Report - flvto.biz/

Report Overview

Visited public
2023-12-03 17:10:07
Tags
Submit Tags
URL
flvto.biz/
Finishing URL
www.flvto.biz/nesgncsgwp/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
(1) New Message!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	1.4 kB	10 kB	142.250.74.106
ad.tradertimerz.media	unknown	2023-01-12	2023-01-12 09:58:29	2023-11-18 19:13:26	2.2 kB	5.9 kB	5.75.199.190
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-02 12:14:56	2.3 kB	61 kB	172.64.108.10
cdn.prplads.com	unknown	2023-02-19	2023-02-20 12:56:34	2023-12-02 18:06:31	1.0 kB	149 kB	104.26.2.51
log.outbrainimg.com	2177	2018-04-09	2018-09-04 15:05:17	2023-12-02 18:03:40	1.1 kB	650 B	70.42.32.191
platform.bidgear.com	30367	2011-08-30	2016-07-27 13:51:48	2023-12-03 05:13:06	1.9 kB	10 kB	172.67.74.36
pl16330037.safestcontentgate.com	unknown	2021-05-24	2023-07-03 02:44:29	2023-10-26 15:26:35	461 B	16 kB	192.243.59.13
script.4dex.io	2135	2018-04-02	2018-07-23 12:04:27	2023-12-03 05:13:19	847 B	25 kB	172.67.75.241
rebindskayoes.com	unknown	2022-11-08	2022-11-08 12:50:32	2023-08-18 10:58:51	424 B	1.5 kB	23.109.82.122
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	2.1 kB	82 kB	216.58.207.227
prebid.a-mo.net	1148	2017-09-08	2020-07-14 19:45:55	2023-12-02 19:13:51	479 B	314 B	147.75.84.158
bs.yandex.ru	35988	1997-09-23	2012-11-03 23:19:31	2023-12-02 18:22:22	545 B	687 B	213.180.193.90
imp9.bidgear.com	34078	2011-08-30	2021-03-15 12:09:09	2023-12-01 21:04:11	1.6 kB	3.4 kB	172.67.74.36
bullbatmohalim.com	unknown	2023-07-30	2023-07-30 13:20:29	2023-11-08 02:45:48	422 B	1.5 kB	23.109.248.183
www.flvto.biz	833722	2014-06-19	2017-11-13 21:08:36	2023-09-30 11:36:22	2.0 kB	137 kB	188.114.96.1
cuttlefly.com	577339	2019-10-09	2019-12-18 13:24:45	2023-11-10 07:21:49	481 B	512 B	116.202.21.68
api.purpleads.io	146037	2020-01-29	2020-02-18 07:59:38	2023-12-02 18:22:19	2.8 kB	3.4 kB	34.234.32.221
saycaptain.com	unknown	unknown	No data	No data	4.8 kB	7.4 kB	192.243.59.20
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-03 05:12:09	904 B	30 kB	45.133.44.9
flvto.biz	275143	2014-06-19	2015-05-31 09:19:08	2023-08-17 18:58:37	478 B	67 kB	188.114.96.1
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	439 B	420 B	18.184.210.76
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-12-03 05:12:51	498 B	1.9 kB	45.133.44.4
cdn-static.flvto.biz	828228	2014-06-19	2022-01-03 18:06:46	2023-09-29 05:14:55	1.5 kB	58 kB	188.114.96.1
cdn.flvto.biz	unknown	2014-06-19	2016-06-17 09:26:42	2023-09-29 05:14:22	1.4 kB	48 kB	188.114.96.1
ev.zabanit.xyz	514436	2020-10-28	2020-11-12 16:38:47	2023-11-25 23:54:59	3.2 kB	2.8 kB	135.181.107.135
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-03 11:12:04	350 B	942 B	54.230.218.11
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-02 19:44:00	411 B	86 kB	172.64.134.5
dl.zabanit.xyz	481106	2020-10-28	2020-11-12 16:38:47	2023-11-19 06:56:45	3.2 kB	8.3 kB	135.181.107.135
luzulabeguile.com	unknown	2021-07-08	2021-07-08 11:07:08	2023-10-16 02:37:55	844 B	2.9 kB	142.91.159.89
mp.4dex.io	2629	2018-04-02	2019-01-03 14:51:11	2023-12-02 17:40:06	477 B	1.1 kB	172.64.153.78
images.outbrainimg.com	2085	2018-04-09	2018-05-15 12:18:13	2023-12-02 05:24:35	593 B	8.3 kB	23.38.201.176

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 17:09:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-12-03 17:09:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	saycaptain.com	Sinkholed
2023-12-03	medium	saycaptain.com	Sinkholed
2023-12-03	medium	saycaptain.com	Sinkholed
2023-12-03	medium	saycaptain.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	From	Size	First Seen	Last Seen
	www.flvto.biz/nesgn/	ScriptElement	1.2 kB	2023-03-08	2025-03-16
Pretty URL www.flvto.biz/nesgn/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 21:54 Last Seen2025-03-16 03:04 Times Seen15 Hash c27883900fd8759ccc320465b5c6bde4 8fac8dbcfda63c2236d8914e271e2680857a5892 e303f5efd1dfc2cc3baf4ac321bc9e79e3356833ac4d17174d362b603d06387f Loading...

	luzulabeguile.com/tzpWQhVtwaCMFq/38708	ScriptElement	5 B	2023-03-07	2025-07-05
Pretty URL luzulabeguile.com/tzpWQhVtwaCMFq/38708 IP 142.91.159.89 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-07-05 15:22 Times Seen6607 Hash f7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a Loading...

	www.flvto.biz/nesgn/	ScriptElement	612 B	2023-03-07	2025-04-08
Pretty URL www.flvto.biz/nesgn/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:56 Last Seen2025-04-08 07:38 Times Seen19 Hash dd9debd6558d145f82c62ae2b2b3e2d1 73ebc68ae4b6829e7201529978905c9a64832eac e7ade9c71d80b859039a72ad6e2ca1113932bbe3b3ae149d7ecde22551b56cf7 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	423 B	2023-07-12	2025-06-25
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-12 06:36 Last Seen2025-06-25 17:55 Times Seen78 Hash 76b4fe7bdc5a0dc628bbfdaa2c0d4fed a6f81dc4fac70d743a1200cae42ae197389e0ce6 b90802ef0844d32ac7a5e434f4c93bc14efc5590eaaaf9a742b2fe162ee29771 Loading...

	ad.tradertimerz.media/deliver/js/860301d4060ef8c	ScriptElement	2.9 kB	2023-09-30	2024-08-21
Pretty URL ad.tradertimerz.media/deliver/js/860301d4060ef8c IP 5.75.199.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-30 13:54 Last Seen2024-08-21 05:28 Times Seen85 Hash 9063f43530d51cb1abe1014377cbd0ed 31129faa639eced1054557799ee111b6ec73be30 2ec9823c15136c61a62c45fd01b96c41acb8c0a339ad77cd3cead8be0050d0d8 Loading...

	platform.bidgear.com/pubbidgear-ad.js	ScriptElement	7.8 kB	2023-11-15	2023-12-13
Pretty URL platform.bidgear.com/pubbidgear-ad.js IP 172.67.74.36 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 22:02 Last Seen2023-12-13 22:59 Times Seen23 Hash b42012082533dfb1a327520711319a5f f308dfb13966b2733955d1dbd6d3c2b317fa2b3d 1ed1267a95aa559c7074d29be17adf536c5a3f865ba0d89dcbd0499a88e137ff Loading...

	cdn.prplads.com/load.js?publisherId=865f9b57212f5a3261580bd6ab9b23bc:6d77b29e1174de9720da61fb75014900be589c158a6320d7794579fb7ceaa31c457b7fca2efaa090f3c987963e93dce95b55919a8cd5caad6bcc1f84e0318412	ScriptElement	45 kB	2023-08-09	2024-08-21
Pretty URL cdn.prplads.com/load.js?publisherId=865f9b57212f5a3261580bd6ab9b23bc:6d77b29e1174de9720da61fb75014900be589c158a6320d7794579fb7ceaa31c457b7fca2efaa090f3c987963e93dce95b55919a8cd5caad6bcc1f84e0318412 IP 104.26.2.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-09 19:07 Last Seen2024-08-21 09:40 Times Seen61 Hash f92f0f503b50212276e353370595fa67 e7a5f61221ed817c5d493c2dec2237624bfbc8f1 a8203e9eb6b708110a747609ecca7e159dcfc383098341b0acb8a87c9390c0e4 Loading...

	unknown	EventHandler	188 B	2023-04-15	2025-07-01
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-15 20:09 Last Seen2025-07-01 22:18 Times Seen217 Hash 839f00355ed896a007c18274ade39d94 a0d954478522fd4dcac024c995c180e7a8c58496 4af5bbd0ec136ec05a399410b4720d5cfe29a1f43cad09d4be692205b774a781 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	675 B	2023-03-07	2024-08-21
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:28 Last Seen2024-08-21 09:00 Times Seen10 Hash 83bd29b282c8263d5abc4182f6df4aae 4c2f83dc8bb36338503186b0e2a5f737d2da258f cf88c64ce9d7f0061a66ccf8d42e4033da225ef3a726d680c6e1c3bb30a1186d Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	620 B	2023-03-12	2025-06-25
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 15:30 Last Seen2025-06-25 17:55 Times Seen67 Hash 79a3671b9038b1377b3561d36f95c31f ddb71442efe371bd7f2f4a3d213e55cc1b44af91 fa0b6a3926765fd3b227f79fbc9f35cf779a4929a43f3e68223826d7b545dea5 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	246 B	2023-03-07	2025-06-25
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:28 Last Seen2025-06-25 17:55 Times Seen62 Hash 4a12c77fce9efd5f8e3c647823b10cfc 73ad2c36e69f7eec8c1e39d2d7edcfd43d70a760 562e2d71efda85f3c5c74fb3db9cd994dc81c372cfc2ec57da4fc7aa5bc11e74 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	181 B	2023-03-07	2025-04-08
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:56 Last Seen2025-04-08 07:38 Times Seen19 Hash dd6c1f7ba34fd659719115d28503af50 b0c841b0a139abe16294172c83e2e86e9005609c ea7718430f30085fcbf526fabda97ea6a6f671fbc5dd689398d357696bab004b Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 172.64.134.5 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	1.7 kB	2023-03-07	2024-08-21
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:28 Last Seen2024-08-21 09:00 Times Seen18 Hash f528de86f9716f853bef28b78bf07d5d c3f7938becd6a0c0733ac56c1f626b3edf25f437 7650ffa43eec478c8d92fd5d1f5db0f77b2e026038ad869c602413d6acc1dfb7 Loading...

	unknown	ScriptElement	256 B	2023-10-01	2024-10-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-01 18:49 Last Seen2024-10-06 23:34 Times Seen15 Hash 4bc8c139e7cd3b927b3b63952f374804 419ebe23849539f25f0c9d53c92265147eaac698 94cca61175038f2d6aa9f97a795000e1c89da4acc584529b54116e9d13b4ed29 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	518 B	2023-03-07	2024-08-21
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:28 Last Seen2024-08-21 09:00 Times Seen18 Hash ffd0af61d20f0270e7203329499f37d8 5278c94db177b2e4b9ab30ba4ae4f3774f95a538 6587413744f30cb887c075e9af1d763013759f4609fc7705701ac8b6891bbb01 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	4.6 kB	2023-07-12	2024-08-21
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-12 06:36 Last Seen2024-08-21 09:00 Times Seen6 Hash 32e392826eb2634577dadd9445751349 1ca4e3def937b43324acc32295e40ef75d6d3700 13b434822ba32a354b7c2201c2996710559191a89a6acdcd16607fac2660ae88 Loading...

	ad.tradertimerz.media/deliver/token/860301d4060ef8c?loc=https%3A%2F%2Fad.tradertimerz.media%2Fdeliver%2Fpixel%2F860301d4060ef8c&vid=b0ec9a95-ecea-4621-8404-f95090c8b966&ref=https%3A%2F%2Fwww.flvto.biz%2F	ScriptElement	1.4 kB	2023-12-03	2023-12-03
Pretty URL ad.tradertimerz.media/deliver/token/860301d4060ef8c?loc=https%3A%2F%2Fad.tradertimerz.media%2Fdeliver%2Fpixel%2F860301d4060ef8c&vid=b0ec9a95-ecea-4621-8404-f95090c8b966&ref=https%3A%2F%2Fwww.flvto.biz%2F IP 5.75.199.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 18:10 Last Seen2023-12-03 18:10 Times Seen1 Hash 67b8f0ce99ab67338617062763da0126 cbed39dbde3ffdf16e8f6ed730d88c5641fe1955 888b9b4a18277ce4da5523fffcf762c2e0fe8fab1aeed4bb450d082b9a68998e Loading...

	unknown	ScriptElement	256 B	2023-10-01	2024-10-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-01 18:49 Last Seen2024-10-06 23:34 Times Seen12 Hash e16959b5fa05ba0a7ea65b1441c5ad03 759e4ebcca919d9c71856910af3829fb7c46bfac e5d09fd016003e857ffa9de947195db71e9dd415e4e2970ebf14f925bc613533 Loading...

	pl16330037.safestcontentgate.com/de/9a/cd/de9acd36b9bdfc08a8f10363b274b170.js	ScriptElement	43 kB	2023-12-03	2023-12-03
Pretty URL pl16330037.safestcontentgate.com/de/9a/cd/de9acd36b9bdfc08a8f10363b274b170.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 18:10 Last Seen2023-12-03 18:10 Times Seen1 Hash 670f3c62d250e8f2128a818b3cae3716 a0899e98c983dcbf4ccba35dbfda9cee7160f6ea f7281ab7bc03a9e992d6603537c12e88089568a533dceb501f08edb4bedf5be4 Loading...

	unknown	ScriptElement	1.3 kB	2023-10-26	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-26 15:26 Last Seen2024-08-21 03:18 Times Seen4 Hash 0598f4d38f3eb40bdd717bf46242cb21 df0be49a91abd298c805e67a18e692e102075593 b0aed2d3ed90c113959c903c0a9759dd0e5c26a10db27c6944ef9ce22ecf7ae9 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	181 B	2023-03-07	2025-04-08
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:56 Last Seen2025-04-08 07:38 Times Seen19 Hash 479e020f6948958503e14cb60cef08cf 2fc33d752828b4b5dd3bec3e784ddbbfefd7b561 fee416f638b447b07e57852a83ff903dc1f055bb6ce91af6755b7075ef1655a7 Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	181 B	2023-03-07	2025-04-08
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:56 Last Seen2025-04-08 07:38 Times Seen19 Hash c6a99cb1e2ef9da40e3d8ad7b7ba5dfb 5e3509f922008f5ccf59bb1af72053da5d83dba3 18ade6b27440a8fdb62669c333c7432df6ddf4347d457bdfc2fe2da80c58eb1c Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	182 B	2023-03-07	2025-04-08
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:56 Last Seen2025-04-08 07:38 Times Seen19 Hash 21b4eb0c9a0b144e17158b007a7402b0 e9a592829838363ee213ffecb0b67024c427be1f f58292aea07c6787607aa3b9cd830a5caf63ef0a7ef0d106ab26c2469092c86d Loading...

	www.flvto.biz/nesgncsgwp/	ScriptElement	181 B	2023-03-07	2025-04-08
Pretty URL www.flvto.biz/nesgncsgwp/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:56 Last Seen2025-04-08 07:38 Times Seen19 Hash a54882a572df499b30c47da96e67bf8d 7e9a7b60944d6524496d0d0553718c47563e4c0b d8aa1bf62ff4234fdcb907c7a2c95a9e6734502dee36c21e030e722936d559ba Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-07-05
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP 172.64.108.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-05 16:16 Times Seen8309 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	unknown	ScriptElement	133 B	2023-05-12	2025-01-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 09:11 Last Seen2025-01-07 07:10 Times Seen202 Hash 377d3b2e03fc6f8306740f08a9727c40 a793b245d9de493b5312872d6675482f2c8c64d7 799899af28a256c42da96652251db4b655b4f6c0db0d5752bfe7d1c605a20817 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5d8623cd29a2e67e3584151084968e1a	2.4 kB	2024-08-20 16:55	2024-08-20 16:55
Pretty Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash 5d8623cd29a2e67e3584151084968e1a 141d53389aef1362a0a3e6845f33fb2d49892842 88a831f92ab760c28feb5bd85fa966c13b05ebbbb5de2808a01c42538c4f9bef Loading...

	#2 Write - 6f7d1328d6ec62ec9701bdfeb96de54b	535 B	2024-08-20 16:55	2024-08-20 16:55
Pretty Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash 6f7d1328d6ec62ec9701bdfeb96de54b 17d9562fdb94912b192618a420973860a9ac0e57 54fac0a821a7b4eaff448913ed1926d2b407c1b37ce48b0d61eec50ae45a1578 Loading...

	#3 Write - 43de86a75351d2843ef2327206c5733e	794 B	2024-08-20 16:55	2024-08-20 16:55
Pretty Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash 43de86a75351d2843ef2327206c5733e a1e9cb2284cc315892eebf80cb4066c360545406 3273cff4f846a7afedcf5a9604786183d9db2a19c797868faa770485f6da1f41 Loading...

	#4 Write - 5ac66e4bd7d17c0ff86dbf2c2c543d03	535 B	2024-08-20 16:55	2024-08-20 16:55
Pretty Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash 5ac66e4bd7d17c0ff86dbf2c2c543d03 856c70cfea489c986fd1733f3589ab43e11201b6 3617a85b3f915e2cb1718dc0133621b1ac8556bf715800ff02666535517cd85f Loading...

	#5 Write - 4f9ca9eb29ec1a78b4f2dd51545738c1	3.2 kB	2024-08-20 16:55	2024-08-20 16:55
Pretty Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash 4f9ca9eb29ec1a78b4f2dd51545738c1 0486e793215122cacc0da7e25eb72b9ff0ca9191 856c134c649d623a2a873742e922920eff482b88cd89a1c56d1457d0a710dd2a Loading...

HTTP Transactions (76)

URL IP Response Size

GET fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese

142.250.74.106

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.1 kB (1138 bytes)
Hash
ac6889a1b6e8b8233d13453a94b39df9
dba6bef7f0ec97e2e97bddb2bafc4c5ddf948572
3bf2a0d81799585a667a5507a8b2274d6f3db3c63b8fa77364b0853bd4714ccb

HTTP Headers

GET /css?family=Roboto+Condensed:300,400,700&display=swap&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 17:09:47 GMT
date: Sun, 03 Dec 2023 17:09:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn-static.flvto.biz/_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp

188.114.96.1

200 OK

16 kB

URL GET HTTP/3
cdn-static.flvto.biz/_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
16 kB (16394 bytes)
Hash
9242834125f1193e9da85bd184283257
6f4002deccbc6ecd889940f7912174277016247d
f4d168275b24555befe16c253615213ee85a2c1e0f48f75691159b3c514cbdd5

HTTP Headers

GET /_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp HTTP/1.1
Host: cdn-static.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: image/webp
content-length: 16394
last-modified: Wed, 15 Nov 2023 11:58:48 GMT
etag: "6554b278-400a"
expires: Sun, 24 Nov 2024 09:19:28 GMT
cache-control: max-age=31536000, public
pragma: public
cf-cache-status: HIT
age: 719420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MbWyeqTPxrbcMkDD6renSf%2FJ25pkhSFJyx2nf09dw2rOV9hZiKAe1m5Ljn78H0ikn5NJqpCM2iySKhiCqiIAe%2BiGY%2BRDgCgsO4u2FgCfttzs0QT7YDsGaB4imqQjVJbcrhXHcXrCwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b5fa92e569f-OSL
alt-svc: h3=":443"; ma=86400

GET cdn-static.flvto.biz/_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp

188.114.96.1

200 OK

23 kB

URL GET HTTP/3
cdn-static.flvto.biz/_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
23 kB (23388 bytes)
Hash
4cba0a4c41c4a5b736d5d5b499dd12d3
dc710b60dc50be5d6dfdbb38ede21f2b4c9aa6c8
95aa9b1e46bf433501db0d65b2623d13d35b2c50e7780b359b9186e4e9c5475c

HTTP Headers

GET /_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp HTTP/1.1
Host: cdn-static.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: image/webp
content-length: 23388
last-modified: Wed, 15 Nov 2023 11:58:48 GMT
etag: "6554b278-5b5c"
expires: Thu, 21 Nov 2024 13:15:34 GMT
cache-control: max-age=31536000, public
pragma: public
cf-cache-status: HIT
age: 964454
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BneYCm%2BxoVOubFNJ6EIlsVok5qZBFhw5s3CHk43pjhDAme0ityjHdSB%2F3VQcRS44ih4ez7FZiZXrkigqaGX9pLUTkBy8jIdn89zvrigCjmkWiC7DgofUAq2MhAYmbgNDlEvagqXvXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b5fa92f569f-OSL
alt-svc: h3=":443"; ma=86400

GET ad.tradertimerz.media/deliver/pixel/860301d4060ef8c

5.75.199.190

200 OK

176 B

URL GET HTTP/2
ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
IP
5.75.199.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectad.tradertimerz.media
Fingerprint04:FC:4E:84:7F:0A:86:3E:C1:2F:6F:08:A1:28:5B:92:98:2C:EB:BE
ValidityThu, 09 Nov 2023 23:40:47 GMT - Wed, 07 Feb 2024 23:40:46 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
176 B (176 bytes)
Hash
902be29c59d79d139229e77e57b92986
b5831c73828b116a9ad1b43f65404097a646a215
608975898dfe616a7473b071992256a72b17a44159a40b257c60e426bd23019b

HTTP Headers

GET /deliver/pixel/860301d4060ef8c HTTP/1.1
Host: ad.tradertimerz.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/html; charset=UTF-8
content-length: 176
cache-control: max-age=4254, public, s-maxage=3872
content-encoding: gzip
X-Firefox-Spdy: h2

GET cdn.flvto.biz/_next/static/css/styles.94b5e2c8.chunk.css

188.114.96.1

301 Moved Permanently

5.6 kB

URL GET HTTP/3
cdn.flvto.biz/_next/static/css/styles.94b5e2c8.chunk.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type
data
Size
5.6 kB (5569 bytes)
Hash
a5aade1fe8ca88a635195ec258e29979
8d80d5f0dd6c7021643118b4b8e8dce38badb508
d1ad8333e8d55c6174e1c6148d6f385ed90ff9cd858b3565dcb45bdde87f2f7a

HTTP Headers

GET /_next/static/css/styles.94b5e2c8.chunk.css HTTP/1.1
Host: cdn.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/html
location: https://cdn-static.flvto.biz/_next/static/css/styles.94b5e2c8.chunk.css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sRr1VQzxacPuR1KnmagLM82t2LZL6F%2Fm3jhnWXRjfK4%2FhBklQjJ4CNXr7FMmssIZawVLE6JShS5H2SrrNFLaHvijJFZgiyxuEYa6qSazYSmFem5hf6sHt1JIzr5QuXtL60kCe%2F6dGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-77-nzt: EwwBuUwJDQHXaQsIAAwBuUwKCQH3UAgAAAwB1GY4nAH3TDMAAA
x-77-nzt-ray: c0a4cc2873125c245cb66c6546796102
x-accel-date: 1701096179
x-77-cache: HIT
x-77-age: 542469
x-cache-lb: HIT, HIT
x-age-lb: 2128, 527209
x-77-pop: stockholmSE
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b5e9f96569f-OSL

GET ad.tradertimerz.media/deliver/token/860301d4060ef8c?loc=https%3A%2F%2Fad.tradertimerz.media%2Fdeliver%2Fpixel%2F860301d4060ef8c&vid=b0ec9a95-ecea-4621-8404-f95090c8b966&ref=https%3A%2F%2Fwww.flvto.biz%2F

5.75.199.190

200 OK

770 B

URL GET HTTP/2
ad.tradertimerz.media/deliver/token/860301d4060ef8c?loc=https%3A%2F%2Fad.tradertimerz.media%2Fdeliver%2Fpixel%2F860301d4060ef8c&vid=b0ec9a95-ecea-4621-8404-f95090c8b966&ref=https%3A%2F%2Fwww.flvto.biz%2F
IP
5.75.199.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
Certificate
IssuerLet's Encrypt
Subjectad.tradertimerz.media
Fingerprint04:FC:4E:84:7F:0A:86:3E:C1:2F:6F:08:A1:28:5B:92:98:2C:EB:BE
ValidityThu, 09 Nov 2023 23:40:47 GMT - Wed, 07 Feb 2024 23:40:46 GMT

File type
ASCII text, with very long lines (521)
Size
770 B (770 bytes)
Hash
67b8f0ce99ab67338617062763da0126
cbed39dbde3ffdf16e8f6ed730d88c5641fe1955
888b9b4a18277ce4da5523fffcf762c2e0fe8fab1aeed4bb450d082b9a68998e

HTTP Headers

GET /deliver/token/860301d4060ef8c?loc=https%3A%2F%2Fad.tradertimerz.media%2Fdeliver%2Fpixel%2F860301d4060ef8c&vid=b0ec9a95-ecea-4621-8404-f95090c8b966&ref=https%3A%2F%2Fwww.flvto.biz%2F HTTP/1.1
Host: ad.tradertimerz.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/javascript; charset=UTF-8
content-length: 770
cache-control: max-age=0, must-revalidate, private
pragma: no-cache
expires: Sun, 03 Dec 2023 17:09:48 GMT
set-cookie: uuid=ff1e471a-5b5a2a9a-656cb65c-5d4e-7b449b88; expires=Wed, 30-Nov-2033 17:09:48 GMT; path=/; domain=ad.tradertimerz.media; secure; httponly; samesite=none
content-encoding: gzip
X-Firefox-Spdy: h2

GET ad.tradertimerz.media/images/delivery/8238769382229c3f47a5.png

5.75.199.190

200 OK

928 B

URL GET HTTP/2
ad.tradertimerz.media/images/delivery/8238769382229c3f47a5.png
IP
5.75.199.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
Certificate
IssuerLet's Encrypt
Subjectad.tradertimerz.media
Fingerprint04:FC:4E:84:7F:0A:86:3E:C1:2F:6F:08:A1:28:5B:92:98:2C:EB:BE
ValidityThu, 09 Nov 2023 23:40:47 GMT - Wed, 07 Feb 2024 23:40:46 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
928 B (928 bytes)
Hash
63797a6d2e6b7dc016f5a8e3d9a09b15
6d72420b033c4034fc7c41a936ebe938d38ceb51
31489288e85672dcc3dfb19e97f035fbef57b28ee36021a93de30463cc92cae3

HTTP Headers

GET /images/delivery/8238769382229c3f47a5.png HTTP/1.1
Host: ad.tradertimerz.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
Cookie: uuid=ff1e471a-5b5a2a9a-656cb65c-5d4e-7b449b88
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: image/png
content-length: 928
last-modified: Fri, 29 Sep 2023 09:20:59 GMT
etag: "651696fb-3a0"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cuttlefly.com/direct-info/YTv6YJ23gQfJz1u7GF04EQ/1701625188/1/?lang=en

116.202.21.68

200 OK

171 B

URL GET HTTP/1.1
cuttlefly.com/direct-info/YTv6YJ23gQfJz1u7GF04EQ/1701625188/1/?lang=en
IP
116.202.21.68:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectcuttlefly.com
Fingerprint1E:F8:A3:42:3D:92:42:70:A5:B4:00:8D:F6:1B:E1:1C:78:56:E5:75
ValidityMon, 20 Nov 2023 19:23:10 GMT - Sun, 18 Feb 2024 19:23:09 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
171 B (171 bytes)
Hash
5e41baa8100c12a6652f91aadf3cefa8
911008e8ff8f8b84feb0f8cfb789c17b82d6dda3
30d1234454c80b75ffecce3cf231a42164412307c781e923d07c8ca70879cdfb

HTTP Headers

GET /direct-info/YTv6YJ23gQfJz1u7GF04EQ/1701625188/1/?lang=en HTTP/1.1
Host: cuttlefly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:49 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 171
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS

GET dl.zabanit.xyz/zone/21?lang=en&siteCode=1

135.181.107.135

200 OK

943 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/21?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
JSON data\012- HTML document text\012- HTML document, ASCII text, with very long lines (943), with no line terminators
Size
943 B (943 bytes)
Hash
fc24c75e2ded68a1318a93a18fc164cf
c353aeb9235a731ffcf5526c935a2722ac2a245b
d8749e5cff31eeb0da3f90aede97a978a0a2480cbde7d9dbb903738c0c47e534

HTTP Headers

GET /zone/21?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 943
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET dl.zabanit.xyz/zone/118?lang=en&siteCode=1

135.181.107.135

200 OK

633 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/118?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
JSON data\012- HTML document, ASCII text, with very long lines (633), with no line terminators
Size
633 B (633 bytes)
Hash
6b23eb59247d8143f4c164997850fb97
e42e4fdda764a0741211b060f2b218ac1f67dde9
9c62f798ca78dacd3bc758075d1df88cb11a7c1c1a2f24ab94a2551d7f3ad116

HTTP Headers

GET /zone/118?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 633
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET dl.zabanit.xyz/zone/16?lang=en&siteCode=1

135.181.107.135

200 OK

943 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/16?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
JSON data\012- HTML document text\012- HTML document, ASCII text, with very long lines (943), with no line terminators
Size
943 B (943 bytes)
Hash
b888cb5e11690921c35acf04debf20a2
ee34315fb31fa11f9aa3f8534395ae0a6f1e24ba
0c282c809a3beb813406934864a2bd72db93d8ad72754576de813c2a68e21c96

HTTP Headers

GET /zone/16?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 943
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET dl.zabanit.xyz/zone/22?lang=en&siteCode=1

135.181.107.135

200 OK

943 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/22?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
JSON data\012- HTML document text\012- HTML document, ASCII text, with very long lines (943), with no line terminators
Size
943 B (943 bytes)
Hash
76c1b6e9d41a6a4ec24cf2ee96beae67
f11066ac2694f6a07e7391d9b6340d73f1f771cd
e880dedfcaee4baa612bff69ef070ea96303b8a57166bb0405b9752f0d207bcb

HTTP Headers

GET /zone/22?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 943
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET dl.zabanit.xyz/zone/77?lang=en&siteCode=1

135.181.107.135

204 No Content

0 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/77?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zone/77?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET dl.zabanit.xyz/zone/17?lang=en&siteCode=1

135.181.107.135

204 No Content

0 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/17?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zone/17?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET dl.zabanit.xyz/zone/5?lang=en&siteCode=1

135.181.107.135

200 OK

614 B

URL GET HTTP/1.1
dl.zabanit.xyz/zone/5?lang=en&siteCode=1
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
JSON data\012- HTML document, ASCII text, with very long lines (614), with no line terminators
Size
614 B (614 bytes)
Hash
04cba96cacf22c1f40439750c9161a4e
d39343d5e1c50e971d5dac3483d887c8fa4f839e
e1e43685ca63580968fdfcd7bdad3f3e75925a1a7e3bafcf8c03ff33c515b574

HTTP Headers

GET /zone/5?lang=en&siteCode=1 HTTP/1.1
Host: dl.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 614
Connection: keep-alive
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Set-Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=; path=/; expires=Mon, 04 Dec 2023 17:09:51 GMT; domain=zabanit.xyz; samesite=none; secure
Cache-Control: no-cache, no-store, must-revalidate

GET ev.zabanit.xyz/pixel/ae52a80f54c27190/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjE2LCJzaXRlSWQiOjEsImJhbm5lcklkIjoyMzUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D

135.181.107.135

200 OK

64 B

URL GET HTTP/1.1
ev.zabanit.xyz/pixel/ae52a80f54c27190/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjE2LCJzaXRlSWQiOjEsImJhbm5lcklkIjoyMzUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
bbfd7b49dc892a72a8a87d8d1ae3e4ee
8152afda534c80d6b7f94f00b4fa5d84a83246a7
d69cbc552cfe8de4931deb191dd349a881ff4448ed3251571e0bacd0257519b1

HTTP Headers

GET /pixel/ae52a80f54c27190/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjE2LCJzaXRlSWQiOjEsImJhbm5lcklkIjoyMzUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D HTTP/1.1
Host: ev.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Content-Disposition: inline
Cache-Control: private, no-cache, proxy-revalidate, max-age=0, no-cache, no-store, must-revalidate

GET ev.zabanit.xyz/pixel/9dd38714dc2ebb19/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjIxLCJzaXRlSWQiOjEsImJhbm5lcklkIjoyNDUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D

135.181.107.135

200 OK

64 B

URL GET HTTP/1.1
ev.zabanit.xyz/pixel/9dd38714dc2ebb19/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjIxLCJzaXRlSWQiOjEsImJhbm5lcklkIjoyNDUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
bbfd7b49dc892a72a8a87d8d1ae3e4ee
8152afda534c80d6b7f94f00b4fa5d84a83246a7
d69cbc552cfe8de4931deb191dd349a881ff4448ed3251571e0bacd0257519b1

HTTP Headers

GET /pixel/9dd38714dc2ebb19/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjIxLCJzaXRlSWQiOjEsImJhbm5lcklkIjoyNDUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D HTTP/1.1
Host: ev.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Content-Disposition: inline
Cache-Control: private, no-cache, proxy-revalidate, max-age=0, no-cache, no-store, must-revalidate

GET ev.zabanit.xyz/pixel/f5cfbc818d33fc0a/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjIyLCJzaXRlSWQiOjEsImJhbm5lcklkIjoyNDUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D

135.181.107.135

200 OK

64 B

URL GET HTTP/1.1
ev.zabanit.xyz/pixel/f5cfbc818d33fc0a/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjIyLCJzaXRlSWQiOjEsImJhbm5lcklkIjoyNDUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
bbfd7b49dc892a72a8a87d8d1ae3e4ee
8152afda534c80d6b7f94f00b4fa5d84a83246a7
d69cbc552cfe8de4931deb191dd349a881ff4448ed3251571e0bacd0257519b1

HTTP Headers

GET /pixel/f5cfbc818d33fc0a/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjIyLCJzaXRlSWQiOjEsImJhbm5lcklkIjoyNDUsImNhbXBhaWduSWQiOjQ4LCJhZHZlcnRpc2VySWQiOjM4fQ%3D%3D HTTP/1.1
Host: ev.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Content-Disposition: inline
Cache-Control: private, no-cache, proxy-revalidate, max-age=0, no-cache, no-store, must-revalidate

GET ev.zabanit.xyz/pixel/d7f55e179ac79d7a/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjExOCwic2l0ZUlkIjoxLCJiYW5uZXJJZCI6NDE5LCJjYW1wYWlnbklkIjo3NiwiYWR2ZXJ0aXNlcklkIjo2MX0%3D

135.181.107.135

200 OK

64 B

URL GET HTTP/1.1
ev.zabanit.xyz/pixel/d7f55e179ac79d7a/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjExOCwic2l0ZUlkIjoxLCJiYW5uZXJJZCI6NDE5LCJjYW1wYWlnbklkIjo3NiwiYWR2ZXJ0aXNlcklkIjo2MX0%3D
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
bbfd7b49dc892a72a8a87d8d1ae3e4ee
8152afda534c80d6b7f94f00b4fa5d84a83246a7
d69cbc552cfe8de4931deb191dd349a881ff4448ed3251571e0bacd0257519b1

HTTP Headers

GET /pixel/d7f55e179ac79d7a/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjExOCwic2l0ZUlkIjoxLCJiYW5uZXJJZCI6NDE5LCJjYW1wYWlnbklkIjo3NiwiYWR2ZXJ0aXNlcklkIjo2MX0%3D HTTP/1.1
Host: ev.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Content-Disposition: inline
Cache-Control: private, no-cache, proxy-revalidate, max-age=0, no-cache, no-store, must-revalidate

GET ev.zabanit.xyz/pixel/6a854da85603afc1/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjUsInNpdGVJZCI6MSwiYmFubmVySWQiOjIwNiwiY2FtcGFpZ25JZCI6NDIsImFkdmVydGlzZXJJZCI6MTl9

135.181.107.135

200 OK

64 B

URL GET HTTP/1.1
ev.zabanit.xyz/pixel/6a854da85603afc1/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjUsInNpdGVJZCI6MSwiYmFubmVySWQiOjIwNiwiY2FtcGFpZ25JZCI6NDIsImFkdmVydGlzZXJJZCI6MTl9
IP
135.181.107.135:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectdisplay.adcampo.com
FingerprintCA:B0:51:D1:E1:C2:B1:E0:6A:9A:55:B2:60:DB:45:26:76:17:F6:CB
ValidityFri, 03 Nov 2023 20:31:12 GMT - Thu, 01 Feb 2024 20:31:11 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
bbfd7b49dc892a72a8a87d8d1ae3e4ee
8152afda534c80d6b7f94f00b4fa5d84a83246a7
d69cbc552cfe8de4931deb191dd349a881ff4448ed3251571e0bacd0257519b1

HTTP Headers

GET /pixel/6a854da85603afc1/4nnfX0ho3bN4Ut46w-hlKw?ad=eyJ6b25lSWQiOjUsInNpdGVJZCI6MSwiYmFubmVySWQiOjIwNiwiY2FtcGFpZ25JZCI6NDIsImFkdmVydGlzZXJJZCI6MTl9 HTTP/1.1
Host: ev.zabanit.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: _zabs_d=uid=4nnfX0ho3bN4Ut46w-hlKw&ex=1701709791&fc=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Content-Disposition: inline
Cache-Control: private, no-cache, proxy-revalidate, max-age=0, no-cache, no-store, must-revalidate

GET rebindskayoes.com/tntRo7hYYuJWGQsC/60079

23.109.82.122

200 OK

25 B

URL GET HTTP/1.1
rebindskayoes.com/tntRo7hYYuJWGQsC/60079
IP
23.109.82.122:443
ASN
#7979 SERVERS-COM

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectrebindskayoes.com
Fingerprint9A:0E:A0:31:9A:22:C7:0F:A8:D0:C9:F1:6F:79:FB:AE:26:09:37:0E
ValidityThu, 19 Oct 2023 23:13:56 GMT - Wed, 17 Jan 2024 23:13:55 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

HTTP Headers

GET /tntRo7hYYuJWGQsC/60079 HTTP/1.1
Host: rebindskayoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Mon, 04-Dec-2023 17:09:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Mon, 04-Dec-2023 17:09:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET platform.bidgear.com/async-v2.json?zoneid=2309&wu=https://www.flvto.biz/nesgncsgwp/

172.67.74.36

200 OK

1.1 kB

URL GET HTTP/2
platform.bidgear.com/async-v2.json?zoneid=2309&wu=https://www.flvto.biz/nesgncsgwp/
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (948), with no line terminators
Size
1.1 kB (1121 bytes)
Hash
62c48089ca11c493d20c12f167e5a733
99098bd013db719aab8fa5f9ef33fc961d06a941
19f10b9bc8a9e7f34118efc35ff9f874f1ce1f019386f805f23ba55d65ceebaa

HTTP Headers

GET /async-v2.json?zoneid=2309&wu=https://www.flvto.biz/nesgncsgwp/ HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PoEnYOZo%2FkFelcAWbI2n2pqWVmyF9%2BuT%2FyGQLyBdWzyHx2Q9hRrVeFqi5ru4RdbYD0Vmmjk6UR%2B2rAyHKwa%2FPUb3W%2BZg3gC9TNTl8bk1NPSw3b1Rzoc1vCnA%2F803U%2F5ion6bWT1O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b75e83d0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET platform.bidgear.com/pubbidgear-ad.js

172.67.74.36

200 OK

2.8 kB

URL GET HTTP/2
platform.bidgear.com/pubbidgear-ad.js
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
2.8 kB (2831 bytes)
Hash
b42012082533dfb1a327520711319a5f
f308dfb13966b2733955d1dbd6d3c2b317fa2b3d
1ed1267a95aa559c7074d29be17adf536c5a3f865ba0d89dcbd0499a88e137ff

HTTP Headers

GET /pubbidgear-ad.js HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 08:57:55 GMT
vary: Accept-Encoding
etag: W/"65533693-1e6b"
expires: Thu, 14 Dec 2023 08:59:06 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 896198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQLtcsVH2vssRMS5rNlJceoze%2BQP2wfuuZGoO3hoyhxAgcyGdXZ4GcyFL63BtnlUPWZZLjnBmppPAUAqhCoM3rR2exH4eGRjwYj9oPGd9Jx%2BEIKhTeV1OAfwd45VZSvMVNJuwb%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b755fb60afa-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET imp9.bidgear.com/rec?t=1&z=2309&uuid=f4afceb73efa4ad496971e7c50a3fc24&p=85&g=NO&token=4a44335432&tbg=1701623391

172.67.74.36

200 OK

599 B

URL GET HTTP/2
imp9.bidgear.com/rec?t=1&z=2309&uuid=f4afceb73efa4ad496971e7c50a3fc24&p=85&g=NO&token=4a44335432&tbg=1701623391
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Size
599 B (599 bytes)
Hash
ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28

HTTP Headers

GET /rec?t=1&z=2309&uuid=f4afceb73efa4ad496971e7c50a3fc24&p=85&g=NO&token=4a44335432&tbg=1701623391 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UCtOBmGY62SxCF76SLiK1hH%2Be31LL540ztGJvbJrSv%2FbFL%2FYMOVJ48E1SlseDs0qlM78RP%2B3xwezyjOmr9i8Kh1qTyZ6k%2FRJldNcrLt0aeq1FjNBokQrKphaoOw59hxdkKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b77095e0afa-OSL
X-Firefox-Spdy: h2

GET platform.bidgear.com/pubbidgear-ad.js

172.67.74.36

200 OK

2.7 kB

URL GET HTTP/2
platform.bidgear.com/pubbidgear-ad.js
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
2.7 kB (2735 bytes)
Hash
b42012082533dfb1a327520711319a5f
f308dfb13966b2733955d1dbd6d3c2b317fa2b3d
1ed1267a95aa559c7074d29be17adf536c5a3f865ba0d89dcbd0499a88e137ff

HTTP Headers

GET /pubbidgear-ad.js HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: application/javascript
last-modified: Tue, 14 Nov 2023 08:57:55 GMT
vary: Accept-Encoding
etag: W/"65533693-1e6b"
expires: Thu, 14 Dec 2023 08:59:06 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 896198
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPEnfUE5eDZ4qpoLR8fcn7NfmpuqZO6NjsHen9p6pPBWA%2BlvfsVEh2x9v0FNUo2fjsZb4qtZp4W2dsH9PZCczszFhWaY%2B8hAxPsz7HtFKChd%2BPkYi0WB4KOAzBzgQAxNSSxJSeIt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b754fb00afa-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET bullbatmohalim.com/tbRQgNGbpIk3I/38707

23.109.248.183

200 OK

25 B

URL GET HTTP/1.1
bullbatmohalim.com/tbRQgNGbpIk3I/38707
IP
23.109.248.183:443
ASN
#7979 SERVERS-COM

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectbullbatmohalim.com
FingerprintB8:39:9E:F5:2D:AC:20:57:08:DF:B6:A0:98:C3:40:8B:4C:88:B0:F9
ValiditySat, 07 Oct 2023 23:11:04 GMT - Fri, 05 Jan 2024 23:11:03 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

HTTP Headers

GET /tbRQgNGbpIk3I/38707 HTTP/1.1
Host: bullbatmohalim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:52 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Mon, 04-Dec-2023 17:09:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Mon, 04-Dec-2023 17:09:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET luzulabeguile.com/tzpWQhVtwaCMFq/38708

142.91.159.89

200 OK

25 B

URL GET HTTP/1.1
luzulabeguile.com/tzpWQhVtwaCMFq/38708
IP
142.91.159.89:443
ASN
#7979 SERVERS-COM

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectluzulabeguile.com
Fingerprint48:61:EB:E5:E2:16:17:26:80:07:19:1E:79:B5:29:95:1A:C0:4F:C0
ValiditySun, 15 Oct 2023 23:36:27 GMT - Sat, 13 Jan 2024 23:36:26 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

HTTP Headers

GET /tzpWQhVtwaCMFq/38708 HTTP/1.1
Host: luzulabeguile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:52 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Mon, 04-Dec-2023 17:09:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Mon, 04-Dec-2023 17:09:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET luzulabeguile.com/tzpWQhVtwaCMFq/38708

142.91.159.89

200 OK

25 B

URL GET HTTP/1.1
luzulabeguile.com/tzpWQhVtwaCMFq/38708
IP
142.91.159.89:443
ASN
#7979 SERVERS-COM

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectluzulabeguile.com
Fingerprint48:61:EB:E5:E2:16:17:26:80:07:19:1E:79:B5:29:95:1A:C0:4F:C0
ValiditySun, 15 Oct 2023 23:36:27 GMT - Sat, 13 Jan 2024 23:36:26 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

HTTP Headers

GET /tzpWQhVtwaCMFq/38708 HTTP/1.1
Host: luzulabeguile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 17:09:52 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Mon, 04-Dec-2023 17:09:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Mon, 04-Dec-2023 17:09:52 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET pl16330037.safestcontentgate.com/de/9a/cd/de9acd36b9bdfc08a8f10363b274b170.js

192.243.59.13

200 OK

15 kB

URL GET HTTP/1.1
pl16330037.safestcontentgate.com/de/9a/cd/de9acd36b9bdfc08a8f10363b274b170.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectsafestcontentgate.com
FingerprintB1:31:6C:86:D9:2F:59:A3:F1:45:B2:70:58:75:7C:B7:1F:12:35:FE
ValidityWed, 15 Nov 2023 07:24:10 GMT - Tue, 13 Feb 2024 07:24:09 GMT

File type
ASCII text, with very long lines (42802), with no line terminators
Size
15 kB (15422 bytes)
Hash
670f3c62d250e8f2128a818b3cae3716
a0899e98c983dcbf4ccba35dbfda9cee7160f6ea
f7281ab7bc03a9e992d6603537c12e88089568a533dceb501f08edb4bedf5be4

HTTP Headers

GET /de/9a/cd/de9acd36b9bdfc08a8f10363b274b170.js HTTP/1.1
Host: pl16330037.safestcontentgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 17:09:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 70de0d69333d5e32e8fcfd183dd5a351
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 17:09:52 GMT
Last-Modified: Sun, 03 Dec 2023 16:39:15 GMT
Server: ECAcc (ska/F6ED)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Gmbr9OeAc0I2VtKZKiTTn3rgr8nU252Xym8-aFmmtPXWgId3Q1DwVw==
Age: 1837

GET proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c6dc7c91ce8f102a412e58de531cebac
0305ba78070b18c3d4499d21a3b65642cfc5d628
3cbe5ea417249cbcdfe28795eea5d6873968ca5415f6c7c7da1b0b0b8483b3ad

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.flvto.biz
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=765b6c07-6c9a-461b-8f26-95f8ba9987dd:1:1; expires=Wed, 30 Nov 2033 17:09:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:00:51 GMT
expires: Fri, 29 Nov 2024 04:00:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 306542
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET api.purpleads.io/x/v2/f?pid=77a039e9e192436b8520470179cd037d&ts=1701623397268

34.234.32.221

200 OK

784 B

URL GET HTTP/2
api.purpleads.io/x/v2/f?pid=77a039e9e192436b8520470179cd037d&ts=1701623397268
IP
34.234.32.221:443
ASN
#14618 AMAZON-AES

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerAmazon
Subject*.purpleads.io
FingerprintB0:5E:5A:FD:17:53:FC:15:87:A2:00:EC:D8:9B:FD:48:04:8B:A2:97
ValiditySun, 01 Oct 2023 00:00:00 GMT - Mon, 28 Oct 2024 23:59:59 GMT

File type
Applesoft BASIC program data, first line number 50\012- data
Size
784 B (784 bytes)
Hash
fbad802ced4f2dc6ada48a255804e77f
6c2332fce05d7e77c2c4e193c4b8f756699bd876
1b9c5102cc59d0d853de11cbae39b25139375766e99d8ea95cf5b1e1a5c4330b

HTTP Headers

OPTIONS /x/v2/f?pid=77a039e9e192436b8520470179cd037d&ts=1701623397268 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:52 GMT
access-control-allow-origin: https://www.flvto.biz
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2

GET saycaptain.com/sbar.json?key=de9acd36b9bdfc08a8f10363b274b170&uuid=765b6c07-6c9a-461b-8f26-95f8ba9987dd%3A1%3A1

192.243.59.20

200 OK

4.3 kB

URL GET HTTP/1.1
saycaptain.com/sbar.json?key=de9acd36b9bdfc08a8f10363b274b170&uuid=765b6c07-6c9a-461b-8f26-95f8ba9987dd%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectsaycaptain.com
Fingerprint4F:F1:FE:38:A4:6B:B4:3C:FD:7A:DA:CB:10:9E:F7:94:60:6D:69:22
ValidityTue, 28 Nov 2023 10:57:35 GMT - Mon, 26 Feb 2024 10:57:34 GMT

File type
JSON data\012- , ASCII text, with very long lines (6002), with no line terminators
Size
4.3 kB (4279 bytes)
Hash
7a0d622e4f9a96d55194058c840b37ab
5b0ff0058765fc7abc274df05577ef66e21d5f98
4bcdfe43da3e9be81c86a163c288c13a7375b78ac93efc5ae904996cc94df665

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=de9acd36b9bdfc08a8f10363b274b170&uuid=765b6c07-6c9a-461b-8f26-95f8ba9987dd%3A1%3A1 HTTP/1.1
Host: saycaptain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 17:09:53 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.flvto.biz
Access-Control-Allow-Origin: https://www.flvto.biz
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16229538; expires=Mon, 04 Dec 2023 17:09:53 GMT; secure; SameSite=None
uid_id2=765b6c07-6c9a-461b-8f26-95f8ba9987dd:1:1; expires=Sun, 10 Dec 2023 17:09:53 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 17:09:53 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 17:09:53 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 04 Dec 2023 17:09:53 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 04 Dec 2023 17:09:53 GMT; secure; SameSite=None
slecde9acd36b9bdfc08a8f10363b274b170=[4766299]; expires=Sun, 03 Dec 2023 17:09:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7908b83ef6c7f34c07532f32a6cb67c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

script.4dex.io/localstore.js

172.67.75.241

268 B

URL
script.4dex.io/localstore.js
IP
172.67.75.241:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (482)
Size
268 B (268 bytes)
Hash
922cffdd75f7192f75231d92684885aa
48ae21017844de388e0a32206a2691fa4c109669
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

HTTP Headers

GET /localstore.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 17:09:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=1800
ETag: W/"922cffdd75f7192f75231d92684885aa"
Last-Modified: Mon, 27 Nov 2023 07:14:08 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 550411
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQRpRCbvB75OOVOK9%2BTXhlP7wN5pdqJOIgUn6Bv8eIGVH8%2BXO6oSfcQcBjSXA%2FR9d8LSR25bWkN%2FKNY8Yd26FJer4f445Pp69Nf2kJLcQk4ZtFwVW1SdkSE1LQxEwZrs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82fd6b8288c01bfe-OSL
Content-Encoding: br

mp.4dex.io/prebid

172.64.153.78

581 B

URL
mp.4dex.io/prebid
IP
172.64.153.78:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix\012- data
Size
581 B (581 bytes)
Hash
e2d93419f0199c9a4b307e062d07c162
5f2e364e76c38a5c469b5c47c2cd55a3fa9c53cc
7f690f71a24c445d34eed18a68fcf5887d4cddf93bcf1fb99e20a9f1944d5983

HTTP Headers

POST /prebid HTTP/1.1
Host: mp.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
content-type: text/plain
Content-Length: 1570
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:53 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://www.flvto.biz
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin, Accept-Encoding
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82fd6b829e8a568d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

script.4dex.io/adagio.js

172.67.75.241

24 kB

URL
script.4dex.io/adagio.js
IP
172.67.75.241:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65354)
Size
24 kB (23478 bytes)
Hash
6faf3acfde3bb82adada71be4fc1deb0
20f08498f821936592273d8f755d94f31c9b9c7a
26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d

HTTP Headers

GET /adagio.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 17:09:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
ETag: W/"6faf3acfde3bb82adada71be4fc1deb0"
Last-Modified: Mon, 27 Nov 2023 07:14:07 GMT
Vary: Origin, Accept-Encoding
Access-Control-Expose-Headers: 
CF-Cache-Status: HIT
Age: 547832
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkrNDFKx7w11bJwLRfTLliePGOqlzefshAEL6vXausnQpTU9VPXshDBnaOGH6lB1r8A8nePRasQQOwFk%2BA%2B0pUbYbF%2BwJrVtFgSN8G27gTgL9AtrOTaZyu648FISrssd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82fd6b82ec7056bd-OSL
Content-Encoding: br

prebid.a-mo.net/a/c

147.75.84.158

0 B

URL
prebid.a-mo.net/a/c
IP
147.75.84.158:0
ASN
#54825 PACKET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
content-type: text/plain
Content-Length: 1318
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://www.flvto.biz
cache-control: max-age=0, private, must-revalidate
date: Sun, 03 Dec 2023 17:09:53 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 4
X-Firefox-Spdy: h2

GET saycaptain.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3o0n8eCyIB6EAT2sYCbd89%2FuYTGuWYMxCftDDp7qrydlarqaqu7pyXgJuyB7nAUPHjtvkg2ry%2BJ6EBEEmXiRgLDjQXIwIN73IqxXmcnA6Afd3%2Fe%2BV4f3XtXn%2B9kZCZDR082PTV9pTZfqZb90ZUvFwuSutH67FPhl%2F2ppS8WN2tVSb%2FKz3XcDv1723y7dkHzHLFX8wPcDPyitKCsj01uaslDJ4zAoh365VikH9Rp69v%2FYZR4c9SC6Z%2BQSlBi%2FtP3LUyg%2BQtz55rp0O6lJ3vmgk2maGouuOLoT78Qmj9GZj5H1EMVHs9MwbkzIlxdg4qOZA5juwcQBmBoT7%2FcALD6ayQTrHp4rZRoyBhMvI%2B%2BOIPUIio7AzT0o8YwAXGB9A3Hn4bqxOd09Z%2BmEHZOFF39D5WOy8MdlxJ0ny1r1SreMzlJlYodeVED1RlDtEZLsGGnfg8qPwdO7UOJXsvRiDXHnYMNpAyVO32o26qzB%2FeZig4d0sdYI2GIrqjQWw3rUYjQMW00hphEpNYKKRtByAOo8ZJNPecgiD1nioSNOS7QeRr7fjFhUrbZqnPNqlfN6qyHqolprRT4yPvEwQJoMwPUA3O4hsXvYUQ%2Be1S%2FBZj%2FBbRdwwoNLCbqiQC4JckeQU4JcEeQpQd4tDoV2FVc8FNplLJj1yqxXi6FJ2%2Fv00KRtGRNQO9hPzsir0%2Fz%2BOQB25GlJyJByUW2wkImI%2By3aigK%2F2qiySrPGgqYPpwood2Hqtq%2FG5LW7F5GoMVn4%2FhCMHsPpY3D1Jmj2Bmg%2BbFZ80O1hreWjHz%2BKdDc1Zab6EKZAki4g3fX29Rl5fSriwx8%2BgeQn177o%2F3njyeXPwG2BxBb4VP1M0Nb3hzdNTg5umtyRpxtJqjqqTycXfCulqbz41UdyNzdWrF53g0fv8QkxGR%2Ffli5do7FQcduRr5eVENKuGMsl%2BXHVbUm2mbnt5czGWbK2%2Bf7Kaiex0jll4hGoGhPy%2FFtwNSavPHfTx3vlzl9QdgSbFehkJ2RWUOYYPNmDS%2BY7ZwisnmOWeMizYmgrbL7UikDLOaasgPsPZvN5391H23qg6T3EnQJdW6CrC1A9gMsuDtPEnlz7rTotMO0NmbbeAdNWPzgP16nTkqxHfiT9imRRyKIm9UUY1UJGw0A2WZ0GSN1Y6u%2FovwAAAP%2F%2FAQAA%2F%2F87D7L2lAQAAA%3D%3D

192.243.59.20

200 OK

7 B

URL GET HTTP/1.1
saycaptain.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3o0n8eCyIB6EAT2sYCbd89%2FuYTGuWYMxCftDDp7qrydlarqaqu7pyXgJuyB7nAUPHjtvkg2ry%2BJ6EBEEmXiRgLDjQXIwIN73IqxXmcnA6Afd3%2Fe%2BV4f3XtXn%2B9kZCZDR082PTV9pTZfqZb90ZUvFwuSutH67FPhl%2F2ppS8WN2tVSb%2FKz3XcDv1723y7dkHzHLFX8wPcDPyitKCsj01uaslDJ4zAoh365VikH9Rp69v%2FYZR4c9SC6Z%2BQSlBi%2FtP3LUyg%2BQtz55rp0O6lJ3vmgk2maGouuOLoT78Qmj9GZj5H1EMVHs9MwbkzIlxdg4qOZA5juwcQBmBoT7%2FcALD6ayQTrHp4rZRoyBhMvI%2B%2BOIPUIio7AzT0o8YwAXGB9A3Hn4bqxOd09Z%2BmEHZOFF39D5WOy8MdlxJ0ny1r1SreMzlJlYodeVED1RlDtEZLsGGnfg8qPwdO7UOJXsvRiDXHnYMNpAyVO32o26qzB%2FeZig4d0sdYI2GIrqjQWw3rUYjQMW00hphEpNYKKRtByAOo8ZJNPecgiD1nioSNOS7QeRr7fjFhUrbZqnPNqlfN6qyHqolprRT4yPvEwQJoMwPUA3O4hsXvYUQ%2Be1S%2FBZj%2FBbRdwwoNLCbqiQC4JckeQU4JcEeQpQd4tDoV2FVc8FNplLJj1yqxXi6FJ2%2Fv00KRtGRNQO9hPzsir0%2Fz%2BOQB25GlJyJByUW2wkImI%2By3aigK%2F2qiySrPGgqYPpwood2Hqtq%2FG5LW7F5GoMVn4%2FhCMHsPpY3D1Jmj2Bmg%2BbFZ80O1hreWjHz%2BKdDc1Zab6EKZAki4g3fX29Rl5fSriwx8%2BgeQn177o%2F3njyeXPwG2BxBb4VP1M0Nb3hzdNTg5umtyRpxtJqjqqTycXfCulqbz41UdyNzdWrF53g0fv8QkxGR%2Ffli5do7FQcduRr5eVENKuGMsl%2BXHVbUm2mbnt5czGWbK2%2Bf7Kaiex0jll4hGoGhPy%2FFtwNSavPHfTx3vlzl9QdgSbFehkJ2RWUOYYPNmDS%2BY7ZwisnmOWeMizYmgrbL7UikDLOaasgPsPZvN5391H23qg6T3EnQJdW6CrC1A9gMsuDtPEnlz7rTotMO0NmbbeAdNWPzgP16nTkqxHfiT9imRRyKIm9UUY1UJGw0A2WZ0GSN1Y6u%2FovwAAAP%2F%2FAQAA%2F%2F87D7L2lAQAAA%3D%3D
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectsaycaptain.com
Fingerprint4F:F1:FE:38:A4:6B:B4:3C:FD:7A:DA:CB:10:9E:F7:94:60:6D:69:22
ValidityTue, 28 Nov 2023 10:57:35 GMT - Mon, 26 Feb 2024 10:57:34 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3o0n8eCyIB6EAT2sYCbd89%2FuYTGuWYMxCftDDp7qrydlarqaqu7pyXgJuyB7nAUPHjtvkg2ry%2BJ6EBEEmXiRgLDjQXIwIN73IqxXmcnA6Afd3%2Fe%2BV4f3XtXn%2B9kZCZDR082PTV9pTZfqZb90ZUvFwuSutH67FPhl%2F2ppS8WN2tVSb%2FKz3XcDv1723y7dkHzHLFX8wPcDPyitKCsj01uaslDJ4zAoh365VikH9Rp69v%2FYZR4c9SC6Z%2BQSlBi%2FtP3LUyg%2BQtz55rp0O6lJ3vmgk2maGouuOLoT78Qmj9GZj5H1EMVHs9MwbkzIlxdg4qOZA5juwcQBmBoT7%2FcALD6ayQTrHp4rZRoyBhMvI%2B%2BOIPUIio7AzT0o8YwAXGB9A3Hn4bqxOd09Z%2BmEHZOFF39D5WOy8MdlxJ0ny1r1SreMzlJlYodeVED1RlDtEZLsGGnfg8qPwdO7UOJXsvRiDXHnYMNpAyVO32o26qzB%2FeZig4d0sdYI2GIrqjQWw3rUYjQMW00hphEpNYKKRtByAOo8ZJNPecgiD1nioSNOS7QeRr7fjFhUrbZqnPNqlfN6qyHqolprRT4yPvEwQJoMwPUA3O4hsXvYUQ%2Be1S%2FBZj%2FBbRdwwoNLCbqiQC4JckeQU4JcEeQpQd4tDoV2FVc8FNplLJj1yqxXi6FJ2%2Fv00KRtGRNQO9hPzsir0%2Fz%2BOQB25GlJyJByUW2wkImI%2By3aigK%2F2qiySrPGgqYPpwood2Hqtq%2FG5LW7F5GoMVn4%2FhCMHsPpY3D1Jmj2Bmg%2BbFZ80O1hreWjHz%2BKdDc1Zab6EKZAki4g3fX29Rl5fSriwx8%2BgeQn177o%2F3njyeXPwG2BxBb4VP1M0Nb3hzdNTg5umtyRpxtJqjqqTycXfCulqbz41UdyNzdWrF53g0fv8QkxGR%2Ffli5do7FQcduRr5eVENKuGMsl%2BXHVbUm2mbnt5czGWbK2%2Bf7Kaiex0jll4hGoGhPy%2FFtwNSavPHfTx3vlzl9QdgSbFehkJ2RWUOYYPNmDS%2BY7ZwisnmOWeMizYmgrbL7UikDLOaasgPsPZvN5391H23qg6T3EnQJdW6CrC1A9gMsuDtPEnlz7rTotMO0NmbbeAdNWPzgP16nTkqxHfiT9imRRyKIm9UUY1UJGw0A2WZ0GSN1Y6u%2FovwAAAP%2F%2FAQAA%2F%2F87D7L2lAQAAA%3D%3D HTTP/1.1
Host: saycaptain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: u_pl=16229538; uid_id2=765b6c07-6c9a-461b-8f26-95f8ba9987dd:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 17:09:53 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71c8241323ab3cc74420dadf410b5bb4
Strict-Transport-Security: max-age=0; includeSubdomains

bs.yandex.ru/prebid/2493166?imp-id=1&target-ref=www.flvto.biz&ssp-id=10500&ssp-cur=USD

213.180.193.90

0 B

URL
bs.yandex.ru/prebid/2493166?imp-id=1&target-ref=www.flvto.biz&ssp-id=10500&ssp-cur=USD
IP
213.180.193.90:0
ASN
#13238 YANDEX LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /prebid/2493166?imp-id=1&target-ref=www.flvto.biz&ssp-id=10500&ssp-cur=USD HTTP/1.1
Host: bs.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
content-type: text/plain
Content-Length: 215
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
uniformat: true
date: Sun, 03 Dec 2023 17:09:53 GMT
access-control-allow-origin: https://www.flvto.biz
set-cookie: yandexuid=1642289361701623393; domain=.yandex.ru; path=/; expires=Wed, 30-Nov-2033 17:09:53 GMT
access-control-allow-credentials: true
uniformat-product-type: None
pragma: no-cache
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
expires: Sun, 03 Dec 2023 17:09:53 GMT
x-yandex-req-id: 1701623393931820-1741367299322406451500281-production-app-host-sas-pcode-315
last-modified: Sun, 03 Dec 2023 17:09:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.108.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1673706
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QrTakO3inQykP19t9p5DzPVKuMgjSmxvmQuYueaA9638Hc5KaZgH7k6wddf4kqQQSyFWVpPQ7SAGuJbdSadhc4pHDAcoDJK118u8g1TppdBTE4yIvhFoOjePvA8MWUpvIaa57nVsPNGi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b847ea271bd-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png

45.133.44.9

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20001 bytes)
Hash
ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3

HTTP Headers

GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Tue, 05 Dec 2023 17:09:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png

45.133.44.9

200 OK

9.0 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9016 bytes)
Hash
a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec

HTTP Headers

GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Tue, 05 Dec 2023 17:09:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 330958
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.108.10

200 OK

46 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
46 kB (46356 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 471991
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XrY1bBkBUkF5rkRTLVK57tcbOyjYe5RUompIFZrlTmQIotE6s%2F%2Fg%2B%2FLA3HsN8wHi7GqaSpyOMuqYgbgsh7aQWq1FBAtfiXtosHwSspNBramFqFvhD%2B1Y6fEl3G%2BNUbMfX%2B0cB2tHoT7q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b848eae71bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET saycaptain.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaTeDAExIMwoIcI7mz39Pz0mEMwxsRg3F3ywx481V%2FPllvT1VR1T8%2BOlyUByXECHjz2vtnNEg3BeBARBJn1IgtCxoPswQXxnosQrzKzA6MfdH%2Ff%2B14d3ntVn%2B%2FmJyRATo%2FXPzYDpTVdaVT9yoUNlQhTuMrq7UrgV%2F2LlQ2VNOsXK%2F3pz%2FbeDfxG1X%2B7ck3yLbNS8wPfD%2FygclVZGZv%2ByoyFSh%2B3g2rbr9Zr1aBRR9%2F%2BH7vcg6MeRO%2BEnIMSk5c2f3kKxcdIut9ckW4rM%2Bk7H3RzTTNj0RMHd5KtxBQJuosxth7i5GB%2BGsZNCPnyDExyMHcA09ubOgBTE%2BL9HoAlB3OZYL39U6VMQyZg4mUUvTGkHkPRMbi5ByWeEYALrK4h6T5cNbag26csnbITsvTib6hiQpb%2BOI%2Bk%2B%2BSyVv3KLaPzTJnEoR%2BXUP0xVGeMND9ENvCgikPw7C6U%2BJWsvLiBpLu35rSBEsdvtZoN1uR%2Ba7nJ23S53gzYchTXmsvtRhwx2m5HLSFmESk1horH0HII6jzk0095yGMPeeqhK44rtNGOfb8VszgMozrnPAw5b0RN0RBhPYp95HzqYYgsHYLrIbjdQWp3sKUePGucg81%2Fgtss4YQHlxH0RIlCEhSOoKAEhSIoMoKiV%2B4L7WqufCi0y1kw77V5D8uRyTq7dN9kHZkQUDvcTU%2FIq7P8%2FtkDtuRxRcg25SJssjYTMfcjGsWBHzZDVmvVWdDy4VQJ5c7M3A7UhLx29yxSNSFL3%2B%2BD0UM4fQiu3gTN3wAtRq2aD7o5qkc%2BBsmjWPcyU2VqAGFKpNkSsm1vV5%2BQ12ciPvzhE0h%2BdOmLwZ%2FXnpz%2FDNyWSG2JT9XPBB19f3TTFGTvpikcebqWZqqrBnR6wbcymsmzX30ktwtjxfUrbvjoPT4lpuPj29JlN2giVNJx5OvLSghprxrLJfnxutuQbD13m5dzm%2BTpjfX3r17vplY6p0wyBlUTQp5%2FC64m5JXnbvZ4L9z5C8qOYfMS3fyIzAvKHIKnO3DpYucMgdULzFIPRV6ObI0tlloRaLnAlJVw%2F8FsMe%2B6%2B%2BhYDzS7h6RbomdL9HQJqodw%2BdlRltqjS7%2BFswLT3ohp6%2B0xbfWD03CdOq40grqMWNTiQjDJRdCqhVHo%2BzUh6q22DNrI3ETq7%2Bi%2FAAAA%2F%2F8BAAD%2F%2Fy8HPBCUBAAA

192.243.59.20

200 OK

7 B

URL GET HTTP/1.1
saycaptain.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaTeDAExIMwoIcI7mz39Pz0mEMwxsRg3F3ywx481V%2FPllvT1VR1T8%2BOlyUByXECHjz2vtnNEg3BeBARBJn1IgtCxoPswQXxnosQrzKzA6MfdH%2Ff%2B14d3ntVn%2B%2FmJyRATo%2FXPzYDpTVdaVT9yoUNlQhTuMrq7UrgV%2F2LlQ2VNOsXK%2F3pz%2FbeDfxG1X%2B7ck3yLbNS8wPfD%2FygclVZGZv%2ByoyFSh%2B3g2rbr9Zr1aBRR9%2F%2BH7vcg6MeRO%2BEnIMSk5c2f3kKxcdIut9ckW4rM%2Bk7H3RzTTNj0RMHd5KtxBQJuosxth7i5GB%2BGsZNCPnyDExyMHcA09ubOgBTE%2BL9HoAlB3OZYL39U6VMQyZg4mUUvTGkHkPRMbi5ByWeEYALrK4h6T5cNbag26csnbITsvTib6hiQpb%2BOI%2Bk%2B%2BSyVv3KLaPzTJnEoR%2BXUP0xVGeMND9ENvCgikPw7C6U%2BJWsvLiBpLu35rSBEsdvtZoN1uR%2Ba7nJ23S53gzYchTXmsvtRhwx2m5HLSFmESk1horH0HII6jzk0095yGMPeeqhK44rtNGOfb8VszgMozrnPAw5b0RN0RBhPYp95HzqYYgsHYLrIbjdQWp3sKUePGucg81%2Fgtss4YQHlxH0RIlCEhSOoKAEhSIoMoKiV%2B4L7WqufCi0y1kw77V5D8uRyTq7dN9kHZkQUDvcTU%2FIq7P8%2FtkDtuRxRcg25SJssjYTMfcjGsWBHzZDVmvVWdDy4VQJ5c7M3A7UhLx29yxSNSFL3%2B%2BD0UM4fQiu3gTN3wAtRq2aD7o5qkc%2BBsmjWPcyU2VqAGFKpNkSsm1vV5%2BQ12ciPvzhE0h%2BdOmLwZ%2FXnpz%2FDNyWSG2JT9XPBB19f3TTFGTvpikcebqWZqqrBnR6wbcymsmzX30ktwtjxfUrbvjoPT4lpuPj29JlN2giVNJx5OvLSghprxrLJfnxutuQbD13m5dzm%2BTpjfX3r17vplY6p0wyBlUTQp5%2FC64m5JXnbvZ4L9z5C8qOYfMS3fyIzAvKHIKnO3DpYucMgdULzFIPRV6ObI0tlloRaLnAlJVw%2F8FsMe%2B6%2B%2BhYDzS7h6RbomdL9HQJqodw%2BdlRltqjS7%2BFswLT3ohp6%2B0xbfWD03CdOq40grqMWNTiQjDJRdCqhVHo%2BzUh6q22DNrI3ETq7%2Bi%2FAAAA%2F%2F8BAAD%2F%2Fy8HPBCUBAAA
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectsaycaptain.com
Fingerprint4F:F1:FE:38:A4:6B:B4:3C:FD:7A:DA:CB:10:9E:F7:94:60:6D:69:22
ValidityTue, 28 Nov 2023 10:57:35 GMT - Mon, 26 Feb 2024 10:57:34 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRitTtaTeDAExIMwoIcI7mz39Pz0mEMwxsRg3F3ywx481V%2FPllvT1VR1T8%2BOlyUByXECHjz2vtnNEg3BeBARBJn1IgtCxoPswQXxnosQrzKzA6MfdH%2Ff%2B14d3ntVn%2B%2FmJyRATo%2FXPzYDpTVdaVT9yoUNlQhTuMrq7UrgV%2F2LlQ2VNOsXK%2F3pz%2FbeDfxG1X%2B7ck3yLbNS8wPfD%2FygclVZGZv%2ByoyFSh%2B3g2rbr9Zr1aBRR9%2F%2BH7vcg6MeRO%2BEnIMSk5c2f3kKxcdIut9ckW4rM%2Bk7H3RzTTNj0RMHd5KtxBQJuosxth7i5GB%2BGsZNCPnyDExyMHcA09ubOgBTE%2BL9HoAlB3OZYL39U6VMQyZg4mUUvTGkHkPRMbi5ByWeEYALrK4h6T5cNbag26csnbITsvTib6hiQpb%2BOI%2Bk%2B%2BSyVv3KLaPzTJnEoR%2BXUP0xVGeMND9ENvCgikPw7C6U%2BJWsvLiBpLu35rSBEsdvtZoN1uR%2Ba7nJ23S53gzYchTXmsvtRhwx2m5HLSFmESk1horH0HII6jzk0095yGMPeeqhK44rtNGOfb8VszgMozrnPAw5b0RN0RBhPYp95HzqYYgsHYLrIbjdQWp3sKUePGucg81%2Fgtss4YQHlxH0RIlCEhSOoKAEhSIoMoKiV%2B4L7WqufCi0y1kw77V5D8uRyTq7dN9kHZkQUDvcTU%2FIq7P8%2FtkDtuRxRcg25SJssjYTMfcjGsWBHzZDVmvVWdDy4VQJ5c7M3A7UhLx29yxSNSFL3%2B%2BD0UM4fQiu3gTN3wAtRq2aD7o5qkc%2BBsmjWPcyU2VqAGFKpNkSsm1vV5%2BQ12ciPvzhE0h%2BdOmLwZ%2FXnpz%2FDNyWSG2JT9XPBB19f3TTFGTvpikcebqWZqqrBnR6wbcymsmzX30ktwtjxfUrbvjoPT4lpuPj29JlN2giVNJx5OvLSghprxrLJfnxutuQbD13m5dzm%2BTpjfX3r17vplY6p0wyBlUTQp5%2FC64m5JXnbvZ4L9z5C8qOYfMS3fyIzAvKHIKnO3DpYucMgdULzFIPRV6ObI0tlloRaLnAlJVw%2F8FsMe%2B6%2B%2BhYDzS7h6RbomdL9HQJqodw%2BdlRltqjS7%2BFswLT3ohp6%2B0xbfWD03CdOq40grqMWNTiQjDJRdCqhVHo%2BzUh6q22DNrI3ETq7%2Bi%2FAAAA%2F%2F8BAAD%2F%2Fy8HPBCUBAAA HTTP/1.1
Host: saycaptain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: u_pl=16229538; uid_id2=765b6c07-6c9a-461b-8f26-95f8ba9987dd:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 17:09:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 905d8287b0ae1afea26e05d9c6c7fff8
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.108.10

200 OK

4.8 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
4.8 kB (4847 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ec3lSZFaEOXPVER4wMrk5Ci08TdMrfrStRuen7IUYbcrDYEWcuIqUuhL9HJHGSKRmqTf4wbMGJkhE%2B5XHG59q0gOpULGn5Q%2ByH%2Baq%2FZzU80YmBoqjNNbMUskLoSPyJ3V%2BiU8IzZiqn8P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b847e9071bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/3
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:00:51 GMT
expires: Fri, 29 Nov 2024 04:00:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 306544
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET images.outbrainimg.com/transform/v3/eyJpdSI6ImY0ZDAwMTE1MWUwZWEyY2UxMDliY2ZiMTEyY2RiMWNjZDZmYjlhNGFjYTEzYzFlMzcyMTY4OWVkMjYxMWVmYjUiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp

23.38.201.176

200 OK

7.9 kB

URL GET HTTP/2
images.outbrainimg.com/transform/v3/eyJpdSI6ImY0ZDAwMTE1MWUwZWEyY2UxMDliY2ZiMTEyY2RiMWNjZDZmYjlhNGFjYTEzYzFlMzcyMTY4OWVkMjYxMWVmYjUiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
IP
23.38.201.176:443
ASN
#16625 AKAMAI-AS

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint4F:05:15:71:93:78:ED:64:53:30:81:ED:DA:9C:FE:4F:7B:F9:41:BE
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sat, 02 Mar 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.9 kB (7908 bytes)
Hash
cb85c5e73b47dbd53066820cf574bb97
36ddc49a69f0e14d95f6ec282bd38223e90a1457
9a58844e5ce20622a15426309758bb8695a3c3a4f10c51f1501e71b40f6be33e

HTTP Headers

GET /transform/v3/eyJpdSI6ImY0ZDAwMTE1MWUwZWEyY2UxMDliY2ZiMTEyY2RiMWNjZDZmYjlhNGFjYTEzYzFlMzcyMTY4OWVkMjYxMWVmYjUiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp HTTP/1.1
Host: images.outbrainimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/webp
content-length: 7908
last-modified: Sun, 26 Nov 2023 14:57:21 GMT
x-traceid: 6d1274c136eb6a3829748d36c019f971
cache-control: max-age=2010211
date: Sun, 03 Dec 2023 17:09:55 GMT
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET platform.bidgear.com/async-v2.json?zoneid=2221&wu=https://www.flvto.biz/nesgncsgwp/

172.67.74.36

200 OK

690 B

URL GET HTTP/2
platform.bidgear.com/async-v2.json?zoneid=2221&wu=https://www.flvto.biz/nesgncsgwp/
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (1232), with no line terminators
Size
690 B (690 bytes)
Hash
6e3a541cfae266bfb373f0a81f552aa9
8efcc309507650c54c64c61f3535d5dc41302f35
f7208c8747bd86f3ff033a7909fb676ceed4bd812dc3654f08b22adfaf2dbf02

HTTP Headers

GET /async-v2.json?zoneid=2221&wu=https://www.flvto.biz/nesgncsgwp/ HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gbrWXXzOfbgJs30CTLYpXtTzSJp4IYGvOqmNSexIrr4PA9NwIPVb00CMiOvu9jWCJP%2FpL0KxvxmTmwDvpSsK%2FT8BHXbusSYPgwiIrytMeGuiXVvlDKY3USKJoFiUe%2BFGvzEwoUjJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b75e83c0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Lato&display=swap

142.250.74.106

200 OK

358 B

URL GET HTTP/3
fonts.googleapis.com/css?family=Lato&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
358 B (358 bytes)
Hash
665ba724bfd78c3241e8331cadac8f69
a1d86f02c847dec4ec4334864764514dccc16673
bc1e9374c14d92d97954e64a30e9720f0667c92f552e5d09ee84959cda233725

HTTP Headers

GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 17:09:53 GMT
date: Sun, 03 Dec 2023 17:09:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.prplads.com/prebid-2023-10-03.js

104.26.2.51

102 kB

URL
cdn.prplads.com/prebid-2023-10-03.js
IP
104.26.2.51:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
102 kB (101812 bytes)
Hash
22c6991529f172186b30126ef7602734
3c24b11bbbf27e04dbb073ca1d27dbafe407b606
f6c7add2b831f224789f67233e1064f9a3ceb1b55ac76644fa4eadc20cbe5c63

HTTP Headers

GET /prebid-2023-10-03.js HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:53 GMT
content-type: application/javascript
cache-control: max-age=1209600
cf-bgj: minify
cf-polished: origSize=323203
etag: W/"c7c7415b80d5bb12e941595d2cc6b7f7"
last-modified: Tue, 03 Oct 2023 08:29:24 GMT
x-amz-id-2: cFsOaZRD+HjQqhV0tKhvlHDsz3Gv2Okd3uxT0Aia0nz96NIND3VWt5DmqRQv0jaYe3oHjqyXvt0=
x-amz-request-id: 57Y77SA59NV0433T
cf-cache-status: HIT
age: 263543
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LrBLOEmU8stj1WB55KbmIMVdeDFtjbwwlNn3kkaVVZp8HaPidH6%2BzaJ9vz8vCniNBDW4JUIwLbJef0dklcAEDh6kSmjZTVNb1fUyQaasZZa2YXsu0BPlbRzl86OFJMx7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b812ba7568d-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.flvto.biz/nesgncsgwp/

188.114.96.1

41 B

URL
www.flvto.biz/nesgncsgwp/
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
c0e87dbaf856464f5cdcf1b75f969ed5
d26ac997afe22163332c0a92a715893d0deede02
843e9582975c6e80241773ee4c265566259ede0e7e321fd26dba74d36807c5d8

HTTP Headers

GET /nesgncsgwp/ HTTP/1.1
Host: www.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 03 Dec 2023 17:10:02 GMT
content-type: text/plain; charset=utf-8
content-length: 41
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-language: ne
location: /nesgn/
vary: Accept
set-cookie: connect.sid=s%3AhtiZG8Eu3Cw8sk23THXRyMk5jicT2NYi.exii4I4nTN9S%2BiamJbK9sMPv%2FAU7a7uzduN%2FjNix2cs; Path=/; Expires=Sun, 03 Dec 2023 18:10:02 GMT; HttpOnly
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWINp4XUxcYIW%2BTdlqaKvrAHZ0IoLMN95v%2B8%2FjJmLd7iybeH13psyE7%2BWoTwPOlduIAR9xfAYdoB7toMh1%2Fy2t%2BjMxwc8ozn0f9bZhZ%2B%2BwU9ACkrg7I%2F5wGsHkYroE5U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6bbae92456af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn-static.flvto.biz/_next/static/css/styles.94b5e2c8.chunk.css

188.114.96.1

200 OK

16 kB

URL GET HTTP/3
cdn-static.flvto.biz/_next/static/css/styles.94b5e2c8.chunk.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type

Size
16 kB (16108 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_next/static/css/styles.94b5e2c8.chunk.css HTTP/1.1
Host: cdn-static.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/css
last-modified: Wed, 15 Nov 2023 11:58:48 GMT
vary: Accept-Encoding
etag: W/"6554b278-3eec"
expires: Thu, 21 Nov 2024 13:12:09 GMT
cache-control: max-age=31536000, public
pragma: public
cf-cache-status: HIT
age: 964659
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSZv4b6KH3yQ2LQTmQSppYarIiKTAyhm19ZUwMgMc0EdiqfsafThepM%2BbWeRztq9tj3Iqcdyj0CXmbM9TgMDyvSz8rlmSV5YVeYCYbeCn1Q4QEDrHxQu%2F%2BoO%2FmW8Xn0FBlHRGBTk5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b5fa92d569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.flvto.biz/_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp

188.114.96.1

301 Moved Permanently

16 kB

URL GET HTTP/3
cdn.flvto.biz/_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type

Size
16 kB (16394 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp HTTP/1.1
Host: cdn.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/html
location: https://cdn-static.flvto.biz/_next/static/images/img-main-8ddd4264b06a73b6515db09179cbbf55.webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wxc7ZhdOV%2BWrtwJFFI5oa34dsorFTvJECxgKjKILnfIs4p68prYCEeYdK48m%2FFUhgA0zSf69iyroZ%2FbnsR7fkHdN3VnH%2BjDTdRxvot%2BFGA8J5aXvcqYhOOnIG5dM%2FWMN39QzKOU6AA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-77-nzt: EwwBuUwJDQHXwCcIAAwBuUwKAQH3RwMAAAwB1GY4nAH3BgEAAA
x-77-nzt-ray: c0a4cc28731266245cb66c6521e39b02
x-accel-date: 1701088924
x-77-cache: HIT
x-77-age: 535565
x-cache-lb: HIT, HIT
x-age-lb: 839, 534464
x-77-pop: stockholmSE
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b5e9f97569f-OSL

GET cdn.prplads.com/load.js?publisherId=865f9b57212f5a3261580bd6ab9b23bc:6d77b29e1174de9720da61fb75014900be589c158a6320d7794579fb7ceaa31c457b7fca2efaa090f3c987963e93dce95b55919a8cd5caad6bcc1f84e0318412

104.26.2.51

200 OK

45 kB

URL GET HTTP/2
cdn.prplads.com/load.js?publisherId=865f9b57212f5a3261580bd6ab9b23bc:6d77b29e1174de9720da61fb75014900be589c158a6320d7794579fb7ceaa31c457b7fca2efaa090f3c987963e93dce95b55919a8cd5caad6bcc1f84e0318412
IP
104.26.2.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectprplads.com
Fingerprint1D:DC:5D:E3:C9:52:D6:68:A1:9C:80:1E:CF:12:47:DA:C4:CF:72:EF
ValidityFri, 13 Oct 2023 12:28:33 GMT - Thu, 11 Jan 2024 12:28:32 GMT

File type

Size
45 kB (45231 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /load.js?publisherId=865f9b57212f5a3261580bd6ab9b23bc:6d77b29e1174de9720da61fb75014900be589c158a6320d7794579fb7ceaa31c457b7fca2efaa090f3c987963e93dce95b55919a8cd5caad6bcc1f84e0318412 HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"5f7635c53c62d2ead8c8e735f3506c20"
last-modified: Thu, 20 Jul 2023 08:28:30 GMT
x-amz-id-2: ZjOkANAv2k5sqBeBDZqe8mMS18FEebK8OS1V8xiP+fqQ8syfdoiDTieI+jrxEptIubiIi3A2WGw=
x-amz-request-id: 8YK73PQPP6XC0QSV
cache-control: max-age=86400
cf-cache-status: HIT
age: 3557
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2Fjbc20koLxReYlKAsxwEsIj6BEcO3ux%2BPpLK7mzeXn%2Fck9El5araQPT0lSlcPjfhmu3xx6z%2BG%2FXxMwsSa96C9mR8sQiz3t2iBccfHUxuiDtTy5L8HamfQw7R8kpx6eGdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b771a45568d-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET cdn.flvto.biz/_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp

188.114.96.1

301 Moved Permanently

23 kB

URL GET HTTP/3
cdn.flvto.biz/_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type

Size
23 kB (23388 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp HTTP/1.1
Host: cdn.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/html
location: https://cdn-static.flvto.biz/_next/static/images/img-ai-6420d7da46a5410014a02cbbe16d6d5d.webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvAiHtJYFIhS1t97JTH3t%2F0EsMil6r5pkgQNqp0LXB9WX6mPhk%2FL2bXwwPPnVEutuclz2%2FV0rDhm8Iba%2FaoBXvuj99EpWyVP%2BRZien85g9wt8iNy%2BZBYtcixvAb9YDvHYmQuBB4W1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-77-nzt: EwwBuUwJDQHXHwYIAAwBuUwKCQH3VgsAAAwB1GY4nAH3Dp0AAA
x-77-nzt-ray: c0a4cc28aa097d245cb66c658b61dd02
x-accel-date: 1701097533
x-77-cache: HIT
x-77-age: 568963
x-cache-lb: HIT, HIT
x-age-lb: 2902, 525855
x-77-pop: stockholmSE
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b5e9f98569f-OSL

GET friendshipmale.com/sfp.js

172.64.134.5

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.134.5:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f864dfcb45143d20481bd4352dba74e8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 17:09:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3x3GqaflqWf60aFeNV6A5sOKShYqrbnoQm4rWvrf5OaCpXhIEQI1xkOF3iK6vt5dcjfv0B9ysh8UQyKUw4qm%2Ffp2D9%2F2R1ta%2B9f5zvH7aMidfr%2BahGn%2F%2FPjPy97F1FxN87V9v8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b7baaec653e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET flvto.biz/

188.114.96.1

301 Moved Permanently

66 kB

URL User Request GET HTTP/2
flvto.biz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type

Size
66 kB (66491 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 03 Dec 2023 17:09:47 GMT
content-type: text/html
location: https://www.flvto.biz/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzmgpYAkTnoXjg%2BrAFx49oX3ndB%2B1fpYgfhCeJt9FIPw4T2fUNpax8aBoGNatgvIxM2WdnSsH9%2F3%2BEJd0jN%2FJSFlUbINcyP1hDb83dfMjYHX200279pBKMhpwQs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b58dff956cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ad.tradertimerz.media/deliver/js/860301d4060ef8c

5.75.199.190

200 OK

2.9 kB

URL GET HTTP/2
ad.tradertimerz.media/deliver/js/860301d4060ef8c
IP
5.75.199.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
Certificate
IssuerLet's Encrypt
Subjectad.tradertimerz.media
Fingerprint04:FC:4E:84:7F:0A:86:3E:C1:2F:6F:08:A1:28:5B:92:98:2C:EB:BE
ValidityThu, 09 Nov 2023 23:40:47 GMT - Wed, 07 Feb 2024 23:40:46 GMT

File type
ASCII text, with very long lines (2943), with no line terminators
Size
2.9 kB (2877 bytes)
Hash
83802af56a8d8d3a6d59b29c6f074a74
60fcaa3ba445211b74c7f7f11aaef086b058a766
f7ab6889f0f5e8057a22dc4ade8299d64061c64199cffb3f27e6066b38cf59b5

HTTP Headers

GET /deliver/js/860301d4060ef8c HTTP/1.1
Host: ad.tradertimerz.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.tradertimerz.media/deliver/pixel/860301d4060ef8c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: text/javascript; charset=UTF-8
content-length: 1337
cache-control: max-age=4157, public, s-maxage=3599
content-encoding: gzip
X-Firefox-Spdy: h2

GET imp9.bidgear.com/rec?t=1&z=2309&uuid=14443b83ab964dda9e02c4ef7c730b63&p=85&g=NO&token=4a44335432&tbg=1701623391

172.67.74.36

200 OK

599 B

URL GET HTTP/2
imp9.bidgear.com/rec?t=1&z=2309&uuid=14443b83ab964dda9e02c4ef7c730b63&p=85&g=NO&token=4a44335432&tbg=1701623391
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Size
599 B (599 bytes)
Hash
ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28

HTTP Headers

GET /rec?t=1&z=2309&uuid=14443b83ab964dda9e02c4ef7c730b63&p=85&g=NO&token=4a44335432&tbg=1701623391 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5JZZYge4MsBivgd3fq96HoKHsnhoJIheqp7MbIDJW9j5TSOaD1eZncSqWVJrFxDezu9pNaIvsPVS15YNbjhqGGkRhPSwKVLjczIWz0F54jl6r6mdfuQ1KS0Y7Cav3ZD3n78%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b76d9280afa-OSL
X-Firefox-Spdy: h2

GET api.purpleads.io/x/v2/f?pid=77a039e9e192436b8520470179cd037d&demand=unifiedPb&ts=1701623399392

34.234.32.221

200 OK

1.4 kB

URL GET HTTP/2
api.purpleads.io/x/v2/f?pid=77a039e9e192436b8520470179cd037d&demand=unifiedPb&ts=1701623399392
IP
34.234.32.221:443
ASN
#14618 AMAZON-AES

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerAmazon
Subject*.purpleads.io
FingerprintB0:5E:5A:FD:17:53:FC:15:87:A2:00:EC:D8:9B:FD:48:04:8B:A2:97
ValiditySun, 01 Oct 2023 00:00:00 GMT - Mon, 28 Oct 2024 23:59:59 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1466), with no line terminators
Size
1.4 kB (1411 bytes)
Hash
c67fbd128db086a1b53ce155835dcc2b
86bb925eb8edc7ff7c4e9176b027d215bd1d03d7
5d75b5db304de5a32f3a4f4df231c06028709ec14aa1f9e817644e48f2db7df7

HTTP Headers

GET /x/v2/f?pid=77a039e9e192436b8520470179cd037d&demand=unifiedPb&ts=1701623399392 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/
Content-Type: application/json
x-purpleads-version: 2.0.4
x-request-url: aHR0cHM6Ly93d3cuZmx2dG8uYml6L25lc2duY3Nnd3Av
Authorization: Bearer 865f9b57212f5a3261580bd6ab9b23bc:6d77b29e1174de9720da61fb75014900be589c158a6320d7794579fb7ceaa31c457b7fca2efaa090f3c987963e93dce95b55919a8cd5caad6bcc1f84e0318412
pa-user-id: ecd1fb6f-d99c-4f38-a766-755a5e924f47
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.flvto.biz
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
etag: W/"583-9VWRQzy+OEoiQfMD9sLunCdwuNs"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2

GET cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.4

200 OK

1.5 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators
Size
1.5 kB (1538 bytes)
Hash
97b357c624104a8e915d01424dfe16ce
6bd7fcedfb7986b149601b1bc840f525b67a8f06
8d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:53 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 03 Dec 2023 18:09:53 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.108.10

200 OK

4.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (4404), with no line terminators
Size
4.2 kB (4168 bytes)
Hash
68b1992666e9738c9fe476446c9554c6
7ed918e75115fd3be8bd1df1f6106d3f53129c78
c3ca1c3bc15dfab20c6c3733049214afc18b2deaba8d9685c57cc3f238b687d8

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIgQUmN%2BZw%2FJahW8VuedAUB5v3kK%2BaQmWOZaMH5VfZYddOVsnKUiFQv396X8yhzrOkM6JNDrWUmYY0Qyl2HGpzqI63jGSQ%2B71hrSxhmtEDB3mj9n2Ikqcz5tkJZ6SUA%2Ba7YzJ6HEfmtw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b847e8271bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

OPTIONS api.purpleads.io/x/v2/f?pid=77a039e9e192436b8520470179cd037d&demand=unifiedPb&ts=1701623399392

34.234.32.221

200 OK

0 B

URL OPTIONS HTTP/2
api.purpleads.io/x/v2/f?pid=77a039e9e192436b8520470179cd037d&demand=unifiedPb&ts=1701623399392
IP
34.234.32.221:443
ASN
#14618 AMAZON-AES

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerAmazon
Subject*.purpleads.io
FingerprintB0:5E:5A:FD:17:53:FC:15:87:A2:00:EC:D8:9B:FD:48:04:8B:A2:97
ValiditySun, 01 Oct 2023 00:00:00 GMT - Mon, 28 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /x/v2/f?pid=77a039e9e192436b8520470179cd037d&demand=unifiedPb&ts=1701623399392 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,pa-user-id,x-purpleads-version,x-request-url
Referer: https://www.flvto.biz/
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
access-control-allow-origin: https://www.flvto.biz
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,pa-user-id,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2

GET www.flvto.biz/

188.114.96.1

301 Moved Permanently

66 kB

URL User Request GET HTTP/3
www.flvto.biz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type

Size
66 kB (66491 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 17:09:47 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-language: ne
location: /nesgn/
vary: Accept
set-cookie: connect.sid=s%3AS7ELQsXOwcWWJmunfzSzPDvlc2BoiNo4.KRrLl8vLm5FCHa%2F23jBhycRc6hi%2FGBpljhRkAeOe%2FI8; Path=/; Expires=Sun, 03 Dec 2023 18:09:47 GMT; HttpOnly
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZJ8wxd9zHBtM99qSb6WTbVBb%2BdoOrvHuQk0SCrhi1WULKYGDrTlMydTF4NleP0dc7NQWs8ru2pVkBMiweCtgIzFQ6KdYNoBzscBqeWRzv2q86qZc9cDf9oIRM4q35Ae"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b59e827569f-OSL
alt-svc: h3=":443"; ma=86400

GET imp9.bidgear.com/rec?t=1&z=2221&uuid=cf60add65e2d4732b8614987f8d0360b&p=85&g=NO&token=4a44335432&tbg=1701623391

172.67.74.36

200 OK

599 B

URL GET HTTP/2
imp9.bidgear.com/rec?t=1&z=2221&uuid=cf60add65e2d4732b8614987f8d0360b&p=85&g=NO&token=4a44335432&tbg=1701623391
IP
172.67.74.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B
ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Size
599 B (599 bytes)
Hash
ca49a7e783b806a4e8576ea80346203d
6fe9d083221dae98f6c76f7121c37bc884b02d82
3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28

HTTP Headers

GET /rec?t=1&z=2221&uuid=cf60add65e2d4732b8614987f8d0360b&p=85&g=NO&token=4a44335432&tbg=1701623391 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:51 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mS7WKluomGY6b4DKGM%2BkKLH41ZSj6EVGkq%2FS5sr8RT%2B5iKNiG0LZ6UThwKBsY6IEPMnkltQgu93F%2Bln%2F7YwuUMzbngUVemqkCZpg6%2FNT1CHsqtYHrXJXjqy2LMnzVhfa4f4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b76e9460afa-OSL
X-Firefox-Spdy: h2

GET log.outbrainimg.com/loggerServices/log-viewability?requestId=01012b47923b017bad2bd7bcc373499d&position=0

70.42.32.191

200 OK

4 B

URL GET HTTP/1.1
log.outbrainimg.com/loggerServices/log-viewability?requestId=01012b47923b017bad2bd7bcc373499d&position=0
IP
70.42.32.191:443
ASN
#22075 AS-OUTBRAIN

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /loggerServices/log-viewability?requestId=01012b47923b017bad2bd7bcc373499d&position=0 HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 17:09:55 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: 9dbe86fa67b0985980cc4a277312cb85

GET www.flvto.biz/get-rtb-url

188.114.96.1

200 OK

83 B

URL GET HTTP/3
www.flvto.biz/get-rtb-url
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
e572ca77f961e36153ed900bbe38303c
a99cfcb4ed4d5e627757988ab0fe80559ede0bf1
2d83944194cc038da53e4d86d4590c41446a05aee966414ab4670890d4141b00

HTTP Headers

GET /get-rtb-url HTTP/1.1
Host: www.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.flvto.biz/nesgncsgwp/
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AS7ELQsXOwcWWJmunfzSzPDvlc2BoiNo4.KRrLl8vLm5FCHa%2F23jBhycRc6hi%2FGBpljhRkAeOe%2FI8; lng=ne; is_user=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 17:09:48 GMT
content-type: application/json; charset=utf-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"53-JYb2BlDl+z47zLO4BoZ7iPGpBr4"
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jF0ThJ%2FL2lUTau2C%2F7tg%2BXBznU8n72cX8CSKegKmR%2Bg87qnLjw3EpOe2Y3Uweb%2F%2Fz4rZyTNupWZrpr38wuGM9r3hoKjqT4W8DlGnd3Q%2BVEXeLRnFVv31aQeR5KizEOQF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b60bb0b569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.108.10

200 OK

958 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (1009), with no line terminators
Size
958 B (958 bytes)
Hash
04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 17:09:54 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUFY4D9%2F4wa9DckdzXmyUIqGGsRuLgc432BtFRFAYSlbwIkYhaD%2BLsdIYURXLHPdK2V3oPC0fESZWHajiqmvq2MEYirCpbNcB9TFjSX78Yif%2FuDKuHsqzQesyVjbIa1NaRyRD8Md7tEK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fd6b85480371bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET saycaptain.com/pixel/sbs?c=1

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
saycaptain.com/pixel/sbs?c=1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerLet's Encrypt
Subjectsaycaptain.com
Fingerprint4F:F1:FE:38:A4:6B:B4:3C:FD:7A:DA:CB:10:9E:F7:94:60:6D:69:22
ValidityTue, 28 Nov 2023 10:57:35 GMT - Mon, 26 Feb 2024 10:57:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: saycaptain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Cookie: u_pl=16229538; uid_id2=765b6c07-6c9a-461b-8f26-95f8ba9987dd:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 17:09:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.flvto.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 303140
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=01012b47923b017bad2bd7bcc373499d&pvId=01012b47923b017bad2bd7bcc373499d&sid=9435690&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent

70.42.32.191

200 OK

4 B

URL GET HTTP/1.1
log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=01012b47923b017bad2bd7bcc373499d&pvId=01012b47923b017bad2bd7bcc373499d&sid=9435690&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
IP
70.42.32.191:443
ASN
#22075 AS-OUTBRAIN

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /loggerServices/widgetGlobalEvent?rId=01012b47923b017bad2bd7bcc373499d&pvId=01012b47923b017bad2bd7bcc373499d&sid=9435690&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 17:09:55 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: 344883be51aaab6457f51b75037cff2e

GET www.flvto.biz/nesgn/

188.114.96.1

200 OK

66 kB

URL User Request GET HTTP/3
www.flvto.biz/nesgn/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectflvto.biz
Fingerprint0B:42:D5:C9:76:A0:F2:0D:7D:43:32:D9:AD:AF:A4:28:B1:13:90:37
ValidityFri, 06 Oct 2023 18:05:13 GMT - Thu, 04 Jan 2024 18:05:12 GMT

File type

Size
66 kB (66491 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nesgn/ HTTP/1.1
Host: www.flvto.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AS7ELQsXOwcWWJmunfzSzPDvlc2BoiNo4.KRrLl8vLm5FCHa%2F23jBhycRc6hi%2FGBpljhRkAeOe%2FI8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 17:09:47 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0
content-language: ne
cache-control: public, must-revalidate, max-age=3599, s-maxage=3599, stale-while-revalidate=3600, no-cache, no-store, must-revalidate
x-cache-status: MISS
x-cache-expired-at: 3599999
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FKV6RdZOXo42qkifioSIH07K%2B9joDLwlhuJSc9dQ4On%2F5xqooQ%2BjfO%2BRvZ%2BgNfCc0jRGpc3TKrx0lt04AdVm0x3PkayWZyLGZSdJoUmavd%2FK8eP9sepuTCIYdR2bdvO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fd6b5a4897569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 17:09:53 GMT
date: Sun, 03 Dec 2023 17:09:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET api.purpleads.io/x/a/08e041cf37baceb032f33975af81c443:515764493427986ff132cb534dae00f751155322467fdb1a8074c4beb0be19874853ffc6b82682988c8c218157cc1f95267b0cf2eeb4815a73d115169946f79e5f764d6812a1d2885e8670c71731e8ce4d8f8a81caa0ac271db3c39a12040406/i?id=5fcaac34-a051-48d7-8e05-23c949eafb52

34.234.32.221

204 No Content

0 B

URL GET HTTP/2
api.purpleads.io/x/a/08e041cf37baceb032f33975af81c443:515764493427986ff132cb534dae00f751155322467fdb1a8074c4beb0be19874853ffc6b82682988c8c218157cc1f95267b0cf2eeb4815a73d115169946f79e5f764d6812a1d2885e8670c71731e8ce4d8f8a81caa0ac271db3c39a12040406/i?id=5fcaac34-a051-48d7-8e05-23c949eafb52
IP
34.234.32.221:443
ASN
#14618 AMAZON-AES

Requested by
https://www.flvto.biz/nesgn/
Certificate
IssuerAmazon
Subject*.purpleads.io
FingerprintB0:5E:5A:FD:17:53:FC:15:87:A2:00:EC:D8:9B:FD:48:04:8B:A2:97
ValiditySun, 01 Oct 2023 00:00:00 GMT - Mon, 28 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /x/a/08e041cf37baceb032f33975af81c443:515764493427986ff132cb534dae00f751155322467fdb1a8074c4beb0be19874853ffc6b82682988c8c218157cc1f95267b0cf2eeb4815a73d115169946f79e5f764d6812a1d2885e8670c71731e8ce4d8f8a81caa0ac271db3c39a12040406/i?id=5fcaac34-a051-48d7-8e05-23c949eafb52 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.flvto.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 03 Dec 2023 17:09:55 GMT
access-control-allow-origin: api.purpleads.io
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash