Report - interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853

Report Overview

Visited public
2025-07-15 19:25:05
Tags
Submit Tags
URL
interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Finishing URL
interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
IP / ASN
172.67.186.229
#13335 CLOUDFLARENET
Title
Redirecting...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
interbots.com	unknown	1998-08-03	2025-07-09	2025-07-09	1.7 kB	36 kB	188.114.97.1
professionaltrafficmonitor.com	unknown	2025-01-23	2025-01-25	2025-07-11	1.4 kB	1.1 kB	3.126.213.67
oamsedsaiph.net	unknown	2025-04-25	2025-05-15	2025-07-09	569 B	828 B	139.45.195.9
weirdopt.com	unknown	2025-07-01	2025-07-08	2025-07-15	425 B	377 B	185.196.197.72
preferencenail.com	unknown	2025-07-01	2025-07-08	2025-07-15	420 B	86 kB	185.196.197.72
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-07-09	443 B	400 kB	142.250.178.72
treatmentoctopus.com	unknown	2024-08-25	2024-09-05	2025-07-09	918 B	133 kB	192.243.59.13
wearychallengeraise.com	unknown	2024-08-19	2025-01-23	2025-07-13	3.1 kB	14 kB	192.243.59.13
flushpersist.com	unknown	2025-07-01	2025-07-08	2025-07-15	787 B	496 B	192.243.61.227
cdn.storageimagedisplay.com	unknown	2024-09-13	2024-09-13	2025-07-11	471 B	31 kB	45.133.44.1
madurird.com	unknown	2023-10-06	2023-10-07	2025-07-12	418 B	110 kB	139.45.197.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-15	medium	oamsedsaiph.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	madurird.com/tag.min.js	ScriptElement	109 kB	2025-07-15	2025-07-16
Pretty URL madurird.com/tag.min.js IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-15 13:56 Last Seen2025-07-16 04:01 Times Seen6 Hash 4e417d22c6cbcb050ecb47657d05e761 8731acdc898c5e80efbd326d3b673452fde66ca9 044c9fb8afc0e8facbc7988a2743ae181282b3f4feb307128f8ec25dab704068 Loading...

	preferencenail.com/sfp.js	ScriptElement	85 kB	2025-07-08	2025-07-16
Pretty URL preferencenail.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-08 10:38 Last Seen2025-07-16 03:55 Times Seen550 Hash 46a6fef91632b94d14252fe324c1585f 387cebbd261b8fe947fe9805875300f2ceeb5cfd 36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5 Loading...

	treatmentoctopus.com/a5/79/f3/a579f3238470178c269d4a0465538683.js	ScriptElement	104 kB	2025-07-15	2025-07-15
Pretty URL treatmentoctopus.com/a5/79/f3/a579f3238470178c269d4a0465538683.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-15 19:25 Last Seen2025-07-15 19:25 Times Seen1 Hash c1bd7b034bff18b3d7208033c8392ca8 b31da0b631fb5f29f5218f86c657ff0610bb1415 177d3507fb869d82b7082f803ab0df631a68bf1200d3ae0a126707068540b645 Loading...

	treatmentoctopus.com/9e9be25a2a2566d1ea0cecf1ef12324a/invoke.js	ScriptElement	27 kB	2025-07-15	2025-07-15
Pretty URL treatmentoctopus.com/9e9be25a2a2566d1ea0cecf1ef12324a/invoke.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-15 19:25 Last Seen2025-07-15 19:25 Times Seen1 Hash f656dbb02da9c8f2f7bcfc31fdb85daf adc95a034e8ec834b29badc2fea65534024d1530 17d456acdd2e7a73e74aa711988864c8ea258ccae53db57f7b65842fa5980336 Loading...

	interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853	ScriptElement	28 kB	2025-07-09	2025-07-15
Pretty URL interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash 14d4f6c0c8e33313eaf044d47b0d2715 12753383b380250ec9dcd8ea62a36e25232a56e9 91baa32dd589cbba73e629a41de3b9b3b95327176647f91186d4c3b07a344b1f Loading...

	interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853	ScriptElement	107 B	2025-07-09	2025-07-15
Pretty URL interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash 47069f21a0acf2ce148ce8fa55f2c996 1cfecb7cb3f3ff3df573f6d8e6e5e6fa7404aed0 5aad26d7f509ce7ce6e3f363c0c9a3f8eaa5a3713f7a5014261c09c533739d82 Loading...

	interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853	EventHandler	10 B	2025-07-09	2025-07-15
Pretty URL interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash bcb8ab87efe332f215194472cdc91352 88b769b21cc1b49bd8a3917b507cda8bba380a94 54f06f46e6e7d90a3ee137ded7eeb13cec59ecafecab00619233ce6fc8dba0bc Loading...

	about:blank	Eval	2.0 kB	2025-07-15	2025-07-15
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-07-15 19:25 Last Seen2025-07-15 19:25 Times Seen1 Hash c45e751c590e1cb0338a052a738aca48 da759b0cc184bc819277420722db520444341d5e eb37635dacdbbfc31d9f5e0daf192a7713d31282ebc3e06bd1e75bb08b539831 Loading...

	about:blank	Eval	1.6 kB	2025-07-15	2025-07-15
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-07-15 19:25 Last Seen2025-07-15 19:25 Times Seen1 Hash 84d52c919280ee524359132cb3c7d0ca ebb94b7d14f4e0fc7aee79b821e705051b85ea0d 799488542c12ebcb27d4c8e67f4830552d30e1c6ac7b3feb9a6369c6bc357dca Loading...

	about:blank	ScriptElement	4.9 kB	2025-07-15	2025-07-15
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-15 19:25 Last Seen2025-07-15 19:25 Times Seen1 Hash f84ef21501b5622d2e35c4f4530c2b33 b62e5f04f2fe2c02ee56bc29d66f55aa110a8302 3d68d54720c2404d4d5174795301cec8a187c731f19e64133e665b06030a475b Loading...

	about:blank	ScriptElement	145 B	2025-07-09	2025-07-15
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash 0b73c9356955a44a433b07d46aff5992 518e7e0400e3ba036706505e35b2fabed8339140 1506bbb56ae66c8a739c463c82cb8c474a103b666784d028cc0873b225401736 Loading...

	interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853	ScriptElement	1.9 kB	2025-07-09	2025-07-15
Pretty URL interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash 683eafc87ed54c770a44ff0e37e8881b 68a09a12a76999a49e9784cb5cdcbb2b7ed0bcc1 9dd4bcb96c3f1265fd4501d5617b220487b402da7f6be57417cab7081a791cfd Loading...

	interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853	ScriptElement	133 B	2025-07-09	2025-07-15
Pretty URL interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash d933e4451ef31a891469722bc311e7d9 0c706146d5428f30c907fef38e7ca68ab35b7c39 9631dafdf50277cb0c727de399d35c3d3241275424eff123b5ff557dfce7d416 Loading...

	interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853	EventHandler	8 B	2025-07-09	2025-07-15
Pretty URL interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-07-09 20:38 Last Seen2025-07-15 19:25 Times Seen6 Hash d8abf35ac07f617328b1cb435beb5507 991945d49d1d2b7bb8d4097cabe317a2a00f10d7 a8e57bec41b9faa7baa8ccf09246843c941c018bcd7951d0d514da889da01318 Loading...

	www.googletagmanager.com/gtag/js?id=G-RBMLY22Q2M	ScriptElement	399 kB	2025-07-15	2025-07-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-RBMLY22Q2M IP 142.250.178.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-15 19:25 Last Seen2025-07-15 19:25 Times Seen1 Hash a9c612ab05fe71ae20616c0df9dd185f 6d106c72be8c217e85fb1fed3fcea0cc8f419e96 3ca38b7007b18253a07da4dd9bf02617005ba99f33e29400cb504adb6e17adb1 Loading...

HTTP Transactions (18)

URL IP Response Size

GET interbots.com/favicon.ico

188.114.97.1

404 Not Found

196 B

URL GET
interbots.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerGoogle Trust Services
Subjectinterbots.com
FingerprintFA:DB:7A:75:BB:32:E3:35:1A:51:97:70:A7:FD:7B:56:77:1D:0C:01
ValidityTue, 03 Jun 2025 08:31:54 GMT - Mon, 01 Sep 2025 09:31:51 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: interbots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Cookie: _ga_RBMLY22Q2M=GS2.1.s1752607470$o1$g0$t1752607470$j60$l0$h0; _ga=GA1.1.439280182.1752607470
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 15 Jul 2025 19:24:30 GMT
content-type: text/html; charset=iso-8859-1
server: cloudflare
cache-control: max-age=14400
x-page-speed: 1.13.35.2-0
cf-cache-status: EXPIRED
priority: u=6,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=AWmwtl6r%2F8dp1IaML0XtfwHJomT%2F1FFBIPnSOTs3l2mvM4MOywP3yTjjKHm95d6VVX3eIYTms4vqixMmGF5zePjWE9YBLni6szwh"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 95fba3f0eec1569d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET professionaltrafficmonitor.com/stats

3.126.213.67

200 OK

40 B

URL GET
professionaltrafficmonitor.com/stats
IP
3.126.213.67:443
ASN
#16509 AMAZON-02

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerAmazon
Subjectprotrafficinspector.com
Fingerprint5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6
ValidityTue, 01 Jul 2025 00:00:00 GMT - Thu, 30 Jul 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2c97135919bbdce55d9ee793c5875e1c
9f778144c25999bf3ce12e2ccaa8eaf81c290bae
a2b23d0eecb8440275e8ea5fca14d56a94995852301634dfeda264ac16d0c18d

HTTP Headers

GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interbots.com
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Cookie: uid_id2=4019d9c8-772a-4c3d-b8fc-30329fe16460:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Jul 2025 19:24:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://interbots.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

POST oamsedsaiph.net/5/9406683/?oo=1&js_build=iclick-v1.1492.0&dmn=madurird.com&tt=2&ix=0

139.45.195.9

204 No Content

0 B

URL POST
oamsedsaiph.net/5/9406683/?oo=1&js_build=iclick-v1.1492.0&dmn=madurird.com&tt=2&ix=0
IP
139.45.195.9:443
ASN
#9002 RETN Limited

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectoamsedsaiph.net
FingerprintDC:F4:EC:B3:76:F4:00:D1:1D:C1:5E:3D:A1:E0:C0:8E:11:EC:35:1D
ValidityMon, 14 Jul 2025 05:10:32 GMT - Sun, 12 Oct 2025 05:10:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /5/9406683/?oo=1&js_build=iclick-v1.1492.0&dmn=madurird.com&tt=2&ix=0 HTTP/1.1
Host: oamsedsaiph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2712
Origin: https://interbots.com
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Tue, 15 Jul 2025 19:24:31 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://interbots.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-RBMLY22Q2M

142.250.178.72

200 OK

399 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-RBMLY22Q2M
IP
142.250.178.72:443
ASN
#15169 GOOGLE

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT

File type
JavaScript source, ASCII text, with very long lines (6004)
Size
399 kB (398550 bytes)
Hash
a9c612ab05fe71ae20616c0df9dd185f
6d106c72be8c217e85fb1fed3fcea0cc8f419e96
3ca38b7007b18253a07da4dd9bf02617005ba99f33e29400cb504adb6e17adb1

HTTP Headers

GET /gtag/js?id=G-RBMLY22Q2M HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 15 Jul 2025 19:24:29 GMT
expires: Tue, 15 Jul 2025 19:24:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 132827
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET treatmentoctopus.com/9e9be25a2a2566d1ea0cecf1ef12324a/invoke.js

192.243.59.13

200 OK

27 kB

URL GET
treatmentoctopus.com/9e9be25a2a2566d1ea0cecf1ef12324a/invoke.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjecttreatmentoctopus.com
FingerprintFC:EC:D4:E5:87:20:03:A0:68:AC:95:37:B6:D9:17:7A:BD:68:61:F5
ValiditySun, 22 Jun 2025 23:41:16 GMT - Sat, 20 Sep 2025 23:41:15 GMT

File type
JavaScript source, ASCII text, with very long lines (27383), with no line terminators
Size
27 kB (27383 bytes)
Hash
f656dbb02da9c8f2f7bcfc31fdb85daf
adc95a034e8ec834b29badc2fea65534024d1530
17d456acdd2e7a73e74aa711988864c8ea258ccae53db57f7b65842fa5980336

HTTP Headers

GET /9e9be25a2a2566d1ea0cecf1ef12324a/invoke.js HTTP/1.1
Host: treatmentoctopus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 15 Jul 2025 19:24:29 GMT
Content-Type: application/javascript
Content-Length: 11502
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: treatmentoctopus.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5902fc480dd5d71baf9faf53794cdffc
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET wearychallengeraise.com/pixel/purst?dl=0&th=0&sc=0&rs=1178&rd=1178&fd=665&bv=25.7.6656&tmpl=70

192.243.59.13

200 OK

0 B

URL GET
wearychallengeraise.com/pixel/purst?dl=0&th=0&sc=0&rs=1178&rd=1178&fd=665&bv=25.7.6656&tmpl=70
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectwearychallengeraise.com
FingerprintC2:9A:4F:D1:20:4F:D6:7B:AD:D9:F3:AE:DB:94:98:E2:A5:BE:EF:8B
ValidityThu, 19 Jun 2025 03:13:57 GMT - Wed, 17 Sep 2025 03:13:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1178&rd=1178&fd=665&bv=25.7.6656&tmpl=70 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 15 Jul 2025 19:24:30 GMT
Content-Length: 0
Connection: keep-alive
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET professionaltrafficmonitor.com/stats

3.126.213.67

200 OK

40 B

URL GET
professionaltrafficmonitor.com/stats
IP
3.126.213.67:443
ASN
#16509 AMAZON-02

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerAmazon
Subjectprotrafficinspector.com
Fingerprint5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6
ValidityTue, 01 Jul 2025 00:00:00 GMT - Thu, 30 Jul 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2c97135919bbdce55d9ee793c5875e1c
9f778144c25999bf3ce12e2ccaa8eaf81c290bae
a2b23d0eecb8440275e8ea5fca14d56a94995852301634dfeda264ac16d0c18d

HTTP Headers

GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interbots.com
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Jul 2025 19:24:29 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://interbots.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=4019d9c8-772a-4c3d-b8fc-30329fe16460:2:1; expires=Fri, 13 Jul 2035 19:24:29 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET wearychallengeraise.com/watch.803677402477.js?dev=e&key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&pst=1752607530&rb=&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&res=14.3095&rmtc=t&shu=90a9bc7fa3851e71cce53fee0d9c86a86aad7046015c186732aae31028fee7cb7c404be246fe4d757da7edf252ebc47c453bbde4263e2b91a5dc16a87e33d187ca8a01db3b332b09883cb83d8b31f5ae6f39cd28ff61bd0ec0ab&tz=0&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1

192.243.59.13

200 OK

4.9 kB

URL GET
wearychallengeraise.com/watch.803677402477.js?dev=e&key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&pst=1752607530&rb=&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&res=14.3095&rmtc=t&shu=90a9bc7fa3851e71cce53fee0d9c86a86aad7046015c186732aae31028fee7cb7c404be246fe4d757da7edf252ebc47c453bbde4263e2b91a5dc16a87e33d187ca8a01db3b332b09883cb83d8b31f5ae6f39cd28ff61bd0ec0ab&tz=0&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectwearychallengeraise.com
FingerprintC2:9A:4F:D1:20:4F:D6:7B:AD:D9:F3:AE:DB:94:98:E2:A5:BE:EF:8B
ValidityThu, 19 Jun 2025 03:13:57 GMT - Wed, 17 Sep 2025 03:13:56 GMT

File type
JavaScript source, ASCII text, with very long lines (4027)
Size
4.9 kB (4903 bytes)
Hash
94ecd26272ef829c5bca574c75a1ac25
a302c8acc32937d6384f78fd88c3165e78e7b606
a67fc9b7e4e8a124ad98d9e53363b613dc9ce70a622fd92f51383f67bc8f0de7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.803677402477.js?dev=e&key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&pst=1752607530&rb=&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&res=14.3095&rmtc=t&shu=90a9bc7fa3851e71cce53fee0d9c86a86aad7046015c186732aae31028fee7cb7c404be246fe4d757da7edf252ebc47c453bbde4263e2b91a5dc16a87e33d187ca8a01db3b332b09883cb83d8b31f5ae6f39cd28ff61bd0ec0ab&tz=0&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interbots.com
Referer: https://interbots.com/
DNT: 1
Connection: keep-alive
Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjcyMjIyNiwiayI6IjllOWJlMjVhMmEyNTY2ZDFlYTBjZWNmMWVmMTIzMjRhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTgxNjI2LCJwaWQiOjM4MDU1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJla3plOHV2eGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vaW50ZXJib3RzLmNvbS9yZWYucGhwP3VybD1odHRwczovL3R2YXJ0aWNsZXMub3JnL3ZpZGQucGhwP2lkPTI2ODc4NTMiLCJhciI6W119fQ.uzsZPkah7Cjob8TI4WPdgN2GEDJIgMuJYqPo54Qh73g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 15 Jul 2025 19:24:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Access-Control-Allow-Origin: https://interbots.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=4019d9c8-772a-4c3d-b8fc-30329fe16460:2:1; expires=Tue, 22 Jul 2025 19:24:30 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Wed, 16 Jul 2025 19:24:30 GMT; path=/; secure; SameSite=None
uncs=1; expires=Wed, 16 Jul 2025 19:24:30 GMT; path=/; secure; SameSite=None
pdhtkv32=true; expires=Wed, 16 Jul 2025 19:24:30 GMT; path=/; secure; SameSite=None
uncs32=1; expires=Wed, 16 Jul 2025 19:24:30 GMT; path=/; secure; SameSite=None
u_pl26722226=1; expires=Wed, 16 Jul 2025 19:24:30 GMT; path=/; secure; SameSite=None
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6504c38c20795a599ff36207ee4d8555
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET flushpersist.com/pxf.gif?uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20Android%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=a579f3238470178c269d4a0465538683&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19

192.243.61.227

200 OK

0 B

URL GET
flushpersist.com/pxf.gif?uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20Android%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=a579f3238470178c269d4a0465538683&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectflushpersist.com
Fingerprint9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A
ValidityTue, 01 Jul 2025 15:12:33 GMT - Mon, 29 Sep 2025 15:12:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pxf.gif?uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20Android%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=a579f3238470178c269d4a0465538683&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: flushpersist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 15 Jul 2025 19:24:31 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: flushpersist.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: bd7b77995583c6ca776a6fcba0fe5ebb
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET weirdopt.com/ad/advertisers.js

185.196.197.72

200 OK

0 B

URL GET
weirdopt.com/ad/advertisers.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectweirdopt.com
Fingerprint1A:27:71:C0:8E:44:D4:6B:F5:AA:49:F0:F1:AF:E5:5F:30:23:A4:D4
ValidityTue, 01 Jul 2025 15:18:37 GMT - Mon, 29 Sep 2025 15:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ad/advertisers.js HTTP/1.1
Host: weirdopt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 15 Jul 2025 19:24:30 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5c8e674197b18433094de2acd022f534
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.storageimagedisplay.com/cti/1a/ba/60/1aba60ed15ec9a757d923658796c771d/1707923285.png

45.133.44.1

200 OK

30 kB

URL GET
cdn.storageimagedisplay.com/cti/1a/ba/60/1aba60ed15ec9a757d923658796c771d/1707923285.png
IP
45.133.44.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectcdn.storageimagedisplay.com
Fingerprint06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
ValidityThu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT

File type
PNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced
Size
30 kB (30384 bytes)
Hash
2471c88a76fc28f99949311ee0826a7f
da73b2288a199fe009115576711a2b5869b6dfe4
913697d38c42449701edbc9076e47f75adba56e709af47e76c5b71dfa52f95d2

HTTP Headers

GET /cti/1a/ba/60/1aba60ed15ec9a757d923658796c771d/1707923285.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Jul 2025 19:24:31 GMT
content-type: image/png
content-length: 30384
server: nginx/1.21.6
last-modified: Wed, 14 Feb 2024 15:08:14 GMT
etag: "65ccd75e-76b0"
expires: Thu, 17 Jul 2025 19:24:31 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853

188.114.97.1

200 OK

33 kB

URL User Request GET
interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectinterbots.com
FingerprintFA:DB:7A:75:BB:32:E3:35:1A:51:97:70:A7:FD:7B:56:77:1D:0C:01
ValidityTue, 03 Jun 2025 08:31:54 GMT - Mon, 01 Sep 2025 09:31:51 GMT

File type
HTML document, ASCII text, with very long lines (28152)
Size
33 kB (33424 bytes)
Hash
8ef8436e65ba1ea4eeddd122b3169fc0
b99ebd423b59dd70d81a9658e627de01c013fad4
4dd5ab2f3d99c1a71213f6090b82ec0f17415415409e9ee78fda2e4662804732

HTTP Headers

GET /ref.php?url=https://tvarticles.org/vidd.php?id=2687853 HTTP/1.1
Host: interbots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Jul 2025 19:24:28 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
x-powered-by: PHP/8.3.16
x-robots-tag: noindex, nofollow
strict-transport-security: max-age=31536000;
cache-control: max-age=0, no-cache
x-page-speed: 1.13.35.2-0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gVryWq7DFD3xFCWQXzddiqYSrqvpB%2BZDbWWQCmMSNFPcazKHkslWrhV60Fzwv9kG4dcNmYIZd%2Be%2BpYYm2IJoNXFfyEBmqSvke2kf"}]}
cf-cache-status: DYNAMIC
vary: accept-encoding
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 95fba3e6ea905684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET treatmentoctopus.com/a5/79/f3/a579f3238470178c269d4a0465538683.js

192.243.59.13

200 OK

104 kB

URL GET
treatmentoctopus.com/a5/79/f3/a579f3238470178c269d4a0465538683.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjecttreatmentoctopus.com
FingerprintFC:EC:D4:E5:87:20:03:A0:68:AC:95:37:B6:D9:17:7A:BD:68:61:F5
ValiditySun, 22 Jun 2025 23:41:16 GMT - Sat, 20 Sep 2025 23:41:15 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104226 bytes)
Hash
c1bd7b034bff18b3d7208033c8392ca8
b31da0b631fb5f29f5218f86c657ff0610bb1415
177d3507fb869d82b7082f803ab0df631a68bf1200d3ae0a126707068540b645

HTTP Headers

GET /a5/79/f3/a579f3238470178c269d4a0465538683.js HTTP/1.1
Host: treatmentoctopus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 15 Jul 2025 19:24:29 GMT
Content-Type: application/javascript
Content-Length: 32901
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: treatmentoctopus.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 25dc2795767dc1db54e0d67f505e6a5c
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET madurird.com/tag.min.js

139.45.197.106

200 OK

109 kB

URL GET
madurird.com/tag.min.js
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint09:91:C5:C7:5D:1D:EE:65:92:6D:A8:CB:EF:8C:E0:02:50:27:22:09
ValidityTue, 08 Jul 2025 05:31:00 GMT - Mon, 06 Oct 2025 05:30:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108871 bytes)
Hash
4e417d22c6cbcb050ecb47657d05e761
8731acdc898c5e80efbd326d3b673452fde66ca9
044c9fb8afc0e8facbc7988a2743ae181282b3f4feb307128f8ec25dab704068

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 15 Jul 2025 19:24:29 GMT
content-type: application/javascript
x-trace-id: 82de558043b59a47694fd213882ff629
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET preferencenail.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET
preferencenail.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectpreferencenail.com
FingerprintF9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3
ValidityTue, 01 Jul 2025 15:11:38 GMT - Mon, 29 Sep 2025 15:11:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85386 bytes)
Hash
46a6fef91632b94d14252fe324c1585f
387cebbd261b8fe947fe9805875300f2ceeb5cfd
36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5

HTTP Headers

GET /sfp.js HTTP/1.1
Host: preferencenail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 15 Jul 2025 19:24:29 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28254
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: preferencenail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 518a5cd3cb48e94682191313b70182e7
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET professionaltrafficmonitor.com/stats

3.126.213.67

200 OK

40 B

URL GET
professionaltrafficmonitor.com/stats
IP
3.126.213.67:443
ASN
#16509 AMAZON-02

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerAmazon
Subjectprotrafficinspector.com
Fingerprint5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6
ValidityTue, 01 Jul 2025 00:00:00 GMT - Thu, 30 Jul 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
7851d10c4095c63572f9ef48a51d0669
56938395f4fcd711f1bc5dc1c19e6dcbeed93b16
07b5d7de21dea448b4491e61c1c8e56945479054431c4c3a25db26c9fc01b871

HTTP Headers

GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interbots.com
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Jul 2025 19:24:29 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://interbots.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ee040c33-2ecd-4e50-ab79-7f4d83df4599:2:1; expires=Fri, 13 Jul 2035 19:24:29 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

HEAD interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853

188.114.97.1

200 OK

0 B

URL HEAD
interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerGoogle Trust Services
Subjectinterbots.com
FingerprintFA:DB:7A:75:BB:32:E3:35:1A:51:97:70:A7:FD:7B:56:77:1D:0C:01
ValidityTue, 03 Jun 2025 08:31:54 GMT - Mon, 01 Sep 2025 09:31:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /ref.php?url=https://tvarticles.org/vidd.php?id=2687853 HTTP/1.1
Host: interbots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 15 Jul 2025 19:24:29 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
x-powered-by: PHP/8.3.16
x-robots-tag: noindex, nofollow
strict-transport-security: max-age=31536000;
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3Lv1ZaU8btXxgw6Zopi7EgAILbig2DmyDhLW%2BpNb7pBjN3ACxnn2ENhgyZRi6vUrZyJB6d1m9p%2FdYYrSOCU%2FXUgvh%2FZ3MDGkRBhO"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 95fba3ee6b02569d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wearychallengeraise.com/watch.803677402477.js?key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&tz=0&dev=e&res=14.3095&rb=&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1

192.243.59.13

307 Temporary Redirect

4.9 kB

URL GET
wearychallengeraise.com/watch.803677402477.js?key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&tz=0&dev=e&res=14.3095&rb=&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://interbots.com/ref.php?url=https://tvarticles.org/vidd.php?id=2687853
Certificate
IssuerLet's Encrypt
Subjectwearychallengeraise.com
FingerprintC2:9A:4F:D1:20:4F:D6:7B:AD:D9:F3:AE:DB:94:98:E2:A5:BE:EF:8B
ValidityThu, 19 Jun 2025 03:13:57 GMT - Wed, 17 Sep 2025 03:13:56 GMT

File type

Size
4.9 kB (4903 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.803677402477.js?key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&tz=0&dev=e&res=14.3095&rb=&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interbots.com
DNT: 1
Connection: keep-alive
Referer: https://interbots.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 15 Jul 2025 19:24:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Access-Control-Allow-Origin: https://interbots.com
Access-Control-Allow-Credentials: true
Location: https://wearychallengeraise.com/watch.803677402477.js?dev=e&key=9e9be25a2a2566d1ea0cecf1ef12324a&kw=%5B%22redirecting%22%5D&pst=1752607530&rb=&refer=https%3A%2F%2Finterbots.com%2Fref.php%3Furl%3Dhttps%3A%2F%2Ftvarticles.org%2Fvidd.php%3Fid%3D2687853&res=14.3095&rmtc=t&shu=90a9bc7fa3851e71cce53fee0d9c86a86aad7046015c186732aae31028fee7cb7c404be246fe4d757da7edf252ebc47c453bbde4263e2b91a5dc16a87e33d187ca8a01db3b332b09883cb83d8b31f5ae6f39cd28ff61bd0ec0ab&tz=0&uuid=4019d9c8-772a-4c3d-b8fc-30329fe16460%3A2%3A1
Set-Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjcyMjIyNiwiayI6IjllOWJlMjVhMmEyNTY2ZDFlYTBjZWNmMWVmMTIzMjRhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTgxNjI2LCJwaWQiOjM4MDU1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJla3plOHV2eGgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vaW50ZXJib3RzLmNvbS9yZWYucGhwP3VybD1odHRwczovL3R2YXJ0aWNsZXMub3JnL3ZpZGQucGhwP2lkPTI2ODc4NTMiLCJhciI6W119fQ.uzsZPkah7Cjob8TI4WPdgN2GEDJIgMuJYqPo54Qh73g; expires=Tue, 15 Jul 2025 19:25:30 GMT; path=/; secure; SameSite=None
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 464f69cb3d104bffa54ccfb92364cec9
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML