Report - llama.website/Sq

Report Overview

Visited public
2023-11-05 20:52:22
Tags
Submit Tags
URL
llama.website/Sq
Finishing URL
llama.website/Sq
IP / ASN
91.92.249.75
#34368 Natskovi & Sie Ltd.
Title
UPLOAD.EE - Dailymotion.com.txt - Download - Nuke.biz - Shorten your URLs, nuke your competition.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-05 15:43:22	421 B	11 kB	142.250.74.106
alwingulla.com	unknown	2023-05-22	2023-05-22 18:17:44	2023-11-05 15:08:32	402 B	26 kB	172.67.152.114
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-05 14:39:56	863 B	302 kB	142.250.74.168
aistekso.net	unknown	2023-10-16	2023-10-16 16:37:28	2023-11-05 14:42:07	2.5 kB	78 kB	139.45.197.244
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-11-05 12:01:58	1.8 kB	53 kB	104.22.33.172
llama.website	unknown	2023-10-04	2021-02-04 06:25:37	2023-10-06 21:11:23	964 B	8.6 kB	91.92.249.75
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-05 05:11:29	1.5 kB	1.5 kB	139.45.197.250
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-05 14:57:39	1.0 kB	33 kB	216.58.207.227
serving.bepolite.eu	unknown	unknown	2017-01-29 19:42:29	2023-11-05 13:53:32	661 B	1.0 kB	212.47.222.21
du0pud0sdlmzf.cloudfront.net	unknown	2008-04-25	2023-08-24 12:49:59	2023-11-05 14:52:05	2.4 kB	121 kB	108.157.232.39
dweatherbe.org	unknown	2023-09-30	2023-10-22 23:07:52	2023-11-05 14:36:00	3.7 kB	6.9 kB	108.157.214.79
ibrapush.com	unknown	2019-04-19	2020-04-18 16:40:35	2023-11-05 08:00:47	3.3 kB	155 kB	139.45.197.250
cameesse.net	unknown	2023-10-18	2023-10-18 14:31:33	2023-11-05 13:20:21	5.6 kB	240 kB	139.45.197.242
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-11-05 15:03:22	3.7 kB	12 kB	142.250.74.109
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-11-05 14:42:14	527 B	483 B	139.45.195.254
veepteero.com	unknown	2023-05-08	2023-05-09 02:18:41	2023-11-05 08:00:13	1.4 kB	7.2 kB	139.45.197.242
www.nbfcs.org	unknown	2022-11-16	2022-11-17 15:12:53	2023-11-03 13:07:10	470 B	0 B	0.0.0.0
www.upload.ee	981196	2010-07-04	2012-05-24 10:39:37	2023-11-05 11:37:50	2.5 kB	30 kB	51.91.30.159
nuke.biz	unknown	2023-10-04	2020-03-05 23:21:54	2023-10-06 07:30:25	10 kB	1.2 MB	91.92.249.75
gishejuy.com	unknown	2023-10-25	2023-10-25 15:14:32	2023-11-05 08:00:22	5.4 kB	98 kB	139.45.197.242
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-11-05 14:34:47	1.7 kB	208 kB	172.67.220.203
nandweandthe.org	unknown	2023-09-30	2023-10-30 08:47:30	2023-11-05 14:34:47	2.1 kB	2.4 kB	172.67.176.169
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-05 11:13:37	1.0 kB	1.5 kB	139.45.195.8
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-11-05 14:42:09	396 B	48 kB	104.21.11.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-05 20:52:02	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:02	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:02	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:03	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:03	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:03	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:04	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:08	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:09	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:09	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:09	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-05 20:52:09	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-05	medium	aistekso.net	Sinkholed
2023-11-05	medium	cameesse.net	Sinkholed
2023-11-05	medium	gishejuy.com	Sinkholed
2023-11-05	medium	cameesse.net	Sinkholed
2023-11-05	medium	cameesse.net	Sinkholed
2023-11-05	medium	cameesse.net	Sinkholed
2023-11-05	medium	cameesse.net	Sinkholed
2023-11-05	medium	cameesse.net	Sinkholed
2023-11-05	medium	amunfezanttor.com	Sinkholed
2023-11-05	medium	amunfezanttor.com	Sinkholed
2023-11-05	medium	amunfezanttor.com	Sinkholed
2023-11-05	medium	aistekso.net	Sinkholed
2023-11-05	medium	aistekso.net	Sinkholed
2023-11-05	medium	gishejuy.com	Sinkholed
2023-11-05	medium	gishejuy.com	Sinkholed
2023-11-05	medium	gishejuy.com	Sinkholed
2023-11-05	medium	gishejuy.com	Sinkholed
2023-11-05	medium	gishejuy.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (36)

	URL	From	Size	First Seen	Last Seen
	www.upload.ee/files/15487444/Dailymotion.com.txt.html	ScriptElement	14 B	2023-03-09	2025-06-29
Pretty URL www.upload.ee/files/15487444/Dailymotion.com.txt.html IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-06-29 09:33 Times Seen3437 Hash 48e07e6b9e60fc36f21db6b71bf0b4b1 fb4085cc0058779b28e5c366a2b92cf242399c2f 3cbdc71216bd0aa119c93b4c5213941e9972e26ef16b3386c7c9cb32bcc60d64 Loading...

	www.upload.ee/files/15487444/Dailymotion.com.txt.html	ScriptElement	57 B	2023-03-09	2025-06-29
Pretty URL www.upload.ee/files/15487444/Dailymotion.com.txt.html IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-06-29 09:33 Times Seen3434 Hash 63fa78e3d4ae4b7fc4cf5126264cb75e 65657518c61173b8205d4fb68aabfae6ae7270a0 a31d904d1ab6191632f68d0b375b622e4699c6e840f99ce53699df5d9f77ef6a Loading...

	du0pud0sdlmzf.cloudfront.net/?dupud=997369	ScriptElement	363 kB	2023-11-05	2023-11-05
Pretty URL du0pud0sdlmzf.cloudfront.net/?dupud=997369 IP 108.157.232.39 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash e77c40a35ea25a395aeb08270011d49a 835f18b3bdc5a6e9c8f7d639ceabf06d419a1de6 8ff3aa18b5f251fa41c9c670471d7e2514423f5690ee88bbfb3936d4aed18301 Loading...

	nuke.biz/static/frontend/js/app.min.js	ScriptElement	5.9 kB	2023-09-11	2025-07-05
Pretty URL nuke.biz/static/frontend/js/app.min.js IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-11 11:11 Last Seen2025-07-05 15:23 Times Seen62 Hash 82374b423499415c2c3173513ec1615c 3b219efdc592a49a680e2c71cb22989c686b5417 12116847297eb16ae5aa1d26b27a0b4704afcc352272ab89cd6d28a27b2604be Loading...

	www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c	ScriptElement	250 kB	2023-11-05	2023-11-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash e3418f24d020365490d1edce09545dd9 d8f719f10c7a22b9d1ccdb45b6c360e17e7e1cb3 8ccf82db0be4818315a4b2709219dc98667a007f85de97592431457a7ad6c061 Loading...

	du0pud0sdlmzf.cloudfront.net/YbXkyNDcOFlxSCBkQVgkOVE4GBA9LE0FbWR1ESlx1XS9Udm0sGGFaQ1lfRk5TUEkUWFYDHg8SUgMaDwURDB1QCQNLDFMJWgIDW1hbDFwAcgJDSRcGB0UBAwUSXjsXBgcBEFxBT0hLAkwPWyYEABJeOxcGBx8PFwd2XEkLGgdEXAAEUAgaWVsSXz8ABAZdSQ-MEBkhLAlJeHxxUW09IS3QFBlxXAhJCUEg	ScriptElement	194 B	2023-11-05	2023-11-05
Pretty URL du0pud0sdlmzf.cloudfront.net/YbXkyNDcOFlxSCBkQVgkOVE4GBA9LE0FbWR1ESlx1XS9Udm0sGGFaQ1lfRk5TUEkUWFYDHg8SUgMaDwURDB1QCQNLDFMJWgIDW1hbDFwAcgJDSRcGB0UBAwUSXjsXBgcBEFxBT0hLAkwPWyYEABJeOxcGBx8PFwd2XEkLGgdEXAAEUAgaWVsSXz8ABAZdSQ-MEBkhLAlJeHxxUW09IS3QFBlxXAhJCUEg IP 108.157.232.39 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash b15f21d99ea56239a052fe5660c6e4aa 5517989e52d4374f35bc2a2c0021fd2bc34b62c4 0f3be2ecc53c6df46a14b352489bd5a7c509cf68506a40b767d1d5d68a97c3b4 Loading...

	aistekso.net/401/6551786	ScriptElement	89 kB	2024-08-20	2024-08-20
Pretty URL aistekso.net/401/6551786 IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 20:45 Last Seen2024-08-20 20:45 Times Seen1 Hash a27aff2a3dff6d6aebafa01996ee073e ac005ab36ccaf3022d75e46bbdad9c7d43e7d42f 57403c7b771d313b14a87f162e2a51edc7b0970cdb7f12eeb799f86a4cca4594 Loading...

	du0pud0sdlmzf.cloudfront.net/teHhkQ0cbFwoleAwRAH5+QU9XdX5eEhcsKQhFLwkLKhAecS5LSSYrYQwCAH53XhQFLSBFXgEtJEVJQiIjGkVQZTMIFw9+IBQPEzYyCAABJ2ENGVkuKAIRCC8mXUoidmlIXVZzbwBJVWZ0Ol1WcysRFhE7YkpIHHtxJ05QZnQ6XVZzNQ5dVwJ2SEFKc25dSl-QkIhsTC2Z1PkpUcndISVRyYkpIAio1HR4LO2JKPlVydlZIQjZ6SQ	ScriptElement	856 B	2023-11-05	2023-11-05
Pretty URL du0pud0sdlmzf.cloudfront.net/teHhkQ0cbFwoleAwRAH5+QU9XdX5eEhcsKQhFLwkLKhAecS5LSSYrYQwCAH53XhQFLSBFXgEtJEVJQiIjGkVQZTMIFw9+IBQPEzYyCAABJ2ENGVkuKAIRCC8mXUoidmlIXVZzbwBJVWZ0Ol1WcysRFhE7YkpIHHtxJ05QZnQ6XVZzNQ5dVwJ2SEFKc25dSl-QkIhsTC2Z1PkpUcndISVRyYkpIAio1HR4LO2JKPlVydlZIQjZ6SQ IP 108.157.232.39 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash 22c9f35569689355fde8085da82dc4d1 4b04bc31599935223b957d278a6478725b786ec1 2c1ea9e8cb1996b0f90987ab050e409ff697ac5767c7625fe782db811e6f200d Loading...

	du0pud0sdlmzf.cloudfront.net/TbkhJQ1YNJyclaRohLX5vV399cmJIIjosOB51BXIFGBkAex4ELn4GJB15bzcsCnV5ZToPJi5+cAsmKn5nSCktIWtabj0zOQV1Li8hGT08My4LLG82N1MlJjk/AiQoZmQofWdzc1x4YTtnX216AXNceCUqOBswbHFmFnB/HGBabXoBc1x4OzVzXQl4c29AeG-BmZF4vLCA9AW17BWReeXlzZ155bHFmCCE7JjABMGxxEF95eG1mSD10cg	ScriptElement	791 B	2023-11-05	2023-11-05
Pretty URL du0pud0sdlmzf.cloudfront.net/TbkhJQ1YNJyclaRohLX5vV399cmJIIjosOB51BXIFGBkAex4ELn4GJB15bzcsCnV5ZToPJi5+cAsmKn5nSCktIWtabj0zOQV1Li8hGT08My4LLG82N1MlJjk/AiQoZmQofWdzc1x4YTtnX216AXNceCUqOBswbHFmFnB/HGBabXoBc1x4OzVzXQl4c29AeG-BmZF4vLCA9AW17BWReeXlzZ155bHFmCCE7JjABMGxxEF95eG1mSD10cg IP 108.157.232.39 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash 4421ddf180005c6d2e70b541e6e3db5a 3f37ab43c03d4086c75c86d199dbb44e2847dc61 d7391befca7cc843aaaf41f098cdcd7ecb4e1f4f8121e9381fe6a535165e20c7 Loading...

	nuke.biz/static/bundle.pack.js	ScriptElement	332 kB	2023-03-07	2025-07-05
Pretty URL nuke.biz/static/bundle.pack.js IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41 Last Seen2025-07-05 23:40 Times Seen156 Hash b7a0b4d8ad643025de822486283a2bbf 28b0afdd6b9ccf94645ac0ed5c55aa35c7dc892c fc981871b8271bea9270a3af4f77bb50d37101e555dd6801fe7ecf9e26a9b12b Loading...

	llama.website/Sq	ScriptElement	0 B	0001-01-01	2025-07-06
Pretty URL llama.website/Sq IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-06 01:02 Times Seen5295276 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nuke.biz/static/custom.min.js	ScriptElement	13 kB	2023-10-19	2025-06-28
Pretty URL nuke.biz/static/custom.min.js IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 01:13 Last Seen2025-06-28 08:19 Times Seen29 Hash 6d0fd498fae4b3e791c3960f13d990a4 17fc76b7d7baf945b510380329a265673bfe7bd1 e2f9b84536c735a5d94780169580ecfb7e4114f4ae3d011d1fd2f16c408febfe Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-07-06
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-07-06 00:58 Times Seen28752 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	gishejuy.com/400/6551784	ScriptElement	82 kB	2023-11-05	2023-11-05
Pretty URL gishejuy.com/400/6551784 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash e090d59aeb53215074982292f514c3ca e81355ab40be8b86c40546bf386645b53c21b0aa e07745f1a30fffc972c3792214cd4f7b501903f5d05ce11e78d570469c711b20 Loading...

	serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6096484&screen_width=20&screen_height=634&os=Linux%20x86_64&refurl=https%3A%2F%2Fllama.website%2F&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15487444%2FDailymotion.com.txt.html&rnd=1699217522901	ScriptElement	590 B	2023-11-05	2023-11-05
Pretty URL serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6096484&screen_width=20&screen_height=634&os=Linux%20x86_64&refurl=https%3A%2F%2Fllama.website%2F&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15487444%2FDailymotion.com.txt.html&rnd=1699217522901 IP 212.47.222.21 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash 861f4fb6baa2937a6b7a15af7fd0c015 44a08d201ecb4c26bfc16eab5bf3caf850e1e461 a1b82ba1a7bf5f15ad46e9ff9c363dcb0c0ac83a1b638270b665f325799aa031 Loading...

	unknown	ScriptElement	26 kB	2023-03-07	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2025-01-30 15:49 Times Seen1752 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	www.upload.ee/files/15487444/Dailymotion.com.txt.html	ScriptElement	155 B	2023-03-09	2025-06-19
Pretty URL www.upload.ee/files/15487444/Dailymotion.com.txt.html IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-06-19 04:32 Times Seen3424 Hash ba71a86056b5c9ef37b625aade54337e 4769c2a07aa71c342dcb06dfa2950cff7ecae40f 65d96ab8cd224643e09a693cdc8fa0b76eb9c6cfe0a4be8b797136ca83a305c0 Loading...

	nuke.biz/static/frontend/libs/feather-icons/dist/feather.min.js	ScriptElement	76 kB	2023-03-07	2025-07-05
Pretty URL nuke.biz/static/frontend/libs/feather-icons/dist/feather.min.js IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-05 20:50 Times Seen556 Hash 199d840e1af3952233f1756b75a9b1dd 546be62a3e3d88dc2cf232be12879209b465aef1 5dfcdd882f92d647a26beb3d974ef2ef27b96bcef8b01abaef32b8bbb2d38ef9 Loading...

	cameesse.net/1?z=6551785	ScriptElement	43 kB	2024-08-20	2024-08-20
Pretty URL cameesse.net/1?z=6551785 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 20:45 Last Seen2024-08-20 20:45 Times Seen1 Hash d6ba4680931eb92edeeb7a34913ceb46 c2c1b62dd0346c080651912a29527480cf3773af d751a0dd2a4dc3388cf8b8f0e8800b69baf39ca2a7b48f2c5bbabae493c1ebaa Loading...

	dweatherbe.org/N3hUbzBWGjcCD1ZFNklFRRRpSgJxXWYpVEJIJBpUBwswA11NHnoMXFgNMAlCWBYgQV5SDHFddmMaPwd6ZkkNIXpOGzgOYlgQGDcFQS5nVglUFR4meV0XJyByAkkWN3lxPxYEcVIAYCp8WUwTJXIGTTYVU0Q7OjkFbSw7P3peTXFdclQ5JwJ7WU06PHNcDB04RFYaPl9KeCkCXnxeQDwoZAdAGRYEezQTVwJ5SRkDel0TcV12dhEFAGpaKTsJZ1MCN15IAyEAG15vSmVZcW82NwpzYgkbLUNAGhwpXXEWFkoCcTATLVFVIDstUwYAYCBKYQIMPlwDG2ZWcVI/eS1dbT5gGXx0OW0uZwZPFjhiUh0MA0ptSWFaUn8+OSxzck8eBXF1NRMXSHI+bVpVcEk5PHQGSDcIFl0LOwFACjRlPEZmMWwnWlFPER1DBg	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL dweatherbe.org/N3hUbzBWGjcCD1ZFNklFRRRpSgJxXWYpVEJIJBpUBwswA11NHnoMXFgNMAlCWBYgQV5SDHFddmMaPwd6ZkkNIXpOGzgOYlgQGDcFQS5nVglUFR4meV0XJyByAkkWN3lxPxYEcVIAYCp8WUwTJXIGTTYVU0Q7OjkFbSw7P3peTXFdclQ5JwJ7WU06PHNcDB04RFYaPl9KeCkCXnxeQDwoZAdAGRYEezQTVwJ5SRkDel0TcV12dhEFAGpaKTsJZ1MCN15IAyEAG15vSmVZcW82NwpzYgkbLUNAGhwpXXEWFkoCcTATLVFVIDstUwYAYCBKYQIMPlwDG2ZWcVI/eS1dbT5gGXx0OW0uZwZPFjhiUh0MA0ptSWFaUn8+OSxzck8eBXF1NRMXSHI+bVpVcEk5PHQGSDcIFl0LOwFACjRlPEZmMWwnWlFPER1DBg IP 108.157.214.79 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:45 Last Seen2024-08-20 20:45 Times Seen1 Hash d8f0ca947ffe271373498b11bacda08b a924f8dda87f40d986bba09137718261e18eaa40 e175823efab189c253ddea75a20162ea8844a95fbb9148a479c134a66f2bad5d Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-06
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-06 00:58 Times Seen392680 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	alwingulla.com/88/tag.min.js	ScriptElement	72 kB	2023-11-04	2023-11-06
Pretty URL alwingulla.com/88/tag.min.js IP 172.67.152.114 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 12:45 Last Seen2023-11-06 23:54 Times Seen21 Hash 2ef86893826198fd03b2dc4e422834c9 0dc1d39a850eb98f424881d9533e02a1774ab561 7f513e47cbf6f8bb8697296b79513a2a1b44e1e8b080c8c6b2d832328942b9c4 Loading...

	ibrapush.com/pfe/current/tag.min.js?z=6551787	ScriptElement	13 kB	2023-11-02	2024-08-20
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=6551787 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 104.21.11.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	llama.website/sandbox%20eval%20code		147 B	2023-04-11	2025-07-06
Pretty URL llama.website/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-06 00:58 Times Seen393158 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	cameesse.net/27/16252007f3b3918d0da1ccd482c4cb4d	ScriptElement	413 kB	2023-10-31	2023-11-07
Pretty URL cameesse.net/27/16252007f3b3918d0da1ccd482c4cb4d IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 15:21 Last Seen2023-11-07 14:19 Times Seen324 Hash 58f985fd680e3117a6d6dcf62f50be34 ae1f26a219ddedc232964d8b91619ed1f04c4618 db0b413c92eef041a6dda8e7279a8cbee06755eab7b751c88bdbc22781e7e78a Loading...

	www.upload.ee/js/js__file_upload.js	ScriptElement	26 kB	2023-10-24	2025-06-29
Pretty URL www.upload.ee/js/js__file_upload.js IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 16:45 Last Seen2025-06-29 09:33 Times Seen3342 Hash 66684709338f7239056ff3302e16bc4a 7dbd501434bdc062cdc8f6744e272a7d39ca5136 5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f Loading...

	www.upload.ee/files/15487444/Dailymotion.com.txt.html	ScriptElement	1.6 kB	2023-03-09	2024-08-21
Pretty URL www.upload.ee/files/15487444/Dailymotion.com.txt.html IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2024-08-21 09:18 Times Seen114 Hash bada815b0add3317d69cbff824573d6b 60ebc2061d3dbf196d418b6802aa0d971b7bc189 f2fe3c2dc65244420df6fc8efd959211c4ef3d9f76e2a3c530b4a3163138d92b Loading...

	www.googletagmanager.com/gtag/js?id=UA-6703115-1	ScriptElement	135 kB	2023-11-05	2023-11-05
Pretty URL www.googletagmanager.com/gtag/js?id=UA-6703115-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-05 21:52 Last Seen2023-11-05 21:52 Times Seen1 Hash 4cf1c1bd4e781b470a75b6bc37acb5fc 9b1aa50cc413f8f3addffe5574b523360b0bd0c1 d3f43475e50edadd9ef28fbb819c43cfc8f604707a24eb185ef28f1814e7863a Loading...

	llama.website/Sq	ScriptElement	0 B	0001-01-01	2025-07-06
Pretty URL llama.website/Sq IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-06 01:02 Times Seen5295276 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dweatherbe.org/R2hmbGYmCgUBWSZVBEoTNQRbSVQBTVQqAjJYFhkCdxsCAAs9DkgPCigdAgoUKAYSQggiHENeIDMNLgQNFlgFDiAwBwoJJzA6JyRTYlokPTN+MAI0UyItDg8VDDkOKiowAyonDgYNBT9TCzs1NRQeOREvJw9dVTQOFi4qPyQBMAEpEg0tMCY3LiEMKw0ROTw4Kw4uEVVDdSovLjcXLRw1HwQpJy4sdS0oKzAsHS0tLxUrJVQLHz0JBQIqBC80MB0SBBskDT4xNlYIBFc7BT4bNCoOAl8/BxYOIC4YHg1YUz08KTlQNDAdEig9UyM+ESZUFC0gJwV1XQI/Cmo5DSUONDwlXjx2OA0cMyQGAiU1ETofNQ03IScFCXYgNFgqCFosJzYrPh8ICh0hNwY8cTs3Sgw0BwgcWwwiKj4OPVoPX1cFAA	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL dweatherbe.org/R2hmbGYmCgUBWSZVBEoTNQRbSVQBTVQqAjJYFhkCdxsCAAs9DkgPCigdAgoUKAYSQggiHENeIDMNLgQNFlgFDiAwBwoJJzA6JyRTYlokPTN+MAI0UyItDg8VDDkOKiowAyonDgYNBT9TCzs1NRQeOREvJw9dVTQOFi4qPyQBMAEpEg0tMCY3LiEMKw0ROTw4Kw4uEVVDdSovLjcXLRw1HwQpJy4sdS0oKzAsHS0tLxUrJVQLHz0JBQIqBC80MB0SBBskDT4xNlYIBFc7BT4bNCoOAl8/BxYOIC4YHg1YUz08KTlQNDAdEig9UyM+ESZUFC0gJwV1XQI/Cmo5DSUONDwlXjx2OA0cMyQGAiU1ETofNQ03IScFCXYgNFgqCFosJzYrPh8ICh0hNwY8cTs3Sgw0BwgcWwwiKj4OPVoPX1cFAA IP 108.157.214.79 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:45 Last Seen2024-08-20 20:45 Times Seen1 Hash 6da451c07ebd3d0052bcb2a6be2b3249 ee041b970addfeb9166671a32c5c46b7777a7eeb c38674c6326cf328b79cfe9fd8b6e809f06a7fec1729812a47593413a08e60a5 Loading...

	dweatherbe.org/Rzg1QzQmWlYuCyYFV2VBNVQIZgYBHQcFUDIIRTZQd0tRL1k9XhsgWChNUSVGKFZBbVoiTBBxch5abShNCXxWDHIrQGYAdixpYyRfCG5wd3MFeQwPcXd+VxRmdn1mL0x2YGZ6YSNVBTBzAH5UEgUrXmcoARNtcChhEH5sB3wgAGYWUwpZcTRhFXx3cmUEaXsPcAF1fxRTDnxiclwlfHM0dSRffwdnFVtyAQQSenQ0YRRgXzBsBV9WAXEBQHcXBC90dChDF29MGnEGen8mez9bcgFMf2hzNFB1YHAoeABfUQZsBnlwFnUgWWIVRxRgT3t1BXlvJ2cWFXgGdixQeQJYDV19O0wSbwV6fRQLZAV2K0BtAlwNe2AGU2FSRixaNwVNK3Z3blMBbgZZZi1Acw	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL dweatherbe.org/Rzg1QzQmWlYuCyYFV2VBNVQIZgYBHQcFUDIIRTZQd0tRL1k9XhsgWChNUSVGKFZBbVoiTBBxch5abShNCXxWDHIrQGYAdixpYyRfCG5wd3MFeQwPcXd+VxRmdn1mL0x2YGZ6YSNVBTBzAH5UEgUrXmcoARNtcChhEH5sB3wgAGYWUwpZcTRhFXx3cmUEaXsPcAF1fxRTDnxiclwlfHM0dSRffwdnFVtyAQQSenQ0YRRgXzBsBV9WAXEBQHcXBC90dChDF29MGnEGen8mez9bcgFMf2hzNFB1YHAoeABfUQZsBnlwFnUgWWIVRxRgT3t1BXlvJ2cWFXgGdixQeQJYDV19O0wSbwV6fRQLZAV2K0BtAlwNe2AGU2FSRixaNwVNK3Z3blMBbgZZZi1Acw IP 108.157.214.79 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:45 Last Seen2024-08-20 20:45 Times Seen1 Hash 1ad730c4900655f4f8e44059afc203db a1617a02e7ce730d80de7b4a29c2e2dcda2dd749 9c9f28c1d3f51f513a793bec413e0169e48f19275d41a88c2ceff577fae96605 Loading...

	llama.website/sandbox%20eval%20code		128 B	2023-05-06	2025-07-06
Pretty URL llama.website/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-07-06 00:58 Times Seen28992 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	nuke.biz/static/server.min.js?v=1.2	ScriptElement	6.6 kB	2023-09-29	2025-07-05
Pretty URL nuke.biz/static/server.min.js?v=1.2 IP 91.92.249.75 ASN #34368 Natskovi & Sie Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-29 22:21 Last Seen2025-07-05 15:23 Times Seen122 Hash c50c6644a1224a8e37de5332c627e01e 9d394377c2e2552574cccc8c64cdf1c349879f98 0963849b9fc2cbc55745df1a15d55f06cd46c2fec034129aee8bd588cd09fd47 Loading...

	unknown	ScriptElement	88 kB	2023-11-02	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5d73df1f80de7c3ef1daf06124cf7a99	51 kB	2024-08-20 20:45	2024-08-20 20:45
Pretty Observations First Seen2024-08-20 20:45 Last Seen2024-08-20 20:45 Times Seen1 Hash 5d73df1f80de7c3ef1daf06124cf7a99 1a00f9393376d4a711d267f0dd9a3a8e7e73be1b 65cc6403587ce731ae7f8af830d4cd7fd430d68deaf35dc9f0f5c246b895e670 Loading...

HTTP Transactions (94)

URL IP Response Size

GET www.upload.ee/files/15487444/Dailymotion.com.txt.html

51.91.30.159

200 OK

8.9 kB

URL GET HTTP/1.1
www.upload.ee/files/15487444/Dailymotion.com.txt.html
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://llama.website/Sq
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Size
8.9 kB (8948 bytes)
Hash
00c49289a60011d0793803bb6ed57d2a
5753dd7b5a07f8c351b35831ac18cb1909d3803a
bcfe5f8bfa336a27f2f493de2bbc84ac4cc7a7817554a099f17952ceb4ae7cdc

HTTP Headers

GET /files/15487444/Dailymotion.com.txt.html HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Nov 2023 20:52:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8948
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 05 Nov 2023 22:52:02 +0200
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Sun, 03-Dec-2023 20:52:02 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip

GET alwingulla.com/88/tag.min.js

172.67.152.114

200 OK

25 kB

URL GET HTTP/2
alwingulla.com/88/tag.min.js
IP
172.67.152.114:443
ASN
#13335 CLOUDFLARENET

Requested by
https://llama.website/Sq
Certificate
IssuerGoogle Trust Services LLC
Subjectalwingulla.com
Fingerprint08:D7:B3:96:27:87:C6:D6:5E:CE:B5:D5:5D:1B:5A:46:91:42:18:3E
ValiditySun, 17 Sep 2023 17:51:53 GMT - Sat, 16 Dec 2023 17:51:52 GMT

File type
ASCII text, with very long lines (65494)
Size
25 kB (25175 bytes)
Hash
2ef86893826198fd03b2dc4e422834c9
0dc1d39a850eb98f424881d9533e02a1774ab561
7f513e47cbf6f8bb8697296b79513a2a1b44e1e8b080c8c6b2d832328942b9c4

HTTP Headers

GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: a367959372a230f95d2a4ed87d6c2ad6
cache-control: max-age=86400
last-modified: Fri, 03 Nov 2023 15:26:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Mon, 06 Nov 2023 03:47:14 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 61488
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3bPwo8KEcNiIkDYQVO3TCg7y39KAbu41AP716w4R7dl4DrsJpJNaomdPp4bzzsey3QtK6WtjnmWvEnIOaMSclAifOwB%2BSNz7qWuqGGXuizcF1c3jdB5DUCXk9NTONmu3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa699b4f0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.upload.ee/js/js__file_upload.js

51.91.30.159

200 OK

7.7 kB

URL GET HTTP/1.1
www.upload.ee/js/js__file_upload.js
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1853)
Size
7.7 kB (7670 bytes)
Hash
66684709338f7239056ff3302e16bc4a
7dbd501434bdc062cdc8f6744e272a7d39ca5136
5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f

HTTP Headers

GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Nov 2023 20:52:02 GMT
Content-Type: application/javascript
Last-Modified: Tue, 17 Oct 2023 12:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7ed5-651c"
Expires: Sun, 12 Nov 2023 20:52:02 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip

GET www.upload.ee/images/arrow.gif

51.91.30.159

200 OK

59 B

URL GET HTTP/1.1
www.upload.ee/images/arrow.gif
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 9\012- data
Size
59 B (59 bytes)
Hash
6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411

HTTP Headers

GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Nov 2023 20:52:02 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Sun, 12 Nov 2023 20:52:02 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

GET www.upload.ee/images/dl_.png

51.91.30.159

200 OK

1.9 kB

URL GET HTTP/1.1
www.upload.ee/images/dl_.png
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.9 kB (1900 bytes)
Hash
f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882

HTTP Headers

GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Nov 2023 20:52:02 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Sun, 12 Nov 2023 20:52:02 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

GET www.googletagmanager.com/gtag/js?id=UA-6703115-1

142.250.74.168

200 OK

51 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (2213)
Size
51 kB (51343 bytes)
Hash
4cf1c1bd4e781b470a75b6bc37acb5fc
9b1aa50cc413f8f3addffe5574b523360b0bd0c1
d3f43475e50edadd9ef28fbb819c43cfc8f604707a24eb185ef28f1814e7863a

HTTP Headers

GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Nov 2023 20:52:02 GMT
expires: Sun, 05 Nov 2023 20:52:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51343
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET du0pud0sdlmzf.cloudfront.net/?dupud=997369

108.157.232.39

200 OK

118 kB

URL GET HTTP/2
du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP
108.157.232.39:443
ASN
#0

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15948)
Size
118 kB (117711 bytes)
Hash
e77c40a35ea25a395aeb08270011d49a
835f18b3bdc5a6e9c8f7d639ceabf06d419a1de6
8ff3aa18b5f251fa41c9c670471d7e2514423f5690ee88bbfb3936d4aed18301

HTTP Headers

GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 117711
date: Sun, 05 Nov 2023 20:52:02 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: OqM4J3_tA9FNn8Gf7uNi6iR4mavSSj6u8VqkVc-2th2RMuYuS0n_NA==
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff2

91.92.249.75

200 OK

17 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff2
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Size
17 kB (17156 bytes)
Hash
7e344afc10a492d516789f072fa6edfd
f38bd0b4e9d0577528f533b8ecd80801a0c6340f
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-600.woff2 HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-length: 17156
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "4304-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff2

91.92.249.75

200 OK

17 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff2
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Size
17 kB (16980 bytes)
Hash
8a97f720d330e75ccdbda9ae0e9f5e90
8e4fee916581ab48d385187705667cebc7500afe
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-regular.woff2 HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-length: 16980
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "4254-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?userId=a54b3fba89bc4d09a1fe9ccba830cea1

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=a54b3fba89bc4d09a1fe9ccba830cea1
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
a198a174ce69df65ff830e4c6dbaeaa9
ccac2b37ba80251c565d377caf7f6f404a5d1fae
e59255ef767611acfcc7fdcd5736cd5e40fb2168db38cd7555059bcc14a2d2e6

HTTP Headers

GET /gid.js?userId=a54b3fba89bc4d09a1fe9ccba830cea1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://llama.website
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET nuke.biz/static/server.min.js?v=1.2

91.92.249.75

200 OK

1.7 kB

URL GET HTTP/2
nuke.biz/static/server.min.js?v=1.2
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
ASCII text, with very long lines (6624), with no line terminators
Size
1.7 kB (1712 bytes)
Hash
c50c6644a1224a8e37de5332c627e01e
9d394377c2e2552574cccc8c64cdf1c349879f98
0963849b9fc2cbc55745df1a15d55f06cd46c2fec034129aee8bd588cd09fd47

HTTP Headers

GET /static/server.min.js?v=1.2 HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: application/javascript
last-modified: Tue, 29 Aug 2023 19:48:06 GMT
etag: W/"19e0-6041516f14980"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/libs/fontawesome/all.min.css

91.92.249.75

200 OK

22 kB

URL GET HTTP/2
nuke.biz/static/frontend/libs/fontawesome/all.min.css
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
ASCII text, with very long lines (52276)
Size
22 kB (21697 bytes)
Hash
9a99091cf45671ab2ee178fc3896a494
043f09bf20c5478aaca2abb5b3f4b034a20cca6a
58fdbb37ecb0c8a4d514714e322edef085c1f9d71e703b3925b054437f446166

HTTP Headers

GET /static/frontend/libs/fontawesome/all.min.css HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: text/css
last-modified: Wed, 16 Aug 2023 12:51:14 GMT
etag: W/"18efb-60309c02c9480"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff

91.92.249.75

200 OK

21 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format, TrueType, length 21048, version 1.1\012- data
Size
21 kB (21048 bytes)
Hash
79ca5494c53495af3d607a356a181fa9
8b1976713c7c694e6ebd4338685c49959cb738d5
af36b391244e3c8c4ab03691c412c59c86c1a02812b16b76db7a907f25b6b59a

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-600.woff HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/font-woff
content-length: 21048
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "5238-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET dweatherbe.org/Rzg1QzQmWlYuCyYFV2VBNVQIZgYBHQcFUDIIRTZQd0tRL1k9XhsgWChNUSVGKFZBbVoiTBBxch5abShNCXxWDHIrQGYAdixpYyRfCG5wd3MFeQwPcXd+VxRmdn1mL0x2YGZ6YSNVBTBzAH5UEgUrXmcoARNtcChhEH5sB3wgAGYWUwpZcTRhFXx3cmUEaXsPcAF1fxRTDnxiclwlfHM0dSRffwdnFVtyAQQSenQ0YRRgXzBsBV9WAXEBQHcXBC90dChDF29MGnEGen8mez9bcgFMf2hzNFB1YHAoeABfUQZsBnlwFnUgWWIVRxRgT3t1BXlvJ2cWFXgGdixQeQJYDV19O0wSbwV6fRQLZAV2K0BtAlwNe2AGU2FSRixaNwVNK3Z3blMBbgZZZi1Acw

108.157.214.79

200 OK

1.2 kB

URL GET HTTP/2
dweatherbe.org/Rzg1QzQmWlYuCyYFV2VBNVQIZgYBHQcFUDIIRTZQd0tRL1k9XhsgWChNUSVGKFZBbVoiTBBxch5abShNCXxWDHIrQGYAdixpYyRfCG5wd3MFeQwPcXd+VxRmdn1mL0x2YGZ6YSNVBTBzAH5UEgUrXmcoARNtcChhEH5sB3wgAGYWUwpZcTRhFXx3cmUEaXsPcAF1fxRTDnxiclwlfHM0dSRffwdnFVtyAQQSenQ0YRRgXzBsBV9WAXEBQHcXBC90dChDF29MGnEGen8mez9bcgFMf2hzNFB1YHAoeABfUQZsBnlwFnUgWWIVRxRgT3t1BXlvJ2cWFXgGdixQeQJYDV19O0wSbwV6fRQLZAV2K0BtAlwNe2AGU2FSRixaNwVNK3Z3blMBbgZZZi1Acw
IP
108.157.214.79:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerAmazon
Subjectdweatherbe.org
FingerprintB9:18:AC:1F:87:E4:2C:E9:36:35:FF:E7:F8:8F:F7:77:F0:AB:4C:4A
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3003), with no line terminators
Size
1.2 kB (1159 bytes)
Hash
dca55db44a6c986c423c6dbb3ab1f2f7
61cdc68f7585d153bbedbda8a59fe7f1a3768058
86ad73d818f9279b95808d9701b65be60cf6c1c03d2459e0123ede2788ce966a

HTTP Headers

GET /Rzg1QzQmWlYuCyYFV2VBNVQIZgYBHQcFUDIIRTZQd0tRL1k9XhsgWChNUSVGKFZBbVoiTBBxch5abShNCXxWDHIrQGYAdixpYyRfCG5wd3MFeQwPcXd+VxRmdn1mL0x2YGZ6YSNVBTBzAH5UEgUrXmcoARNtcChhEH5sB3wgAGYWUwpZcTRhFXx3cmUEaXsPcAF1fxRTDnxiclwlfHM0dSRffwdnFVtyAQQSenQ0YRRgXzBsBV9WAXEBQHcXBC90dChDF29MGnEGen8mez9bcgFMf2hzNFB1YHAoeABfUQZsBnlwFnUgWWIVRxRgT3t1BXlvJ2cWFXgGdixQeQJYDV19O0wSbwV6fRQLZAV2K0BtAlwNe2AGU2FSRixaNwVNK3Z3blMBbgZZZi1Acw HTTP/1.1
Host: dweatherbe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1159
date: Sun, 05 Nov 2023 20:52:03 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: IJCA3GYadvmYTzydkBHYrtf_mQKKW9KCcZZdxsUGwwzXDdI9Q551gw==
X-Firefox-Spdy: h2

GET dweatherbe.org/R2hmbGYmCgUBWSZVBEoTNQRbSVQBTVQqAjJYFhkCdxsCAAs9DkgPCigdAgoUKAYSQggiHENeIDMNLgQNFlgFDiAwBwoJJzA6JyRTYlokPTN+MAI0UyItDg8VDDkOKiowAyonDgYNBT9TCzs1NRQeOREvJw9dVTQOFi4qPyQBMAEpEg0tMCY3LiEMKw0ROTw4Kw4uEVVDdSovLjcXLRw1HwQpJy4sdS0oKzAsHS0tLxUrJVQLHz0JBQIqBC80MB0SBBskDT4xNlYIBFc7BT4bNCoOAl8/BxYOIC4YHg1YUz08KTlQNDAdEig9UyM+ESZUFC0gJwV1XQI/Cmo5DSUONDwlXjx2OA0cMyQGAiU1ETofNQ03IScFCXYgNFgqCFosJzYrPh8ICh0hNwY8cTs3Sgw0BwgcWwwiKj4OPVoPX1cFAA

108.157.214.79

200 OK

1.2 kB

URL GET HTTP/2
dweatherbe.org/R2hmbGYmCgUBWSZVBEoTNQRbSVQBTVQqAjJYFhkCdxsCAAs9DkgPCigdAgoUKAYSQggiHENeIDMNLgQNFlgFDiAwBwoJJzA6JyRTYlokPTN+MAI0UyItDg8VDDkOKiowAyonDgYNBT9TCzs1NRQeOREvJw9dVTQOFi4qPyQBMAEpEg0tMCY3LiEMKw0ROTw4Kw4uEVVDdSovLjcXLRw1HwQpJy4sdS0oKzAsHS0tLxUrJVQLHz0JBQIqBC80MB0SBBskDT4xNlYIBFc7BT4bNCoOAl8/BxYOIC4YHg1YUz08KTlQNDAdEig9UyM+ESZUFC0gJwV1XQI/Cmo5DSUONDwlXjx2OA0cMyQGAiU1ETofNQ03IScFCXYgNFgqCFosJzYrPh8ICh0hNwY8cTs3Sgw0BwgcWwwiKj4OPVoPX1cFAA
IP
108.157.214.79:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerAmazon
Subjectdweatherbe.org
FingerprintB9:18:AC:1F:87:E4:2C:E9:36:35:FF:E7:F8:8F:F7:77:F0:AB:4C:4A
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Size
1.2 kB (1173 bytes)
Hash
628b53cf4e7e7ea86d87f76ac91d5dc2
ed480d41ec530e0a8308c74ed268e444644d2b59
7b431e4c3d37daf8e0fb66d2c0295d0d0181a19c082defcdfa04d1cb917addc6

HTTP Headers

GET /R2hmbGYmCgUBWSZVBEoTNQRbSVQBTVQqAjJYFhkCdxsCAAs9DkgPCigdAgoUKAYSQggiHENeIDMNLgQNFlgFDiAwBwoJJzA6JyRTYlokPTN+MAI0UyItDg8VDDkOKiowAyonDgYNBT9TCzs1NRQeOREvJw9dVTQOFi4qPyQBMAEpEg0tMCY3LiEMKw0ROTw4Kw4uEVVDdSovLjcXLRw1HwQpJy4sdS0oKzAsHS0tLxUrJVQLHz0JBQIqBC80MB0SBBskDT4xNlYIBFc7BT4bNCoOAl8/BxYOIC4YHg1YUz08KTlQNDAdEig9UyM+ESZUFC0gJwV1XQI/Cmo5DSUONDwlXjx2OA0cMyQGAiU1ETofNQ03IScFCXYgNFgqCFosJzYrPh8ICh0hNwY8cTs3Sgw0BwgcWwwiKj4OPVoPX1cFAA HTTP/1.1
Host: dweatherbe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Sun, 05 Nov 2023 20:52:03 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: RcPd7-eYvm8GDeSPCxrtZnq77z81RQrm-Qrn0gxSPRa6uBJ_X8WPmA==
X-Firefox-Spdy: h2

GET dweatherbe.org/N3hUbzBWGjcCD1ZFNklFRRRpSgJxXWYpVEJIJBpUBwswA11NHnoMXFgNMAlCWBYgQV5SDHFddmMaPwd6ZkkNIXpOGzgOYlgQGDcFQS5nVglUFR4meV0XJyByAkkWN3lxPxYEcVIAYCp8WUwTJXIGTTYVU0Q7OjkFbSw7P3peTXFdclQ5JwJ7WU06PHNcDB04RFYaPl9KeCkCXnxeQDwoZAdAGRYEezQTVwJ5SRkDel0TcV12dhEFAGpaKTsJZ1MCN15IAyEAG15vSmVZcW82NwpzYgkbLUNAGhwpXXEWFkoCcTATLVFVIDstUwYAYCBKYQIMPlwDG2ZWcVI/eS1dbT5gGXx0OW0uZwZPFjhiUh0MA0ptSWFaUn8+OSxzck8eBXF1NRMXSHI+bVpVcEk5PHQGSDcIFl0LOwFACjRlPEZmMWwnWlFPER1DBg

108.157.214.79

200 OK

1.2 kB

URL GET HTTP/2
dweatherbe.org/N3hUbzBWGjcCD1ZFNklFRRRpSgJxXWYpVEJIJBpUBwswA11NHnoMXFgNMAlCWBYgQV5SDHFddmMaPwd6ZkkNIXpOGzgOYlgQGDcFQS5nVglUFR4meV0XJyByAkkWN3lxPxYEcVIAYCp8WUwTJXIGTTYVU0Q7OjkFbSw7P3peTXFdclQ5JwJ7WU06PHNcDB04RFYaPl9KeCkCXnxeQDwoZAdAGRYEezQTVwJ5SRkDel0TcV12dhEFAGpaKTsJZ1MCN15IAyEAG15vSmVZcW82NwpzYgkbLUNAGhwpXXEWFkoCcTATLVFVIDstUwYAYCBKYQIMPlwDG2ZWcVI/eS1dbT5gGXx0OW0uZwZPFjhiUh0MA0ptSWFaUn8+OSxzck8eBXF1NRMXSHI+bVpVcEk5PHQGSDcIFl0LOwFACjRlPEZmMWwnWlFPER1DBg
IP
108.157.214.79:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerAmazon
Subjectdweatherbe.org
FingerprintB9:18:AC:1F:87:E4:2C:E9:36:35:FF:E7:F8:8F:F7:77:F0:AB:4C:4A
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Size
1.2 kB (1180 bytes)
Hash
cf7d7cfd27394320cb6470b5fc1f73b2
f67ff22fa1f40a69037e931308ffd702df4969b3
ce88de864812f345ebf5b5034f53b3abf799cba4cb359a6c124ae182364d12b2

HTTP Headers

GET /N3hUbzBWGjcCD1ZFNklFRRRpSgJxXWYpVEJIJBpUBwswA11NHnoMXFgNMAlCWBYgQV5SDHFddmMaPwd6ZkkNIXpOGzgOYlgQGDcFQS5nVglUFR4meV0XJyByAkkWN3lxPxYEcVIAYCp8WUwTJXIGTTYVU0Q7OjkFbSw7P3peTXFdclQ5JwJ7WU06PHNcDB04RFYaPl9KeCkCXnxeQDwoZAdAGRYEezQTVwJ5SRkDel0TcV12dhEFAGpaKTsJZ1MCN15IAyEAG15vSmVZcW82NwpzYgkbLUNAGhwpXXEWFkoCcTATLVFVIDstUwYAYCBKYQIMPlwDG2ZWcVI/eS1dbT5gGXx0OW0uZwZPFjhiUh0MA0ptSWFaUn8+OSxzck8eBXF1NRMXSHI+bVpVcEk5PHQGSDcIFl0LOwFACjRlPEZmMWwnWlFPER1DBg HTTP/1.1
Host: dweatherbe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Sun, 05 Nov 2023 20:52:03 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: bijh8Cso0UQMQUpTDLkTUUzUsYDUKS-QjrqMLNVG3l5bokjziDAlkQ==
X-Firefox-Spdy: h2

GET ibrapush.com/pfe/current/tag.min.js?z=6551787

139.45.197.250

200 OK

5.8 kB

URL GET HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=6551787
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type
C source, ASCII text, with very long lines (13300), with no line terminators
Size
5.8 kB (5780 bytes)
Hash
258578af3c107ccb907f73c3a2f4c25f
7a192edea829968fb7f57f2a2fc4cb5b612598be
1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75

HTTP Headers

GET /pfe/current/tag.min.js?z=6551787 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 08:40:08 GMT
etag: W/"65436068-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

GET aistekso.net/401/6551786

139.45.197.244

200 OK

55 kB

URL GET HTTP/2
aistekso.net/401/6551786
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
FingerprintED:B9:45:BE:46:3F:F4:75:11:1C:6C:E9:06:15:9F:A7:09:51:83:8B
ValidityMon, 16 Oct 2023 12:40:15 GMT - Sun, 14 Jan 2024 12:40:14 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
55 kB (55189 bytes)
Hash
96bbdfd7ef73a768c1e785eb7f9df25d
159c688f7493cafe3e3bcee64f391d590d3fe2bd
6022b1a4d35f6209b60e7c525921b2c5dc58cb1e6951ffc06be7ffc5be812815

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/6551786 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/javascript
x-trace-id: b09d3a42e01b057fcb39703011ae302a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=1315dd1746574ddd995541f81597539d; expires=Mon, 04 Nov 2024 20:52:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET cameesse.net/1?z=6551785

139.45.197.242

200 OK

102 kB

URL GET HTTP/2
cameesse.net/1?z=6551785
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
102 kB (101775 bytes)
Hash
fbb1d064d17dc36bd89d680c5ee64f19
4f9d677d5924a7ab597d2f5e83ae0e83ffb242c9
9cd7bf5dfc1ce725258257a86249aa5d0954dff1a15f640af0102a23c4021368

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=6551785 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 529bcd63fec456c084c8fe4fdc26d950
access-control-expose-headers: X-Sc
x-sc: nvgF1F-iPwS_EghHtokQlMN4QzZXSvuF_T8fICdJHVmRr2CxV_EBexGcAsMww9fRZCKJi_DQ1sip5H2spcPUwItO9wo=
set-cookie: scm=1; expires=Mon, 04 Nov 2024 20:52:03 GMT; secure; SameSite=None
OAID=059285de059a4d1cbb4d677dfe7adcc8; expires=Mon, 04 Nov 2024 20:52:03 GMT; secure; SameSite=None
oaidts=1699217523; expires=Mon, 04 Nov 2024 20:52:03 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET ibrapush.com/zone?pub=0&zone_id=6551787&is_mobile=false&domain=llama.website&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

880 B

URL GET HTTP/2
ibrapush.com/zone?pub=0&zone_id=6551787&is_mobile=false&domain=llama.website&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type
JSON data\012- , ASCII text, with very long lines (879)
Size
880 B (880 bytes)
Hash
91f9366ae07f386f5427528476d9b270
42ee9db935044cdf7c595d591d26c8b9fb042da0
54ac2c8f26e17e081cf44e8db048ff6e1d20626d3a8e74aaef067e77f6aea11a

HTTP Headers

GET /zone?pub=0&zone_id=6551787&is_mobile=false&domain=llama.website&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: c0e4a35e2c63c3f7c43ce0a832663099
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET tzegilo.com/stattag.js

104.21.11.245

200 OK

47 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.11.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://llama.website/Sq
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint52:B8:ED:73:BB:55:6F:9C:F8:97:7C:04:34:2B:AD:DB:55:0A:C9:6A
ValidityThu, 05 Oct 2023 17:59:18 GMT - Wed, 03 Jan 2024 17:59:17 GMT

File type
ASCII text, with very long lines (18369)
Size
47 kB (47011 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flvemIB51QYNDJ1rMG678gWFPNEAhImxb%2BJFAVfJBKu49Dm7GyIR%2BE94dFLpYGgIckH1ScCFYh%2FWtYfmG8rqAtbBWFRfAE721sxVR4sv%2FtSp%2FkbzEierRm3jbhAJ3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa733c99b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET du0pud0sdlmzf.cloudfront.net/teHhkQ0cbFwoleAwRAH5+QU9XdX5eEhcsKQhFLwkLKhAecS5LSSYrYQwCAH53XhQFLSBFXgEtJEVJQiIjGkVQZTMIFw9+IBQPEzYyCAABJ2ENGVkuKAIRCC8mXUoidmlIXVZzbwBJVWZ0Ol1WcysRFhE7YkpIHHtxJ05QZnQ6XVZzNQ5dVwJ2SEFKc25dSl-QkIhsTC2Z1PkpUcndISVRyYkpIAio1HR4LO2JKPlVydlZIQjZ6SQ

108.157.232.39

200 OK

599 B

URL GET HTTP/2
du0pud0sdlmzf.cloudfront.net/teHhkQ0cbFwoleAwRAH5+QU9XdX5eEhcsKQhFLwkLKhAecS5LSSYrYQwCAH53XhQFLSBFXgEtJEVJQiIjGkVQZTMIFw9+IBQPEzYyCAABJ2ENGVkuKAIRCC8mXUoidmlIXVZzbwBJVWZ0Ol1WcysRFhE7YkpIHHtxJ05QZnQ6XVZzNQ5dVwJ2SEFKc25dSl-QkIhsTC2Z1PkpUcndISVRyYkpIAio1HR4LO2JKPlVydlZIQjZ6SQ
IP
108.157.232.39:443
ASN
#0

Requested by
https://dweatherbe.org/R2hmbGYmCgUBWSZVBEoTNQRbSVQBTVQqAjJYFhkCdxsCAAs9DkgPCigdAgoUKAYSQggiHENeIDMNLgQNFlgFDiAwBwoJJzA6JyRTYlokPTN+MAI0UyItDg8VDDkOKiowAyonDgYNBT9TCzs1NRQeOREvJw9dVTQOFi4qPyQBMAEpEg0tMCY3LiEMKw0ROTw4Kw4uEVVDdSovLjcXLRw1HwQpJy4sdS0oKzAsHS0tLxUrJVQLHz0JBQIqBC80MB0SBBskDT4xNlYIBFc7BT4bNCoOAl8/BxYOIC4YHg1YUz08KTlQNDAdEig9UyM+ESZUFC0gJwV1XQI/Cmo5DSUONDwlXjx2OA0cMyQGAiU1ETofNQ03IScFCXYgNFgqCFosJzYrPh8ICh0hNwY8cTs3Sgw0BwgcWwwiKj4OPVoPX1cFAA
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (856), with no line terminators
Size
599 B (599 bytes)
Hash
22c9f35569689355fde8085da82dc4d1
4b04bc31599935223b957d278a6478725b786ec1
2c1ea9e8cb1996b0f90987ab050e409ff697ac5767c7625fe782db811e6f200d

HTTP Headers

GET /teHhkQ0cbFwoleAwRAH5+QU9XdX5eEhcsKQhFLwkLKhAecS5LSSYrYQwCAH53XhQFLSBFXgEtJEVJQiIjGkVQZTMIFw9+IBQPEzYyCAABJ2ENGVkuKAIRCC8mXUoidmlIXVZzbwBJVWZ0Ol1WcysRFhE7YkpIHHtxJ05QZnQ6XVZzNQ5dVwJ2SEFKc25dSl-QkIhsTC2Z1PkpUcndISVRyYkpIAio1HR4LO2JKPlVydlZIQjZ6SQ HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweatherbe.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 599
date: Sun, 05 Nov 2023 20:52:04 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: uvl-4wYa4eNANFIImdSUNrkTllGDidEdk8fHc4kjLw6WB0tDwbEbqQ==
X-Firefox-Spdy: h2

GET du0pud0sdlmzf.cloudfront.net/TbkhJQ1YNJyclaRohLX5vV399cmJIIjosOB51BXIFGBkAex4ELn4GJB15bzcsCnV5ZToPJi5+cAsmKn5nSCktIWtabj0zOQV1Li8hGT08My4LLG82N1MlJjk/AiQoZmQofWdzc1x4YTtnX216AXNceCUqOBswbHFmFnB/HGBabXoBc1x4OzVzXQl4c29AeG-BmZF4vLCA9AW17BWReeXlzZ155bHFmCCE7JjABMGxxEF95eG1mSD10cg

108.157.232.39

200 OK

567 B

URL GET HTTP/2
du0pud0sdlmzf.cloudfront.net/TbkhJQ1YNJyclaRohLX5vV399cmJIIjosOB51BXIFGBkAex4ELn4GJB15bzcsCnV5ZToPJi5+cAsmKn5nSCktIWtabj0zOQV1Li8hGT08My4LLG82N1MlJjk/AiQoZmQofWdzc1x4YTtnX216AXNceCUqOBswbHFmFnB/HGBabXoBc1x4OzVzXQl4c29AeG-BmZF4vLCA9AW17BWReeXlzZ155bHFmCCE7JjABMGxxEF95eG1mSD10cg
IP
108.157.232.39:443
ASN
#0

Requested by
https://dweatherbe.org/N3hUbzBWGjcCD1ZFNklFRRRpSgJxXWYpVEJIJBpUBwswA11NHnoMXFgNMAlCWBYgQV5SDHFddmMaPwd6ZkkNIXpOGzgOYlgQGDcFQS5nVglUFR4meV0XJyByAkkWN3lxPxYEcVIAYCp8WUwTJXIGTTYVU0Q7OjkFbSw7P3peTXFdclQ5JwJ7WU06PHNcDB04RFYaPl9KeCkCXnxeQDwoZAdAGRYEezQTVwJ5SRkDel0TcV12dhEFAGpaKTsJZ1MCN15IAyEAG15vSmVZcW82NwpzYgkbLUNAGhwpXXEWFkoCcTATLVFVIDstUwYAYCBKYQIMPlwDG2ZWcVI/eS1dbT5gGXx0OW0uZwZPFjhiUh0MA0ptSWFaUn8+OSxzck8eBXF1NRMXSHI+bVpVcEk5PHQGSDcIFl0LOwFACjRlPEZmMWwnWlFPER1DBg
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (791), with no line terminators
Size
567 B (567 bytes)
Hash
4421ddf180005c6d2e70b541e6e3db5a
3f37ab43c03d4086c75c86d199dbb44e2847dc61
d7391befca7cc843aaaf41f098cdcd7ecb4e1f4f8121e9381fe6a535165e20c7

HTTP Headers

GET /TbkhJQ1YNJyclaRohLX5vV399cmJIIjosOB51BXIFGBkAex4ELn4GJB15bzcsCnV5ZToPJi5+cAsmKn5nSCktIWtabj0zOQV1Li8hGT08My4LLG82N1MlJjk/AiQoZmQofWdzc1x4YTtnX216AXNceCUqOBswbHFmFnB/HGBabXoBc1x4OzVzXQl4c29AeG-BmZF4vLCA9AW17BWReeXlzZ155bHFmCCE7JjABMGxxEF95eG1mSD10cg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweatherbe.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 567
date: Sun, 05 Nov 2023 20:52:04 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: kDSDFzNiwC4tliOM5JMojZScDoOvsXdujPphEL9vKeXA7BEWEUEuZA==
X-Firefox-Spdy: h2

GET dweatherbe.org/utx?cb=2cTV54LmYFcD&top=www.upload.ee&tid=997369

108.157.214.79

204 No Content

0 B

URL GET HTTP/2
dweatherbe.org/utx?cb=2cTV54LmYFcD&top=www.upload.ee&tid=997369
IP
108.157.214.79:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerAmazon
Subjectdweatherbe.org
FingerprintB9:18:AC:1F:87:E4:2C:E9:36:35:FF:E7:F8:8F:F7:77:F0:AB:4C:4A
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=2cTV54LmYFcD&top=www.upload.ee&tid=997369 HTTP/1.1
Host: dweatherbe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 05 Nov 2023 20:52:04 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 05 Nov 2023 20:53:04 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: MjWkzOSOmB45RU1BdHqHdk0YMX6lh5baxPQeFaRq-1PskEPTsv1qng==
X-Firefox-Spdy: h2

GET du0pud0sdlmzf.cloudfront.net/YbXkyNDcOFlxSCBkQVgkOVE4GBA9LE0FbWR1ESlx1XS9Udm0sGGFaQ1lfRk5TUEkUWFYDHg8SUgMaDwURDB1QCQNLDFMJWgIDW1hbDFwAcgJDSRcGB0UBAwUSXjsXBgcBEFxBT0hLAkwPWyYEABJeOxcGBx8PFwd2XEkLGgdEXAAEUAgaWVsSXz8ABAZdSQ-MEBkhLAlJeHxxUW09IS3QFBlxXAhJCUEg

108.157.232.39

200 OK

188 B

URL GET HTTP/2
du0pud0sdlmzf.cloudfront.net/YbXkyNDcOFlxSCBkQVgkOVE4GBA9LE0FbWR1ESlx1XS9Udm0sGGFaQ1lfRk5TUEkUWFYDHg8SUgMaDwURDB1QCQNLDFMJWgIDW1hbDFwAcgJDSRcGB0UBAwUSXjsXBgcBEFxBT0hLAkwPWyYEABJeOxcGBx8PFwd2XEkLGgdEXAAEUAgaWVsSXz8ABAZdSQ-MEBkhLAlJeHxxUW09IS3QFBlxXAhJCUEg
IP
108.157.232.39:443
ASN
#0

Requested by
https://dweatherbe.org/Rzg1QzQmWlYuCyYFV2VBNVQIZgYBHQcFUDIIRTZQd0tRL1k9XhsgWChNUSVGKFZBbVoiTBBxch5abShNCXxWDHIrQGYAdixpYyRfCG5wd3MFeQwPcXd+VxRmdn1mL0x2YGZ6YSNVBTBzAH5UEgUrXmcoARNtcChhEH5sB3wgAGYWUwpZcTRhFXx3cmUEaXsPcAF1fxRTDnxiclwlfHM0dSRffwdnFVtyAQQSenQ0YRRgXzBsBV9WAXEBQHcXBC90dChDF29MGnEGen8mez9bcgFMf2hzNFB1YHAoeABfUQZsBnlwFnUgWWIVRxRgT3t1BXlvJ2cWFXgGdixQeQJYDV19O0wSbwV6fRQLZAV2K0BtAlwNe2AGU2FSRixaNwVNK3Z3blMBbgZZZi1Acw
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
188 B (188 bytes)
Hash
b15f21d99ea56239a052fe5660c6e4aa
5517989e52d4374f35bc2a2c0021fd2bc34b62c4
0f3be2ecc53c6df46a14b352489bd5a7c509cf68506a40b767d1d5d68a97c3b4

HTTP Headers

GET /YbXkyNDcOFlxSCBkQVgkOVE4GBA9LE0FbWR1ESlx1XS9Udm0sGGFaQ1lfRk5TUEkUWFYDHg8SUgMaDwURDB1QCQNLDFMJWgIDW1hbDFwAcgJDSRcGB0UBAwUSXjsXBgcBEFxBT0hLAkwPWyYEABJeOxcGBx8PFwd2XEkLGgdEXAAEUAgaWVsSXz8ABAZdSQ-MEBkhLAlJeHxxUW09IS3QFBlxXAhJCUEg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweatherbe.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 188
date: Sun, 05 Nov 2023 20:52:04 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: my9BpgDeNLxd9GX-ZBA792xAug8_Zglbq7XcgiCQRRwSXSDufJ_7PA==
X-Firefox-Spdy: h2

OPTIONS gishejuy.com/500/6551784?excludes=&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/6551784?excludes=&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6551784?excludes=&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://llama.website
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.ttf

91.92.249.75

200 OK

7.9 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.ttf
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF"\012- data
Size
7.9 kB (7945 bytes)
Hash
3a1513cefff77a44c1cf28039a71bae0
1b23d21dce63982d9b76a04039f887604f329eb2
14d2dc093b1921414cb9abd2c4c5358f70403a5f53cf14348f305a589733e7f9

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-600.ttf HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/font-sfnt
content-length: 40096
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "9ca0-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:oCRmY8EXPYpIa8XD1dcwPZR5LLr1aQ:FSEIZ2O_awGZax48; Expires=Tue, 04-Nov-2025 20:52:04 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Nov 2023 20:52:04 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyyQhUJPEpzuiuQaWIAZ7L_ByekdyQ1slq2XdPXdwvSoo_vwFZP7hc9V9t0YhRh23gPBxrVb
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-AHy5qT8ZOppPt9k3IlJW-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:XMyA4Qc1VLm8fng5DXszqlCkxBl3JQ:Vohf55Zy42SoE3ZD; Expires=Tue, 04-Nov-2025 20:52:04 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Nov 2023 20:52:04 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpgnQ-4EHryUgl0y5-HIY2bZQH3KTJ2KORwpKqBunzZsctodtsadTXDr7XxhSptGKOaQ_m
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-wz7tjN29uQkZGqe8kSzcDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET nuke.biz/favicon.ico

91.92.249.75

200 OK

15 kB

URL GET HTTP/2
nuke.biz/favicon.ico
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15086 bytes)
Hash
bbb398f1a44d5bddb9bf3ef50133cba4
13832932e0a46129cf7263130aaa9d8be2609689
6668e0b78f5c65698c0a3a3e48d447f4d703609a774cacabda1ef7ad143a529b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: image/vnd.microsoft.icon
content-length: 15086
last-modified: Thu, 17 Mar 2022 16:07:44 GMT
etag: "3aee-5da6c3af4d400"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyyQhUJPEpzuiuQaWIAZ7L_ByekdyQ1slq2XdPXdwvSoo_vwFZP7hc9V9t0YhRh23gPBxrVb

142.250.74.109

302 Found

403 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyyQhUJPEpzuiuQaWIAZ7L_ByekdyQ1slq2XdPXdwvSoo_vwFZP7hc9V9t0YhRh23gPBxrVb
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Size
403 B (403 bytes)
Hash
8da17d51942e4c0812418c1c7514ffc8
9516c76e59640dd7981fea64087982e8b9a9ff93
767a3c7599e81334e0a2d8b65c7ac807fe39269552ae382d96c8eb0066f18ef0

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyyQhUJPEpzuiuQaWIAZ7L_ByekdyQ1slq2XdPXdwvSoo_vwFZP7hc9V9t0YhRh23gPBxrVb HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:XTlw3poGlNmRr_stj3-twgT5T5dw5g:LxQcq-xEjvoF1n-S;Path=/;Expires=Tue, 04-Nov-2025 20:52:04 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Nov 2023 20:52:04 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywoKCrwaNQuxamFEs4CbLOTMt0VwEtth3sjHRDoyh-BOH-lVpEv-KmauwlWoQZc7WqPahXW&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1191323698%3A1699217524260513&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-4G2zvVAdtpdE3A6dofjMxQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST cameesse.net/9?z=6551785&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=a54b3fba89bc4d09a1fe9ccba830cea1

139.45.197.242

200 OK

0 B

URL POST HTTP/2
cameesse.net/9?z=6551785&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=a54b3fba89bc4d09a1fe9ccba830cea1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=6551785&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=a54b3fba89bc4d09a1fe9ccba830cea1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://llama.website
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpgnQ-4EHryUgl0y5-HIY2bZQH3KTJ2KORwpKqBunzZsctodtsadTXDr7XxhSptGKOaQ_m

142.250.74.109

302 Found

403 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpgnQ-4EHryUgl0y5-HIY2bZQH3KTJ2KORwpKqBunzZsctodtsadTXDr7XxhSptGKOaQ_m
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (395)
Size
403 B (403 bytes)
Hash
ee96a065c2dff4bc2c5d8035dd1f5423
b9fbc007cfb0fc9433e7c4fc8b2960d165c6f60e
da9afbaa7f7635e2b399968b4438ac55c4c0937c465b4a93f1a5047a9637bb75

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpgnQ-4EHryUgl0y5-HIY2bZQH3KTJ2KORwpKqBunzZsctodtsadTXDr7XxhSptGKOaQ_m HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:VLiI3OthKpFXhTKAKQ9LriwHoNkL9w:Wfgmw4Nfs5n0eFEO;Path=/;Expires=Tue, 04-Nov-2025 20:52:04 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Nov 2023 20:52:04 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyy_s3QSZW0Sc1-O5tcpXk7-2LjhT3dlkmhalShGLbF4K2vHEvuqAJe92ThQMssdtsx51cxh0Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-419396288%3A1699217524283312&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce--1ydgKXiO35s58wLWE3rlA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

139.45.197.242

200 OK

2.7 kB

URL POST HTTP/2
cameesse.net/9?z=6551785&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=a54b3fba89bc4d09a1fe9ccba830cea1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
JSON data\012- , ASCII text, with very long lines (6747), with no line terminators
Size
2.7 kB (2684 bytes)
Hash
7ebf45e3471e0aefb1eaae46c0188d97
a185ef6444ba682fdf4cd1df352967d1b604dc57
14f41b75ea4eee9638f17c4c21335cb09ef8119177fddd620a8916db608ec7ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=6551785&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=a54b3fba89bc4d09a1fe9ccba830cea1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 357
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: scm=1; OAID=059285de059a4d1cbb4d677dfe7adcc8; oaidts=1699217523
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://llama.website
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 83d5c333a666f054caf9664924cc3f69
access-control-expose-headers: X-Sc
set-cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:04 GMT; secure; SameSite=None
oaidts=1699217523; expires=Mon, 04 Nov 2024 20:52:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET cameesse.net/27/16252007f3b3918d0da1ccd482c4cb4d

139.45.197.242

200 OK

130 kB

URL GET HTTP/2
cameesse.net/27/16252007f3b3918d0da1ccd482c4cb4d
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
ASCII text, with very long lines (65523)
Size
130 kB (130400 bytes)
Hash
58f985fd680e3117a6d6dcf62f50be34
ae1f26a219ddedc232964d8b91619ed1f04c4618
db0b413c92eef041a6dda8e7279a8cbee06755eab7b751c88bdbc22781e7e78a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/16252007f3b3918d0da1ccd482c4cb4d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: scm=1; OAID=059285de059a4d1cbb4d677dfe7adcc8; oaidts=1699217523
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: e85348aff1d6c23acbdc43d9bda7fb81
cache-control: max-age:290304000, public
last-modified: Tue, 31 Oct 2023 09:15:51 GMT
expires: Tue, 30 Nov 2083 09:15:51 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

POST ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ibrapush.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Content-Type: application/json
Content-Length: 365
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 21168209a4e55aebb2fe19de559da40a
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET cameesse.net/121?rnd=1849376867&z=6551785&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D745134909372243968&cln={CELL_NUMBER}&btp=7&rb=JQM8piGTu13udKOtk_IdtcdX4MCeT1oh9qkndT2rnQ3sltjOobyzQ9XERE0VWt4N-K27Jc2qG0HCNjmB9bPuTEd8WlS0i8RLEp_TVBzDpNdiGKWNjPfB7AZ5cEUJKCmRfhW43CXeLqkAUmjfGEcPd12eDyQHbMPl0R736twTCsKpyS68fTLNsnSoKRBnbKajUjFTtcr9DCDKad2IVwaPMfn68j5u9mRNBKEI2cH6kJLvPqF0yqzWWyRlFPBWB0HYPpm-39NnkFnBJybdnNZ5bz1LY5Ba19FKsFSD0stud51jwQdZqdzlGfTZoMieC7JxZKsSs6emj_wEJsMz-WRsazJK0u5ZD8LbeaNL1AxZv0OcJAKwCPS6CO_K99_26tOwA6RNddpRXgVY8aT0GZXS6fyqSZQ24t9DLueF68h7ntwq1MbmPCuUCIPkyBZcwPmEukhi7LchZt7NBfiKkTQyXvS6VBXclh3eY7r7zJoEsRUw85eBjD-FSgrffTVJAus6S3b4JygR5wbs7Nr7JQizOBfuRXFU6YPjJtUOTQloKrCOiKYPCLUPh4bWOTAJQCFRSI6EHsDl7uNaMHNt_T5HhEYILc4l4I3K1Mvl2aPCpfTYF4z-kvUKXkCERoIrm2sGOgNZhgi8DM9aO6OngIormLWuhr2T2horJeISKXukm0fo2e2AZBozyNoQa26U0kZxb4wK-h3r6B7j-HxzgN7Jtfkx1qOyEGUvDCkxTg==&bag=iqvJl2mwRI7anDg5mLuUODHW6MJTqx_U&ruid=c97e69a3-17f2-4f50-89ea-5ee6a288c405&subid=745134909372243968

139.45.197.242

0 B

URL GET
cameesse.net/121?rnd=1849376867&z=6551785&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D745134909372243968&cln={CELL_NUMBER}&btp=7&rb=JQM8piGTu13udKOtk_IdtcdX4MCeT1oh9qkndT2rnQ3sltjOobyzQ9XERE0VWt4N-K27Jc2qG0HCNjmB9bPuTEd8WlS0i8RLEp_TVBzDpNdiGKWNjPfB7AZ5cEUJKCmRfhW43CXeLqkAUmjfGEcPd12eDyQHbMPl0R736twTCsKpyS68fTLNsnSoKRBnbKajUjFTtcr9DCDKad2IVwaPMfn68j5u9mRNBKEI2cH6kJLvPqF0yqzWWyRlFPBWB0HYPpm-39NnkFnBJybdnNZ5bz1LY5Ba19FKsFSD0stud51jwQdZqdzlGfTZoMieC7JxZKsSs6emj_wEJsMz-WRsazJK0u5ZD8LbeaNL1AxZv0OcJAKwCPS6CO_K99_26tOwA6RNddpRXgVY8aT0GZXS6fyqSZQ24t9DLueF68h7ntwq1MbmPCuUCIPkyBZcwPmEukhi7LchZt7NBfiKkTQyXvS6VBXclh3eY7r7zJoEsRUw85eBjD-FSgrffTVJAus6S3b4JygR5wbs7Nr7JQizOBfuRXFU6YPjJtUOTQloKrCOiKYPCLUPh4bWOTAJQCFRSI6EHsDl7uNaMHNt_T5HhEYILc4l4I3K1Mvl2aPCpfTYF4z-kvUKXkCERoIrm2sGOgNZhgi8DM9aO6OngIormLWuhr2T2horJeISKXukm0fo2e2AZBozyNoQa26U0kZxb4wK-h3r6B7j-HxzgN7Jtfkx1qOyEGUvDCkxTg==&bag=iqvJl2mwRI7anDg5mLuUODHW6MJTqx_U&ruid=c97e69a3-17f2-4f50-89ea-5ee6a288c405&subid=745134909372243968
IP
139.45.197.242:0
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=1849376867&z=6551785&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D745134909372243968&cln={CELL_NUMBER}&btp=7&rb=JQM8piGTu13udKOtk_IdtcdX4MCeT1oh9qkndT2rnQ3sltjOobyzQ9XERE0VWt4N-K27Jc2qG0HCNjmB9bPuTEd8WlS0i8RLEp_TVBzDpNdiGKWNjPfB7AZ5cEUJKCmRfhW43CXeLqkAUmjfGEcPd12eDyQHbMPl0R736twTCsKpyS68fTLNsnSoKRBnbKajUjFTtcr9DCDKad2IVwaPMfn68j5u9mRNBKEI2cH6kJLvPqF0yqzWWyRlFPBWB0HYPpm-39NnkFnBJybdnNZ5bz1LY5Ba19FKsFSD0stud51jwQdZqdzlGfTZoMieC7JxZKsSs6emj_wEJsMz-WRsazJK0u5ZD8LbeaNL1AxZv0OcJAKwCPS6CO_K99_26tOwA6RNddpRXgVY8aT0GZXS6fyqSZQ24t9DLueF68h7ntwq1MbmPCuUCIPkyBZcwPmEukhi7LchZt7NBfiKkTQyXvS6VBXclh3eY7r7zJoEsRUw85eBjD-FSgrffTVJAus6S3b4JygR5wbs7Nr7JQizOBfuRXFU6YPjJtUOTQloKrCOiKYPCLUPh4bWOTAJQCFRSI6EHsDl7uNaMHNt_T5HhEYILc4l4I3K1Mvl2aPCpfTYF4z-kvUKXkCERoIrm2sGOgNZhgi8DM9aO6OngIormLWuhr2T2horJeISKXukm0fo2e2AZBozyNoQa26U0kZxb4wK-h3r6B7j-HxzgN7Jtfkx1qOyEGUvDCkxTg==&bag=iqvJl2mwRI7anDg5mLuUODHW6MJTqx_U&ruid=c97e69a3-17f2-4f50-89ea-5ee6a288c405&subid=745134909372243968 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=a54b3fba89bc4d09a1fe9ccba830cea1; oaidts=1699217523
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=745134909372243968
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: c02da3b494df93d81ac427113a67c76c
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

GET cameesse.net/11?rnd=654697357&z=6551785&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=JQM8piGTu13udKOtk_IdtcdX4MCeT1oh9qkndT2rnQ3sltjOobyzQ9XERE0VWt4N-K27Jc2qG0HCNjmB9bPuTEd8WlS0i8RLEp_TVBzDpNdiGKWNjPfB7AZ5cEUJKCmRfhW43CXeLqkAUmjfGEcPd12eDyQHbMPl0R736twTCsKpyS68fTLNsnSoKRBnbKajUjFTtcr9DCDKad2IVwaPMfn68j5u9mRNBKEI2cH6kJLvPqF0yqzWWyRlFPBWB0HYPpm-39NnkFnBJybdnNZ5bz1LY5Ba19FKsFSD0stud51jwQdZqdzlGfTZoMieC7JxZKsSs6emj_wEJsMz-WRsazJK0u5ZD8LbeaNL1AxZv0OcJAKwCPS6CO_K99_26tOwA6RNddpRXgVY8aT0GZXS6fyqSZQ24t9DLueF68h7ntwq1MbmPCuUCIPkyBZcwPmEukhi7LchZt7NBfiKkTQyXvS6VBXclh3eY7r7zJoEsRUw85eBjD-FSgrffTVJAus6S3b4JygR5wbs7Nr7JQizOBfuRXFU6YPjJtUOTQloKrCOiKYPCLUPh4bWOTAJQCFRSI6EHsDl7uNaMHNt_T5HhEYILc4l4I3K1Mvl2aPCpfTYF4z-kvUKXkCERoIrm2sGOgNZhgi8DM9aO6OngIormLWuhr2T2horJeISKXukm0fo2e2AZBozyNoQa26U0kZxb4wK-h3r6B7j-HxzgN7Jtfkx1qOyEGUvDCkxTg==&ruid=c97e69a3-17f2-4f50-89ea-5ee6a288c405&subid=745134909372243968&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=428

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=654697357&z=6551785&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=JQM8piGTu13udKOtk_IdtcdX4MCeT1oh9qkndT2rnQ3sltjOobyzQ9XERE0VWt4N-K27Jc2qG0HCNjmB9bPuTEd8WlS0i8RLEp_TVBzDpNdiGKWNjPfB7AZ5cEUJKCmRfhW43CXeLqkAUmjfGEcPd12eDyQHbMPl0R736twTCsKpyS68fTLNsnSoKRBnbKajUjFTtcr9DCDKad2IVwaPMfn68j5u9mRNBKEI2cH6kJLvPqF0yqzWWyRlFPBWB0HYPpm-39NnkFnBJybdnNZ5bz1LY5Ba19FKsFSD0stud51jwQdZqdzlGfTZoMieC7JxZKsSs6emj_wEJsMz-WRsazJK0u5ZD8LbeaNL1AxZv0OcJAKwCPS6CO_K99_26tOwA6RNddpRXgVY8aT0GZXS6fyqSZQ24t9DLueF68h7ntwq1MbmPCuUCIPkyBZcwPmEukhi7LchZt7NBfiKkTQyXvS6VBXclh3eY7r7zJoEsRUw85eBjD-FSgrffTVJAus6S3b4JygR5wbs7Nr7JQizOBfuRXFU6YPjJtUOTQloKrCOiKYPCLUPh4bWOTAJQCFRSI6EHsDl7uNaMHNt_T5HhEYILc4l4I3K1Mvl2aPCpfTYF4z-kvUKXkCERoIrm2sGOgNZhgi8DM9aO6OngIormLWuhr2T2horJeISKXukm0fo2e2AZBozyNoQa26U0kZxb4wK-h3r6B7j-HxzgN7Jtfkx1qOyEGUvDCkxTg==&ruid=c97e69a3-17f2-4f50-89ea-5ee6a288c405&subid=745134909372243968&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=428
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=654697357&z=6551785&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=JQM8piGTu13udKOtk_IdtcdX4MCeT1oh9qkndT2rnQ3sltjOobyzQ9XERE0VWt4N-K27Jc2qG0HCNjmB9bPuTEd8WlS0i8RLEp_TVBzDpNdiGKWNjPfB7AZ5cEUJKCmRfhW43CXeLqkAUmjfGEcPd12eDyQHbMPl0R736twTCsKpyS68fTLNsnSoKRBnbKajUjFTtcr9DCDKad2IVwaPMfn68j5u9mRNBKEI2cH6kJLvPqF0yqzWWyRlFPBWB0HYPpm-39NnkFnBJybdnNZ5bz1LY5Ba19FKsFSD0stud51jwQdZqdzlGfTZoMieC7JxZKsSs6emj_wEJsMz-WRsazJK0u5ZD8LbeaNL1AxZv0OcJAKwCPS6CO_K99_26tOwA6RNddpRXgVY8aT0GZXS6fyqSZQ24t9DLueF68h7ntwq1MbmPCuUCIPkyBZcwPmEukhi7LchZt7NBfiKkTQyXvS6VBXclh3eY7r7zJoEsRUw85eBjD-FSgrffTVJAus6S3b4JygR5wbs7Nr7JQizOBfuRXFU6YPjJtUOTQloKrCOiKYPCLUPh4bWOTAJQCFRSI6EHsDl7uNaMHNt_T5HhEYILc4l4I3K1Mvl2aPCpfTYF4z-kvUKXkCERoIrm2sGOgNZhgi8DM9aO6OngIormLWuhr2T2horJeISKXukm0fo2e2AZBozyNoQa26U0kZxb4wK-h3r6B7j-HxzgN7Jtfkx1qOyEGUvDCkxTg==&ruid=c97e69a3-17f2-4f50-89ea-5ee6a288c405&subid=745134909372243968&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fllama.website%2FSq&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=428 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: scm=1; OAID=a54b3fba89bc4d09a1fe9ccba830cea1; oaidts=1699217523
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://llama.website
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a2e3bb12034e5612ad5dda122dc6672c
access-control-expose-headers: X-Sc
set-cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:04 GMT; secure; SameSite=None
oaidts=1699217523; expires=Mon, 04 Nov 2024 20:52:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

POST ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ibrapush.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Content-Type: application/json
Content-Length: 724
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d71400c248522c56de177536ec5f7e0d
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg

104.22.33.172

200 OK

13 kB

URL GET HTTP/2
offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://llama.website/Sq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13093 bytes)
Hash
1355aa125a385056845e0ee1d5384e9a
cfa5fd1b2dd6b299c0aecdf19fec3532ce4392ea
248797fff982ee400ab78ff6831182372f9ef8a6916364192ca0f30556577733

HTTP Headers

GET /www/images/1355aa125a385056845e0ee1d5384e9a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: image/jpeg
content-length: 13093
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849b-3325"
expires: Mon, 06 Nov 2023 06:43:41 GMT
last-modified: Thu, 01 Dec 2022 10:40:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 50903
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa7a6c0a0a18-ARN
X-Firefox-Spdy: h2

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyy_s3QSZW0Sc1-O5tcpXk7-2LjhT3dlkmhalShGLbF4K2vHEvuqAJe92ThQMssdtsx51cxh0Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-419396288%3A1699217524283312&theme=glif

142.250.74.109

403 Forbidden

806 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyy_s3QSZW0Sc1-O5tcpXk7-2LjhT3dlkmhalShGLbF4K2vHEvuqAJe92ThQMssdtsx51cxh0Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-419396288%3A1699217524283312&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Size
806 B (806 bytes)
Hash
cbdd2d9739409864d331240f8be60374
34e56159b2aa5c485ab96d671532033d8f788fe0
7908964349ce78c691fb2c3f3eb655af044c41dba2c322725e15a984b0529048

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyy_s3QSZW0Sc1-O5tcpXk7-2LjhT3dlkmhalShGLbF4K2vHEvuqAJe92ThQMssdtsx51cxh0Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-419396288%3A1699217524283312&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Nov 2023 20:52:04 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-iAjIAE4vGic4Jta9VqCMEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywoKCrwaNQuxamFEs4CbLOTMt0VwEtth3sjHRDoyh-BOH-lVpEv-KmauwlWoQZc7WqPahXW&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1191323698%3A1699217524260513&theme=glif

142.250.74.109

403 Forbidden

818 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywoKCrwaNQuxamFEs4CbLOTMt0VwEtth3sjHRDoyh-BOH-lVpEv-KmauwlWoQZc7WqPahXW&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1191323698%3A1699217524260513&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
gzip compressed data, max compression\012- data
Size
818 B (818 bytes)
Hash
a184565183250d68f7c5ac358a821399
0f87487a2b30e8cab9d402270eecb3ce337d61df
2c087103348302512bb5c84b2c8b89e83f273d4a5964c766ef931fb2736bf0d1

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywoKCrwaNQuxamFEs4CbLOTMt0VwEtth3sjHRDoyh-BOH-lVpEv-KmauwlWoQZc7WqPahXW&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1191323698%3A1699217524260513&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Nov 2023 20:52:04 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-fxhJmE5teWR74Vvo6Jqnmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

OPTIONS amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
266e189ecf500fd892e7859de7bfa76e
9878d25f7aa771fa9bf10883393a8c18c8395c1f
495cac73d543167ea1abf13f89b7c3d6b76a3aa62792d1533af0e446ce216e77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Content-Type: application/json
Content-Length: 500
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg

104.22.33.172

200 OK

14 kB

URL GET HTTP/2
offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://llama.website/Sq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
14 kB (13778 bytes)
Hash
7d763937692f59aea0578ffe58c10ee0
b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b
2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620

HTTP Headers

GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:05 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Mon, 06 Nov 2023 06:44:01 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 50884
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa7b5d280a18-ARN
X-Firefox-Spdy: h2

GET llama.website/sw.js

91.92.249.75

404 Not Found

1.1 kB

URL GET HTTP/2
llama.website/sw.js
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.1 kB (1069 bytes)
Hash
9e5c0a16191700fddff6a461ba2a762e
a6b557dd7e48071a988b9a52ced49cc7c691600f
b3bc2b83d3d971c07b839d4ba11ba3ff249835611cdf6fef668569cc222d9e35

HTTP Headers

GET /sw.js HTTP/1.1
Host: llama.website
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/Sq
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=oi5il24eti2u3cdbhu5nj80ssr; short_348=1; prefetchAd_6551783=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2

OPTIONS ibrapush.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
ibrapush.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
f473de835b7b3e95106259093bc40054
1e0b67090f0210f572069f43dfc4a2743dfbb6b6
b156ac786fa1b23d3f965f3ce0d0b0a4d694591ad25b7e999522cb5ea6bea5b7

HTTP Headers

POST /event HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Content-Type: application/json
Content-Length: 1553
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:05 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?pub=0&userId=0f00e029b1dd40df932bac0251f8cee8&zoneId=6551787&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=0f00e029b1dd40df932bac0251f8cee8&zoneId=6551787&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
a198a174ce69df65ff830e4c6dbaeaa9
ccac2b37ba80251c565d377caf7f6f404a5d1fae
e59255ef767611acfcc7fdcd5736cd5e40fb2168db38cd7555059bcc14a2d2e6

HTTP Headers

GET /gid.js?pub=0&userId=0f00e029b1dd40df932bac0251f8cee8&zoneId=6551787&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Cookie: ID=a54b3fba89bc4d09a1fe9ccba830cea1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://llama.website
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

OPTIONS amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
9812f74864e357495fd0d1f59707a51f
51c9a4d3decaa13c92435a58fbc0d776ce8589ea
0a00f5e5a413d8a05b4fe540c1948d7d789562557f0f4bedcd87953194c1d8f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Content-Type: application/json
Content-Length: 500
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:05 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET aistekso.net/500/6551786?excludes=&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0

139.45.197.244

200 OK

20 kB

URL GET HTTP/2
aistekso.net/500/6551786?excludes=&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
FingerprintED:B9:45:BE:46:3F:F4:75:11:1C:6C:E9:06:15:9F:A7:09:51:83:8B
ValidityMon, 16 Oct 2023 12:40:15 GMT - Sun, 14 Jan 2024 12:40:14 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 kB (20419 bytes)
Hash
56ed6624006fcbe2cb87edc9f36bb542
d8a7d90ec5c7885af652926b9dd164ce3b09d740
e171b99c61a3da57d1cf6c1835804ffc95e8474c93a574a1fe905fd22554c34a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6551786?excludes=&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: OAID=1315dd1746574ddd995541f81597539d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: application/javascript
x-trace-id: bf6f8a13aee92d5149faa669564dd6be
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://llama.website
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET aistekso.net/impression/cf_PAJdx3ZTHY1jCzig4fT1zdQn3Ksv4jLQjBtFZ6WPagmjy1uPMJZAtBUISgkRbUostB5ueqOVJxEGiTyW9iTCk6fNljR0d3ls6MGU6fsNVu-eDYvXasOnVEw7iA4sIfoS1ktcxeJ6-jMy3QALeAmn1sH1t-kqZDJHlF8y9tQ1RzTMKFK4HccWjqY_YJf9Nc22epRt70QFGfQfXrL6nSXKNBezgO9a1DguXoRIZfjI65TEiTT96zTBB7D7nBUqTs_i-ehTcoMV0hPu9c59LdsmWHBGmA6SJ_8pE594Y9yfg1plel9OCAPcFfwZAG4Gwqi0LMy1Q97dawJOK_swEE5W6YdmkiwEo7DME7J-zw7J4BNQ8mex8pyJd0RlVr5SzQVYlqxPshVWsCq9e5y0L3zNhhy2Qfoi8XGyd7AeR6taUofxd-7VwPHxI-VQl1xuZ61JnjPl8xmv1xhhwzld7EIzFe9Rm0PkfgirI1O79BEOogOkYVG0TXK7snjYa68JOBlhTwC_TDN29qNBvfWrQGdRCkpiy6hvmq7tnMPCIKcpAjEb5hMElfFXKh-KTQq9cv-z5gtmgdyrhQqL6AXrVfw==?_z=6551786&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0

139.45.197.244

200 OK

43 B

URL GET HTTP/2
aistekso.net/impression/cf_PAJdx3ZTHY1jCzig4fT1zdQn3Ksv4jLQjBtFZ6WPagmjy1uPMJZAtBUISgkRbUostB5ueqOVJxEGiTyW9iTCk6fNljR0d3ls6MGU6fsNVu-eDYvXasOnVEw7iA4sIfoS1ktcxeJ6-jMy3QALeAmn1sH1t-kqZDJHlF8y9tQ1RzTMKFK4HccWjqY_YJf9Nc22epRt70QFGfQfXrL6nSXKNBezgO9a1DguXoRIZfjI65TEiTT96zTBB7D7nBUqTs_i-ehTcoMV0hPu9c59LdsmWHBGmA6SJ_8pE594Y9yfg1plel9OCAPcFfwZAG4Gwqi0LMy1Q97dawJOK_swEE5W6YdmkiwEo7DME7J-zw7J4BNQ8mex8pyJd0RlVr5SzQVYlqxPshVWsCq9e5y0L3zNhhy2Qfoi8XGyd7AeR6taUofxd-7VwPHxI-VQl1xuZ61JnjPl8xmv1xhhwzld7EIzFe9Rm0PkfgirI1O79BEOogOkYVG0TXK7snjYa68JOBlhTwC_TDN29qNBvfWrQGdRCkpiy6hvmq7tnMPCIKcpAjEb5hMElfFXKh-KTQq9cv-z5gtmgdyrhQqL6AXrVfw==?_z=6551786&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
FingerprintED:B9:45:BE:46:3F:F4:75:11:1C:6C:E9:06:15:9F:A7:09:51:83:8B
ValidityMon, 16 Oct 2023 12:40:15 GMT - Sun, 14 Jan 2024 12:40:14 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/cf_PAJdx3ZTHY1jCzig4fT1zdQn3Ksv4jLQjBtFZ6WPagmjy1uPMJZAtBUISgkRbUostB5ueqOVJxEGiTyW9iTCk6fNljR0d3ls6MGU6fsNVu-eDYvXasOnVEw7iA4sIfoS1ktcxeJ6-jMy3QALeAmn1sH1t-kqZDJHlF8y9tQ1RzTMKFK4HccWjqY_YJf9Nc22epRt70QFGfQfXrL6nSXKNBezgO9a1DguXoRIZfjI65TEiTT96zTBB7D7nBUqTs_i-ehTcoMV0hPu9c59LdsmWHBGmA6SJ_8pE594Y9yfg1plel9OCAPcFfwZAG4Gwqi0LMy1Q97dawJOK_swEE5W6YdmkiwEo7DME7J-zw7J4BNQ8mex8pyJd0RlVr5SzQVYlqxPshVWsCq9e5y0L3zNhhy2Qfoi8XGyd7AeR6taUofxd-7VwPHxI-VQl1xuZ61JnjPl8xmv1xhhwzld7EIzFe9Rm0PkfgirI1O79BEOogOkYVG0TXK7snjYa68JOBlhTwC_TDN29qNBvfWrQGdRCkpiy6hvmq7tnMPCIKcpAjEb5hMElfFXKh-KTQq9cv-z5gtmgdyrhQqL6AXrVfw==?_z=6551786&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:08 GMT
content-type: image/gif
content-length: 43
x-trace-id: c61ad54fab72a767f91a65849cbdcaf0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET gishejuy.com/impression/oe4dWaQWnjXneAvlmnRhrKwUHy6vGnr5-tuLJBSZ43UXg4lPdRMMpBmoAwnEhTnn2YnlDBZCo4sp9RVWEMyyKelthF5RbUc1uPjLJw-3FO5qNIXnytCLF8U8zwDHzbqYRofUpfUpLfhw2d4vCjRWDAWmGs0ixxBP8qBZ2rR73ghlTsnmvEa6JFFJYBCjGGOt8yUAYLiOPhfsi4Ac_5MhQ4eWFgebraZOJmJEYO0OLxG9U3yHJKGBA7JAHmCYFmexG3IQNiyeBBNIAMzuLte3owHnBveXHXmZi8QklGnlWKNjfpAP6gbXbYTox3o3SKsMAhSoVQ9MQN4vvJFAyqFj2IAV1kADR6ASjG3LYd4rLf4EXiVeGKQdbdKz89igUBYIL6jqF27TsPdVp_yNX5QSvt8ADiVMOP6HnUwmMOb9kC2cluta34Kd1rduTzNOqBzev4UXcZk0uHGFtAOfCPSCNi4oFqdQzrODRzNLHWjnRIEko8p0JsBbxWdso67TNP3GsiGN3obOupxzxg9zbQbMVOOp9w6gl34pmk7IUqPUa_Xh4K-XlV5AyYW1GsFue3Uvu18gsKwHoFZxER2gWFtf9g==?_z=6551784&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/oe4dWaQWnjXneAvlmnRhrKwUHy6vGnr5-tuLJBSZ43UXg4lPdRMMpBmoAwnEhTnn2YnlDBZCo4sp9RVWEMyyKelthF5RbUc1uPjLJw-3FO5qNIXnytCLF8U8zwDHzbqYRofUpfUpLfhw2d4vCjRWDAWmGs0ixxBP8qBZ2rR73ghlTsnmvEa6JFFJYBCjGGOt8yUAYLiOPhfsi4Ac_5MhQ4eWFgebraZOJmJEYO0OLxG9U3yHJKGBA7JAHmCYFmexG3IQNiyeBBNIAMzuLte3owHnBveXHXmZi8QklGnlWKNjfpAP6gbXbYTox3o3SKsMAhSoVQ9MQN4vvJFAyqFj2IAV1kADR6ASjG3LYd4rLf4EXiVeGKQdbdKz89igUBYIL6jqF27TsPdVp_yNX5QSvt8ADiVMOP6HnUwmMOb9kC2cluta34Kd1rduTzNOqBzev4UXcZk0uHGFtAOfCPSCNi4oFqdQzrODRzNLHWjnRIEko8p0JsBbxWdso67TNP3GsiGN3obOupxzxg9zbQbMVOOp9w6gl34pmk7IUqPUa_Xh4K-XlV5AyYW1GsFue3Uvu18gsKwHoFZxER2gWFtf9g==?_z=6551784&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/oe4dWaQWnjXneAvlmnRhrKwUHy6vGnr5-tuLJBSZ43UXg4lPdRMMpBmoAwnEhTnn2YnlDBZCo4sp9RVWEMyyKelthF5RbUc1uPjLJw-3FO5qNIXnytCLF8U8zwDHzbqYRofUpfUpLfhw2d4vCjRWDAWmGs0ixxBP8qBZ2rR73ghlTsnmvEa6JFFJYBCjGGOt8yUAYLiOPhfsi4Ac_5MhQ4eWFgebraZOJmJEYO0OLxG9U3yHJKGBA7JAHmCYFmexG3IQNiyeBBNIAMzuLte3owHnBveXHXmZi8QklGnlWKNjfpAP6gbXbYTox3o3SKsMAhSoVQ9MQN4vvJFAyqFj2IAV1kADR6ASjG3LYd4rLf4EXiVeGKQdbdKz89igUBYIL6jqF27TsPdVp_yNX5QSvt8ADiVMOP6HnUwmMOb9kC2cluta34Kd1rduTzNOqBzev4UXcZk0uHGFtAOfCPSCNi4oFqdQzrODRzNLHWjnRIEko8p0JsBbxWdso67TNP3GsiGN3obOupxzxg9zbQbMVOOp9w6gl34pmk7IUqPUa_Xh4K-XlV5AyYW1GsFue3Uvu18gsKwHoFZxER2gWFtf9g==?_z=6551784&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:08 GMT
content-type: image/gif
content-length: 43
x-trace-id: da16f323c35e5b2b334f91a27d16c255
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET gishejuy.com/500/6551784?excludes=16368910&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/6551784?excludes=16368910&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6551784?excludes=16368910&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:08 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://llama.website
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.242

200 OK

12 kB

URL GET HTTP/2
gishejuy.com/500/6551784?excludes=16368910&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
12 kB (11852 bytes)
Hash
d14f0b7ed9aec2d556bffaf6ae61db91
4aa2668a8903fdd54b5c6c1bbaf5fef58fce41c1
aea1a1d22262c3adb54a68a3f3a698520e5b0d1ff3da1c8d262e4242ec8621d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6551784?excludes=16368910&oaid=a54b3fba89bc4d09a1fe9ccba830cea1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:08 GMT
content-type: application/javascript
x-trace-id: 72a94a9b49e8306a3755cde6829d1a37
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://llama.website
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:08 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg

104.22.33.172

200 OK

14 kB

URL GET HTTP/2
offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://llama.website/Sq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
14 kB (13778 bytes)
Hash
7d763937692f59aea0578ffe58c10ee0
b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b
2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620

HTTP Headers

GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:08 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Mon, 06 Nov 2023 06:44:01 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 50887
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa922fb60a18-ARN
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://llama.website/Sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Nov 2023 10:05:24 GMT
expires: Sat, 02 Nov 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 211604
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://llama.website/Sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Nov 2023 02:00:44 GMT
expires: Sat, 02 Nov 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 240684
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff2

91.92.249.75

200 OK

17 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff2
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Size
17 kB (17156 bytes)
Hash
7e344afc10a492d516789f072fa6edfd
f38bd0b4e9d0577528f533b8ecd80801a0c6340f
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-600.woff2 HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:09 GMT
content-length: 17156
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "4304-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff2

91.92.249.75

200 OK

29 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff2
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Size
29 kB (28846 bytes)
Hash
5aebb82f5af92d647fee92ce0737c21a
bbbd338490cd374fe35de31469d835efd78d10d7
2963699f5f103c7f46c86c5914c010144641571a4d0cbdcc4d5829bb11cf039b

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-regular.woff2 HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:09 GMT
content-length: 16980
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "4254-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff

91.92.249.75

200 OK

21 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.woff
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format, TrueType, length 21048, version 1.1\012- data
Size
21 kB (21048 bytes)
Hash
79ca5494c53495af3d607a356a181fa9
8b1976713c7c694e6ebd4338685c49959cb738d5
af36b391244e3c8c4ab03691c412c59c86c1a02812b16b76db7a907f25b6b59a

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-600.woff HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:09 GMT
content-type: application/font-woff
content-length: 21048
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "5238-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.ttf

91.92.249.75

200 OK

40 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.ttf
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito \012- data
Size
40 kB (39652 bytes)
Hash
da716d1e63b1e4ddacb98b552883f5aa
a4ca73d5c7d65c816c403198625a1c5e3c70f260
ed9a72228e4ac259a758e7d47a07d8ed121221405897eea5df8bcddcc76f16bb

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-regular.ttf HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:09 GMT
content-type: application/font-sfnt
content-length: 39652
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "9ae4-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.ttf

91.92.249.75

200 OK

40 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-600.ttf
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito \012- data
Size
40 kB (40096 bytes)
Hash
04cdf5dd245bc21d9ccabe0895c2ca25
9385314cbfcf04d3e561f28d3e1a163252343e8e
27a6442744a9983ecb3c4758a4474b9f4942f9e2fced03797982c8243eb57dd5

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-600.ttf HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:09 GMT
content-type: application/font-sfnt
content-length: 40096
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "9ca0-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6096484&screen_width=20&screen_height=634&os=Linux%20x86_64&refurl=https%3A%2F%2Fllama.website%2F&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15487444%2FDailymotion.com.txt.html&rnd=1699217522901

212.47.222.21

200 OK

590 B

URL GET HTTP/2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6096484&screen_width=20&screen_height=634&os=Linux%20x86_64&refurl=https%3A%2F%2Fllama.website%2F&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15487444%2FDailymotion.com.txt.html&rnd=1699217522901
IP
212.47.222.21:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT

File type
ASCII text
Size
590 B (590 bytes)
Hash
861f4fb6baa2937a6b7a15af7fd0c015
44a08d201ecb4c26bfc16eab5bf3caf850e1e461
a1b82ba1a7bf5f15ad46e9ff9c363dcb0c0ac83a1b638270b665f325799aa031

HTTP Headers

GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6096484&screen_width=20&screen_height=634&os=Linux%20x86_64&refurl=https%3A%2F%2Fllama.website%2F&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15487444%2FDailymotion.com.txt.html&rnd=1699217522901 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
content-type: text/plain;charset=ISO-8859-1
content-length: 590
date: Sun, 05 Nov 2023 20:52:01 GMT
set-cookie: bepolite_id=103f8ca448e8f15367fa20e462b60e46; Max-Age=7776000; Expires=Sat, 03-Feb-2024 20:52:02 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 1013362872
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

GET gishejuy.com/impression/O5XJnwVu6vkILg5OKED4OpvRlKUKZqLBKzFbRDVge7kt_VUylbQBLnAVUl_GEFkmU-bGO0YmtaDmbifwg_pcZPLRqNVPeiYz4oAcycHwuf_qW9z5ENz_p8fC8bsZbd79V6cF3c8p83fBCnCpo_aV-aSDaDBylDkmru6rj5UTtzCEKBL47-TW8Lp4jEG5mhMW9PGBVdo2GpbT4ZNasD0JYz7HmYN0MUJsQ3nPSONEtfjQPOkWg3CVn6-dWW3OoeDYAb76G7yTvPPwiYZ6aUKOVBeFwYlfkYJUBZthqF0-jsYoeQTu5INCNnOsr-fW4hTwN9DVLKO3YqP0g1mEvUe4b8563AViTxWwnrFOhSn_ERCVMLhGjzPUTsZjXLOUFpTndc_b7FmCYOrxrjCsFJFK-jluwvdrx0WK59XNRXQm5WKAw7jDLL8ZaDl375ssS00f298BKIrU6wlZDABagPB0cmBNYTJ3Vrm84hkwbneLZR7CwTiDPwB--vSfptMJZ3LgrtiJlriAlH9dUB30b2pQ0HIoZHY4GHi3eifY4yKuvuIVzby1XDswHa2WK6ULs7Uk5DpX_n-RYxbs0OMRLIlMVQ==?_z=6551784&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/O5XJnwVu6vkILg5OKED4OpvRlKUKZqLBKzFbRDVge7kt_VUylbQBLnAVUl_GEFkmU-bGO0YmtaDmbifwg_pcZPLRqNVPeiYz4oAcycHwuf_qW9z5ENz_p8fC8bsZbd79V6cF3c8p83fBCnCpo_aV-aSDaDBylDkmru6rj5UTtzCEKBL47-TW8Lp4jEG5mhMW9PGBVdo2GpbT4ZNasD0JYz7HmYN0MUJsQ3nPSONEtfjQPOkWg3CVn6-dWW3OoeDYAb76G7yTvPPwiYZ6aUKOVBeFwYlfkYJUBZthqF0-jsYoeQTu5INCNnOsr-fW4hTwN9DVLKO3YqP0g1mEvUe4b8563AViTxWwnrFOhSn_ERCVMLhGjzPUTsZjXLOUFpTndc_b7FmCYOrxrjCsFJFK-jluwvdrx0WK59XNRXQm5WKAw7jDLL8ZaDl375ssS00f298BKIrU6wlZDABagPB0cmBNYTJ3Vrm84hkwbneLZR7CwTiDPwB--vSfptMJZ3LgrtiJlriAlH9dUB30b2pQ0HIoZHY4GHi3eifY4yKuvuIVzby1XDswHa2WK6ULs7Uk5DpX_n-RYxbs0OMRLIlMVQ==?_z=6551784&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/O5XJnwVu6vkILg5OKED4OpvRlKUKZqLBKzFbRDVge7kt_VUylbQBLnAVUl_GEFkmU-bGO0YmtaDmbifwg_pcZPLRqNVPeiYz4oAcycHwuf_qW9z5ENz_p8fC8bsZbd79V6cF3c8p83fBCnCpo_aV-aSDaDBylDkmru6rj5UTtzCEKBL47-TW8Lp4jEG5mhMW9PGBVdo2GpbT4ZNasD0JYz7HmYN0MUJsQ3nPSONEtfjQPOkWg3CVn6-dWW3OoeDYAb76G7yTvPPwiYZ6aUKOVBeFwYlfkYJUBZthqF0-jsYoeQTu5INCNnOsr-fW4hTwN9DVLKO3YqP0g1mEvUe4b8563AViTxWwnrFOhSn_ERCVMLhGjzPUTsZjXLOUFpTndc_b7FmCYOrxrjCsFJFK-jluwvdrx0WK59XNRXQm5WKAw7jDLL8ZaDl375ssS00f298BKIrU6wlZDABagPB0cmBNYTJ3Vrm84hkwbneLZR7CwTiDPwB--vSfptMJZ3LgrtiJlriAlH9dUB30b2pQ0HIoZHY4GHi3eifY4yKuvuIVzby1XDswHa2WK6ULs7Uk5DpX_n-RYxbs0OMRLIlMVQ==?_z=6551784&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.306.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:11 GMT
content-type: image/gif
content-length: 43
x-trace-id: e0c34e1e1323556438fbee0338e52ae4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff

91.92.249.75

200 OK

21 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format, TrueType, length 20864, version 1.1\012- data
Size
21 kB (20864 bytes)
Hash
159f6e63e068d1b2233c78fadb789b96
dc7a6ec97ef463929eea507a5a2e76d2fb574b25
481b0fe050b9209c7dcd0cf23363c1754d094933aa28b329599d360c050a418e

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-regular.woff HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/font-woff
content-length: 20864
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "5180-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET pogothere.xyz/asd100.bin

172.67.220.203

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5400
last-modified: Sun, 05 Nov 2023 19:22:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VNevQkqDEVvKrWrL7MjrQYkgolc8zwVJ%2FDWd%2BPJYEiMr8qWgABQ413qoEyfD0iWcQHiy89ZI42eJHjyQC64XKdOJBXLFBsMmqOJN8arEC49QrriWtpb%2BRNZy9fipfCVd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa755aa356b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nandweandthe.org/VVB4Z2R6bxsUWQcXMiU3ZWlBMgoHZx4vAAQ0SxNQMxYIHgJmYF4TDTFtQV5TYWBAQRQ8NEVWXHMjDAYQICNFVkI8Ph4IWXMmRVZKZX5KSVBzJUVWQiEgGQBZZHYIExA5bUlRXWxiSVBRZ2NIU10

172.67.176.169

204 No Content

0 B

URL GET HTTP/2
nandweandthe.org/VVB4Z2R6bxsUWQcXMiU3ZWlBMgoHZx4vAAQ0SxNQMxYIHgJmYF4TDTFtQV5TYWBAQRQ8NEVWXHMjDAYQICNFVkI8Ph4IWXMmRVZKZX5KSVBzJUVWQiEgGQBZZHYIExA5bUlRXWxiSVBRZ2NIU10
IP
172.67.176.169:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerLet's Encrypt
Subjectnandweandthe.org
Fingerprint1F:B6:15:88:D9:CB:F8:82:C6:0C:AE:98:CF:A4:E2:D8:06:4E:0D:6D
ValidityMon, 30 Oct 2023 06:45:49 GMT - Sun, 28 Jan 2024 06:45:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /VVB4Z2R6bxsUWQcXMiU3ZWlBMgoHZx4vAAQ0SxNQMxYIHgJmYF4TDTFtQV5TYWBAQRQ8NEVWXHMjDAYQICNFVkI8Ph4IWXMmRVZKZX5KSVBzJUVWQiEgGQBZZHYIExA5bUlRXWxiSVBRZ2NIU10 HTTP/1.1
Host: nandweandthe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 05 Nov 2023 20:52:03 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y3PyCGGY6x1AX6fx%2FZ1l5I2QFrCTtRrQn1YT8Qz%2FmeLAuBmYWUyIgP9gLQpPk9anfczkHi%2FMNb6J9yaJPcorqhI7QVSmV7BVkoSu%2B2kPS5d7op0TiDgw1Cv8UY5dAszJJUfv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8217fa6f3be4568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nandweandthe.org/M3R3dkwcSxQFcWEaNT8ZZgxHJyJHGBM+GncXIBJ9Vx81ARYAH1ECJVdJTk97B0VDUDxaEEpHakAAFgI5QElGUCVdEhhLakVJRlh/B1pEQmIDUgJLfRUABxcrDkVRBjhHGEpHegpNRUd7BkZERnsD

172.67.176.169

204 No Content

0 B

URL GET HTTP/2
nandweandthe.org/M3R3dkwcSxQFcWEaNT8ZZgxHJyJHGBM+GncXIBJ9Vx81ARYAH1ECJVdJTk97B0VDUDxaEEpHakAAFgI5QElGUCVdEhhLakVJRlh/B1pEQmIDUgJLfRUABxcrDkVRBjhHGEpHegpNRUd7BkZERnsD
IP
172.67.176.169:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerLet's Encrypt
Subjectnandweandthe.org
Fingerprint1F:B6:15:88:D9:CB:F8:82:C6:0C:AE:98:CF:A4:E2:D8:06:4E:0D:6D
ValidityMon, 30 Oct 2023 06:45:49 GMT - Sun, 28 Jan 2024 06:45:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /M3R3dkwcSxQFcWEaNT8ZZgxHJyJHGBM+GncXIBJ9Vx81ARYAH1ECJVdJTk97B0VDUDxaEEpHakAAFgI5QElGUCVdEhhLakVJRlh/B1pEQmIDUgJLfRUABxcrDkVRBjhHGEpHegpNRUd7BkZERnsD HTTP/1.1
Host: nandweandthe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 05 Nov 2023 20:52:03 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZntGTzYNBGd9M9EfgWwsRYjfLELGN9jIigKtZUDbWEbYEFLj9ZpjAITScR6n8f9VyuMbemGiktsoirifX6PuL4X85sN4I8IcEpWQ9gP4EanxWQSqRfh6oTckPGqE15EIFPQg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8217fa708df1568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/js/app.min.js

91.92.249.75

200 OK

5.9 kB

URL GET HTTP/2
nuke.biz/static/frontend/js/app.min.js
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
ASCII text, with very long lines (6152), with no line terminators
Size
5.9 kB (5886 bytes)
Hash
340b143eaf138cbe01808df36623ba17
12028e27b21f2b30dcc8bd5b348e2f9376c23f1e
b814997885c4d027fedde3afd5908840303e4fe6d3bbfd9aaebf75ac8c133e4f

HTTP Headers

GET /static/frontend/js/app.min.js HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: application/javascript
last-modified: Tue, 22 Aug 2023 17:20:04 GMT
etag: W/"16fe-6038634a51900"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET www.upload.ee/static/ubr__style.css

51.91.30.159

200 OK

9.4 kB

URL GET HTTP/1.1
www.upload.ee/static/ubr__style.css
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9680), with no line terminators
Size
9.4 kB (9434 bytes)
Hash
ab59a1bc9fadd0961e5f60c35aa9052a
5785a15139773ccec5942d241743d0f26d0e36c4
b5bb8632acdad4c1ee9ef902886c1a1475178561c5c17dc4d1b54c849bd60a8a

HTTP Headers

GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Nov 2023 20:52:02 GMT
Content-Type: text/css
Last-Modified: Tue, 17 Oct 2023 12:17:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7b50-24da"
Expires: Sun, 12 Nov 2023 20:52:02 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip

GET gishejuy.com/400/6551784

139.45.197.242

200 OK

82 kB

URL GET HTTP/2
gishejuy.com/400/6551784
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (82015 bytes)
Hash
e090d59aeb53215074982292f514c3ca
e81355ab40be8b86c40546bf386645b53c21b0aa
e07745f1a30fffc972c3792214cd4f7b501903f5d05ce11e78d570469c711b20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6551784 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/javascript
x-trace-id: 55dff35b6a0178d9d74a4f0567566914
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=9fb02cb1d83b473dae963eda946ab806; expires=Mon, 04 Nov 2024 20:52:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET nandweandthe.org/popunder.gif

172.67.176.169

200 OK

35 B

URL GET HTTP/3
nandweandthe.org/popunder.gif
IP
172.67.176.169:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerLet's Encrypt
Subjectnandweandthe.org
Fingerprint1F:B6:15:88:D9:CB:F8:82:C6:0C:AE:98:CF:A4:E2:D8:06:4E:0D:6D
ValidityMon, 30 Oct 2023 06:45:49 GMT - Sun, 28 Jan 2024 06:45:48 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: nandweandthe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 97404
last-modified: Sat, 04 Nov 2023 17:48:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wShaetAQzVfEM%2FM4V0%2FYhyj1Kzd7gl%2FxNi3b%2BivYUBS4XfxCEXAYFsGCfw4WoFlTeh1wEt5PvgboL8zl0YtLCKNdjmdJdyZq2usPDordnQ5SEKSBUaGyQR9Dld9WeoFIToQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa737c3456b4-OSL
alt-svc: h3=":443"; ma=86400

GET nandweandthe.org/cTdIbEdeCCsfehBbHV4TJFsrNSAnDi0qCRt2EBhwKVoZJCJCdm4YLhUKcVVwQgFxSjcYU3VdYQJDKRgyAgp5Si4fUSdRYQcKeUJ0RRl7WGlBET1RdldDOA0gTAZuHDMFW3VdcUgOel1wRAV7XHVA

172.67.176.169

204 No Content

0 B

URL GET HTTP/2
nandweandthe.org/cTdIbEdeCCsfehBbHV4TJFsrNSAnDi0qCRt2EBhwKVoZJCJCdm4YLhUKcVVwQgFxSjcYU3VdYQJDKRgyAgp5Si4fUSdRYQcKeUJ0RRl7WGlBET1RdldDOA0gTAZuHDMFW3VdcUgOel1wRAV7XHVA
IP
172.67.176.169:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerLet's Encrypt
Subjectnandweandthe.org
Fingerprint1F:B6:15:88:D9:CB:F8:82:C6:0C:AE:98:CF:A4:E2:D8:06:4E:0D:6D
ValidityMon, 30 Oct 2023 06:45:49 GMT - Sun, 28 Jan 2024 06:45:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cTdIbEdeCCsfehBbHV4TJFsrNSAnDi0qCRt2EBhwKVoZJCJCdm4YLhUKcVVwQgFxSjcYU3VdYQJDKRgyAgp5Si4fUSdRYQcKeUJ0RRl7WGlBET1RdldDOA0gTAZuHDMFW3VdcUgOel1wRAV7XHVA HTTP/1.1
Host: nandweandthe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 05 Nov 2023 20:52:03 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOR4grtn2f%2BvggTli0Bhmnu9HknNXxgAp3IH%2FizfXWUpTLGdgdqTsIXnVbM6mbxh78ZP1%2B%2FxH%2FO1HWBi97O6USUVl3GdcEzqcxwAUFo5blhoctFlZ%2FNp%2F0676lH8cOmFlBd0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8217fa6f3be2568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET dweatherbe.org/utx?cb=4JMF6jKry0By&top=www.upload.ee&tid=997414

108.157.214.79

204 No Content

0 B

URL GET HTTP/2
dweatherbe.org/utx?cb=4JMF6jKry0By&top=www.upload.ee&tid=997414
IP
108.157.214.79:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerAmazon
Subjectdweatherbe.org
FingerprintB9:18:AC:1F:87:E4:2C:E9:36:35:FF:E7:F8:8F:F7:77:F0:AB:4C:4A
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=4JMF6jKry0By&top=www.upload.ee&tid=997414 HTTP/1.1
Host: dweatherbe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 05 Nov 2023 20:52:04 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 05 Nov 2023 20:53:04 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0078c2805bf98a4574ea5eee972aa9f6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: KwdyE-EsDE7Lw46uOvfSBqRI7sKE83FE5UQtRz7WoCEA2YEQsRHFYA==
X-Firefox-Spdy: h2

GET nuke.biz/static/custom.min.js

91.92.249.75

200 OK

13 kB

URL GET HTTP/2
nuke.biz/static/custom.min.js
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
HTML document, ASCII text, with very long lines (13184), with no line terminators
Size
13 kB (13184 bytes)
Hash
6d0fd498fae4b3e791c3960f13d990a4
17fc76b7d7baf945b510380329a265673bfe7bd1
e2f9b84536c735a5d94780169580ecfb7e4114f4ae3d011d1fd2f16c408febfe

HTTP Headers

GET /static/custom.min.js HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: application/javascript
last-modified: Tue, 29 Aug 2023 12:54:04 GMT
etag: W/"3380-6040f4e3e7300"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c

142.250.74.168

200 OK

250 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (3034)
Size
250 kB (249537 bytes)
Hash
e3418f24d020365490d1edce09545dd9
d8f719f10c7a22b9d1ccdb45b6c360e17e7e1cb3
8ccf82db0be4818315a4b2709219dc98667a007f85de97592431457a7ad6c061

HTTP Headers

GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Nov 2023 20:52:03 GMT
expires: Sun, 05 Nov 2023 20:52:03 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86036
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1652
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 05 Nov 2023 20:52:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://llama.website
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET llama.website/Sq

91.92.249.75

200 OK

6.8 kB

URL User Request GET HTTP/2
llama.website/Sq
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7277), with no line terminators
Size
6.8 kB (6777 bytes)
Hash
f7d89915198972d464a39f280f7736ff
4f810d600d0c6e97a4823963ffe874625c421aa4
54acd923e4185f6a4b96e6e86863cfe910952f3f457231b6284657d4a1eac49b

HTTP Headers

GET /Sq HTTP/1.1
Host: llama.website
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:01 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=oi5il24eti2u3cdbhu5nj80ssr; path=/
short_348=1; expires=Sun, 05-Nov-2023 21:07:01 GMT; Max-Age=900; path=/; HttpOnly
x-powered-by: PHP/8.0.30, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/libs/select2/dist/css/select2.min.css

91.92.249.75

200 OK

15 kB

URL GET HTTP/2
nuke.biz/static/frontend/libs/select2/dist/css/select2.min.css
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
ASCII text, with very long lines (14965)
Size
15 kB (14966 bytes)
Hash
9f54e6414f87e0d14b9e966f19a174f9
ae5735562faabd1a2d9803bbd7bf4c502b5e4f51
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81

HTTP Headers

GET /static/frontend/libs/select2/dist/css/select2.min.css HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: text/css
last-modified: Tue, 13 Dec 2022 03:15:26 GMT
etag: W/"3a76-5efad07fdaf80"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET pogothere.xyz/

172.67.220.203

200 OK

25 B

URL GET HTTP/2
pogothere.xyz/
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
5520266d1e49ad168106e7d66e95ffdb
0ff32b1cbf9f17fa18462996313d4dace6ebbc38
9b5b5cc88a30d925cffc85ff0b5764691247441bc59406d44d71209600928113

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: text/plain
set-cookie: csu=87222391364238@1@1699217524; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BRpw%2B4ABLeYP357RR0g6aRgefk8uGeulImZOLPVrDo%2BHXpiGxhDkqVAN8tXj5pQeH51R%2BVsimuD9smm8Ro4%2Fl3Nabxbs8yQzMg0%2FiBk3sqkiww74wZu5SOi7qHGRtYX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8217fa753a8c56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/libs/feather-icons/dist/feather.min.js

91.92.249.75

200 OK

76 kB

URL GET HTTP/2
nuke.biz/static/frontend/libs/feather-icons/dist/feather.min.js
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type

Size
76 kB (75779 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/frontend/libs/feather-icons/dist/feather.min.js HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: application/javascript
last-modified: Sat, 26 Oct 1985 06:15:00 GMT
etag: W/"12803-1c5faa6582100"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET pogothere.xyz/asd100.bin

172.67.220.203

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5400
last-modified: Sun, 05 Nov 2023 19:22:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ix67THeaLnImdStw6VQ9IOgU6%2FZmWiYUDmkML%2F9kCLdEp1y4O5bxn5t9KqoWVYyz2FT0FxCpAGSOwclFhmBZDDC4fW2vS80P9DFuzhLe7QgKAjKEuW4CsrlXUPoFK2Fd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa755aa756b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nuke.biz/static/bundle.pack.js

91.92.249.75

200 OK

332 kB

URL GET HTTP/2
nuke.biz/static/bundle.pack.js
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type

Size
332 kB (331817 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/bundle.pack.js HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: application/javascript
last-modified: Thu, 28 Oct 2021 23:50:18 GMT
etag: W/"51029-5cf725f70c280"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

200 OK

11 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://llama.website/Sq
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
ASCII text
Size
11 kB (10615 bytes)
Hash
dbdc7ee435c6a7f4277bfc7fedf28368
8194a5d7e0108bed7abb001d8bf2b8985a5aa2ca
91b113cbf5aedc9b93ceebe313863344b1ead775a618a7e9f31f9e98dbbdf227

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Nov 2023 20:52:08 GMT
date: Sun, 05 Nov 2023 20:52:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff

91.92.249.75

200 OK

21 kB

URL GET HTTP/2
nuke.biz/static/frontend/fonts/nunito-sans-v12-latin-regular.woff
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
Web Open Font Format, TrueType, length 20864, version 1.1\012- data
Size
21 kB (20864 bytes)
Hash
159f6e63e068d1b2233c78fadb789b96
dc7a6ec97ef463929eea507a5a2e76d2fb574b25
481b0fe050b9209c7dcd0cf23363c1754d094933aa28b329599d360c050a418e

HTTP Headers

GET /static/frontend/fonts/nunito-sans-v12-latin-regular.woff HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Referer: https://nuke.biz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:09 GMT
content-type: application/font-woff
content-length: 20864
last-modified: Sun, 06 Nov 2022 23:25:02 GMT
etag: "5180-5ecd59dbaaf80"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

GET pogothere.xyz/

172.67.220.203

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15487444/Dailymotion.com.txt.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
663cb5b75f25a60ae560e7cf105ea505
9b566f39db31f71efc48d87f5fff7f78a2b56d87
bb91d0f1aeebb47658f4205af7326a82699dcb2e08c34a4c898c102790f07ab9

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:04 GMT
content-type: text/plain
set-cookie: csu=855732120997847@1@1699217524; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHhkY%2BDngzs5ayloSmO7QztlVBtvcPO9WWyACnzp%2FWX4SmR5JFTQRI95EW3bJDxnMJN3%2F6jmpVaF77OBXk0gLXPlKwnWXs9A3rAda0IVZUvoOd82k%2FATviQ8qTAizeU3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8217fa754a8f56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ibrapush.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
ibrapush.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:05 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 08:40:08 GMT
etag: W/"65436068-df63"
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

GET offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg

104.22.33.172

200 OK

11 kB

URL GET HTTP/2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://llama.website/Sq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10857 bytes)
Hash
c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263

HTTP Headers

GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Nov 2023 20:52:08 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Mon, 06 Nov 2023 00:58:39 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 71609
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8217fa91bf2e0a18-ARN
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/css/style.min.css

91.92.249.75

200 OK

471 kB

URL GET HTTP/2
nuke.biz/static/frontend/css/style.min.css
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type

Size
471 kB (470730 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/frontend/css/style.min.css HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: text/css
last-modified: Thu, 03 Aug 2023 01:57:38 GMT
etag: W/"72eca-601fb1ac80880"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET veepteero.com/?rb=npC4dmOUAdv4VjJow7jleoVeAT9r_Afg16uYefGa2H3emkiGbAJoUamRWqHVSPU9eoOpm17x3qyZ9gNQJLntpT2jKh_u3RwafKRVi7D0F-iDYYKlQoegvEQmvE5M117bFLqzMD1GE0cc1rQBKEfdF3de4Vcyd_4auteEeJ3us7KXSCwldsfJOq73usZx9sHF7cxvKtJ3mkpO_td5ksn4uga1Nk8%3D&request_ab2=0&zoneid=6551783&js_build=iclick-v1.622.1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.622.1&bs=d604e473-b231-4191-8b4d-1569a0c9f92f&userId=a54b3fba89bc4d09a1fe9ccba830cea1&m=link

139.45.197.242

200 OK

2.2 kB

URL GET HTTP/2
veepteero.com/?rb=npC4dmOUAdv4VjJow7jleoVeAT9r_Afg16uYefGa2H3emkiGbAJoUamRWqHVSPU9eoOpm17x3qyZ9gNQJLntpT2jKh_u3RwafKRVi7D0F-iDYYKlQoegvEQmvE5M117bFLqzMD1GE0cc1rQBKEfdF3de4Vcyd_4auteEeJ3us7KXSCwldsfJOq73usZx9sHF7cxvKtJ3mkpO_td5ksn4uga1Nk8%3D&request_ab2=0&zoneid=6551783&js_build=iclick-v1.622.1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.622.1&bs=d604e473-b231-4191-8b4d-1569a0c9f92f&userId=a54b3fba89bc4d09a1fe9ccba830cea1&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint1A:C6:97:A2:07:05:7E:05:7E:51:8B:FD:B1:65:6D:73:73:55:0A:0A
ValiditySun, 15 Oct 2023 05:22:23 GMT - Sat, 13 Jan 2024 05:22:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2191), with no line terminators
Size
2.2 kB (2162 bytes)
Hash
0953fa9b0f6c0ccc7e7c6f619e196461
22b6c57e284cfafe016b6df15343ca51b199dd15
880f89236d98f76ca2528c75e8458447e05d98614ae66efd1ccccfbda7c84005

HTTP Headers

GET /?rb=npC4dmOUAdv4VjJow7jleoVeAT9r_Afg16uYefGa2H3emkiGbAJoUamRWqHVSPU9eoOpm17x3qyZ9gNQJLntpT2jKh_u3RwafKRVi7D0F-iDYYKlQoegvEQmvE5M117bFLqzMD1GE0cc1rQBKEfdF3de4Vcyd_4auteEeJ3us7KXSCwldsfJOq73usZx9sHF7cxvKtJ3mkpO_td5ksn4uga1Nk8%3D&request_ab2=0&zoneid=6551783&js_build=iclick-v1.622.1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fllama.website%2FSq&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.622.1&bs=d604e473-b231-4191-8b4d-1569a0c9f92f&userId=a54b3fba89bc4d09a1fe9ccba830cea1&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/json
x-trace-id: b661d183dda04aca07952e52ee4dbf70
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=a54b3fba89bc4d09a1fe9ccba830cea1; expires=Mon, 04 Nov 2024 20:52:03 GMT; path=/; secure; SameSite=None
oaidts=1699217523; expires=Mon, 04 Nov 2024 20:52:03 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 12 Nov 2023 20:52:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET nuke.biz/static/frontend/libs/cookieconsent/cookieconsent.css

91.92.249.75

200 OK

19 kB

URL GET HTTP/2
nuke.biz/static/frontend/libs/cookieconsent/cookieconsent.css
IP
91.92.249.75:443
ASN
#34368 Natskovi & Sie Ltd.

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectnuke.biz
Fingerprint54:0F:6E:6A:46:71:1E:28:8E:7B:38:D9:74:78:6F:DC:6B:50:50:8C
ValidityWed, 04 Oct 2023 18:07:19 GMT - Tue, 02 Jan 2024 18:07:18 GMT

File type
ASCII text, with very long lines (18803), with no line terminators
Size
19 kB (18803 bytes)
Hash
a8d96b4620e71d5cdd85ea03a1ee2cc6
825f712b1913ed2fcb95dc35ad8e5651598da8f3
4e5a1815609e1b500701e8a9c63a4ee98c47794025a0de9bbc7b8a3fdc4419e6

HTTP Headers

GET /static/frontend/libs/cookieconsent/cookieconsent.css HTTP/1.1
Host: nuke.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llama.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: text/css
last-modified: Tue, 13 Dec 2022 04:10:38 GMT
etag: W/"4973-5efadcd66cb80"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

GET ibrapush.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectibrapush.com
Fingerprint3B:3D:4B:42:6B:6E:62:C4:F4:D3:DC:97:17:EF:48:8C:68:5C:58:85
ValidityFri, 25 Aug 2023 05:43:35 GMT - Thu, 23 Nov 2023 05:43:34 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87852 bytes)
Hash
d46d2997ab218d1dba1ab614422ed53f
3f1f6b9847c8ad209835db366c62fcb209b83a67
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:03 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 08:40:08 GMT
etag: W/"65436068-1572c"
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

GET veepteero.com/88/19523

139.45.197.242

200 OK

3.0 kB

URL GET HTTP/2
veepteero.com/88/19523
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://llama.website/Sq
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint1A:C6:97:A2:07:05:7E:05:7E:51:8B:FD:B1:65:6D:73:73:55:0A:0A
ValiditySun, 15 Oct 2023 05:22:23 GMT - Sat, 13 Jan 2024 05:22:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3269), with no line terminators
Size
3.0 kB (3009 bytes)
Hash
7052ee19e906a9c2025a9b5aac659ecb
ea704c8ce993a9431b75d4e462b3aa542046dec0
40be0c1d379d22e84206638c85ebb857f7c5a2586170ceb3ad9c2d6516c96a13

HTTP Headers

GET /88/19523 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llama.website/
Origin: https://llama.website
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 Nov 2023 20:52:02 GMT
content-type: application/json
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://llama.website
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.nbfcs.org/

0.0.0.0

0 B

URL GET
www.nbfcs.org/
IP
0.0.0.0:0
ASN
#0

Requested by
https://llama.website/Sq

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (36)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by