| gpshtb.com/go/709?source=1328 | 173.214.244.181 | 302 Found | 0 B |
URL User Request GET HTTP/2gpshtb.com/go/709?source=1328 IP173.214.244.181:443
CertificateIssuerLet's Encrypt Subject55trck.xyz FingerprintCC:B4:D3:B4:0C:EA:67:96:AE:1B:7A:93:C1:11:26:8E:84:26:08:B8 ValiditySat, 13 May 2023 03:57:01 GMT - Fri, 11 Aug 2023 03:57:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go/709?source=1328 HTTP/1.1
Host: gpshtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rplnd61.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 31 May 2023 12:51:25 GMT
content-type: text/html; charset=UTF-8
location: https://new-psh.com/?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328
X-Firefox-Spdy: h2
|
|
| zerossl.ocsp.sectigo.com/ | 104.18.14.101 | | 314 B |
URL zerossl.ocsp.sectigo.com/ IP104.18.14.101:0
Hash6a3868ccf24274784492e370774fa7e4 d5d372f58c0671abf2532df80a264fc73088782e bd6e92aafff8fb7dd38e2380df2e86f0fa9d0cdc88ad9602d028bb2be3c29edd
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 31 May 2023 12:51:26 GMT
Content-Type: application/ocsp-response
Content-Length: 314
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 19:08:45 GMT
Expires: Sun, 04 Jun 2023 19:08:44 GMT
Etag: "d5d372f58c0671abf2532df80a264fc73088782e"
Cache-Control: max-age=368618,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cff59284e1a0b06-OSL
|
|
| news-dudafa.com/revopush.js?v=4 | 149.7.16.92 | 200 OK | 10 kB |
URL GET HTTP/2news-dudafa.com/revopush.js?v=4 IP149.7.16.92:443 ASN#63023 AS-GLOBALTELEHOST
Requested byhttps://news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4= CertificateIssuerZeroSSL Subjectnews-dudafa.com Fingerprint9E:D4:2D:58:CD:64:E3:AD:CC:87:A3:FA:4B:72:51:9F:0C:98:0D:93 ValidityThu, 20 Apr 2023 00:00:00 GMT - Wed, 19 Jul 2023 23:59:59 GMT
File typeASCII text, with very long lines (9954), with no line terminators Hashfc284a0e5d580856ae4863715ad6733e eb69f303c80ff8e44abc9601b8616c0cf92faafa 2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /revopush.js?v=4 HTTP/1.1
Host: news-dudafa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1NTUwM3w6fDUwfDp8dGtfYWR1bHR8Onx8Onx8Onw%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 12:51:26 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:13 GMT
etag: "639ae961-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1028487&st=1169113&wd=397081&d=gtuvyu.com&tpl=37&rnd=0.3907953686212915&sbid=ph_new&sbid2= | 185.162.85.14 | 200 OK | 0 B |
URL GET HTTP/2azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1028487&st=1169113&wd=397081&d=gtuvyu.com&tpl=37&rnd=0.3907953686212915&sbid=ph_new&sbid2= IP185.162.85.14:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://gtuvyu.com/video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new CertificateIssuerLet's Encrypt Subjectazkcqs.com Fingerprint11:37:8D:26:AD:FC:D8:86:6A:C5:26:21:D1:81:4A:49:49:AC:3C:EA ValidityThu, 27 Apr 2023 20:52:52 GMT - Wed, 26 Jul 2023 20:52:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rpe?a=1&s=1&act=17&src=2&p=1028487&st=1169113&wd=397081&d=gtuvyu.com&tpl=37&rnd=0.3907953686212915&sbid=ph_new&sbid2= HTTP/1.1
Host: azkcqs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gtuvyu.com
DNT: 1
Connection: keep-alive
Referer: https://gtuvyu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 31 May 2023 12:51:26 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| gtuvyu.com/video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new | 185.56.234.205 | 200 OK | 118 kB |
URL User Request GET HTTP/2gtuvyu.com/video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new IP185.56.234.205:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectgtuvyu.com FingerprintEC:85:0F:63:25:1F:AD:FC:E8:A5:9D:FC:9B:31:DD:50:FA:6D:70:A6 ValidityWed, 10 May 2023 14:38:25 GMT - Tue, 08 Aug 2023 14:38:24 GMT
Size118 kB (117678 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new HTTP/1.1
Host: gtuvyu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-dudafa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 31 May 2023 12:51:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Thu, 01-Jun-2023 12:51:26 GMT; Max-Age=86400; path=/; domain=gtuvyu.com
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fzhnq.gtuvyu.com/video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new&i=1 | 0.0.0.0 | | 0 B |
URL User Request GET fzhnq.gtuvyu.com/video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new&i=1 IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video-9?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcwODEsInNyYyI6Mn0=eyJ&si1=ph_new&i=1 HTTP/1.1
Host: fzhnq.gtuvyu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gtuvyu.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| news-dudafa.com/traffback-reject.php?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4=&land=50 | 149.7.16.92 | 200 OK | 108 B |
URL GET HTTP/2news-dudafa.com/traffback-reject.php?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4=&land=50 IP149.7.16.92:443 ASN#63023 AS-GLOBALTELEHOST
Requested byhttps://news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4= CertificateIssuerZeroSSL Subjectnews-dudafa.com Fingerprint9E:D4:2D:58:CD:64:E3:AD:CC:87:A3:FA:4B:72:51:9F:0C:98:0D:93 ValidityThu, 20 Apr 2023 00:00:00 GMT - Wed, 19 Jul 2023 23:59:59 GMT
File typeASCII text, with no line terminators Hash7de75444bc431ceaa32eedfdd83bb8e3 385d800a99af644999eaad0f7f456cecd780a866 df2db035f702731e61e72b921258cabb82aabec48305522488ef40cf5f054788
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /traffback-reject.php?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4=&land=50 HTTP/1.1
Host: news-dudafa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4=
DNT: 1
Connection: keep-alive
Cookie: clickdata=ODA1NTUwM3w6fDUwfDp8dGtfYWR1bHR8Onx8Onx8Onw%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 12:51:26 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| new-psh.com/?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328 | 46.148.125.182 | 302 Found | 78 kB |
URL User Request GET HTTP/2new-psh.com/?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328 IP46.148.125.182:443 ASN#35277 Llhost Inc. Srl
CertificateIssuerLet's Encrypt Subjectnew-psh.com Fingerprint79:17:3D:34:E3:6A:7D:0F:CE:7B:8B:2F:98:D6:7B:51:C0:AC:10:45 ValiditySat, 13 May 2023 19:27:35 GMT - Fri, 11 Aug 2023 19:27:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328 HTTP/1.1
Host: new-psh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rplnd61.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 31 May 2023 12:51:26 GMT
content-length: 0
location: https://news-dudafa.com/tds.php?sid=8055503&p1=tk_adult&fullscreen=1&domain=news-dudafa.com
set-cookie: __cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
|
|
| news-dudafa.com/tds.php?sid=8055503&p1=tk_adult&fullscreen=1&domain=news-dudafa.com | 149.7.16.92 | 302 Found | 78 kB |
URL User Request GET HTTP/2news-dudafa.com/tds.php?sid=8055503&p1=tk_adult&fullscreen=1&domain=news-dudafa.com IP149.7.16.92:443 ASN#63023 AS-GLOBALTELEHOST
CertificateIssuerZeroSSL Subjectnews-dudafa.com Fingerprint9E:D4:2D:58:CD:64:E3:AD:CC:87:A3:FA:4B:72:51:9F:0C:98:0D:93 ValidityThu, 20 Apr 2023 00:00:00 GMT - Wed, 19 Jul 2023 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /tds.php?sid=8055503&p1=tk_adult&fullscreen=1&domain=news-dudafa.com HTTP/1.1
Host: news-dudafa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rplnd61.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 31 May 2023 12:51:26 GMT
content-type: text/html; charset=UTF-8
location: https://news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4=
cache-control: no-cache, must-revalidate
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4= | 149.7.16.92 | 200 OK | 78 kB |
URL User Request GET HTTP/2news-dudafa.com/lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4= IP149.7.16.92:443 ASN#63023 AS-GLOBALTELEHOST
CertificateIssuerZeroSSL Subjectnews-dudafa.com Fingerprint9E:D4:2D:58:CD:64:E3:AD:CC:87:A3:FA:4B:72:51:9F:0C:98:0D:93 ValidityThu, 20 Apr 2023 00:00:00 GMT - Wed, 19 Jul 2023 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /lands/50/?site=8055503&sub1=tk_adult&sub2=&sub3=&sub4= HTTP/1.1
Host: news-dudafa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rplnd61.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 12:51:26 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA1NTUwM3w6fDUwfDp8dGtfYWR1bHR8Onx8Onx8Onw%3D; expires=Wed, 31-May-2023 13:51:26 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
|
|