff HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/css/styles.pure.css?v=1.2
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: font/woff
last-modified: Wed, 14 Jun 2017 20:53:14 GMT
etag: W/"c58-551f1bda18280-gzip"
cache-control: max-age=864000
expires: Sun, 10 Dec 2023 04:52:39 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 87448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7u3UfTTIdNS%2FjMFBLngVgCmx%2FUnBSz1hClukIaZZye%2BPZfkdnpAa9sfpT7B5hsIa2M5I8sEsIi1CGBXOIcp8a7G%2FYnYLwzNosfhYf2LqgAQzEwwWHGWWC3W1INQjWzbf5X0g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a620e2db50f-OSL
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/banner.php?r=7777946&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4

172.64.197.7

200 OK

1.7 kB

URL GET HTTP/2
youradexchange.com/script/banner.php?r=7777946&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1749), with no line terminators
Size
1.7 kB (1695 bytes)
Hash
cd7a5f17efff7cc9e43e4a6ca2c99c9f
d70e9c04638fba330958322a7605ce9f9e45dc69
006ef651feb51ee0b23b9951ccbcaab98f20812d443a3466afffef8645afac27

HTTP Headers

GET /script/banner.php?r=7777946&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://savefromnets.com/
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDSoVUpZlvus2WjJ2Rlx3t5uRwJO8Qy2TVg0fhWYk0yqr9c8rMSUN4915ZEzbgqor5XO6B7H5YUZ6nGPRxrWP%2FTYqfwQUej9qim%2FFcdvfEGgnR0JDlzSAWY3bck%2B%2FrqjGFr5M2U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5c2918532f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuuXma%2Fw%2BdJCYJ4GRREYZl0z49kxj2IcY1kjUnMrsRrdVX1pEx1VVPVPT3JKbgoe5yDB%2FVi55lkg7rqLp4F6XhZFoT0RSKYf0JY9igzOzD6QtX7Pu9Th%2Bd53%2Fr8KLskATJ6sfWBOZBK0cVOw6%2B%2FviM1N7mrb9yuB37Dv17fkXqpfb0%2BnFx28Gbgdxr%2BG%2FX3BNszi00%2F8P3AD%2Bqr0orIDBenLGRyvxc0en6j3WwEnTaG9r%2FYZR4c9cAHl%2BQFSF5d3X30EJKV0PGDG8LtpSa59m6cKZoaiwE%2F%2FUjvaZNrxPMysh4ifTp7DeMqQr68AqNPZw5gBscTBwhlRbw%2FAoT6dCYT4eDkmdJQQWiE%2FDnkgxJClZC0BDN3IPk5ARjHxiZ0fG%2FD2JzuP2PphK1I7cnfkHlFan8tQMc%2Frig5rN8yKkul0Q7DqIAclpD9Ekl2hvTAg8zPwNJPIfnvZPHJOnR8vOmUgeTF1L2UJWRUQokRqPOQTY70kEUessRDzC%2FqtNOLfH85CqNWq9tmjLVajHW6S7zDW%2B1u5CNjE3kjpMkITI3A7CESe4g9OYLNfoXbLeC4B5dWxPvwEANeIBcEuSPIKUEuCfKUIB8UJ1y5pivuceWyMJjl5iy3irFJ%2B0f0xKR9oQmoHR0ll%2BT5yWy8lz%2F7GXvioh76rU6z3esIykSr5%2FtRO2Ccdpe6Ld6MaLsJJwtId2Vq90Cev%2FonEnm%2B8DFCeganzsDkAmgWgObj5aYPujtud30c6AeODkRkTaxF6hrMxOCmQJLWkO57R%2BqSvDTd0bWlHyDYYzILMFsgsQU%2Bkb8R9NXd8bbJyfG2yR15uJmkMpYHdLK%2FWylNxf%2B%2Be1%2Fs58bytRtu9O3bbEJMyvu3hUvXqeZS9x35fkVyLuyqsUyQX9bcjgi3Mre7klmdJetb76yuxYkVzkmjS1B5vvkUTFbk6tNXpj%2Fzxe0mpC1hswJxNlcqTQmWHMIl854zBFbNcZhcQZ4VY9sM500lCZSYYxoWcP%2FC4bw%2BcnfRtzXQ9A50XGBgCwxUAapGcNn%2Fx2liH7%2F16KtJfI1Q1cahsrXjUFn1RUW639yczrcii41aRV5DBicv6qIT%2BZHwmyKMemG0TH3ei9q9kPYCsRx2aIDUVcLc%2FOkfAAAA%2F%2F8BAAD%2F%2F7Wre1eABAAA

173.233.137.60

200 OK

0 B

URL GET HTTP/1.1
lotclergyman.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuuXma%2Fw%2BdJCYJ4GRREYZl0z49kxj2IcY1kjUnMrsRrdVX1pEx1VVPVPT3JKbgoe5yDB%2FVi55lkg7rqLp4F6XhZFoT0RSKYf0JY9igzOzD6QtX7Pu9Th%2Bd53%2Fr8KLskATJ6sfWBOZBK0cVOw6%2B%2FviM1N7mrb9yuB37Dv17fkXqpfb0%2BnFx28Gbgdxr%2BG%2FX3BNszi00%2F8P3AD%2Bqr0orIDBenLGRyvxc0en6j3WwEnTaG9r%2FYZR4c9cAHl%2BQFSF5d3X30EJKV0PGDG8LtpSa59m6cKZoaiwE%2F%2FUjvaZNrxPMysh4ifTp7DeMqQr68AqNPZw5gBscTBwhlRbw%2FAoT6dCYT4eDkmdJQQWiE%2FDnkgxJClZC0BDN3IPk5ARjHxiZ0fG%2FD2JzuP2PphK1I7cnfkHlFan8tQMc%2Frig5rN8yKkul0Q7DqIAclpD9Ekl2hvTAg8zPwNJPIfnvZPHJOnR8vOmUgeTF1L2UJWRUQokRqPOQTY70kEUessRDzC%2FqtNOLfH85CqNWq9tmjLVajHW6S7zDW%2B1u5CNjE3kjpMkITI3A7CESe4g9OYLNfoXbLeC4B5dWxPvwEANeIBcEuSPIKUEuCfKUIB8UJ1y5pivuceWyMJjl5iy3irFJ%2B0f0xKR9oQmoHR0ll%2BT5yWy8lz%2F7GXvioh76rU6z3esIykSr5%2FtRO2Ccdpe6Ld6MaLsJJwtId2Vq90Cev%2FonEnm%2B8DFCeganzsDkAmgWgObj5aYPujtud30c6AeODkRkTaxF6hrMxOCmQJLWkO57R%2BqSvDTd0bWlHyDYYzILMFsgsQU%2Bkb8R9NXd8bbJyfG2yR15uJmkMpYHdLK%2FWylNxf%2B%2Be1%2Fs58bytRtu9O3bbEJMyvu3hUvXqeZS9x35fkVyLuyqsUyQX9bcjgi3Mre7klmdJetb76yuxYkVzkmjS1B5vvkUTFbk6tNXpj%2Fzxe0mpC1hswJxNlcqTQmWHMIl854zBFbNcZhcQZ4VY9sM500lCZSYYxoWcP%2FC4bw%2BcnfRtzXQ9A50XGBgCwxUAapGcNn%2Fx2liH7%2F16KtJfI1Q1cahsrXjUFn1RUW639yczrcii41aRV5DBicv6qIT%2BZHwmyKMemG0TH3ei9q9kPYCsRx2aIDUVcLc%2FOkfAAAA%2F%2F8BAAD%2F%2F7Wre1eABAAA
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectlotclergyman.com
Fingerprint4D:40:39:11:E0:27:47:DF:86:BF:5E:B5:51:40:08:D7:AB:31:7D:11
ValidityTue, 28 Nov 2023 07:49:04 GMT - Mon, 26 Feb 2024 07:49:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRuuXma%2Fw%2BdJCYJ4GRREYZl0z49kxj2IcY1kjUnMrsRrdVX1pEx1VVPVPT3JKbgoe5yDB%2FVi55lkg7rqLp4F6XhZFoT0RSKYf0JY9igzOzD6QtX7Pu9Th%2Bd53%2Fr8KLskATJ6sfWBOZBK0cVOw6%2B%2FviM1N7mrb9yuB37Dv17fkXqpfb0%2BnFx28Gbgdxr%2BG%2FX3BNszi00%2F8P3AD%2Bqr0orIDBenLGRyvxc0en6j3WwEnTaG9r%2FYZR4c9cAHl%2BQFSF5d3X30EJKV0PGDG8LtpSa59m6cKZoaiwE%2F%2FUjvaZNrxPMysh4ifTp7DeMqQr68AqNPZw5gBscTBwhlRbw%2FAoT6dCYT4eDkmdJQQWiE%2FDnkgxJClZC0BDN3IPk5ARjHxiZ0fG%2FD2JzuP2PphK1I7cnfkHlFan8tQMc%2Frig5rN8yKkul0Q7DqIAclpD9Ekl2hvTAg8zPwNJPIfnvZPHJOnR8vOmUgeTF1L2UJWRUQokRqPOQTY70kEUessRDzC%2FqtNOLfH85CqNWq9tmjLVajHW6S7zDW%2B1u5CNjE3kjpMkITI3A7CESe4g9OYLNfoXbLeC4B5dWxPvwEANeIBcEuSPIKUEuCfKUIB8UJ1y5pivuceWyMJjl5iy3irFJ%2B0f0xKR9oQmoHR0ll%2BT5yWy8lz%2F7GXvioh76rU6z3esIykSr5%2FtRO2Ccdpe6Ld6MaLsJJwtId2Vq90Cev%2FonEnm%2B8DFCeganzsDkAmgWgObj5aYPujtud30c6AeODkRkTaxF6hrMxOCmQJLWkO57R%2BqSvDTd0bWlHyDYYzILMFsgsQU%2Bkb8R9NXd8bbJyfG2yR15uJmkMpYHdLK%2FWylNxf%2B%2Be1%2Fs58bytRtu9O3bbEJMyvu3hUvXqeZS9x35fkVyLuyqsUyQX9bcjgi3Mre7klmdJetb76yuxYkVzkmjS1B5vvkUTFbk6tNXpj%2Fzxe0mpC1hswJxNlcqTQmWHMIl854zBFbNcZhcQZ4VY9sM500lCZSYYxoWcP%2FC4bw%2BcnfRtzXQ9A50XGBgCwxUAapGcNn%2Fx2liH7%2F16KtJfI1Q1cahsrXjUFn1RUW639yczrcii41aRV5DBicv6qIT%2BZHwmyKMemG0TH3ei9q9kPYCsRx2aIDUVcLc%2FOkfAAAA%2F%2F8BAAD%2F%2F7Wre1eABAAA HTTP/1.1
Host: lotclergyman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: u_pl=18580915; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 35c1bb547a6ef4fbf5d08e8330bf977d
Strict-Transport-Security: max-age=0; includeSubdomains

nossairt.net/?rb=9SFRuB2kNVtDRYqBys5nKYfMApgkMm6CG_weEbZWB5rqPG38hsCmgXDvcd3-Nw7Pi0SKMdzQ4pLNZqM8IJrpjMrxlgIfmIyEW1KZgTwXMH0HChOKhUlS3f9Yow_e4-mABNZT3ehm0MSGQLJET6QQ0m7RMSlr_JJi5DIJW6akclnxwr20v_Wn9WqCDBHI8FKgNoQPdhm-PrpVV9JsPxQXXtJ1K8FeodB5kvxcZAtZND0%3D&request_ab2=0&zoneid=6596574&js_build=iclick-v1.640.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fsavefromnets.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.640.0&bs=bf7470e9-809e-4277-8d8d-90835706e9bb&userId=efea478599514ca0a5d7d0656e62988e&m=link

139.45.197.238

200 OK

2.3 kB

URL GET HTTP/2
nossairt.net/?rb=9SFRuB2kNVtDRYqBys5nKYfMApgkMm6CG_weEbZWB5rqPG38hsCmgXDvcd3-Nw7Pi0SKMdzQ4pLNZqM8IJrpjMrxlgIfmIyEW1KZgTwXMH0HChOKhUlS3f9Yow_e4-mABNZT3ehm0MSGQLJET6QQ0m7RMSlr_JJi5DIJW6akclnxwr20v_Wn9WqCDBHI8FKgNoQPdhm-PrpVV9JsPxQXXtJ1K8FeodB5kvxcZAtZND0%3D&request_ab2=0&zoneid=6596574&js_build=iclick-v1.640.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fsavefromnets.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.640.0&bs=bf7470e9-809e-4277-8d8d-90835706e9bb&userId=efea478599514ca0a5d7d0656e62988e&m=link
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectnossairt.net
Fingerprint17:8C:0F:06:91:F3:CD:5F:A6:BB:CB:C8:33:40:E4:95:72:24:A7:9C
ValidityWed, 29 Nov 2023 05:16:21 GMT - Tue, 27 Feb 2024 05:16:20 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2355), with no line terminators
Size
2.3 kB (2325 bytes)
Hash
e5246adaabae94c63ad49c4c19c78c4e
0e039e39c46359635c4d52a68083aa377b7ae55d
e559f3e37985215d65a210f36feef6bc7d9b4466a3d5c64b8e680cb61e1307d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=9SFRuB2kNVtDRYqBys5nKYfMApgkMm6CG_weEbZWB5rqPG38hsCmgXDvcd3-Nw7Pi0SKMdzQ4pLNZqM8IJrpjMrxlgIfmIyEW1KZgTwXMH0HChOKhUlS3f9Yow_e4-mABNZT3ehm0MSGQLJET6QQ0m7RMSlr_JJi5DIJW6akclnxwr20v_Wn9WqCDBHI8FKgNoQPdhm-PrpVV9JsPxQXXtJ1K8FeodB5kvxcZAtZND0%3D&request_ab2=0&zoneid=6596574&js_build=iclick-v1.640.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fsavefromnets.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.640.0&bs=bf7470e9-809e-4277-8d8d-90835706e9bb&userId=efea478599514ca0a5d7d0656e62988e&m=link HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://savefromnets.com/
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Cookie: OAID=efea478599514ca0a5d7d0656e62988e; oaidts=1701792430
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: application/json
x-trace-id: 1124bc020182a014444892dec03b2fe9
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://savefromnets.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=efea478599514ca0a5d7d0656e62988e; expires=Wed, 04 Dec 2024 16:07:10 GMT; path=/; secure; SameSite=None
oaidts=1701792430; expires=Wed, 04 Dec 2024 16:07:10 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 12 Dec 2023 16:07:10 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

savefromnets.com/css/styles.pure.css?v=1.2

104.21.22.70

200 OK

70 kB

URL GET HTTP/3
savefromnets.com/css/styles.pure.css?v=1.2
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
ASCII text, with very long lines (61920)
Size
70 kB (70269 bytes)
Hash
5ee67bfadcb0a1da767866834ffcf2dd
8a87eaed9c48fd76cd295e4755d4991c4a90bd2a
4f4d5ba812e514a234af498d33d36d503df50a7f64315ffca33b81aabd2a7647

HTTP Headers

GET /css/styles.pure.css?v=1.2 HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: text/css
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=70350
etag: W/"112ce-5dc8587d1fbc0-gzip"
expires: Fri, 08 Dec 2023 05:53:57 GMT
last-modified: Wed, 13 Apr 2022 09:09:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 87448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5QNKEuNn1RaE6yJ9mU7SrVzUl4vSfHJPT%2FpuSZNw3JOZV80MDbgl5o6ociTgmZhhRV4Kpno5I0jC7zNiWy5RpyJrG8YzRunOa4o821Y5NhRx2zTL7f%2FvAEBkHXF8XkBgiZ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58ca95b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

savefromnets.com/js/navbar_language_fix.js

104.21.22.70

200 OK

2.1 kB

URL GET HTTP/3
savefromnets.com/js/navbar_language_fix.js
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
HTML document, ASCII text, with very long lines (2251), with no line terminators
Size
2.1 kB (2139 bytes)
Hash
f6c6dcadf19d42fe28ad98ce19a5173d
f7b8cece79f9c865ae2d51d4278a4154aca28e08
27d3064e635011ebda243952b7e42d2eeeca54077b2066129e6fbb1a718b822f

HTTP Headers

GET /js/navbar_language_fix.js HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: application/javascript
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=2821
etag: W/"b05-55c4f05bd0a00-gzip"
expires: Tue, 12 Dec 2023 05:17:26 GMT
last-modified: Tue, 24 Oct 2017 18:22:32 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 20099
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DcvVqDLkMlVbLVoYQ5Pr2mDi4Mm0OPfhd%2BoiRS0MUpaN23V4d4mcy8NL8YPiKOhnJPpK9YagcnDaD140HqmxQ037YZS1rBm0uvHxX%2F8hEsUudXAafNGTMG1DgL5sXI03IS6a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58eab1b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

172.64.197.7

200 OK

1.7 kB

URL GET HTTP/2
youradexchange.com/script/banner.php?r=7777950&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1749), with no line terminators
Size
1.7 kB (1695 bytes)
Hash
ac1eaa4f94ad2c4c6f6183708f34a310
4791939f37bad6ee87e2bdb6d1b5fba2d4a6eb11
e0367424f8eaa58efcc7b7d1d7e31741944da78b9f22d9a93251b6d33a4ec752

HTTP Headers

GET /script/banner.php?r=7777950&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://savefromnets.com/
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BVdlWezur4bq0%2FuRLq3a%2F%2Bnqww8U9TBjPEisQR8mpFYPA0jzy5wuTyQrZDa5qLr0%2FYPEpeJ4f%2BwHfrNCgIe5o5IOP%2BmL9Kfe5Zn1BqCcZnbRgC4O8qydBId5QOhHcHDHMjB%2Fr8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5c5971532f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.profitabledisplayformat.com/264c9f64cf573c035742dea8f4383277/invoke.js

173.233.137.52

200 OK

30 kB

URL GET HTTP/1.1
www.profitabledisplayformat.com/264c9f64cf573c035742dea8f4383277/invoke.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectprofitabledisplayformat.com
Fingerprint5B:A6:07:BE:E3:18:84:64:F9:F4:E9:2D:E5:3E:B9:65:1E:32:63:42
ValiditySat, 28 Oct 2023 06:49:46 GMT - Fri, 26 Jan 2024 06:49:45 GMT

File type
exported SGML document, ASCII text, with very long lines (29674), with no line terminators
Size
30 kB (29674 bytes)
Hash
98dd2e33c848aa636034382f7cfff0ba
a760aabf664317b41ae1c034732444e05221df73
dda68ec06532611b3124611564278429373e7a89fc26314c0adea4e0963f44e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /264c9f64cf573c035742dea8f4383277/invoke.js HTTP/1.1
Host: www.profitabledisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eda9d2fb7c198630e9d3fda510f6be36
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg

104.21.233.200

200 OK

121 kB

URL GET HTTP/2
crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg
IP
104.21.233.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcrrepo.com
Fingerprint75:90:20:07:51:99:F7:F2:A9:7E:2F:3F:89:EB:3C:E9:ED:21:B5:65
ValidityWed, 08 Nov 2023 08:39:04 GMT - Tue, 06 Feb 2024 08:39:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size
121 kB (121009 bytes)
Hash
e192295018ae5357d1c5b67ef5e985ad
b35ebb12f3525f93b95f7d23153d2cf98cb3f451
f5e1a3e880c62a3e756db0d72a0ba6a9efb2c0db20046d8d5874296eab9c28b9

HTTP Headers

GET /extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:56:37 GMT
etag: W/"6220f345-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 2508
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQp6CM6ixNDjg3k6fhPce9V%2F7rJBEfia%2FZMBuPZUs%2BSa09M4%2FBp931t4KVsLHfaJalZiNiLx8dWCcJDLeAq2tmqH3A69BVE%2F7SW%2FAL1ZZcSqzQLK3hXpk1342hG6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a5e8f0c5696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2

172.64.140.13

200 OK

77 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /releases/v4.7.0/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:10 GMT
content-type: application/font-woff2
content-length: 77160
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 235077
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aybkg7PPbzbXFYqlyduZTMj8TaTIht28Mk2oK%2FmYqDNWMYLJJvFsJ6YmTCBq0AGSoYFBFxVzpdNk2%2FhZndppgfMoY2ZWXY5IWWXPUd62RLdk2f5ySdakTdxhx4%2FOeFDLgCpqrLlc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a6328b323fc-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

savefromnets.com/svicons/favicon-16x16.png

104.21.22.70

200 OK

1.4 kB

URL GET HTTP/3
savefromnets.com/svicons/favicon-16x16.png
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.4 kB (1392 bytes)
Hash
8f1107a517d0ce8fa714ae78d3cbc7be
69b6f4df340a6f2e8e8b42cb4c840dbb31e26dca
292168ffcd8b032cb66800ecf7fb441ce3716501968f8719b0fead21219b0e94

HTTP Headers

GET /svicons/favicon-16x16.png HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4; _ga_R57FEEXBHL=GS1.1.1701792436.1.0.1701792436.0.0.0; _ga=GA1.1.1317342655.1701792436; dom3ic8zudi28v8lr6fgphwffqoz0j6c=32afe120-6ebc-454d-ac7c-5db5af68eb76%3A2%3A1; prefetchAd_6596574=true; pp_idelay_b4c4227f43a96a93ff53aa54f93f0019=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=lotclergyman.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:11 GMT
content-type: image/png
content-length: 1392
last-modified: Sat, 01 Jul 2017 01:06:44 GMT
etag: "570-5533725adb100"
cache-control: max-age=2592000
expires: Thu, 28 Dec 2023 14:53:28 GMT
cf-cache-status: HIT
age: 87448
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BL2fCps29%2BdgLS1RNZflCz%2FlDFfSExtCmqT%2BHmqfvRUfscqrJSkeOkeJTGUWm%2BQp2o9PaymCc71bSWIFB6r12ZY4JjBG89lUllJR8606qjGpJG6HW2pL5t8DIoBQBTqBjMFt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a6a1f69b50f-OSL
alt-svc: h3=":443"; ma=86400

savefromnets.com/css/images/flags/4x3/us.svg

104.21.22.70

200 OK

25 kB

URL GET HTTP/3
savefromnets.com/css/images/flags/4x3/us.svg
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with very long lines (423)
Size
25 kB (24722 bytes)
Hash
08055e46267282026bfffd4f23bffb6a
b4075cd207577125021ffaa29658e0e013efc3d5
8736e65cfea67823b812d919d1288303e277a375832a865bb0111190f39ab227

HTTP Headers

GET /css/images/flags/4x3/us.svg HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/css/styles.pure.css?v=1.2
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: image/svg+xml
last-modified: Mon, 02 Mar 2015 04:43:04 GMT
etag: W/"6092-51046da8d4600-gzip"
cache-control: max-age=31536000
expires: Fri, 01 Nov 2024 03:01:13 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 642851
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5M4ARqWThHjHTGBjE57PLeUNGtgsNPVYu2Ib%2B9EpH%2F%2Fw3O6FY2DdruvXctsT8sjuMBGNR27yHxTq2mbeg1DBRMsuVi8CE6WJn86IjPMuh5d80PCfpN8nvXTwPcqidHx%2B9Zbb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5aed68b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

savefromnets.com/js/jquery.min.js

104.21.22.70

200 OK

93 kB

URL GET HTTP/3
savefromnets.com/js/jquery.min.js
IP
104.21.22.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subjectsavefromnets.com
FingerprintFF:55:5B:CE:F9:67:B6:D1:8C:04:53:5D:6E:B7:9B:36:9C:33:8A:44
ValidityMon, 04 Dec 2023 01:28:09 GMT - Sun, 03 Mar 2024 01:28:08 GMT

File type
ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: savefromnets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Cookie: PHPSESSID=a6f89k1je6tm1ijbv4f7gsikv4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 16:07:08 GMT
content-type: application/javascript
last-modified: Wed, 13 Apr 2022 08:43:11 GMT
etag: W/"169d5-5dc852ad645c0-gzip"
cache-control: max-age=604800
expires: Mon, 04 Dec 2023 10:31:50 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 324876
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TX7CJgJYzVYhF7SlhRRb13Nq%2Bi2rryFvcjedHylabp91DRUVFJsOIoEG5ChzTFenNVUzt7CrrZ8fS3Ku%2FkTTsl1C9YUyBXzT%2B017hwqeju8Hk5UpdVYQ7WWJ0E%2BFAMsHyCd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a58ca98b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

crrepo.com/extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg

104.21.233.200

200 OK

121 kB

URL GET HTTP/2
crrepo.com/extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg
IP
104.21.233.200:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcrrepo.com
Fingerprint75:90:20:07:51:99:F7:F2:A9:7E:2F:3F:89:EB:3C:E9:ED:21:B5:65
ValidityWed, 08 Nov 2023 08:39:04 GMT - Tue, 06 Feb 2024 08:39:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size
121 kB (121009 bytes)
Hash
e192295018ae5357d1c5b67ef5e985ad
b35ebb12f3525f93b95f7d23153d2cf98cb3f451
f5e1a3e880c62a3e756db0d72a0ba6a9efb2c0db20046d8d5874296eab9c28b9

HTTP Headers

GET /extban/280030620/creatives/23426588/e192295018ae5357d1c5b67ef5e985ad_9166.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:47:21 GMT
etag: W/"6220f119-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 6254
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXWV5fNJBToBlIYWcfLJ9fFw6Xdxmk72QOBQGmuTo4Jh%2BydQTKBATga5EW15MVPSrMaWRJkcWziMD%2BYmNKXNpr%2BrZazCFX6HXTmgvyZQm2XhuRS0meYVSuPHFcE5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d8a5ecf495696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/c6831c4d58.js

172.64.140.13

200 OK

9.5 kB

URL GET HTTP/2
use.fontawesome.com/c6831c4d58.js
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (9731), with no line terminators
Size
9.5 kB (9496 bytes)
Hash
894f54f3a1d4463f1c4b7a9327702f6a
5eed5e934831f15467f498072aaeeeed89ed7a5d
37fa9dffc1249cf7b29977dcc4342675c6a90f53537ef455aba290e1711fb507

HTTP Headers

GET /c6831c4d58.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: text/javascript
etag: W/"892cac5bd0fb5250e91ee1cab7e573d5"
last-modified: Fri, 22 Sep 2023 01:26:31 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 4067
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53LskNLvi71YNiotFrJUFOThbo3l8wUBTNky%2FBIzR%2BHpqk1Aggf03rTdUTooeja3%2BQ5Xg46%2BAwjwu3smSYnsFpedH0BwGuz%2FsVNH30195jRuoRlxaYzaffS61fTj%2Bl45MWx2dMYd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5a48d723fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

172.64.197.7

200 OK

1.7 kB

URL GET HTTP/2
youradexchange.com/script/banner.php?r=7777946&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4
IP
172.64.197.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://savefromnets.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintFD:52:FD:E8:62:0A:DE:66:86:28:19:39:64:21:57:5C:CB:8A:59:D9
ValidityTue, 17 Oct 2023 07:21:58 GMT - Mon, 15 Jan 2024 07:21:57 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1749), with no line terminators
Size
1.7 kB (1695 bytes)
Hash
7cffaf7fe7798101cd94ebf3939aab51
113fead2c3bef34ffe846dca9222dcfa07b3f41f
ac3d79558f7a97c43e715c370f774f0e314480dae591e4d67af200736bf9eb8c

HTTP Headers

GET /script/banner.php?r=7777946&cbpage=https%3A%2F%2Fsavefromnets.com%2F&cbref=&cbdescription=SavefromNets%20has%20very%20powerful%20feature%20to%20convert%20and%20download%20your%20favorite%20audios%20and%20videos%20to%20MP3%2C%20MP4%2C%20WEBM%2C%20F4V%2C%20and%203GP%20formats%20from%20online%20sites%20like%20youtube%2C%20dailymotion%2C%20vimeo%2C%20facebook%2C%20matacafe%2C%20vk%2C%20soundcloud%2C%20instagram%2C%20vevo%20etc.&cbkeywords=Online%20Video%20Converter%2COnline%20Video%20Downloader%2CSave%20from%20Nets%2CYouTube%20to%20MP3%20Converter%2CYouTube%20to%20MP4%20Converter&cbtitle=Online%20Converter%20and%20Downloader%20-%20SavefromNets.com&srs=eb8f5a8478de7344ab28b92da5fd622a&atv=38.4 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://savefromnets.com/
Origin: https://savefromnets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 16:07:09 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6Qbbx6I7KLKPwejC4%2B6jo7C365zmZcafOOy3nnQUPPtZnBIXzTRadVd53B%2FApSusLwT%2FzdGq%2BGVxayRBxxfV90CNyoRGpcoK9WXnFQtkrQS%2BTu1ZNuvSLzfYSFUlKcMBfnWL3g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d8a5c5970532f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=281d8b8bc59f012afa70b91d1d56da19&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=281d8b8bc59f012afa70b91d1d56da19&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://savefromnets.com/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=32afe120-6ebc-454d-ac7c-5db5af68eb76&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=281d8b8bc59f012afa70b91d1d56da19&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://savefromnets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 16:07:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d54322cdade44d30d1dd82e8fcd12eb9
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (36)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN