Report - en.yt1save.com/dramacool/

Report Overview

Visited public
2023-12-03 23:13:06
Tags
URL
en.yt1save.com/dramacool/
Finishing URL
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP / ASN
172.67.211.111
#13335 CLOUDFLARENET
Title
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
en.yt1save.com	unknown	2021-01-25	2022-01-08 13:04:06	2023-10-27 18:55:13	3.6 kB	250 kB	172.67.211.111
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-12-03 08:25:07	859 B	445 B	216.239.34.36
valuermainly.com	unknown	2023-11-28	2023-11-28 18:29:43	2023-11-28 18:29:43	2.6 kB	4.3 kB	192.243.61.227
devoutdoubtfulsample.com	unknown	2023-11-28	2023-11-28 10:14:12	2023-12-01 00:21:51	2.6 kB	5.7 kB	192.243.59.13
vvfal.stonecarv.top	unknown	2023-11-23	2023-12-03 18:45:09	2023-12-03 18:45:09	3.7 kB	39 kB	104.21.4.148
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	899 B	152 kB	142.250.74.168
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-02 11:47:04	926 B	601 B	192.64.81.118
cdnstatic.stonecarv.top	unknown	unknown	No data	No data	720 B	23 kB	104.21.4.148
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-12-02 05:14:39	2.4 kB	3.9 kB	173.233.137.44
clk.tradedoubler.com	65246	1999-10-10	2012-05-21 15:21:02	2023-12-03 22:15:19	2.2 kB	5.1 kB	52.57.204.60
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-12-03 06:03:50	588 B	578 B	142.250.74.163
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-03 11:12:04	700 B	1.9 kB	54.230.218.11
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	954 B	718 B	18.157.203.0
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-03 13:59:03	2.5 kB	4.4 kB	192.243.59.20
vht.tradedoubler.com	99799	1999-10-10	2014-10-10 10:20:39	2023-12-03 13:54:47	421 B	8.4 kB	54.230.111.4
jazzspeechlessarena.com	unknown	2022-05-17	2022-05-17 14:39:41	2023-11-13 18:09:01	1.4 kB	35 kB	173.233.139.164
wheelstweakautopsy.com	unknown	2023-11-28	2023-11-28 22:56:38	2023-11-30 16:15:47	2.6 kB	5.8 kB	173.233.137.60
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-12-03 05:47:50	608 B	1.0 kB	172.67.205.133
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-03 07:56:40	908 B	21 kB	142.250.74.35
a.stonecarv.top	unknown	2023-11-23	2023-12-03 17:37:48	2023-12-03 17:37:48	2.4 kB	25 kB	104.21.4.148

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 23:12:59	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	wheelstweakautopsy.com	Sinkholed
2023-12-03	medium	valuermainly.com	Sinkholed
2023-12-03	medium	wheelstweakautopsy.com	Sinkholed
2023-12-03	medium	valuermainly.com	Sinkholed
2023-12-03	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	toprevenuegate.com	Sinkholed
2023-12-03	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

		Size	First Seen	Last Seen
	#1 Eval - dd06b1828cb8e930472775a78efbe10d	125 B	2023-11-11 17:59	2024-08-20 19:57
Pretty Observations First Seen2023-11-11 17:59 Last Seen2024-08-20 19:57 Times Seen8 Hash dd06b1828cb8e930472775a78efbe10d 8083831bb32cb7babec8d1d8cb93ca7af3e720b7 e515ee629b835e41c369b84dc0bd824d000f2db8ad204b3fd4b797c361616075 Loading...

	#2 Eval - 5ab2c98952689fea999617269bd49dbd	2.1 kB	2024-08-20 16:53	2024-08-20 16:53
Pretty Observations First Seen2024-08-20 16:53 Last Seen2024-08-20 16:53 Times Seen1 Hash 5ab2c98952689fea999617269bd49dbd e3fbcedeeacb47af4eb510caa6c50a92e5042601 0046e14d8d5eb027fb43916eb5d244cb6fadd51a27e06193995749b23960d2bf Loading...

	#3 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#4 Eval - ff630a1c1ab7da7ade5e22a8f4f7cacc	471 B	2023-11-26 21:41	2024-08-20 17:49
Pretty Observations First Seen2023-11-26 21:41 Last Seen2024-08-20 17:49 Times Seen6 Hash ff630a1c1ab7da7ade5e22a8f4f7cacc cda854e7a30d2a5b2cded64baa8f7c4873e9ec98 7194ea54865f81f1b1e7cd9a12a71b13279f887c2d79a530c2b59d136b432d8f Loading...

HTTP Transactions (48)

URL IP Response Size

en.yt1save.com/wp-content/uploads/2022/03/yt1save-logo.png

172.67.211.111

6.0 kB

URL
en.yt1save.com/wp-content/uploads/2022/03/yt1save-logo.png
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 750 x 95, 8-bit colormap, non-interlaced\012- data
Size
6.0 kB (6015 bytes)
Hash
b04b772cc4ca2ba4c28b17272484f7f5
9ebd1a1698199fbda72d4c56ea6628167474ca7f
814a98cc8664b39bc05cdd85fc736e186a996d6548eb970cde77245cef8f3703

HTTP Headers

GET /wp-content/uploads/2022/03/yt1save-logo.png HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/dramacool/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:49 GMT
content-type: image/png
content-length: 6015
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:49 GMT
last-modified: Thu, 17 Mar 2022 14:44:06 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FWGIB5HiUSGtioAEGatIqkScsC0yVpziYg7XsTQ3sYXIJ%2Fs6oZ6fthMyBqHMVIYDeMFf7zl9p1NShqqh124CcnZ79hCdoMzZu7TNqkzwIl%2BkV64S4S%2B%2FexNfJ99msoo%2BLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f266e3c7129-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-190521431-1

142.250.74.168

69 kB

URL
www.googletagmanager.com/gtag/js?id=UA-190521431-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4179)
Size
69 kB (69089 bytes)
Hash
1d9c66d5ae102f8887d2c941e34d5a38
262fc6a78acf35efc7c20da4f5d972a959afdadc
1ef04534ae51f40f27b98a9bcd7dd1a7fb4e10ebbb5c5804932e8d06e14c9975

HTTP Headers

GET /gtag/js?id=UA-190521431-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 23:12:49 GMT
expires: Sun, 03 Dec 2023 23:12:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69089
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

en.yt1save.com/wp-content/fonts/Nunito-SemiBold.woff2

172.67.211.111

43 kB

URL
en.yt1save.com/wp-content/fonts/Nunito-SemiBold.woff2
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 42760, version 1.0\012- data
Size
43 kB (42760 bytes)
Hash
b1982ff7b8d2e71c18f74c1ca71815f2
b410418c4b006dc5ee8777454e659a30103adc2b
284c8dab26213baee73522cd72aed807bcd001adf86f1e84e07b9750ffbd2c1c

HTTP Headers

GET /wp-content/fonts/Nunito-SemiBold.woff2 HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://en.yt1save.com/dramacool/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:49 GMT
content-type: font/woff2
content-length: 42760
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:49 GMT
last-modified: Fri, 26 May 2023 17:22:41 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voag8LywuciWv22NkIXBhUiCErxf6YAcLHGtXklXhGdr4Z32JHYQNXgdXxcUaUg1LMItDRuWo%2F5fh027pEskj7TEmt%2Ft4J1NT9IWIsgEIccqV4yZwnkXMiI4BDah2XiAoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f266e337129-OSL
alt-svc: h3=":443"; ma=86400

en.yt1save.com/wp-content/themes/inhype/fonts/fontawesome-webfont.woff2

172.67.211.111

77 kB

URL
en.yt1save.com/wp-content/themes/inhype/fonts/fontawesome-webfont.woff2
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/inhype/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://en.yt1save.com/dramacool/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:49 GMT
content-type: font/woff2
content-length: 77160
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:49 GMT
last-modified: Sat, 08 Jan 2022 12:11:48 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bER%2B%2BHe5IAISUtOTF6u0nbhbP5sB5hvo16cOi%2FsFXqSO%2F7hxRyfm2fBtOrEjdEUwWd22fYbZvPdyI3%2BVjWYs6iCA4cSomG6ybPdV4KaWrduRtoqymLgyPhZXC0m46Eahng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f266e317129-OSL
alt-svc: h3=":443"; ma=86400

en.yt1save.com/wp-content/fonts/Nunito-ExtraBold.woff2

172.67.211.111

43 kB

URL
en.yt1save.com/wp-content/fonts/Nunito-ExtraBold.woff2
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 43044, version 1.0\012- data
Size
43 kB (43044 bytes)
Hash
821cb4e91e42c549a64bc89129f0d090
dad44d24b7c9e6d84ac89caef6a8c44dcd31bbb3
2cb1afe78a8d8d4f2aec1c676a74c7bf404d2e074ba1444f8f4086baf1db0710

HTTP Headers

GET /wp-content/fonts/Nunito-ExtraBold.woff2 HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://en.yt1save.com/dramacool/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:49 GMT
content-type: font/woff2
content-length: 43044
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:49 GMT
last-modified: Fri, 26 May 2023 17:22:40 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZs6PalfPjCJe1qHwaCA0duW%2BEALYLNymff6KKypQEzbgnTFHVdzKdUbjnWzSmDBwoSj2Taysyww2V7%2F4LIBhp8%2F%2FI74u15Ny%2FbAH7HWgjdBzaRo50StJ%2Fpu%2BDvg%2B7I9UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f266e387129-OSL
alt-svc: h3=":443"; ma=86400

en.yt1save.com/wp-content/litespeed/css/e54731060e71eb58212ddc66dbd9cda4.css?ver=c216c

172.67.211.111

73 kB

URL
en.yt1save.com/wp-content/litespeed/css/e54731060e71eb58212ddc66dbd9cda4.css?ver=c216c
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (60847)
Size
73 kB (72861 bytes)
Hash
e54731060e71eb58212ddc66dbd9cda4
5bd553e930cafc9c7f4a0f50a62daf1ea83132cf
6bab063d9073f8de59dcb3aacb9b9fdad018dea29f6e14111d45b203aace3837

HTTP Headers

GET /wp-content/litespeed/css/e54731060e71eb58212ddc66dbd9cda4.css?ver=c216c HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/dramacool/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:49 GMT
content-type: text/css
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:49 GMT
last-modified: Thu, 16 Nov 2023 12:21:45 GMT
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snpvyyazG8W8OxONZuy5bn%2BZ3DCRo1YfTwpfADeA7a4kY3dGHYG3pFgaZpWuogxS%2BsqKdB%2B%2BKdGq55ba%2Bx3DU7vhSWOysAY%2FI%2BqTYUuqJBfuQOf%2BnWfjnnSc4e%2FV09%2Bu4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f266e2d7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c

142.250.74.168

82 kB

URL
www.googletagmanager.com/gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5955)
Size
82 kB (81739 bytes)
Hash
6286646bab019091ed77736bb44581ca
53d623668ff952367c2c88b0d090f385c0214386
ecf7685085a681100a3f684affbfce8190080d2ac587154fb0beb7f8b25b31c8

HTTP Headers

GET /gtag/js?id=G-SM6030EHG3&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 23:12:50 GMT
expires: Sun, 03 Dec 2023 23:12:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81739
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

en.yt1save.com/wp-content/uploads/2022/04/cropped-yt1save-download-logo-192x192.png

172.67.211.111

2.7 kB

URL
en.yt1save.com/wp-content/uploads/2022/04/cropped-yt1save-download-logo-192x192.png
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2680 bytes)
Hash
a32fe0b0d70f50f24041602dd897496e
8495fc60511f1962a71c7fc87020ec8f30b5caae
88e5c32dc11f5e041f7f71a882193f632f4870dd6e05b4af307d6555d6688561

HTTP Headers

GET /wp-content/uploads/2022/04/cropped-yt1save-download-logo-192x192.png HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/dramacool/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:50 GMT
content-type: image/png
content-length: 2680
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:50 GMT
last-modified: Sun, 24 Apr 2022 09:03:58 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8fShPlTrr9Q7g9CpcSJ1tRWcPBFDly9VB%2Bq587aYo34aPwa9FPXL%2BUpKbfUu9Vz7Dm6tfbuJi2%2FSDE8qMM276ZqYdpUdpNyyc89AZYgz3voqahYa5ImKynkDZ4WyGA5uZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f2b494f7129-OSL
alt-svc: h3=":443"; ma=86400

en.yt1save.com/wp-content/uploads/2022/04/cropped-yt1save-download-logo-32x32.png

172.67.211.111

587 B

URL
en.yt1save.com/wp-content/uploads/2022/04/cropped-yt1save-download-logo-32x32.png
IP
172.67.211.111:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
587 B (587 bytes)
Hash
479bea7f4559520d908c54dfb87c51fc
5fbf2593c8596140f7b159a8646108c67a7280c6
287d2606bc719dc60609f97859bf0dc95aa260d03760a10727a36e63797a5791

HTTP Headers

GET /wp-content/uploads/2022/04/cropped-yt1save-download-logo-32x32.png HTTP/1.1
Host: en.yt1save.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/dramacool/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:50 GMT
content-type: image/png
content-length: 587
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 05:12:50 GMT
last-modified: Sun, 24 Apr 2022 09:03:58 GMT
accept-ranges: bytes
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xHUSzoC4knv5M8YrAajuP0rIYgKEV%2BLL3VU1V6XpB8zNURwCL%2BtSHEI%2BUedeJUCjnm%2BXY%2ByKwwZ1vD8lEyWXBsf80dTwGep4frPaCsBC8TxXdRxqgVnn0T8h7RcWVsikg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f2b49507129-OSL
alt-svc: h3=":443"; ma=86400

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-SM6030EHG3&cid=1276325595.1701645176&gtm=45je3bt0v9135363999&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1219020484

142.250.74.163

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-SM6030EHG3&cid=1276325595.1701645176&gtm=45je3bt0v9135363999&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1219020484
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-SM6030EHG3&cid=1276325595.1701645176&gtm=45je3bt0v9135363999&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1219020484 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 23:12:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jazzspeechlessarena.com/04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175481

173.233.139.164

11 kB

URL
jazzspeechlessarena.com/04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175481
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Size
11 kB (10911 bytes)
Hash
f2172ad36e94cd00cdb8f0ac6c352392
aded66a2d851f7d6aa8ac328d53323158999ac17
806583a45c26ece0023ff2e14e1aec98704678c9c03f2232664fd085add2acce

HTTP Headers

GET /04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175481 HTTP/1.1
Host: jazzspeechlessarena.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d22e1ad779f982f7366c8bcfb5b219cb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

region1.analytics.google.com/g/collect?v=2&tid=G-SM6030EHG3&_ono=1&gtm=45je3bt0v9135363999&_p=1701645175272&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1276325595.1701645176&ul=en-us&sr=1280x1024&ir=1&_eu=EAAI&_s=1&sid=1701645175&sct=1&seg=0&dl=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&dt=Dramacool%20Downloader%20%E2%80%A2%20Convert%20%26%20Download%20%E2%9D%A4%EF%B8%8F%20-%20YT1Save&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&tfd=1332

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-SM6030EHG3&_ono=1&gtm=45je3bt0v9135363999&_p=1701645175272&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1276325595.1701645176&ul=en-us&sr=1280x1024&ir=1&_eu=EAAI&_s=1&sid=1701645175&sct=1&seg=0&dl=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&dt=Dramacool%20Downloader%20%E2%80%A2%20Convert%20%26%20Download%20%E2%9D%A4%EF%B8%8F%20-%20YT1Save&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&tfd=1332
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-SM6030EHG3&_ono=1&gtm=45je3bt0v9135363999&_p=1701645175272&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1276325595.1701645176&ul=en-us&sr=1280x1024&ir=1&_eu=EAAI&_s=1&sid=1701645175&sct=1&seg=0&dl=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&dt=Dramacool%20Downloader%20%E2%80%A2%20Convert%20%26%20Download%20%E2%9D%A4%EF%B8%8F%20-%20YT1Save&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&tfd=1332 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://en.yt1save.com
date: Sun, 03 Dec 2023 23:12:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 23:12:51 GMT
Last-Modified: Sun, 03 Dec 2023 22:09:51 GMT
Server: ECAcc (ska/F6ED)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: i56XwTAqih6pCdUx-5xR1V5mb4Xa76Ktg8hTdg7yFlJg2_Zby0zqFA==
Age: 3780

jazzspeechlessarena.com/04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175482

173.233.139.164

11 kB

URL
jazzspeechlessarena.com/04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175482
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29595), with no line terminators
Size
11 kB (10906 bytes)
Hash
e0081ea5be83d99559f15dc5bb0df1d8
ee10548ac413dbd753d539030d685dc14b6fc228
60c77dd6e3a63b9986c45705c55b9572b511bff5f8d100c8b3b1f0d9a0d35775

HTTP Headers

GET /04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175482 HTTP/1.1
Host: jazzspeechlessarena.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8102d30a52bb01d863515ac84cc5a82
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ee431777b21c94d5f7b9e2da0624371c
8bd425c712ddbcc71b4c3daa285b163030023b0c
f10ad0d96a5504a0070f6023b241891030b0e9122794a46ca8c25c23132c9c74

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 23:12:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://en.yt1save.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=1410096b-8d1b-439b-a3c8-3fee598e0fc6:1:1; expires=Wed, 30 Nov 2033 23:12:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ee431777b21c94d5f7b9e2da0624371c
8bd425c712ddbcc71b4c3daa285b163030023b0c
f10ad0d96a5504a0070f6023b241891030b0e9122794a46ca8c25c23132c9c74

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Cookie: uid_id2=1410096b-8d1b-439b-a3c8-3fee598e0fc6:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 23:12:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://en.yt1save.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

173.233.137.60

0 B

URL
wheelstweakautopsy.com/watch.1248715063261.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1248715063261.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1 HTTP/1.1
Host: wheelstweakautopsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Location: https://wheelstweakautopsy.com/watch.1248715063261.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=02618eaeaff1677829c43178337bbcd6d44dc48db29614f7ea31d55490f0482e8f09fc42c108bd39bfd8d0059ff6fe4590953fe59469e9854c415da0a13fa3596aca30970001961a5ef6813d27c32cd3a3a1bb8ab9031bcd898089865ab0695c825d01&pst=1701645231&rmtc=t
Set-Cookie: u_pl=21086251; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA4NjI1MSwiayI6IjA0ZTlhYjA1ZDIzMjVmMzQ3OTk3ZmUxYWRiNzA4MmU3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM5MzUzLCJwaWQiOjEzNTg2MzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImgyOWgwd21ydiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuLnl0MXNhdmUuY29tL2RyYW1hY29vbC8iLCJhciI6W119fQ.1uRtEWcJcYY4MaJtwLUjzOXcuTVvrIH5ADMMEkTKaG8; expires=Sun, 03 Dec 2023 23:13:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 821b5403325b8ae30c20c524d8c474d1
Strict-Transport-Security: max-age=0; includeSubdomains

192.243.61.227

0 B

URL
valuermainly.com/watch.1586440868321.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1586440868321.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1 HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Location: https://valuermainly.com/watch.1586440868321.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=b7d461c80ef652871ce37b8b2e10103da91a1e72712f53ea401315328e9f132d30c67de40434c558e6e6d214d31f41f968f1a25811837ece3278569c690e9d73ea97667299c18d1b76de1ab6a5ad45d026a3d2c1d2bfe276d8a9ddbe64a18c&pst=1701645231&rmtc=t
Set-Cookie: u_pl=21086251; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA4NjI1MSwiayI6IjA0ZTlhYjA1ZDIzMjVmMzQ3OTk3ZmUxYWRiNzA4MmU3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM5MzUzLCJwaWQiOjEzNTg2MzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImgyOWgwd21ydiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuLnl0MXNhdmUuY29tL2RyYW1hY29vbC8iLCJhciI6W119fQ.1uRtEWcJcYY4MaJtwLUjzOXcuTVvrIH5ADMMEkTKaG8; expires=Sun, 03 Dec 2023 23:13:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e02caf42fbcd465839622fa81f2ed59f
Strict-Transport-Security: max-age=0; includeSubdomains

wheelstweakautopsy.com/watch.1248715063261.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=02618eaeaff1677829c43178337bbcd6d44dc48db29614f7ea31d55490f0482e8f09fc42c108bd39bfd8d0059ff6fe4590953fe59469e9854c415da0a13fa3596aca30970001961a5ef6813d27c32cd3a3a1bb8ab9031bcd898089865ab0695c825d01&pst=1701645231&rmtc=t

173.233.137.60

2.1 kB

URL
wheelstweakautopsy.com/watch.1248715063261.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=02618eaeaff1677829c43178337bbcd6d44dc48db29614f7ea31d55490f0482e8f09fc42c108bd39bfd8d0059ff6fe4590953fe59469e9854c415da0a13fa3596aca30970001961a5ef6813d27c32cd3a3a1bb8ab9031bcd898089865ab0695c825d01&pst=1701645231&rmtc=t
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2646)
Size
2.1 kB (2110 bytes)
Hash
43c5d070ad1d258739184c899ddd87b8
56e0292c1414b45c6b3529b5bb6d605aa0c963f1
a72754f8b0e383cf41d7dfb9d4ba7c835db0bf9dda0af35f69c1c1e5ec491e04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1248715063261.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=02618eaeaff1677829c43178337bbcd6d44dc48db29614f7ea31d55490f0482e8f09fc42c108bd39bfd8d0059ff6fe4590953fe59469e9854c415da0a13fa3596aca30970001961a5ef6813d27c32cd3a3a1bb8ab9031bcd898089865ab0695c825d01&pst=1701645231&rmtc=t HTTP/1.1
Host: wheelstweakautopsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
Referer: https://en.yt1save.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21086251; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA4NjI1MSwiayI6IjA0ZTlhYjA1ZDIzMjVmMzQ3OTk3ZmUxYWRiNzA4MmU3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM5MzUzLCJwaWQiOjEzNTg2MzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImgyOWgwd21ydiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuLnl0MXNhdmUuY29tL2RyYW1hY29vbC8iLCJhciI6W119fQ.1uRtEWcJcYY4MaJtwLUjzOXcuTVvrIH5ADMMEkTKaG8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=1410096b-8d1b-439b-a3c8-3fee598e0fc6:1:1; expires=Sun, 10 Dec 2023 23:12:51 GMT; secure; SameSite=None
iprc0bc5025489345cb2bf737d8c12d0713c=3569808; expires=Mon, 04 Dec 2023 03:12:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a6251ed047975d4a05d9442f624c5ee
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

valuermainly.com/watch.1586440868321.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=b7d461c80ef652871ce37b8b2e10103da91a1e72712f53ea401315328e9f132d30c67de40434c558e6e6d214d31f41f968f1a25811837ece3278569c690e9d73ea97667299c18d1b76de1ab6a5ad45d026a3d2c1d2bfe276d8a9ddbe64a18c&pst=1701645231&rmtc=t

192.243.61.227

643 B

URL
valuermainly.com/watch.1586440868321.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=b7d461c80ef652871ce37b8b2e10103da91a1e72712f53ea401315328e9f132d30c67de40434c558e6e6d214d31f41f968f1a25811837ece3278569c690e9d73ea97667299c18d1b76de1ab6a5ad45d026a3d2c1d2bfe276d8a9ddbe64a18c&pst=1701645231&rmtc=t
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
643 B (643 bytes)
Hash
d9de9bf8faecfafd427937d14a67cdcd
d6253e5a1b706c687b003cacd218d632b48d907a
3cdfcbcb7172582cf706ab6c40fea8d6f1627cb5d2177e196efc34d1f728ea03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1586440868321.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=b7d461c80ef652871ce37b8b2e10103da91a1e72712f53ea401315328e9f132d30c67de40434c558e6e6d214d31f41f968f1a25811837ece3278569c690e9d73ea97667299c18d1b76de1ab6a5ad45d026a3d2c1d2bfe276d8a9ddbe64a18c&pst=1701645231&rmtc=t HTTP/1.1
Host: valuermainly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
Referer: https://en.yt1save.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21086251; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA4NjI1MSwiayI6IjA0ZTlhYjA1ZDIzMjVmMzQ3OTk3ZmUxYWRiNzA4MmU3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM5MzUzLCJwaWQiOjEzNTg2MzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImgyOWgwd21ydiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuLnl0MXNhdmUuY29tL2RyYW1hY29vbC8iLCJhciI6W119fQ.1uRtEWcJcYY4MaJtwLUjzOXcuTVvrIH5ADMMEkTKaG8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=1410096b-8d1b-439b-a3c8-3fee598e0fc6:1:1; expires=Sun, 10 Dec 2023 23:12:51 GMT; secure; SameSite=None
iprc22e06fef9583d715f8b3432c21ce3e41=2717343; expires=Tue, 05 Dec 2023 01:12:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 23:12:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e86a431eef6990d8884b4c69319eda6b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

jazzspeechlessarena.com/04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175483

173.233.139.164

11 kB

URL
jazzspeechlessarena.com/04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175483
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29619), with no line terminators
Size
11 kB (10912 bytes)
Hash
9b4a5c0fe11dd4241ad60412777fdf56
31e43750a4c80cbb347621b25f31b9e0b5597e6c
e0735b4021aa5916783590509a4baba8156941fa52de1e034a3a67ce23eaa9d7

HTTP Headers

GET /04e9ab05d2325f347997fe1adb7082e7/invoke.js?_=1701645175483 HTTP/1.1
Host: jazzspeechlessarena.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb94a3d06b5947a1939926178a1bd001
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.59.13

0 B

URL
devoutdoubtfulsample.com/watch.1044190481450.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1044190481450.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1 HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 23:12:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Location: https://devoutdoubtfulsample.com/watch.1044190481450.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=bb6f16b3ad1227c6ddbd6e7fdd4e93c09cca8747a15b7ede4c631148bdd17370d5260a91c76a05fa880f28a97f936a29350673e0ec658b82dbc5cb5109e1f6a3c179e813a1179c074477b538d48eac85b753b9edbf7a4c0aa4f75f2e171774&pst=1701645232&rmtc=t
Set-Cookie: u_pl=21086251; expires=Mon, 04 Dec 2023 23:12:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA4NjI1MSwiayI6IjA0ZTlhYjA1ZDIzMjVmMzQ3OTk3ZmUxYWRiNzA4MmU3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM5MzUzLCJwaWQiOjEzNTg2MzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImgyOWgwd21ydiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuLnl0MXNhdmUuY29tL2RyYW1hY29vbC8iLCJhciI6W119fQ.1uRtEWcJcYY4MaJtwLUjzOXcuTVvrIH5ADMMEkTKaG8; expires=Sun, 03 Dec 2023 23:13:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3601f6f6f05cfa1b4182a37527b601ca
Strict-Transport-Security: max-age=0; includeSubdomains

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21086251

192.243.59.20

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21086251
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (444)
Size
1.4 kB (1365 bytes)
Hash
247f101564466626e84149a7c1fcca81
4ed88720b6e49b563b8c250fba9afb3c8c2f2d8a
ab1665c9c98641080f034c1657b17a7784a9ea9e41a3fc08e0d9548be52b6c8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21086251 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en.yt1save.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 23:12:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Mon, 04 Dec 2023 23:12:52 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEwODYyNTEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9lbi55dDFzYXZlLmNvbS8iLCJhciI6W119fQ.SrkEJKCBKYsaIl1zKf9bit8DZBtYsBI_eK0lcaVoBt0; expires=Sun, 03 Dec 2023 23:13:52 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 77fc2e6d5a28b389976f0f7959fb91a4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

devoutdoubtfulsample.com/watch.1044190481450.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=bb6f16b3ad1227c6ddbd6e7fdd4e93c09cca8747a15b7ede4c631148bdd17370d5260a91c76a05fa880f28a97f936a29350673e0ec658b82dbc5cb5109e1f6a3c179e813a1179c074477b538d48eac85b753b9edbf7a4c0aa4f75f2e171774&pst=1701645232&rmtc=t

192.243.59.13

2.1 kB

URL
devoutdoubtfulsample.com/watch.1044190481450.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=bb6f16b3ad1227c6ddbd6e7fdd4e93c09cca8747a15b7ede4c631148bdd17370d5260a91c76a05fa880f28a97f936a29350673e0ec658b82dbc5cb5109e1f6a3c179e813a1179c074477b538d48eac85b753b9edbf7a4c0aa4f75f2e171774&pst=1701645232&rmtc=t
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2569)
Size
2.1 kB (2084 bytes)
Hash
72dee7883961d33389ec774e76b794dd
3cf46d29b08d752d6b5f93dee6328d0158ea58c7
c1914ceef6e4bed52b2d9cc958d364faffa658b3bef2514245f9847e571887ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1044190481450.js?key=04e9ab05d2325f347997fe1adb7082e7&kw=%5B%22dramacool%22%2C%22downloader%22%2C%22%E2%80%A2%22%2C%22convert%22%2C%22download%22%2C%22%E2%9D%A4%EF%B8%8F%22%2C%22-%22%2C%22yt1save%22%5D&refer=https%3A%2F%2Fen.yt1save.com%2Fdramacool%2F&tz=0&dev=e&res=14.3095&uuid=1410096b-8d1b-439b-a3c8-3fee598e0fc6%3A1%3A1&shu=bb6f16b3ad1227c6ddbd6e7fdd4e93c09cca8747a15b7ede4c631148bdd17370d5260a91c76a05fa880f28a97f936a29350673e0ec658b82dbc5cb5109e1f6a3c179e813a1179c074477b538d48eac85b753b9edbf7a4c0aa4f75f2e171774&pst=1701645232&rmtc=t HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.yt1save.com
Referer: https://en.yt1save.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21086251; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA4NjI1MSwiayI6IjA0ZTlhYjA1ZDIzMjVmMzQ3OTk3ZmUxYWRiNzA4MmU3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM5MzUzLCJwaWQiOjEzNTg2MzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImgyOWgwd21ydiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuLnl0MXNhdmUuY29tL2RyYW1hY29vbC8iLCJhciI6W119fQ.1uRtEWcJcYY4MaJtwLUjzOXcuTVvrIH5ADMMEkTKaG8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 23:12:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://en.yt1save.com
Access-Control-Allow-Origin: https://en.yt1save.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=1410096b-8d1b-439b-a3c8-3fee598e0fc6:1:1; expires=Sun, 10 Dec 2023 23:12:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 23:12:52 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 23:12:52 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 23:12:52 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 23:12:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18e1122041efc6467eaf0e458dfe8fb1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMDg2MjUxJnBzdD0xNzAxNjQ1MjMyJnJlZmVyPWh0dHBzJTNBJTJGJTJGZW4ueXQxc2F2ZS5jb20lMkYmcm10Yz10JnNodT1mN2M2OGI4YjA4NDY5NjIzNDA3YjFkZTcwNjkzN2EzZDU5NzE1ZDlhNmZjYmI2YzA3MWIzNzg0YjNkOWVkY2I1ZmVmZGY2NTU3MGU2NWY3YzE0NDU2OTg1MTQxZjE0ODRlMWZhYjY0NzAzZGI3YmI2YjYwMzNkZjEzMDIwY2NkMzhmMjM3OWZhZTQwOGMxZjY1N2I0MzJkN2MwOWVlZWRjOTFjZjk3&uuid=&pii=&in=false

173.233.137.60

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMDg2MjUxJnBzdD0xNzAxNjQ1MjMyJnJlZmVyPWh0dHBzJTNBJTJGJTJGZW4ueXQxc2F2ZS5jb20lMkYmcm10Yz10JnNodT1mN2M2OGI4YjA4NDY5NjIzNDA3YjFkZTcwNjkzN2EzZDU5NzE1ZDlhNmZjYmI2YzA3MWIzNzg0YjNkOWVkY2I1ZmVmZGY2NTU3MGU2NWY3YzE0NDU2OTg1MTQxZjE0ODRlMWZhYjY0NzAzZGI3YmI2YjYwMzNkZjEzMDIwY2NkMzhmMjM3OWZhZTQwOGMxZjY1N2I0MzJkN2MwOWVlZWRjOTFjZjk3&uuid=&pii=&in=false
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMDg2MjUxJnBzdD0xNzAxNjQ1MjMyJnJlZmVyPWh0dHBzJTNBJTJGJTJGZW4ueXQxc2F2ZS5jb20lMkYmcm10Yz10JnNodT1mN2M2OGI4YjA4NDY5NjIzNDA3YjFkZTcwNjkzN2EzZDU5NzE1ZDlhNmZjYmI2YzA3MWIzNzg0YjNkOWVkY2I1ZmVmZGY2NTU3MGU2NWY3YzE0NDU2OTg1MTQxZjE0ODRlMWZhYjY0NzAzZGI3YmI2YjYwMzNkZjEzMDIwY2NkMzhmMjM3OWZhZTQwOGMxZjY1N2I0MzJkN2MwOWVlZWRjOTFjZjk3&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEwODYyNTEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9lbi55dDFzYXZlLmNvbS8iLCJhciI6W119fQ.SrkEJKCBKYsaIl1zKf9bit8DZBtYsBI_eK0lcaVoBt0; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:53 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=300822d61c33ad5e3c1d006099881fa3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprcde08b9b9a29bae1cde3136351bafb44d=4641329; expires=Mon, 04 Dec 2023 23:12:53 GMT
pdhtkv=true; expires=Mon, 04 Dec 2023 23:12:53 GMT
uncs=1; expires=Mon, 04 Dec 2023 23:12:53 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 23:12:53 GMT
uncs28=1; expires=Mon, 04 Dec 2023 23:12:53 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: acb4f23bcfefa7bf1f4f392a7de1dcec
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=300822d61c33ad5e3c1d006099881fa3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=300822d61c33ad5e3c1d006099881fa3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=300822d61c33ad5e3c1d006099881fa3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 03 Dec 2023 23:12:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9ik6jg537; expires=Mon, 04-Dec-2023 23:12:54 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9ik6jg537-h9ik6jg537-hq1m-0-q5a4bl-ftxofe-ft8pdz-1921b0; expires=Mon, 04-Dec-2023 23:12:54 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 03 Dec 2023 23:12:54 GMT
content-length: 0
location: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
set-cookie: zKByXHsQK0ydGD7DogbGyA=5; max-age=345600; path=/; samesite=lax
__pl=c7e83a03-3389-469d-bcf4-cd138b1cc4c7; expires=Wed, 03 Dec 2025 23:12:54 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgAlr1Ogl5g4LeLk82ywWJ1SZiKef1B5k3Mi6ytV8Bc%2F%2FMhTNEMX7GJI6qv%2BKrWUx5SqZjq1fFGRJUxT%2BC78zedf9K7wc9ZWs8xvZH1XI0pArnmtBjAHSUhbXUBzPdJumv7mbgYe14AF5X1g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff7f423a0556a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.stonecarv.top/eyes-robot/assets/1.png

104.21.4.148

11 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/1.png
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:54 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1682
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSTsItbofXHsAhRcGSHhO%2FOXkH%2B75RgKw4q0ilOzZav1mUBIcOhfgU3J3B7YMQ3yaadGW1XIvDCOCqVgVqy16S6bopmqc8la1Ns91KekGkJMvr5U3NUD5g%2BRG8vFgUZhVKTB8vtr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f453b5956c1-OSL
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/eyes-robot/assets/2.png

104.21.4.148

1.1 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/2.png
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:54 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1682
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7Xf2cGbbpGne4xWbUYywmbBCJycTzpsx8%2FRc6SiRKT9oE74bgMKPPg7ikktFJHavF4ENtg5s5QjxkHwJliXhLvjrFyhFhdG%2FJys%2FD64quzBhMlIJF3PPlPoWlIjbXzJ185BIkkw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f454b5f56c1-OSL
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/eyes-robot/assets/image.png

104.21.4.148

11 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/image.png
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11043 bytes)
Hash
ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

HTTP Headers

GET /eyes-robot/assets/image.png HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/assets/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:54 GMT
content-type: image/png
content-length: 11043
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-2b23"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1682
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wd3sNtpLZ34ZdG1Y3zm4jE3eAOjkDHExB0lRszJBAHONoC8jvsxuH4hocDMm3N06z14gBElVEeVkjtSvWwgfjKjpDURv6XG0uan%2Fz%2FcvkQPfOVglms3myQ1J0sBAymHq7rD%2BdBZm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f457b7b56c1-OSL
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/favicon.ico

104.21.4.148

0 B

URL
vvfal.stonecarv.top/favicon.ico
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 03 Dec 2023 23:12:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QnK1FjOPnOZ1OzmP3Nht3vO%2BrN410akFUxUEQIIeusWjqA8suguFGhBsZzspvXCsOSKq9xhqRNB2uST%2FSC%2FroYJ3L%2BImv1zxHnih3HgQPuw%2F1kmAr4%2BXjEOjOhKdF7%2FWvvqSvZI9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f463c3256c1-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 320660
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

vvfal.stonecarv.top/eyes-robot/assets/style.css

104.21.4.148

11 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/style.css
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
11 kB (10867 bytes)
Hash
a18afa3eac509b6062c9362a725ac421
5e06e9b3af42189e9456a7ea3bda665e10c86405
29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:54 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-cf6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6CJKZR7Oo%2BycQpMCbY%2Fjm4NmJrAS%2FOEEtvbqZpgHLdhW%2FZ0el9uwVOunD8EreQvdGuj25%2BxJwFC1%2B73fxfZHJe7%2F9sfyBU7je9xTM76aLL4GbsqCj17Ur1Wuphoim%2FHNOwAQffK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f452b4a56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/shared-js/assets/static-pl.js?v=2

104.21.4.148

1.7 kB

URL
vvfal.stonecarv.top/shared-js/assets/static-pl.js?v=2
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1685 bytes)
Hash
7224243dd0b18bb2508a1d77d4b2a0b2
bd833c24aa241861316053fd8bd46a1bef3d343f
920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659

HTTP Headers

GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:54 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DPe77qO9vumDKMFueMxf4xRimKuH3BqB0ZurdNX1OjfMPvtCUW6NsDXMuzhQG3RQgUZzKIolrO9n8bTjiUKJRtltmrL97n3BiERj0Eol0L8g13UgIR9vHxE1SgqqaD6EmmffNzGq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f454b6356c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/eyes-robot/assets/1.png

104.21.4.148

11 kB

URL
a.stonecarv.top/eyes-robot/assets/1.png
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:55 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7KXIumFGQlAigXfnpJFJN6r0PGmKItLp1XXeOKGmMjfaGgQenABDQLdiqFHwD07FW70hwbxPPEGfRXcG0iKJeEcYbu9rbqhkExXupmPtt%2F7v%2FV6EFs6H2YTu0HM6ffE3hI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f487e2a56c1-OSL
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/eyes-robot/assets/2.png

104.21.4.148

1.1 kB

URL
a.stonecarv.top/eyes-robot/assets/2.png
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:55 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1s9tlHjzC9PS%2F06NSh9DNgrAZjdChMbk07wEvSzYQVcByRYu1uM4JrFmF3rFSqOTDKKNJN03pECc6UUdi21%2FFWEcmqDYglOlzm9rioZqGkV3LvQIfe6x2eYY0djHgfzl1v0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f487e2c56c1-OSL
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/eyes-robot/assets/image.png

104.21.4.148

11 kB

URL
a.stonecarv.top/eyes-robot/assets/image.png
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11043 bytes)
Hash
ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

HTTP Headers

GET /eyes-robot/assets/image.png HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/assets/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:55 GMT
content-type: image/png
content-length: 11043
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-2b23"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHZIMJ9fvo%2Bb0bIX1ln8KrrYqL3fXCdbxEnpLcFnM2W%2BOsequrl5B1bJFLbxeBuXZWLKHMGkDwApkmk5%2BWQSxXD5wfd%2FsHNhWMV1WroL8adoPlwGuBzH8lEo%2Fq7%2FEa2ioK8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f48beaa56c1-OSL
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/favicon.ico

104.21.4.148

0 B

URL
a.stonecarv.top/favicon.ico
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&nrid=2854e426e3904cc2a35feda3bd8e8486&hash=ePKzEKH3rhcFs8-2kFLMjw&exp=1701645474
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 03 Dec 2023 23:12:55 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdwlQemt2aI7g2iv9D8nXc8ZtekAX6LyphTSkqmw8nlNtXJXMN%2BGAo9w24BRSXcn26492ve5XanoSOQGgnDGHsPSu7X58ze0%2BrT3CK04hKLISKMxOVWG0gq2dXFiPiTOJRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f491efb56c1-OSL
alt-svc: h3=":443"; ma=86400

cdnstatic.stonecarv.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&appspot=&d=https%3A%2F%2Fcdnstatic.stonecarv.top&timeout=30&tb=true&nrid=2854e426e3904cc2a35feda3bd8e8486

104.21.4.148

22 kB

URL
cdnstatic.stonecarv.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&appspot=&d=https%3A%2F%2Fcdnstatic.stonecarv.top&timeout=30&tb=true&nrid=2854e426e3904cc2a35feda3bd8e8486
IP
104.21.4.148:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (31622), with no line terminators
Size
22 kB (22443 bytes)
Hash
49861af04a5b0c65e574c4df77619651
c28a6b0bd245a9ba765d6a118c388dcaad446b96
23353ba7e2d5cae77a00672f9decebd5fb5ec01f8130b5b77f748fd6913cc1c3

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=2f6b3h9ik6jg5375a9&sub_id=16122660&appspot=&d=https%3A%2F%2Fcdnstatic.stonecarv.top&timeout=30&tb=true&nrid=2854e426e3904cc2a35feda3bd8e8486 HTTP/1.1
Host: cdnstatic.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Cookie: __psu=4012a73b-f5c5-4a26-9dd0-28105d689d15
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 23:12:55 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPtPeryjrMlcxHav8Y0AJXLwEkPwqOGUdk0XUi4NnT137Yimalwt%2BMDMu0lmEbvX5ALh8WSCWICYCTn%2FWw1RGXZbflKlojUeObfcqpHbUdDwchWhBhEIARQ9je9klGMrGCvPbXzmaB6G9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff7f48beb056c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 324443
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d

173.233.137.44

1.3 kB

URL
www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (412)
Size
1.3 kB (1331 bytes)
Hash
c1d1ae3220f205975ea8dcc2a20889f1
e07073f00d9dfd7469cf8a889632b06c9a5d471b
84b67754b710c10c529a9f2341f39079142c7f128d972a121c880ded52ee6b73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 23:12:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19854905; expires=Mon, 04 Dec 2023 23:12:55 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; expires=Sun, 03 Dec 2023 23:13:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d36d9a684f80f0231a76ce9dbade9f41
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjQ1MjM1JnJtdGM9dCZzaHU9ZmE1N2E5YTNkOGM5YThkMTAzMjJiODhkOTc5YWZlMTM2ODMyNmM2MWZmMDI4ZTE5Y2NlN2Q4NTBmODNmMjU0MjlkY2ZlNWU1NDVjMDEyZGVhNmEwMzEzYzY4M2Y2YzY1MTY0YWQ4OTNkMzQzMTVlOWY0ZTQwNmFkMTkxOGJkOGMwM2E3OTU2M2Y5NGFmYWQyY2Q4NWFjYzliZDdhNjQ1ZDFjNTFjYjA1MzAzMTU2NGQyNGFhNjM4NGNmNTBmY2M1&uuid=&pii=&in=false

192.243.59.12

0 B

URL
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjQ1MjM1JnJtdGM9dCZzaHU9ZmE1N2E5YTNkOGM5YThkMTAzMjJiODhkOTc5YWZlMTM2ODMyNmM2MWZmMDI4ZTE5Y2NlN2Q4NTBmODNmMjU0MjlkY2ZlNWU1NDVjMDEyZGVhNmEwMzEzYzY4M2Y2YzY1MTY0YWQ4OTNkMzQzMTVlOWY0ZTQwNmFkMTkxOGJkOGMwM2E3OTU2M2Y5NGFmYWQyY2Q4NWFjYzliZDdhNjQ1ZDFjNTFjYjA1MzAzMTU2NGQyNGFhNjM4NGNmNTBmY2M1&uuid=&pii=&in=false
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjQ1MjM1JnJtdGM9dCZzaHU9ZmE1N2E5YTNkOGM5YThkMTAzMjJiODhkOTc5YWZlMTM2ODMyNmM2MWZmMDI4ZTE5Y2NlN2Q4NTBmODNmMjU0MjlkY2ZlNWU1NDVjMDEyZGVhNmEwMzEzYzY4M2Y2YzY1MTY0YWQ4OTNkMzQzMTVlOWY0ZTQwNmFkMTkxOGJkOGMwM2E3OTU2M2Y5NGFmYWQyY2Q4NWFjYzliZDdhNjQ1ZDFjNTFjYjA1MzAzMTU2NGQyNGFhNjM4NGNmNTBmY2M1&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 23:12:56 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://shop.bigbasketshop.com/track?q=kghXWdDErq
Set-Cookie: iprc0b2e5623e6b173d5a2e94a4f9b5b352e=4591122; expires=Mon, 04 Dec 2023 23:12:56 GMT
pdhtkv=true; expires=Mon, 04 Dec 2023 23:12:56 GMT
uncs=1; expires=Mon, 04 Dec 2023 23:12:56 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 23:12:56 GMT
uncs28=1; expires=Mon, 04 Dec 2023 23:12:56 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa2a4231a90696e55cf82566071b4d07
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
635ff90833a493ed2c5f086f31d24851
e492aaea87cf64ee9e5f5b60f5641d34639eea77
0874c8b481431f13d009f27bd0092d14b1859dab41c56bd7998c29f5c9659b98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 23:12:57 GMT
Last-Modified: Sun, 03 Dec 2023 21:26:58 GMT
Server: ECAcc (ska/F6ED)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GSVF1u0eGAFf6-eCQjfo4nny2btVTpF99sMqKe9pqgx3wuqCzDopMw==
Age: 6359

clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

52.57.204.60

200 OK

3.6 kB

URL User Request POST HTTP/2
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP
52.57.204.60:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Size
3.6 kB (3610 bytes)
Hash
dffa9bac5be3f386079d2028d8264f59
e264575195c6ca302170a308b3da31f924b6d60c
43ffd816104a86bae1d1e75330e61c304463fcf25e6bdb5086c34a944b1e4c68

HTTP Headers

GET /click?p=225780&a=3238748&epi=TerraD HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shop.bigbasketshop.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 23:12:57 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 3610
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

vht.tradedoubler.com/fp/fpjs.js

54.230.111.4

7.7 kB

URL
vht.tradedoubler.com/fp/fpjs.js
IP
54.230.111.4:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (19960)
Size
7.7 kB (7718 bytes)
Hash
e967d9e86ec8ff44db0e24766ced642f
bd488430b8b4283eb82afda802a075cf841c29d3
040dff2a9b3d08a4654dec367d93f2b994a8ea0e573950d5561c0022af4a3c3a

HTTP Headers

GET /fp/fpjs.js HTTP/1.1
Host: vht.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7718
Connection: keep-alive
Date: Sat, 02 Dec 2023 03:49:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 09 Oct 2023 08:54:59 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xWVEq4mmRJ62F0NVDVhGC_5ZWv5KxeRwt814_699TfbXxU3s2P9eyw==
Age: 156235
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff

clk.tradedoubler.com/favicon.ico

52.57.204.60

404 Not Found

193 B

URL GET HTTP/2
clk.tradedoubler.com/favicon.ico
IP
52.57.204.60:443
ASN
#16509 AMAZON-02

Requested by
https://clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
523cbcb278f348bbe64563fe4cc9f435
5a436481b66ccb6dff53c5e1a14c08ef0b4a8e4b
37b6ca25983f4126bd10c135684bc8f421c8b48a5bdb75b5ad69c849035a84f4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sun, 03 Dec 2023 23:12:57 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 193
X-Firefox-Spdy: h2

clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

52.57.204.60

200 OK

150 B

URL User Request POST HTTP/2
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP
52.57.204.60:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
150 B (150 bytes)
Hash
dc03e2e45f5c0d5e02f319e7f1e957cf
47725bedccb4c387bfc904021658cc7b343927ab
f064d039c1745fafca89f95ad9748a95b6ed51a78270b7feee25e968faef36b7

HTTP Headers

POST /click?p=225780&a=3238748&epi=TerraD HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 90
Origin: https://clk.tradedoubler.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 23:12:57 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 150
set-cookie: GUID=1z11zz14NzOvcgJz133330a71245c426941de3d7fa71a297;expires=Mon, 02-Dec-2024 23:12:57 GMT;path=/;domain=.tradedoubler.com
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

clk.tradedoubler.com/favicon.ico

52.57.204.60

404 Not Found

193 B

URL GET HTTP/2
clk.tradedoubler.com/favicon.ico
IP
52.57.204.60:443
ASN
#16509 AMAZON-02

Requested by
https://clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
523cbcb278f348bbe64563fe4cc9f435
5a436481b66ccb6dff53c5e1a14c08ef0b4a8e4b
37b6ca25983f4126bd10c135684bc8f421c8b48a5bdb75b5ad69c849035a84f4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Cookie: GUID=1z11zz14NzOvcgJz133330a71245c426941de3d7fa71a297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sun, 03 Dec 2023 23:12:58 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 193
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (48)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP