Report - k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin

Report Overview

Visited public
2023-12-05 03:01:15
Tags
URL
k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Finishing URL
k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
(1) New Message!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-04 19:07:45	410 B	86 kB	104.21.234.33
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-04 08:10:55	951 B	123 kB	45.133.44.9
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-04 18:39:56	874 B	838 B	18.184.210.76
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-04 10:42:27	761 B	423 B	192.243.59.12
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-04 06:26:24	1.1 kB	33 kB	216.58.211.3
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24 16:34:56	2023-12-04 06:35:54	502 B	20 kB	104.16.56.101
k9b.tube2.me	unknown	2020-08-01	2022-12-11 20:15:46	2023-11-12 15:07:03	6.1 kB	77 kB	188.114.96.1
prematuresam.com	unknown	2023-11-28	2023-11-28 10:07:12	2023-12-04 17:48:23	4.8 kB	6.6 kB	192.243.59.12
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-04 23:03:56	2.3 kB	188 kB	172.64.109.10
i.ytimg.com	109	2007-12-11	2012-10-03 19:11:04	2023-12-04 10:37:31	448 B	157 kB	142.250.74.150
admissiblecontradictthrone.com	unknown	2023-11-28	2023-11-28 12:40:23	2023-11-30 17:43:43	2.8 kB	9.4 kB	192.243.59.20
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-12-04 11:41:21	496 B	1.7 kB	45.133.44.4
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-04 06:42:16	430 B	7.5 kB	142.250.74.42
www.profitablecreativeformat.com	unknown	2023-07-31	2023-08-01 21:50:05	2023-12-01 21:48:58	920 B	46 kB	173.233.137.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	admissiblecontradictthrone.com	Sinkholed
2023-12-04	medium	unseenreport.com	Sinkholed
2023-12-04	medium	prematuresam.com	Sinkholed
2023-12-04	medium	prematuresam.com	Sinkholed
2023-12-04	medium	prematuresam.com	Sinkholed
2023-12-04	medium	prematuresam.com	Sinkholed
2023-12-04	medium	admissiblecontradictthrone.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash 594a7375467820ee5baf8b4f84078f29 900655bf4c4d5613114d4167976c5fb43ed5e9ba bb3db59d8c64d687da32b6b178db7c2deece4d784af14d55cc6e201779e95689 Loading...

	www.profitablecreativeformat.com/88abe1fd287cda2865be222c06ba578a/invoke.js	ScriptElement	30 kB	2023-11-30	2023-12-10
Pretty URL www.profitablecreativeformat.com/88abe1fd287cda2865be222c06ba578a/invoke.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 03:58 Last Seen2023-12-10 03:42 Times Seen12 Hash 49e66d9769b8e2bb8bcca1e31a0244da 3af578caf4a1f3f1d0aac135d9bcbee0387db59b 52a65c2164f4fd2bd98731127aff8bb758855f0b34e884ead200ff85032fd21b Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-10
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 172.64.109.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 21:31 Times Seen7494 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin	ScriptElement	4.0 kB	2024-08-20	2024-08-20
Pretty URL k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash def2606d49e862aa8220d3940580d177 e38b4b0e0bf165abce90e876014faf2b27bbc739 033b2cca0bc8c6d570733b7fc2333c39ecbd3f26510dee112aa243466b243e73 Loading...

	static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317	ScriptElement	20 kB	2023-10-13	2025-05-09
Pretty URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:51 Last Seen2025-05-09 13:23 Times Seen17152 Hash dd1d068fdb5fe90b6c05a5b3940e088c 0d96f9df8772633a9df4c81cf323a4ef8998ba59 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 Loading...

	k9b.tube2.me/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.4 kB	2023-12-05	2023-12-05
Pretty URL k9b.tube2.me/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 04:01 Last Seen2023-12-05 04:01 Times Seen1 Hash 015b7290c915f372ad70aeaba3848505 17ccd9454ac233efd3a1b601e0b9fc9524b6e1cf a11d5d483f5a729c6ee86fe1c414239f272bc722dee0370b3f8bffaf814b9a92 Loading...

	unknown	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash 100c2e03d83e2625444e8d5817ee58ae df49274b726dd95f94c2c435b6f0ddf9732388c1 3aad20b17724cf56352719f58662477736193c6f693cea37910fffdf211f323b Loading...

	k9b.tube2.me/js/metrika.js	ScriptElement	576 B	2024-08-20	2024-08-20
Pretty URL k9b.tube2.me/js/metrika.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash c1843870fa7241527bfbfe2797fdb4dc e558b59fa5ee9a48ca0a2509aa9eccd0b2a43750 164dabdd17216f2197f6ad8600abaf86e68755ca7bb6e51d0359f9c6ec196b1c Loading...

	www.profitablecreativeformat.com/af/cd/78/afcd78415277e90b1a173847948f1c42.js	ScriptElement	43 kB	2023-12-05	2023-12-05
Pretty URL www.profitablecreativeformat.com/af/cd/78/afcd78415277e90b1a173847948f1c42.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 04:01 Last Seen2023-12-05 04:01 Times Seen1 Hash 3eb1dcb02d5a3c24b87aa6a05f3d5322 b8a2503e83d111456a24aaa1362d4d6ccabe6000 9775c1688b5a0de9a4c79dfd73545139fd8a0f8591499c9c8a749c70ecb48fa4 Loading...

	unknown	ScriptElement	3.5 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash 2765182a024e7c51ac6ed553792eafcb e198a3d04961de51b3435f20b89364d6b65899fa 6c7adfc69bd8e9f9600470166bb59b542869f1de1e432909c53581ba385e39ad Loading...

	k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin	ScriptElement	1.1 kB	2024-08-20	2024-08-20
Pretty URL k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash e8e2543fc3855fa5c01898c292018ad6 2b44e48774f86c831348b6062a9de97b74174ddc d0e0094a842d7baa6a11940f75eb117519f64356f32a0484373b79050b1b3c0b Loading...

	k9b.tube2.me/_astro/hoisted.c856752f.js	ImportedModule	616 B	2024-08-20	2024-08-20
Pretty URL k9b.tube2.me/_astro/hoisted.c856752f.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash 32b1b8f6f615043544cee31169496c88 23675fe8d666f10a500d4fc7f36373e26a6a1f57 1bda4d136a71fd89818f96c141405cc580cabbee1c3b31195a883fa5379402b6 Loading...

	k9b.tube2.me/_astro/hoisted.5c481276.js	ScriptElement	288 B	2023-12-05	2023-12-05
Pretty URL k9b.tube2.me/_astro/hoisted.5c481276.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 04:01 Last Seen2023-12-05 04:01 Times Seen1 Hash 40576c4bebc688071b984eda56a8a520 f56f4958968443fd4043e63f0a4656a8e2ea6ac5 67c0184442935150e3ea8dfeaca929675e2db7688c29ec8fff796d5c652c0bb9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 21a378f54592c0c240a33f2d6c8f689e	196 B	2024-08-20 16:44	2024-08-20 16:44
Pretty Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash 21a378f54592c0c240a33f2d6c8f689e f030f854d717230c7a38b06e05ce9ba3daaa6abf 7d257811820f52a74deaf496650b4104bfb6901547ad5cce30d0a8e4a3d0464c Loading...

	#2 Eval - 5ae285e3d8c392ff4b0fcb93534766db	2.1 kB	2024-08-20 16:44	2024-08-20 16:44
Pretty Observations First Seen2024-08-20 16:44 Last Seen2024-08-20 16:44 Times Seen1 Hash 5ae285e3d8c392ff4b0fcb93534766db 42e8bf7f51fcd722a344d58c0fff527fb9573d65 24b0c20b6558f21f5a885faf97286d301f647e1381bacc492ae8fc55b6ef1342 Loading...

HTTP Transactions (37)

URL IP Response Size

i.ytimg.com/vi/rmQq5wd4i48/maxresdefault.jpg

142.250.74.150

200 OK

156 kB

URL GET HTTP/2
i.ytimg.com/vi/rmQq5wd4i48/maxresdefault.jpg
IP
142.250.74.150:443
ASN
#15169 GOOGLE

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectedgestatic.com
FingerprintC8:30:4C:1A:A8:FF:83:E1:A2:7F:DB:02:8C:D9:05:46:C4:D6:CA:95
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
156 kB (156168 bytes)
Hash
8b2e2110e692bc96c10dc0f363e51274
d07e48b0d8d6c7e02bbb5aa906a7a71a05b352fa
063e5cdaaba5b6d799a7f8f8b67a4f7a69d99e56d31c0aa5807dee814ab3705b

HTTP Headers

GET /vi/rmQq5wd4i48/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 156168
date: Tue, 05 Dec 2023 03:00:57 GMT
expires: Tue, 05 Dec 2023 05:00:57 GMT
cache-control: public, max-age=7200
etag: "1669547387"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

k9b.tube2.me/_astro/hoisted.5c481276.js

188.114.96.1

200 OK

11 kB

URL GET HTTP/3
k9b.tube2.me/_astro/hoisted.5c481276.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
Java source, ASCII text
Size
11 kB (11079 bytes)
Hash
40576c4bebc688071b984eda56a8a520
f56f4958968443fd4043e63f0a4656a8e2ea6ac5
67c0184442935150e3ea8dfeaca929675e2db7688c29ec8fff796d5c652c0bb9

HTTP Headers

GET /_astro/hoisted.5c481276.js HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Fri, 01 Dec 2023 05:21:55 GMT
etag: W/"120-18c23d38938"
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vbkFOAecRObeVxueum7sdcTXaYKL7q3Q2%2BqetMhuw0a3FBGTf6iAp7RKP5AFWZD5gCWVK93KcFB2yZ%2B4qywEKE1c5mQD9c1WceW5mLqQvEZItYIIosSE5fxd3oIi5FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab3fbe956a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.profitablecreativeformat.com/af/cd/78/afcd78415277e90b1a173847948f1c42.js

173.233.137.36

200 OK

15 kB

URL GET HTTP/1.1
www.profitablecreativeformat.com/af/cd/78/afcd78415277e90b1a173847948f1c42.js
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectprofitablecreativeformat.com
Fingerprint3C:4F:9B:FB:66:B4:E2:8B:8C:D1:71:85:B7:C1:E1:97:48:3D:E9:DC
ValidityTue, 28 Nov 2023 07:18:39 GMT - Mon, 26 Feb 2024 07:18:38 GMT

File type
ASCII text, with very long lines (42799), with no line terminators
Size
15 kB (15442 bytes)
Hash
3eb1dcb02d5a3c24b87aa6a05f3d5322
b8a2503e83d111456a24aaa1362d4d6ccabe6000
9775c1688b5a0de9a4c79dfd73545139fd8a0f8591499c9c8a749c70ecb48fa4

HTTP Headers

GET /af/cd/78/afcd78415277e90b1a173847948f1c42.js HTTP/1.1
Host: www.profitablecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 03:00:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad42fc8a87fc9f95c5dd0ee24abd99d0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
96c6fd9e239d00254530f70b5e8116dd
4a912a35350da5a54a1eea6dee3d1195fb2bc4f2
367a7844a8f6ff6f8c03cc688d31c5af584ff5f9d82f41be1ba7a1ef90179b36

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:00:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://k9b.tube2.me
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b0877f94-6154-412e-8e57-42f63aa335d0:3:1; expires=Fri, 02 Dec 2033 03:00:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5e70085c39b6d57c996f4b6fa5a27375
cadb4a02ed406eb6892fdf07deecca16038c3f89
2b1e4095f2a295c0ef975d014cadbdfe558242a9b3f42307f15a3e2dd6f070e6

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:00:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://k9b.tube2.me
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=f3a57464-764e-43f7-9b63-113fa16c48ca:2:1; expires=Fri, 02 Dec 2033 03:00:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

k9b.tube2.me/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
k9b.tube2.me/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1068
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Cookie: colorMode=light; cf_clearance=qCTdgyAQW7iol8gY5sn1H2bXFa9f9B9BbuxX8eajeLU-1701745258-0-1-730ca2d2.73a07051.5b213570-0.2.1701745258; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f3a57464-764e-43f7-9b63-113fa16c48ca%3A2%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 03:00:58 GMT
access-control-allow-origin: https://k9b.tube2.me
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 83090abacd5e56a2-OSL
x-frame-options: DENY
x-content-type-options: nosniff

k9b.tube2.me/cdn-cgi/challenge-platform/h/b/jsd/r/83090aaffab7b4ee

188.114.96.1

200 OK

1 B

URL POST HTTP/3
k9b.tube2.me/cdn-cgi/challenge-platform/h/b/jsd/r/83090aaffab7b4ee
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/83090aaffab7b4ee HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12232
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Cookie: colorMode=light
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:58 GMT
content-type: text/plain; charset=UTF-8
priority: u=3,i=?0
set-cookie: cf_clearance=qCTdgyAQW7iol8gY5sn1H2bXFa9f9B9BbuxX8eajeLU-1701745258-0-1-730ca2d2.73a07051.5b213570-0.2.1701745258; path=/; expires=Wed, 04-Dec-24 03:00:58 GMT; domain=.tube2.me; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iDX4h0%2FPdZDuCMXUzuvknaO5qPmfyxHTBX2ThJ%2BUyd7IUKHGE500kwo2LVmzTtQbdjFiAQi8hnnenkmLuKRaLcV%2BD0vBkE8WohVbIvBYsiwRf4PNUh24aPA2WdykQyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab76cb056a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

admissiblecontradictthrone.com/watch.26949523335.js?key=88abe1fd287cda2865be222c06ba578a&kw=%5B%22ukrainian%22%2C%22drones%22%2C%22drop%22%2C%22bombs%22%2C%22on%22%2C%22russian%22%2C%22troops%22%2C%22hiding%22%2C%22in%22%2C%22trenches%22%2C%22near%22%2C%22bakhmut%22%5D&refer=https%3A%2F%2Fk9b.tube2.me%2Fview%2FrmQq5wd4i48.htm%3Fkw%3Dbitcoin&tz=0&dev=e&res=14.3095&uuid=b0877f94-6154-412e-8e57-42f63aa335d0%3A3%3A1&shu=143b848321490f291ecb27501e01db3aff70aa88d65154b740fdc6d84b42062c98b5a3367b10e40c421c8227bdac83e1fb05589007db37f87fdae81f86be17cfece85e630e6310d2d19839cfcce64de6e321431d7aefc6e6cee018772c25&pst=1701745318&rmtc=t

192.243.59.20

200 OK

2.1 kB

URL GET HTTP/1.1
admissiblecontradictthrone.com/watch.26949523335.js?key=88abe1fd287cda2865be222c06ba578a&kw=%5B%22ukrainian%22%2C%22drones%22%2C%22drop%22%2C%22bombs%22%2C%22on%22%2C%22russian%22%2C%22troops%22%2C%22hiding%22%2C%22in%22%2C%22trenches%22%2C%22near%22%2C%22bakhmut%22%5D&refer=https%3A%2F%2Fk9b.tube2.me%2Fview%2FrmQq5wd4i48.htm%3Fkw%3Dbitcoin&tz=0&dev=e&res=14.3095&uuid=b0877f94-6154-412e-8e57-42f63aa335d0%3A3%3A1&shu=143b848321490f291ecb27501e01db3aff70aa88d65154b740fdc6d84b42062c98b5a3367b10e40c421c8227bdac83e1fb05589007db37f87fdae81f86be17cfece85e630e6310d2d19839cfcce64de6e321431d7aefc6e6cee018772c25&pst=1701745318&rmtc=t
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectadmissiblecontradictthrone.com
Fingerprint90:54:BF:2D:0E:36:25:A2:57:CF:C9:5B:86:C3:FA:F2:03:14:94:09
ValidityTue, 28 Nov 2023 10:38:30 GMT - Mon, 26 Feb 2024 10:38:29 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2664)
Size
2.1 kB (2117 bytes)
Hash
979bea45c65fc4f9837d8f86d83974ee
9720d9ca69a0529797d83b0956139f1d4d395727
adabdadb9d79ffc0091fc02cc4d97fa0c953c29e444b48c633c14dff3659cc0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.26949523335.js?key=88abe1fd287cda2865be222c06ba578a&kw=%5B%22ukrainian%22%2C%22drones%22%2C%22drop%22%2C%22bombs%22%2C%22on%22%2C%22russian%22%2C%22troops%22%2C%22hiding%22%2C%22in%22%2C%22trenches%22%2C%22near%22%2C%22bakhmut%22%5D&refer=https%3A%2F%2Fk9b.tube2.me%2Fview%2FrmQq5wd4i48.htm%3Fkw%3Dbitcoin&tz=0&dev=e&res=14.3095&uuid=b0877f94-6154-412e-8e57-42f63aa335d0%3A3%3A1&shu=143b848321490f291ecb27501e01db3aff70aa88d65154b740fdc6d84b42062c98b5a3367b10e40c421c8227bdac83e1fb05589007db37f87fdae81f86be17cfece85e630e6310d2d19839cfcce64de6e321431d7aefc6e6cee018772c25&pst=1701745318&rmtc=t HTTP/1.1
Host: admissiblecontradictthrone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
Referer: https://k9b.tube2.me/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20220738; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDIyMDczOCwiayI6Ijg4YWJlMWZkMjg3Y2RhMjg2NWJlMjIyYzA2YmE1NzhhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODUyNTQ2LCJwaWQiOjg1NjkwMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNywiYWlkIjoyMywicHQiOjQsInBrIjoidHgzMWhpejRpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vazliLnR1YmUyLm1lL3ZpZXcvcm1RcTV3ZDRpNDguaHRtP2t3PWJpdGNvaW4iLCJhciI6W119fQ.Y8nVJBetivLIXkxYlx0nan6W_qZJe-v7o_vnF5MtK0g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 03:00:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://k9b.tube2.me
Access-Control-Allow-Origin: https://k9b.tube2.me
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=b0877f94-6154-412e-8e57-42f63aa335d0:3:1; expires=Tue, 12 Dec 2023 03:00:59 GMT; secure; SameSite=None
iprc2d1280043d9a8236c777bde97ab5341b=3569808; expires=Tue, 05 Dec 2023 07:00:59 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e6597eb238eef1163549ebed882ed609
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:00:59 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Thu, 07 Dec 2023 03:00:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=f3a57464-764e-43f7-9b63-113fa16c48ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=afcd78415277e90b1a173847948f1c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=3

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=f3a57464-764e-43f7-9b63-113fa16c48ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=afcd78415277e90b1a173847948f1c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=3
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=f3a57464-764e-43f7-9b63-113fa16c48ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=afcd78415277e90b1a173847948f1c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=3 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 03:00:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69e230c83e6c076a541357d27e1a02f2
Strict-Transport-Security: max-age=0; includeSubdomains

prematuresam.com/sbar.json?key=afcd78415277e90b1a173847948f1c42&uuid=f3a57464-764e-43f7-9b63-113fa16c48ca%3A2%3A1

192.243.59.12

200 OK

3.6 kB

URL GET HTTP/1.1
prematuresam.com/sbar.json?key=afcd78415277e90b1a173847948f1c42&uuid=f3a57464-764e-43f7-9b63-113fa16c48ca%3A2%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectprematuresam.com
FingerprintD1:BC:B4:98:A1:F5:79:44:08:07:76:0B:42:5B:37:31:DB:41:7A:35
ValidityTue, 28 Nov 2023 08:05:20 GMT - Mon, 26 Feb 2024 08:05:19 GMT

File type
JSON data\012- , ASCII text, with very long lines (6294), with no line terminators
Size
3.6 kB (3595 bytes)
Hash
79a98c4789d0a0a5015b905450071a17
f7c79996eece30e50665cf87f3eb8f6f8deda7ac
36ddc7024f3913e613e340d0c1f78768b1e358814dfc29f66cad6de58663ef07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=afcd78415277e90b1a173847948f1c42&uuid=f3a57464-764e-43f7-9b63-113fa16c48ca%3A2%3A1 HTTP/1.1
Host: prematuresam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 03:00:59 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://k9b.tube2.me
Access-Control-Allow-Origin: https://k9b.tube2.me
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=20220733; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
uid_id2=f3a57464-764e-43f7-9b63-113fa16c48ca:2:1; expires=Tue, 12 Dec 2023 03:00:59 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 06 Dec 2023 03:00:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 125a96c7c820f643d3eca0b9aad64b1b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

prematuresam.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSu3o0nUVD3IiLMQWFFM%2Bme7pmecZHFuEaCMQm7kZyrq6on5dR0NVXd05OcggvLgpdxT%2BKp802yQV3EXAVBOl4kIOx4kBzMxX%2BgsGeZZGD0Hfq919%2BD%2Br7vvQcH%2BQXxkNPzzU%2F0nlSKLjXrbu3mtky4LmxtfavmuXX3Vm1bJq3gVm04%2FZjBu57brLtv1T4SrKeXGq7nup7r1VakEbEeLl2ikOmTjlfvuPWgUfeaAYbm%2F73NHVjqgA8uyMuQfPLczq8nkKxC0v%2FhjrC9TKfvfNjPFc20wYAff5r0El0k6M%2FL2DiIk%2BPZNLSdEPLVNejkeKYAenA4VYBITojzh4coOZ7RRDQ4umIaKYgEEX8exaCCUBUkrcD0fUj%2BlACMY30DSf%2FxujYF3b1C6RSdkIVn%2F0AWE7Lw5w0k%2Fe%2BXlRzW7mmVZ1InFsO4hBxWkN0KaX6KbM%2BBLE7Bss8h%2BW9k6dkakv7hhlUakp%2B%2FEfu0GQatYDFsBWIx8ONwsRO1%2FEXP82PqtVjQZvTSIikryLiCEiNQew25dZBLB3nsIE8d9Pl5jTY7seuGcRT7fjtgjPk%2BY812ize5H7RjFzmbahghS0dgagRm9pGaffTkowkhX9946l3A5D%2FD7pSw3IHNCAa8RCEICktQUIJCEhQZQTEoj7iyDVs%2B5srmkTfLjVn2y7HOugf0SGddkRBQMzpIL8hLUxOd4Iv30BPnNRozHrYDr9kIQ9FxI496od8Owk7Qjj0WNGBlCWmvgVoHe3JC3n5QIZUT8sIrK4joKaw6BZNvguavgxbjsOGC7oyDtou95LjXieqC5%2BC6RJotINt1DtQFefVyj6sbJxDs7PZf%2FmWAmRKpKfGZ%2FIWgqx6O7%2BqCHN7VhSUnG2km%2B3KPTnd8L6OZuP7tx2K30Iav3rGjb95nU2BaPtkSNlujCZdJ15LvliXnwqxowwT5adVui2gztzvLuUnydG3zg5XVfmqEtVInFej0Xv82YHJCXnxt6%2FJ%2Bb%2F64CWkqmLxEPz8js4DUFVi6D5vO%2BVtNYNR8JkodFHk5No1o%2FlNJAiXmPY1K2P%2F00bw%2BsA%2FRNQ5odh9Jv8TAlBioElSNYPPr4yw1Z7d%2Fnz0eKWccKeMcRsqoL6%2FMtfK8JpqxGwu3IaK4E8UhdXknDjoR7XgijJrUQ2YnInnU%2BxcAAP%2F%2FAQAA%2F%2F%2BFo5mAlwQAAA%3D%3D

192.243.59.12

200 OK

7 B

URL GET HTTP/1.1
prematuresam.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSu3o0nUVD3IiLMQWFFM%2Bme7pmecZHFuEaCMQm7kZyrq6on5dR0NVXd05OcggvLgpdxT%2BKp802yQV3EXAVBOl4kIOx4kBzMxX%2BgsGeZZGD0Hfq919%2BD%2Br7vvQcH%2BQXxkNPzzU%2F0nlSKLjXrbu3mtky4LmxtfavmuXX3Vm1bJq3gVm04%2FZjBu57brLtv1T4SrKeXGq7nup7r1VakEbEeLl2ikOmTjlfvuPWgUfeaAYbm%2F73NHVjqgA8uyMuQfPLczq8nkKxC0v%2FhjrC9TKfvfNjPFc20wYAff5r0El0k6M%2FL2DiIk%2BPZNLSdEPLVNejkeKYAenA4VYBITojzh4coOZ7RRDQ4umIaKYgEEX8exaCCUBUkrcD0fUj%2BlACMY30DSf%2FxujYF3b1C6RSdkIVn%2F0AWE7Lw5w0k%2Fe%2BXlRzW7mmVZ1InFsO4hBxWkN0KaX6KbM%2BBLE7Bss8h%2BW9k6dkakv7hhlUakp%2B%2FEfu0GQatYDFsBWIx8ONwsRO1%2FEXP82PqtVjQZvTSIikryLiCEiNQew25dZBLB3nsIE8d9Pl5jTY7seuGcRT7fjtgjPk%2BY812ize5H7RjFzmbahghS0dgagRm9pGaffTkowkhX9946l3A5D%2FD7pSw3IHNCAa8RCEICktQUIJCEhQZQTEoj7iyDVs%2B5srmkTfLjVn2y7HOugf0SGddkRBQMzpIL8hLUxOd4Iv30BPnNRozHrYDr9kIQ9FxI496od8Owk7Qjj0WNGBlCWmvgVoHe3JC3n5QIZUT8sIrK4joKaw6BZNvguavgxbjsOGC7oyDtou95LjXieqC5%2BC6RJotINt1DtQFefVyj6sbJxDs7PZf%2FmWAmRKpKfGZ%2FIWgqx6O7%2BqCHN7VhSUnG2km%2B3KPTnd8L6OZuP7tx2K30Iav3rGjb95nU2BaPtkSNlujCZdJ15LvliXnwqxowwT5adVui2gztzvLuUnydG3zg5XVfmqEtVInFej0Xv82YHJCXnxt6%2FJ%2Bb%2F64CWkqmLxEPz8js4DUFVi6D5vO%2BVtNYNR8JkodFHk5No1o%2FlNJAiXmPY1K2P%2F00bw%2BsA%2FRNQ5odh9Jv8TAlBioElSNYPPr4yw1Z7d%2Fnz0eKWccKeMcRsqoL6%2FMtfK8JpqxGwu3IaK4E8UhdXknDjoR7XgijJrUQ2YnInnU%2BxcAAP%2F%2FAQAA%2F%2F%2BFo5mAlwQAAA%3D%3D
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectprematuresam.com
FingerprintD1:BC:B4:98:A1:F5:79:44:08:07:76:0B:42:5B:37:31:DB:41:7A:35
ValidityTue, 28 Nov 2023 08:05:20 GMT - Mon, 26 Feb 2024 08:05:19 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSu3o0nUVD3IiLMQWFFM%2Bme7pmecZHFuEaCMQm7kZyrq6on5dR0NVXd05OcggvLgpdxT%2BKp802yQV3EXAVBOl4kIOx4kBzMxX%2BgsGeZZGD0Hfq919%2BD%2Br7vvQcH%2BQXxkNPzzU%2F0nlSKLjXrbu3mtky4LmxtfavmuXX3Vm1bJq3gVm04%2FZjBu57brLtv1T4SrKeXGq7nup7r1VakEbEeLl2ikOmTjlfvuPWgUfeaAYbm%2F73NHVjqgA8uyMuQfPLczq8nkKxC0v%2FhjrC9TKfvfNjPFc20wYAff5r0El0k6M%2FL2DiIk%2BPZNLSdEPLVNejkeKYAenA4VYBITojzh4coOZ7RRDQ4umIaKYgEEX8exaCCUBUkrcD0fUj%2BlACMY30DSf%2FxujYF3b1C6RSdkIVn%2F0AWE7Lw5w0k%2Fe%2BXlRzW7mmVZ1InFsO4hBxWkN0KaX6KbM%2BBLE7Bss8h%2BW9k6dkakv7hhlUakp%2B%2FEfu0GQatYDFsBWIx8ONwsRO1%2FEXP82PqtVjQZvTSIikryLiCEiNQew25dZBLB3nsIE8d9Pl5jTY7seuGcRT7fjtgjPk%2BY812ize5H7RjFzmbahghS0dgagRm9pGaffTkowkhX9946l3A5D%2FD7pSw3IHNCAa8RCEICktQUIJCEhQZQTEoj7iyDVs%2B5srmkTfLjVn2y7HOugf0SGddkRBQMzpIL8hLUxOd4Iv30BPnNRozHrYDr9kIQ9FxI496od8Owk7Qjj0WNGBlCWmvgVoHe3JC3n5QIZUT8sIrK4joKaw6BZNvguavgxbjsOGC7oyDtou95LjXieqC5%2BC6RJotINt1DtQFefVyj6sbJxDs7PZf%2FmWAmRKpKfGZ%2FIWgqx6O7%2BqCHN7VhSUnG2km%2B3KPTnd8L6OZuP7tx2K30Iav3rGjb95nU2BaPtkSNlujCZdJ15LvliXnwqxowwT5adVui2gztzvLuUnydG3zg5XVfmqEtVInFej0Xv82YHJCXnxt6%2FJ%2Bb%2F64CWkqmLxEPz8js4DUFVi6D5vO%2BVtNYNR8JkodFHk5No1o%2FlNJAiXmPY1K2P%2F00bw%2BsA%2FRNQ5odh9Jv8TAlBioElSNYPPr4yw1Z7d%2Fnz0eKWccKeMcRsqoL6%2FMtfK8JpqxGwu3IaK4E8UhdXknDjoR7XgijJrUQ2YnInnU%2BxcAAP%2F%2FAQAA%2F%2F%2BFo5mAlwQAAA%3D%3D HTTP/1.1
Host: prematuresam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Cookie: u_pl=20220733; uid_id2=f3a57464-764e-43f7-9b63-113fa16c48ca:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 03:01:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ccec6cb0ec59d726b56fb44e2a502fc0
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16093 bytes)
Hash
14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af

HTTP Headers

GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Thu, 07 Dec 2023 03:01:00 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

172.64.109.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: image/png
content-length: 591
last-modified: Tue, 21 Sep 2021 12:03:43 GMT
etag: "6149ca1f-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2251555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDCqLO3F4mG8BH0YL%2FBPN1Im889xtrRltX7O9CUKp6vN%2F7xNm8TYzl6cOIHHTlPrXOKUbUbxAL4Kh5PmF6KfF1is%2BQ5ZnqNrKtxFsaDZva5IEXt%2FIYmHDKlzePZBSI6ondT0RkH1Yul5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ac5092506ed-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.211.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 452825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

172.64.109.10

200 OK

16 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
16 kB (16085 bytes)
Hash
0013fbb3bd9e7300fa1bc9f62501dcf0
447e4a8994979e2e158b9beff79b94e7d1b29508
4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEi3vV4DSzusK9uqEt53a9yHWokdrNNcCOyoZkFuGplI2ldCGf6RSiUm4qAZWAy0lQplpK7MZI6FhKdl49wSRJa4T4PVzo4sCJeaxLi0bPtIWKtW%2Budsm7vi163InTuq2iG8y4S37%2F92"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ac5b94e06ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

prematuresam.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSu3o0nUVD3IiLMQWFFM%2Bme7pmecZHFuEaCMQm7kZyrq6on5dR0NVXd05OcggvLgpdxT%2BKp802yQV3EXAVBOl4kIOx4kBzMxX%2BgsGeZZGD0Hfq919%2BD%2Br7vvQcH%2BQXxkNPzzU%2F0nlSKLjXrbu3mtky4LmxtfavmuXX3Vm1bJq3gVm04%2FZjBu57brLtv1T4SrKeXGq7nup7r1VakEbEeLl2ikOmTjlfvuPWgUfeaAYbm%2F73NHVjqgA8uyMuQfPLczq8nkKxC0v%2FhjrC9TKfvfNjPFc20wYAff5r0El0k6M%2FL2DiIk%2BPZNLSdEPLVNejkeKYAenA4VYBITojzh4coOZ7RRDQ4umIaKYgEEX8exaCCUBUkrcD0fUj%2BlACMY30DSf%2FxujYF3b1C6RSdkIVn%2F0AWE7Lw5w0k%2Fe%2BXlRzW7mmVZ1InFsO4hBxWkN0KaX6KbM%2BBLE7Bss8h%2BW9k6dkakv7hhlUakp%2B%2FEfu0GQatYDFsBWIx8ONwsRO1%2FEXP82PqtVjQZvTSIikryLiCEiNQew25dZBLB3nsIE8d9Pl5jTY7seuGcRT7fjtgjPk%2BY812ize5H7RjFzmbahghS0dgagRm9pGaffTkowkhX9946l3A5D%2FD7pSw3IHNCAa8RCEICktQUIJCEhQZQTEoj7iyDVs%2B5srmkTfLjVn2y7HOugf0SGddkRBQMzpIL8hLUxOd4Iv30BPnNRozHrYDr9kIQ9FxI496od8Owk7Qjj0WNGBlCWmvgVoHe3JC3n5QIZUT8sIrK4joKaw6BZNvguavgxbjsOGC7oyDtou95LjXieqC5%2BC6RJotINt1DtQFefVyj6sbJxDs7PZf%2FmWAmRKpKfGZ%2FIWgqx6O7%2BqCHN7VhSUnG2km%2B3KPTnd8L6OZuP7tx2K30Iav3rGjb95nU2BaPtkSNlujCZdJ15LvliXnwqxowwT5adVui2gztzvLuUnydG3zg5XVfmqEtVInFej0Xv82YHJCXnxt6%2FJ%2Bb%2F64CWkqmLxEPz8js4DUFVi6D5vO%2BVtNYNR8JkodFHk5No1o%2FlNJAiXmPY1K2P%2F00bw%2BsA%2FRNQ5odh9Jv8TAlBioElSNYPPr4yw1Z7d%2Fnz0eKWccKeMcRsqoL6%2FMtfK81vQC0Y7aIeM8Eox7YcNv%2B67b4DwIO8LrILMTkTzq%2FQsAAP%2F%2FAQAA%2F%2F%2BRqxdmlwQAAA%3D%3D

192.243.59.12

200 OK

7 B

URL GET HTTP/1.1
prematuresam.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSu3o0nUVD3IiLMQWFFM%2Bme7pmecZHFuEaCMQm7kZyrq6on5dR0NVXd05OcggvLgpdxT%2BKp802yQV3EXAVBOl4kIOx4kBzMxX%2BgsGeZZGD0Hfq919%2BD%2Br7vvQcH%2BQXxkNPzzU%2F0nlSKLjXrbu3mtky4LmxtfavmuXX3Vm1bJq3gVm04%2FZjBu57brLtv1T4SrKeXGq7nup7r1VakEbEeLl2ikOmTjlfvuPWgUfeaAYbm%2F73NHVjqgA8uyMuQfPLczq8nkKxC0v%2FhjrC9TKfvfNjPFc20wYAff5r0El0k6M%2FL2DiIk%2BPZNLSdEPLVNejkeKYAenA4VYBITojzh4coOZ7RRDQ4umIaKYgEEX8exaCCUBUkrcD0fUj%2BlACMY30DSf%2FxujYF3b1C6RSdkIVn%2F0AWE7Lw5w0k%2Fe%2BXlRzW7mmVZ1InFsO4hBxWkN0KaX6KbM%2BBLE7Bss8h%2BW9k6dkakv7hhlUakp%2B%2FEfu0GQatYDFsBWIx8ONwsRO1%2FEXP82PqtVjQZvTSIikryLiCEiNQew25dZBLB3nsIE8d9Pl5jTY7seuGcRT7fjtgjPk%2BY812ize5H7RjFzmbahghS0dgagRm9pGaffTkowkhX9946l3A5D%2FD7pSw3IHNCAa8RCEICktQUIJCEhQZQTEoj7iyDVs%2B5srmkTfLjVn2y7HOugf0SGddkRBQMzpIL8hLUxOd4Iv30BPnNRozHrYDr9kIQ9FxI496od8Owk7Qjj0WNGBlCWmvgVoHe3JC3n5QIZUT8sIrK4joKaw6BZNvguavgxbjsOGC7oyDtou95LjXieqC5%2BC6RJotINt1DtQFefVyj6sbJxDs7PZf%2FmWAmRKpKfGZ%2FIWgqx6O7%2BqCHN7VhSUnG2km%2B3KPTnd8L6OZuP7tx2K30Iav3rGjb95nU2BaPtkSNlujCZdJ15LvliXnwqxowwT5adVui2gztzvLuUnydG3zg5XVfmqEtVInFej0Xv82YHJCXnxt6%2FJ%2Bb%2F64CWkqmLxEPz8js4DUFVi6D5vO%2BVtNYNR8JkodFHk5No1o%2FlNJAiXmPY1K2P%2F00bw%2BsA%2FRNQ5odh9Jv8TAlBioElSNYPPr4yw1Z7d%2Fnz0eKWccKeMcRsqoL6%2FMtfK81vQC0Y7aIeM8Eox7YcNv%2B67b4DwIO8LrILMTkTzq%2FQsAAP%2F%2FAQAA%2F%2F%2BRqxdmlwQAAA%3D%3D
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectprematuresam.com
FingerprintD1:BC:B4:98:A1:F5:79:44:08:07:76:0B:42:5B:37:31:DB:41:7A:35
ValidityTue, 28 Nov 2023 08:05:20 GMT - Mon, 26 Feb 2024 08:05:19 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSu3o0nUVD3IiLMQWFFM%2Bme7pmecZHFuEaCMQm7kZyrq6on5dR0NVXd05OcggvLgpdxT%2BKp802yQV3EXAVBOl4kIOx4kBzMxX%2BgsGeZZGD0Hfq919%2BD%2Br7vvQcH%2BQXxkNPzzU%2F0nlSKLjXrbu3mtky4LmxtfavmuXX3Vm1bJq3gVm04%2FZjBu57brLtv1T4SrKeXGq7nup7r1VakEbEeLl2ikOmTjlfvuPWgUfeaAYbm%2F73NHVjqgA8uyMuQfPLczq8nkKxC0v%2FhjrC9TKfvfNjPFc20wYAff5r0El0k6M%2FL2DiIk%2BPZNLSdEPLVNejkeKYAenA4VYBITojzh4coOZ7RRDQ4umIaKYgEEX8exaCCUBUkrcD0fUj%2BlACMY30DSf%2FxujYF3b1C6RSdkIVn%2F0AWE7Lw5w0k%2Fe%2BXlRzW7mmVZ1InFsO4hBxWkN0KaX6KbM%2BBLE7Bss8h%2BW9k6dkakv7hhlUakp%2B%2FEfu0GQatYDFsBWIx8ONwsRO1%2FEXP82PqtVjQZvTSIikryLiCEiNQew25dZBLB3nsIE8d9Pl5jTY7seuGcRT7fjtgjPk%2BY812ize5H7RjFzmbahghS0dgagRm9pGaffTkowkhX9946l3A5D%2FD7pSw3IHNCAa8RCEICktQUIJCEhQZQTEoj7iyDVs%2B5srmkTfLjVn2y7HOugf0SGddkRBQMzpIL8hLUxOd4Iv30BPnNRozHrYDr9kIQ9FxI496od8Owk7Qjj0WNGBlCWmvgVoHe3JC3n5QIZUT8sIrK4joKaw6BZNvguavgxbjsOGC7oyDtou95LjXieqC5%2BC6RJotINt1DtQFefVyj6sbJxDs7PZf%2FmWAmRKpKfGZ%2FIWgqx6O7%2BqCHN7VhSUnG2km%2B3KPTnd8L6OZuP7tx2K30Iav3rGjb95nU2BaPtkSNlujCZdJ15LvliXnwqxowwT5adVui2gztzvLuUnydG3zg5XVfmqEtVInFej0Xv82YHJCXnxt6%2FJ%2Bb%2F64CWkqmLxEPz8js4DUFVi6D5vO%2BVtNYNR8JkodFHk5No1o%2FlNJAiXmPY1K2P%2F00bw%2BsA%2FRNQ5odh9Jv8TAlBioElSNYPPr4yw1Z7d%2Fnz0eKWccKeMcRsqoL6%2FMtfK81vQC0Y7aIeM8Eox7YcNv%2B67b4DwIO8LrILMTkTzq%2FQsAAP%2F%2FAQAA%2F%2F%2BRqxdmlwQAAA%3D%3D HTTP/1.1
Host: prematuresam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Cookie: u_pl=20220733; uid_id2=f3a57464-764e-43f7-9b63-113fa16c48ca:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 03:01:01 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2eadc07eaddf66d7dd08f08b073e81b
Strict-Transport-Security: max-age=0; includeSubdomains

prematuresam.com/pixel/sbs?c=1

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
prematuresam.com/pixel/sbs?c=1
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectprematuresam.com
FingerprintD1:BC:B4:98:A1:F5:79:44:08:07:76:0B:42:5B:37:31:DB:41:7A:35
ValidityTue, 28 Nov 2023 08:05:20 GMT - Mon, 26 Feb 2024 08:05:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: prematuresam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Cookie: u_pl=20220733; uid_id2=f3a57464-764e-43f7-9b63-113fa16c48ca:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 03:01:01 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

k9b.tube2.me/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
k9b.tube2.me/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 518
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 03:01:12 GMT
access-control-allow-origin: https://k9b.tube2.me
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 83090b12988656a2-OSL
x-frame-options: DENY
x-content-type-options: nosniff

k9b.tube2.me/api/theme

188.114.96.1

200 OK

13 B

URL POST HTTP/3
k9b.tube2.me/api/theme
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
445a3906a7f85a2b5c2c2612a8cc1c88
d356c6711ed2c0b5a9b1dd476b49bb2150cec87c
c91ad8fff79fd2500e4c0b24f2a9880c893d5a459bba25e57dd7550506e33616

HTTP Headers

POST /api/theme HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Content-Type: application/json
Content-Length: 17
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: text/plain;charset=UTF-8
set-cookie: colorMode=light; Max-Age=31619000; Path=/; Secure; SameSite=Lax
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9Yr7FD%2Fj5RY4Gu8%2FnNP%2B87NgL8D4YrKbFSexDME%2BOtCd62OimaGQkcaYx8x9vnVOeE7VqXHnYAkBtpruqOUfMJGcc1B3wBAdjg%2BYTbOIuICVrpZevejSHAt9LwRrfg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab61c6e56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.4

200 OK

1.3 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1405), with no line terminators
Size
1.3 kB (1325 bytes)
Hash
5373f3c4843345dde67db670323b2d54
666b2db9872196e52a2bc902111de5e37aa1ae28
e398fbdac28494dec6505fb0143d4cd41cee83989517e12c13ea113fef006fda

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 05 Dec 2023 04:01:00 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

www.profitablecreativeformat.com/88abe1fd287cda2865be222c06ba578a/invoke.js

173.233.137.36

200 OK

30 kB

URL GET HTTP/1.1
www.profitablecreativeformat.com/88abe1fd287cda2865be222c06ba578a/invoke.js
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectprofitablecreativeformat.com
Fingerprint3C:4F:9B:FB:66:B4:E2:8B:8C:D1:71:85:B7:C1:E1:97:48:3D:E9:DC
ValidityTue, 28 Nov 2023 07:18:39 GMT - Mon, 26 Feb 2024 07:18:38 GMT

File type
exported SGML document, ASCII text, with very long lines (29637), with no line terminators
Size
30 kB (29637 bytes)
Hash
49e66d9769b8e2bb8bcca1e31a0244da
3af578caf4a1f3f1d0aac135d9bcbee0387db59b
52a65c2164f4fd2bd98731127aff8bb758855f0b34e884ead200ff85032fd21b

HTTP Headers

GET /88abe1fd287cda2865be222c06ba578a/invoke.js HTTP/1.1
Host: www.profitablecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 03:00:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 906901f9e75b80a5cd5f09251a9060c9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.42

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 03:01:00 GMT
date: Tue, 05 Dec 2023 03:01:00 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

k9b.tube2.me/favicon.ico

188.114.96.1

404 Not Found

5.1 kB

URL GET HTTP/3
k9b.tube2.me/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5342), with no line terminators
Size
5.1 kB (5084 bytes)
Hash
f2e7943048c3960ef0e208d5cd797e21
608d41e1bdeb1838a50c346976ac073bde3af0ae
95781e001fc6b347a6b7dfb6bc43cacd3544a55bb0df10fb9198d5af4097385c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Cookie: colorMode=light; cf_clearance=qCTdgyAQW7iol8gY5sn1H2bXFa9f9B9BbuxX8eajeLU-1701745258-0-1-730ca2d2.73a07051.5b213570-0.2.1701745258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 05 Dec 2023 03:00:58 GMT
content-type: text/html
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfQ7ce7yFBf1JcDJEdetXKzB0QcyXwM6pxvfJxb%2FaM6HnuJxEt3luGVidxvNM62CgZ4GO%2FkhcvuAvFbrTNud6ZAg29DDSJoCDDdKYjQfiSE6aNG6fpfvnAy5CM%2FdMbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab7acc056a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css

172.64.109.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
79 kB (79245 bytes)
Hash
80047eaa13ebd50c50e8a9753621e430
9c503e07d130572a0eaf51f7c02cbd4cf6213fe3
3f831a59615f8d5d40b4340b2836f91438c876f8dbce75f78e38360d6fe0f429

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cc47VUSB2JiXbyehNReNTetNwxfRBYw6uncCoWd4l7kw%2B2qCHJdRZjzQhctEWsGiWe%2Fzd7U1X8OARV5FB89TtlQGZv%2FNb7qmjbvhY9QOS3BVqpbUM8NAyO6usqFIQE%2B6DsEwgRhGQail"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ac4e91e06ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

k9b.tube2.me/cdn-cgi/challenge-platform/scripts/jsd/main.js

188.114.96.1

302 Found

7.4 kB

URL GET HTTP/3
k9b.tube2.me/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type

Size
7.4 kB (7429 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Tue, 05 Dec 2023 03:00:57 GMT
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iz6TxUBfAwPt%2FMvQQ%2BX85zAEz6986GiG9WNlP%2FSI4rKPaRlxD61ihUuE0jNkTZ3QIYWaRamf7zY5T%2F5ho1Sg7cwYI4nhneIbBhy3N2Z09z91LbrsYT%2FRIHg0UwiaPjU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab61c6f56a2-OSL
alt-svc: h3=":443"; ma=86400

k9b.tube2.me/_astro/hoisted.c856752f.js

188.114.96.1

200 OK

616 B

URL GET HTTP/3
k9b.tube2.me/_astro/hoisted.c856752f.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
ASCII text, with very long lines (661), with no line terminators
Size
616 B (616 bytes)
Hash
cb95df8b34f4055e50db41571f7ab972
fc7bda4d2d601d8b248825cedeb3a9d7b32810b5
280d6096088105a880b7934395f869c77e905a8685bc8f6e216852da00367533

HTTP Headers

GET /_astro/hoisted.c856752f.js HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/_astro/hoisted.5c481276.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Fri, 01 Dec 2023 05:21:55 GMT
etag: W/"268-18c23d38938"
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QGXCxHo%2FY7Usy8JtOMierFLOW0QNY2p5KtCiIjfEqeMCRMIRu34OuYNnJrq%2FwFW7XBVx0ba0Uu7AfsE3hQtinsanhRtWjoAPrz%2B%2BuRyELVpjK6QqoDCZv7qJDSZ7rq8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab59c5556a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

172.64.109.10

200 OK

3.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (3581), with no line terminators
Size
3.4 kB (3377 bytes)
Hash
c8ded4b141a8ede34abfc377901ea757
30364a88fa583f523e856948395f7c7185e01067
2465381b1c22f14274b8d5c154ac8e0cc5afca013d326e0742c36c08dcb3df04

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-d31"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fi5eN50v7aFZbuGNV8gMtQ5n9KbF5kk90rdqHPuhX8sajC3TyyFmwSngPewqKvW9MrtdrR60dFl5NwFdv0mSUZkddTT%2BLDVmal8Lt7VlO4HW7M%2BkQD46R%2FS2Zybzd5IKyUkjDhKaPH3O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ac4f91f06ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

192.243.59.20

307 Temporary Redirect

3.5 kB

URL GET HTTP/1.1
admissiblecontradictthrone.com/watch.26949523335.js?key=88abe1fd287cda2865be222c06ba578a&kw=%5B%22ukrainian%22%2C%22drones%22%2C%22drop%22%2C%22bombs%22%2C%22on%22%2C%22russian%22%2C%22troops%22%2C%22hiding%22%2C%22in%22%2C%22trenches%22%2C%22near%22%2C%22bakhmut%22%5D&refer=https%3A%2F%2Fk9b.tube2.me%2Fview%2FrmQq5wd4i48.htm%3Fkw%3Dbitcoin&tz=0&dev=e&res=14.3095&uuid=b0877f94-6154-412e-8e57-42f63aa335d0%3A3%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerLet's Encrypt
Subjectadmissiblecontradictthrone.com
Fingerprint90:54:BF:2D:0E:36:25:A2:57:CF:C9:5B:86:C3:FA:F2:03:14:94:09
ValidityTue, 28 Nov 2023 10:38:30 GMT - Mon, 26 Feb 2024 10:38:29 GMT

File type

Size
3.5 kB (3540 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.26949523335.js?key=88abe1fd287cda2865be222c06ba578a&kw=%5B%22ukrainian%22%2C%22drones%22%2C%22drop%22%2C%22bombs%22%2C%22on%22%2C%22russian%22%2C%22troops%22%2C%22hiding%22%2C%22in%22%2C%22trenches%22%2C%22near%22%2C%22bakhmut%22%5D&refer=https%3A%2F%2Fk9b.tube2.me%2Fview%2FrmQq5wd4i48.htm%3Fkw%3Dbitcoin&tz=0&dev=e&res=14.3095&uuid=b0877f94-6154-412e-8e57-42f63aa335d0%3A3%3A1 HTTP/1.1
Host: admissiblecontradictthrone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 03:00:58 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://k9b.tube2.me
Access-Control-Allow-Origin: https://k9b.tube2.me
Access-Control-Allow-Credentials: true
Location: https://admissiblecontradictthrone.com/watch.26949523335.js?key=88abe1fd287cda2865be222c06ba578a&kw=%5B%22ukrainian%22%2C%22drones%22%2C%22drop%22%2C%22bombs%22%2C%22on%22%2C%22russian%22%2C%22troops%22%2C%22hiding%22%2C%22in%22%2C%22trenches%22%2C%22near%22%2C%22bakhmut%22%5D&refer=https%3A%2F%2Fk9b.tube2.me%2Fview%2FrmQq5wd4i48.htm%3Fkw%3Dbitcoin&tz=0&dev=e&res=14.3095&uuid=b0877f94-6154-412e-8e57-42f63aa335d0%3A3%3A1&shu=143b848321490f291ecb27501e01db3aff70aa88d65154b740fdc6d84b42062c98b5a3367b10e40c421c8227bdac83e1fb05589007db37f87fdae81f86be17cfece85e630e6310d2d19839cfcce64de6e321431d7aefc6e6cee018772c25&pst=1701745318&rmtc=t
Set-Cookie: u_pl=20220738; expires=Wed, 06 Dec 2023 03:00:58 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDIyMDczOCwiayI6Ijg4YWJlMWZkMjg3Y2RhMjg2NWJlMjIyYzA2YmE1NzhhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODUyNTQ2LCJwaWQiOjg1NjkwMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNywiYWlkIjoyMywicHQiOjQsInBrIjoidHgzMWhpejRpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vazliLnR1YmUyLm1lL3ZpZXcvcm1RcTV3ZDRpNDguaHRtP2t3PWJpdGNvaW4iLCJhciI6W119fQ.Y8nVJBetivLIXkxYlx0nan6W_qZJe-v7o_vnF5MtK0g; expires=Tue, 05 Dec 2023 03:01:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2f22ef4d9d30fcccac26065a601b440
Strict-Transport-Security: max-age=0; includeSubdomains

k9b.tube2.me/_astro/index.5f934d32.css

188.114.96.1

200 OK

17 kB

URL GET HTTP/3
k9b.tube2.me/_astro/index.5f934d32.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
ASCII text, with very long lines (16703)
Size
17 kB (16704 bytes)
Hash
37c28dc6cb1dbf620a8efb2b8c2b2b10
c82f000c77311d2b788d90e1b6c6c03edc476e19
5f934d3287f7312902371ec585228b21a0e586567ed2c81d120dc43919580ff0

HTTP Headers

GET /_astro/index.5f934d32.css HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
last-modified: Fri, 01 Dec 2023 05:21:55 GMT
etag: W/"4140-18c23d38938"
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIhiafQADAnjfddDuSEAowjmrIYAJbM2LJHZ%2BZlgz4So70PhdIryBJgf3URab%2FD6%2BeALaGTWsuQgXWeaxfgu%2F1c4bVT0b5LCv1kkHGkUPgW3v3lFFK8bJbM8BymLapk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab3fbe856a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.33

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.33:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:00:58 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f8e236524bea7028f4c770bea45cf514
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 05 Dec 2023 03:00:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=doHIaBDLG%2BemiTKLnASWgBx3sJ6bxXs2jfdLADKJp18UxvIO8u%2FNsGjkLIz%2B8lgU36s39gMa72wKh4xa9CCIUJToIkv6t6foju%2B%2FDAXyO7a81m4JFDB8Eg92jstNCHpUy2X20Hc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ab9b94b4e0f-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin

188.114.96.1

200 OK

20 kB

URL User Request GET HTTP/2
k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7005)
Size
20 kB (20547 bytes)
Hash
499995f389de7404e3abb7e3fc73a53f
89e3a6a58f2d5c9b347ecf18326d12f2b8153ab9
be62b4668de2a8a63859af70b6821c405995c12cf2ac95ad892f67c717e0c016

HTTP Headers

GET /view/rmQq5wd4i48.htm?kw=bitcoin HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: text/html
cf-cache-status: MISS
last-modified: Tue, 05 Dec 2023 03:00:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HcHdQpohVK4SogGXyb6X1WxYr7OLINJG6%2FKPNFuuviZgXRF6%2FdVHWEQ4yXwxJai4XBtTsGxN32Zzt15V2P0PBNkWcd27WbrTG4olK2IV6zdYojIfwXv0jBS4Vak3%2F%2Fg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090aaffab7b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

104.16.56.101

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
104.16.56.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8
ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (19986), with no line terminators
Size
20 kB (19986 bytes)
Hash
dd1d068fdb5fe90b6c05a5b3940e088c
0d96f9df8772633a9df4c81cf323a4ef8998ba59
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

HTTP Headers

GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ab40b450b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

k9b.tube2.me/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

188.114.96.1

200 OK

7.4 kB

URL GET HTTP/3
k9b.tube2.me/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
ASCII text, with very long lines (7429), with no line terminators
Size
7.4 kB (7429 bytes)
Hash
015b7290c915f372ad70aeaba3848505
17ccd9454ac233efd3a1b601e0b9fc9524b6e1cf
a11d5d483f5a729c6ee86fe1c414239f272bc722dee0370b3f8bffaf814b9a92

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBVaqsL1Ty908Cin1PsARRb2zNAh0ZuAqjqPgS9Mzlxqe%2BvAanszmCJKxUvB23ii6Z5O7OGxVlSP52kME8aBfyRlerp%2FVPc%2BBi3Xh%2BRoe%2FZEYIYoHKqOKYP9r%2FhXsr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab63c7656a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

172.64.109.10

200 OK

84 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:01:00 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 328064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cd36la6%2BLSMFZw3B0S2Y%2F6bMhFymBA9m%2B59uz5Kqc8ogwr7mt4r4nVCam9VbiNKnbURjVdClxMT8EW997jYCL5%2BMkFzTKfiSCdheS5j%2F5NDVnlLPN7gfFEMy%2FgXastMmV6fL98HYZ%2B4f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83090ac5092706ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.211.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://k9b.tube2.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 425007
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

k9b.tube2.me/js/metrika.js

188.114.96.1

200 OK

576 B

URL GET HTTP/3
k9b.tube2.me/js/metrika.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Certificate
IssuerGoogle Trust Services LLC
Subjecttube2.me
Fingerprint09:75:DB:E6:18:57:3F:DB:F5:73:AC:D0:B7:F8:11:FE:A3:46:C3:4A
ValidityMon, 13 Nov 2023 01:26:09 GMT - Sun, 11 Feb 2024 01:26:08 GMT

File type
ASCII text, with very long lines (610), with no line terminators
Size
576 B (576 bytes)
Hash
7d7f99a9e74b2eea7e2e98bea9fe4ea0
2bedfe30a834e7ce34a6b69613800cce80b7fce5
c1cd22021977b24a1576f4de60c280d44e14dba9c5181aee365cfe09e83135b1

HTTP Headers

GET /js/metrika.js HTTP/1.1
Host: k9b.tube2.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://k9b.tube2.me/view/rmQq5wd4i48.htm?kw=bitcoin
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 03:00:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Fri, 01 Dec 2023 05:21:55 GMT
etag: W/"240-18c23d38938"
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjF0ujT6e98%2BmP4C0Ajr8ZD0hjByf%2BOvwbwHTUcZxiN%2Fu3LrEbbhhJKvPehRHH%2B2coNLaMPiJeo7btBgk3w1oc44mLbaauuS3n2u4W10gmeov6z2atPx056oSFAAT1g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83090ab3fbe756a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations