Report - goadstracker.com/tracking.php?hash=8333ad7efd35f24b6c5db63cde907b8b&source=PUBLISHER_ID&sub_source=1708_1&aff

Report Overview

Visited public
2025-05-17 23:10:01
Tags
Submit Tags
URL
goadstracker.com/tracking.php?hash=8333ad7efd35f24b6c5db63cde907b8b&source=PUBLISHER_ID&sub_source=1708_1&aff_sub=d91dac977eea43bd84adad8ce474f054
Finishing URL
downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe
IP / ASN
185.32.28.136
#15699 Adam EcoTech, S.A
Title
downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1d6ceb551fc.terrifictc.net	unknown	2021-11-29	2022-10-27	2025-05-12	568 B	3.6 kB	94.237.100.210
us.i.posthog.com	unknown	2020-01-23	2024-02-22	2025-05-11	1.1 kB	1.6 kB	3.226.201.195
click.bounceads.net	544674	2013-01-23	2014-10-07	2025-05-11	603 B	3.2 kB	104.18.12.220
downloadportalservices.com	unknown	2024-07-24	2024-07-25	2025-05-12	2.3 kB	46 kB	104.18.1.13
goadstracker.com	unknown	2024-09-25	2024-09-25	2025-05-11	614 B	3.1 kB	185.32.28.136
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-14	1.1 kB	98 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-14	481 B	13 kB	142.250.74.10
app.posthog.com	92746	2020-01-23	2020-01-23	2025-05-15	430 B	165 kB	104.22.59.181
us-assets.i.posthog.com	unknown	2020-01-23	2024-02-22	2025-05-15	527 B	1.2 kB	104.22.59.181

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-17 23:09:39	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-05-17 23:09:56	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-05-17 23:09:56	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-05-17 23:09:58	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe	ScriptElement	1.0 kB	2025-03-10	2025-06-24
Pretty URL downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe IP 104.18.1.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 21:11 Last Seen2025-06-24 16:36 Times Seen27 Hash cd3dc2e6176efe1401b81a425971a78b e7681c263714d7283a2b5adeda515f173d5c2033 e7c7f40c10511edec8754ff634802ba5aceb60e2bd21c685963f09b01ad20fae Loading...

	javascriptcdnlive.com/dl.min.js	ScriptElement	18 kB	2023-03-10	2025-07-11
Pretty URL javascriptcdnlive.com/dl.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 05:26 Last Seen2025-07-11 22:09 Times Seen263 Hash 08d190d8b4dca39922dc4b613a2283b8 3ccaa66c506d0b79159836f7fcd6044fda78049f f878295a13ab9f922ba046207c3cb9da598d0e00cca7d488ef0cd15fc866c574 Loading...

	app.posthog.com/static/array.js	ScriptElement	164 kB	2025-05-15	2025-05-18
Pretty URL app.posthog.com/static/array.js IP 104.22.59.181 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-15 21:25 Last Seen2025-05-18 16:41 Times Seen6 Hash 064438178aee4631b9c4c99f08088d01 5999d87c57f888c68c5198963eef12b2c3c01e15 3e6524e16261dd32d8654145f3b925a660426e47d0d06f35d819f6307266be22 Loading...

	us-assets.i.posthog.com/array/phc_I7xIcObtskp1VsaEcJOtHrq8kXlkuX7ljpvqVh3ICFz/config.js	ScriptElement	627 B	2025-04-22	2025-05-17
Pretty URL us-assets.i.posthog.com/array/phc_I7xIcObtskp1VsaEcJOtHrq8kXlkuX7ljpvqVh3ICFz/config.js IP 104.22.59.181 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-22 08:03 Last Seen2025-05-17 23:10 Times Seen28 Hash 06dfc7860a378811e7aa5f8a7de55789 141d701c39bdd2004af8ac6ec8b47ccb390443c9 897ca617fec192c82366d4bd1a77d0d1212e2c84c3e860f69065519b0d30b789 Loading...

HTTP Transactions (14)

	URL	IP	Response	Size
	GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2	142.250.74.35	200 OK	48 kB
URL GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0 Size 48 kB (48236 bytes) Hash 015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa HTTP Headers GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://downloadportalservices.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 48236 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 15 May 2025 10:12:20 GMT expires: Fri, 15 May 2026 10:12:20 GMT cache-control: public, max-age=31536000 age: 219431 last-modified: Thu, 14 Dec 2023 02:08:40 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	POST us.i.posthog.com/decide/?v=4&ip=1&_=1747523371353&ver=1.242.2&compression=base64	3.226.201.195	200 OK	575 B
URL POST us.i.posthog.com/decide/?v=4&ip=1&_=1747523371353&ver=1.242.2&compression=base64 IP 3.226.201.195:443 ASN #14618 AMAZON-AES Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerAmazon Subject.i.posthog.com FingerprintB2:07:A5:B7:4A:00:EA:45:09:50:EF:4B:44:63:83:38:E2:97:F8:13 ValiditySun, 15 Dec 2024 00:00:00 GMT - Wed, 14 Jan 2026 23:59:59 GMT File type JSON text data Size 575 B (575 bytes) Hash e1a6ce0a55803054921140381006662b 35968bce71a7fb49e417bd23cb659c2648ca1bda 1109fbb52c3c7d179a91246d8cfbedad4c26132d656f5e5d3a582ae936090e67 HTTP Headers POST /decide/?v=4&ip=1&_=1747523371353&ver=1.242.2&compression=base64 HTTP/1.1 Host: us.i.posthog.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://downloadportalservices.com/ content-type: application/x-www-form-urlencoded Content-Length: 201 Origin: https://downloadportalservices.com DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sat, 17 May 2025 23:09:31 GMT content-type: application/json access-control-allow-origin: https://downloadportalservices.com access-control-allow-credentials: true access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: X-Requested-With,Content-Type vary: Origin, Accept-Encoding x-content-type-options: nosniff referrer-policy: same-origin cross-origin-opener-policy: same-origin server: envoy x-envoy-upstream-service-time: 6 content-encoding: gzip X-Firefox-Spdy: h2

	GET click.bounceads.net/click?ID=cmpaa7e00c7&sub=cmpaa7e00c7&subid=12663&S2=6700ey2nk9w2hd8ts2hc8scg0,18079659,5,12663&UTMSOURCE=Livestream	104.18.12.220	302 Found	2.8 kB
URL User Request GET click.bounceads.net/click?ID=cmpaa7e00c7&sub=cmpaa7e00c7&subid=12663&S2=6700ey2nk9w2hd8ts2hc8scg0,18079659,5,12663&UTMSOURCE=Livestream IP 104.18.12.220:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectbounceads.net Fingerprint33:07:C2:01:80:23:43:40:AE:37:9C:6F:1A:54:EF:D3:6C:24:45:4A ValidityThu, 03 Apr 2025 00:45:11 GMT - Wed, 02 Jul 2025 01:44:59 GMT File type Size 2.8 kB (2833 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /click?ID=cmpaa7e00c7&sub=cmpaa7e00c7&subid=12663&S2=6700ey2nk9w2hd8ts2hc8scg0,18079659,5,12663&UTMSOURCE=Livestream HTTP/1.1 Host: click.bounceads.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 302 Found date: Sat, 17 May 2025 23:09:30 GMT content-type: text/html; charset=UTF-8 location: https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe cf-cache-status: DYNAMIC server: cloudflare cf-ray: 9416c8658a621c06-OSL X-Firefox-Spdy: h2`

	GET fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap	142.250.74.10	200 OK	12 kB
URL GET fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap IP 142.250.74.10:443 ASN #15169 GOOGLE Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT File type ASCII text, with very long lines (1572) Size 12 kB (12028 bytes) Hash 32740a38c6d83563715fabfb25bf2df6 dc663b5304f4135c05c8260c8a18c734ae5f4830 67e5974968ed8c4d0d8cc5a63788094985c36685f7e18b2e1643ded31d032088 HTTP Headers `GET /css2?family=Open+Sans:wght@300;400&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://downloadportalservices.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Sat, 17 May 2025 23:09:31 GMT date: Sat, 17 May 2025 23:09:31 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET downloadportalservices.com/cmpaa7e00c7/img/steps.png	104.18.1.13	200 OK	20 kB
URL GET downloadportalservices.com/cmpaa7e00c7/img/steps.png IP 104.18.1.13:443 ASN #13335 CLOUDFLARENET Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subjectdownloadportalservices.com FingerprintC9:0D:29:24:BE:25:1D:79:17:B8:4F:3F:46:1C:AF:B5:34:4D:85:46 ValidityThu, 15 May 2025 09:49:23 GMT - Wed, 13 Aug 2025 10:49:11 GMT File type PNG image data, 700 x 238, 8-bit/color RGBA, non-interlaced Size 20 kB (20462 bytes) Hash 4b474c9039876e20b8b29c6abab01ae8 15bc4100d0586ca2139a042ff5b931e94a89c7d4 a895c9befb38c055f1342e615480cbd29c82421c04afc2e8428d962eb8b91b05 HTTP Headers GET /cmpaa7e00c7/img/steps.png HTTP/1.1 Host: downloadportalservices.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Sat, 17 May 2025 23:09:31 GMT content-type: image/png content-length: 20462 x-powered-by: PHP/7.4.33 last-modified: Thu, 05 Oct 2023 21:54:54 GMT etag: "4fee-606ff2c99ef97" cf-cache-status: DYNAMIC server: cloudflare cf-ray: 9416c86bdab60afa-OSL X-Firefox-Spdy: h2`

	GET app.posthog.com/static/array.js	104.22.59.181	200 OK	164 kB
URL GET app.posthog.com/static/array.js IP 104.22.59.181:443 ASN #13335 CLOUDFLARENET Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subjectposthog.com FingerprintD8:E9:0C:35:AD:B5:50:D8:ED:A9:3B:18:8C:37:F9:86:BB:CE:CE:82 ValidityFri, 02 May 2025 16:29:02 GMT - Thu, 31 Jul 2025 17:28:45 GMT File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators Size 164 kB (164274 bytes) Hash 064438178aee4631b9c4c99f08088d01 5999d87c57f888c68c5198963eef12b2c3c01e15 3e6524e16261dd32d8654145f3b925a660426e47d0d06f35d819f6307266be22 HTTP Headers `GET /static/array.js HTTP/1.1 Host: app.posthog.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://downloadportalservices.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK date: Sat, 17 May 2025 23:09:31 GMT content-type: text/javascript; charset="utf-8" cache-control: public, max-age=300 access-control-allow-origin: * vary: Accept-Encoding, Origin last-modified: Sat, 17 May 2025 09:13:57 GMT x-content-type-options: nosniff referrer-policy: same-origin cross-origin-opener-policy: same-origin x-envoy-upstream-service-time: 3 content-encoding: gzip cf-cache-status: HIT age: 66 server: cloudflare cf-ray: 9416c86e4b69568e-OSL X-Firefox-Spdy: h2`

	GET goadstracker.com/tracking.php?hash=8333ad7efd35f24b6c5db63cde907b8b&source=PUBLISHER_ID&sub_source=1708_1&aff_sub=d91dac977eea43bd84adad8ce474f054	185.32.28.136	302 Moved Temporarily	2.8 kB
URL User Request GET goadstracker.com/tracking.php?hash=8333ad7efd35f24b6c5db63cde907b8b&source=PUBLISHER_ID&sub_source=1708_1&aff_sub=d91dac977eea43bd84adad8ce474f054 IP 185.32.28.136:443 ASN #15699 Adam EcoTech, S.A Certificate IssuerLet's Encrypt Subjectgoadstracker.com Fingerprint46:02:9D:6A:04:ED:E2:CF:0E:44:7E:58:71:BD:D1:FB:48:B2:32:05 ValidityTue, 25 Mar 2025 04:02:52 GMT - Mon, 23 Jun 2025 04:02:51 GMT File type Size 2.8 kB (2833 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /tracking.php?hash=8333ad7efd35f24b6c5db63cde907b8b&source=PUBLISHER_ID&sub_source=1708_1&aff_sub=d91dac977eea43bd84adad8ce474f054 HTTP/1.1 Host: goadstracker.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Moved Temporarily Server: nginx Date: Sat, 17 May 2025 23:09:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://1d6ceb551fc.terrifictc.net/?p=12663&media_type=mainstream&click_id=1747523366goa68291726deae9&pi=118`

	GET downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe	104.18.1.13	200 OK	2.8 kB
URL User Request GET downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe IP 104.18.1.13:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectdownloadportalservices.com FingerprintC9:0D:29:24:BE:25:1D:79:17:B8:4F:3F:46:1C:AF:B5:34:4D:85:46 ValidityThu, 15 May 2025 09:49:23 GMT - Wed, 13 Aug 2025 10:49:11 GMT File type HTML document, ASCII text, with very long lines (920) Size 2.8 kB (2833 bytes) Hash 955dcc21ad759717ee935e892075ee10 d1ab9f20fc0e99db365875ea627da586e34589c9 145a9c8ac8f2d72b3d9a9a2e19cf2b8e428c8b2cdc6a22a2b5d4fb3a3de5d908 HTTP Headers GET /cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe HTTP/1.1 Host: downloadportalservices.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Sat, 17 May 2025 23:09:30 GMT content-type: text/html; charset=UTF-8 x-powered-by: PHP/7.4.33 cf-cache-status: DYNAMIC server: cloudflare cf-ray: 9416c86728390afa-OSL content-encoding: gzip X-Firefox-Spdy: h2`

	GET downloadportalservices.com/cmpaa7e00c7/img/steps_.png	104.18.1.13	200 OK	22 kB
URL GET downloadportalservices.com/cmpaa7e00c7/img/steps_.png IP 104.18.1.13:443 ASN #13335 CLOUDFLARENET Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subjectdownloadportalservices.com FingerprintC9:0D:29:24:BE:25:1D:79:17:B8:4F:3F:46:1C:AF:B5:34:4D:85:46 ValidityThu, 15 May 2025 09:49:23 GMT - Wed, 13 Aug 2025 10:49:11 GMT File type PNG image data, 721 x 282, 8-bit/color RGBA, non-interlaced Size 22 kB (21489 bytes) Hash aeba3bc766d25669169fdbf274751e97 06baf16a53669aa62f71e0cbad5d30fb75f5487b 1f0e737701f4d8318802a742ae518602eca202f24107dccd74965889385d72d8 HTTP Headers GET /cmpaa7e00c7/img/steps_.png HTTP/1.1 Host: downloadportalservices.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Sat, 17 May 2025 23:09:31 GMT content-type: image/png content-length: 21489 x-powered-by: PHP/7.4.33 last-modified: Thu, 05 Oct 2023 21:54:57 GMT etag: "53f1-606ff2cc1325f" cf-cache-status: DYNAMIC server: cloudflare cf-ray: 9416c86bdab70afa-OSL X-Firefox-Spdy: h2`

	GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2	142.250.74.35	200 OK	48 kB
URL GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0 Size 48 kB (48236 bytes) Hash 015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa HTTP Headers GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://downloadportalservices.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 48236 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 15 May 2025 10:12:20 GMT expires: Fri, 15 May 2026 10:12:20 GMT cache-control: public, max-age=31536000 age: 219431 last-modified: Thu, 14 Dec 2023 02:08:40 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET downloadportalservices.com/favicon.ico	104.18.1.13	404 Not Found	0 B
URL GET downloadportalservices.com/favicon.ico IP 104.18.1.13:443 ASN #13335 CLOUDFLARENET Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerGoogle Trust Services Subjectdownloadportalservices.com FingerprintC9:0D:29:24:BE:25:1D:79:17:B8:4F:3F:46:1C:AF:B5:34:4D:85:46 ValidityThu, 15 May 2025 09:49:23 GMT - Wed, 13 Aug 2025 10:49:11 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /favicon.ico HTTP/1.1 Host: downloadportalservices.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 404 Not Found date: Sat, 17 May 2025 23:09:31 GMT content-type: text/html; charset=UTF-8 x-powered-by: PHP/7.4.33 cf-cache-status: DYNAMIC server: cloudflare cf-ray: 9416c8710db60afa-OSL content-encoding: gzip X-Firefox-Spdy: h2`

	GET 1d6ceb551fc.terrifictc.net/?p=12663&media_type=mainstream&click_id=1747523366goa68291726deae9&pi=118	94.237.100.210	302 Found	2.8 kB
URL User Request GET 1d6ceb551fc.terrifictc.net/?p=12663&media_type=mainstream&click_id=1747523366goa68291726deae9&pi=118 IP 94.237.100.210:443 ASN #202053 UpCloud Ltd Certificate IssuerLet's Encrypt Subjectterrifictc.net Fingerprint0B:07:65:19:AB:47:17:8A:AF:36:C8:89:B3:16:78:9A:55:E1:AC:70 ValidityFri, 04 Apr 2025 10:05:12 GMT - Thu, 03 Jul 2025 10:05:11 GMT File type Size 2.8 kB (2833 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /?p=12663&media_type=mainstream&click_id=1747523366goa68291726deae9&pi=118 HTTP/1.1 Host: 1d6ceb551fc.terrifictc.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Sat, 17 May 2025 23:09:29 GMT content-type: text/html; charset=UTF-8 set-cookie: rts-trck=1; expires=Sat, 17 May 2025 23:19:29 GMT; Max-Age=600; path=/; domain=1d6ceb551fc.terrifictc.net t-uuid=6700ey2ns9uybqc7mupkwgoc4; expires=Thu, 17 May 2035 23:09:29 GMT; Max-Age=315532800; path=/; domain=.terrifictc.net rts-trck=1; expires=Sat, 17 May 2025 23:19:29 GMT; Max-Age=600; path=/; domain=1d6ceb551fc.terrifictc.net traffic-back=ok; expires=Sat, 17 May 2025 23:09:59 GMT; Max-Age=30; path=/; domain=.terrifictc.net location: https://click.bounceads.net/click?ID=cmpaa7e00c7&sub=cmpaa7e00c7&subid=12663&S2=6700ey2nk9w2hd8ts2hc8scg0,18079659,5,12663&UTMSOURCE=Livestream X-Firefox-Spdy: h2

	GET us-assets.i.posthog.com/array/phc_I7xIcObtskp1VsaEcJOtHrq8kXlkuX7ljpvqVh3ICFz/config.js	104.22.59.181	200 OK	627 B
URL GET us-assets.i.posthog.com/array/phc_I7xIcObtskp1VsaEcJOtHrq8kXlkuX7ljpvqVh3ICFz/config.js IP 104.22.59.181:443 ASN #13335 CLOUDFLARENET Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerLet's Encrypt Subject.i.posthog.com Fingerprint1F:31:53:56:C4:86:67:64:62:21:A7:50:B5:30:64:D3:90:50:48:29 ValidityFri, 16 May 2025 09:13:28 GMT - Thu, 14 Aug 2025 09:13:27 GMT File type JavaScript source, ASCII text, with very long lines (428) Size 627 B (627 bytes) Hash 06dfc7860a378811e7aa5f8a7de55789 141d701c39bdd2004af8ac6ec8b47ccb390443c9 897ca617fec192c82366d4bd1a77d0d1212e2c84c3e860f69065519b0d30b789 HTTP Headers GET /array/phc_I7xIcObtskp1VsaEcJOtHrq8kXlkuX7ljpvqVh3ICFz/config.js HTTP/1.1 Host: us-assets.i.posthog.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://downloadportalservices.com DNT: 1 Connection: keep-alive Referer: https://downloadportalservices.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sat, 17 May 2025 23:09:31 GMT content-type: application/javascript content-length: 465 vary: Origin, Referer, Accept-Encoding allow: GET, HEAD, OPTIONS x-frame-options: SAMEORIGIN access-control-allow-origin: * x-content-type-options: nosniff referrer-policy: same-origin cross-origin-opener-policy: same-origin content-encoding: gzip x-envoy-upstream-service-time: 12 cache-control: max-age=300 cf-cache-status: HIT age: 147 last-modified: Sat, 17 May 2025 23:07:04 GMT accept-ranges: bytes server: cloudflare cf-ray: 9416c86f2f815697-OSL X-Firefox-Spdy: h2

	POST us.i.posthog.com/e/?ip=1&_=1747523371468&ver=1.242.2&compression=gzip-js	3.226.201.195	200 OK	13 B
URL POST us.i.posthog.com/e/?ip=1&_=1747523371468&ver=1.242.2&compression=gzip-js IP 3.226.201.195:443 ASN #14618 AMAZON-AES Requested by https://downloadportalservices.com/cmpaa7e00c7/?source=12663&click=6700ey2nk9w2hd8ts2hc8scg0%2C18079659%2C5%2C12663&filename=Livestream.exe Certificate IssuerAmazon Subject.i.posthog.com FingerprintB2:07:A5:B7:4A:00:EA:45:09:50:EF:4B:44:63:83:38:E2:97:F8:13 ValiditySun, 15 Dec 2024 00:00:00 GMT - Wed, 14 Jan 2026 23:59:59 GMT File type JSON text data Size 13 B (13 bytes) Hash 47075fc578d4f3dff9c42d09707c8697 69e697648d54268f8cb2e0a5871057cdf99784ea 7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56 HTTP Headers POST /e/?ip=1&_=1747523371468&ver=1.242.2&compression=gzip-js HTTP/1.1 Host: us.i.posthog.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://downloadportalservices.com/ content-type: text/plain Content-Length: 877 Origin: https://downloadportalservices.com DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sat, 17 May 2025 23:09:31 GMT content-type: application/json access-control-allow-origin: https://downloadportalservices.com access-control-allow-credentials: true access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: X-Requested-With,Content-Type vary: Origin, Accept-Encoding x-content-type-options: nosniff referrer-policy: same-origin cross-origin-opener-policy: same-origin server: envoy x-envoy-upstream-service-time: 8 content-encoding: gzip X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by