Report - ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93_

Report Overview

Submitted URL
ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
IP
139.45.197.163
ASN
#9002 RETN Limited
Submitted
2023-05-31 22:15:39
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
littlecdn.com	11785	2019-06-04	2019-06-04	2023-05-31	987 B	350 kB	172.67.10.98
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-05-31	904 B	1.5 kB	139.45.195.8
ptoafteewhu.com	unknown	2023-05-24	2023-05-24	2023-05-31	6.0 kB	100 kB	139.45.197.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-31	medium	ptoafteewhu.com
2023-05-31	medium	ptoafteewhu.com
2023-05-31	medium	ptoafteewhu.com
2023-05-31	medium	ptoafteewhu.com
2023-05-31	medium	ptoafteewhu.com
2023-05-31	medium	ptoafteewhu.com
2023-05-31	medium	ptoafteewhu.com

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	32 B	2023-03-13	2024-01-28
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 19:53:55 Last Seen2024-01-28 19:21:22 Times Seen1703 Hash 4e5e8fb36d83dde24fb98e62a9779375 da75c65907e31036bfef95ac91601b3d748c1344 5c68e3331e69338f026762bb1b00dc710d7fe9c4eb0ae299d534010aa9ab33ab Loading...

	ptoafteewhu.com/pfe/current/micro.tag.min.js?uhd=1&z=5614998&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var=5628284&sw=/sw-check-permissions/5614998&var_3=16289354_429290	42 kB	2023-05-30	2023-06-02
Pretty URL ptoafteewhu.com/pfe/current/micro.tag.min.js?uhd=1&z=5614998&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var=5628284&sw=/sw-check-permissions/5614998&var_3=16289354_429290 IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 15:11:01 Last Seen2023-06-02 10:38:31 Times Seen160 Hash 08e98e4f47791d72e641ff48532dc235 a23e14bf683483b3c529d524ce3baa0e01f5291d bb6886cb97046948e4ec675547e499fd99fe80b42584a8f93e0d0335e3d0103b Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	332 B	2023-03-14	2024-04-26
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 01:32:19 Last Seen2024-04-26 05:22:54 Times Seen1281 Hash 52d382e83f41fc840c1bcd927c97e49e 388f8db07351da5b427cafb6ecfc92743a10f0ad 08b2904b157a5fb364299a696d706bedd3919d410472994cf0251200ca81f1b6 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	978 B	2023-05-16	2023-08-13
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-16 23:16:15 Last Seen2023-08-13 03:48:56 Times Seen456 Hash c6ab66a155db334b0e62c47b2d51ebc9 fe206a4db5046163a542d8eae401c0e807337dad 3d659d1acd89e88db92e6434c7e6194775d7e8e652418cee6c89587cc617bd60 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	38 B	2023-03-13	2024-04-26
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:51:58 Last Seen2024-04-26 23:56:50 Times Seen5363 Hash 3ea1379d18e4ec6bccefeba76a1b33b4 90afb068cee6917494ddd820bcb2fe44de7e5e43 15c832dee58f1c08fb6bf51935a10f95cb0482d19441cefbb469a82278e54bae Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	9.8 kB	2023-06-01	2023-06-01
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:15:40 Last Seen2023-06-01 00:15:40 Times Seen1 Hash 78dc5e60f82036a17e41f14e79b0471b 4604e1bf056f64407cf9ac50905ee7589a5bd893 8d48169fd3ef809b5729b791394da4f990cd7ae36a2ce92562b30e6106f2fbf8 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	3.9 kB	2023-06-01	2023-06-01
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:15:40 Last Seen2023-06-01 00:15:40 Times Seen1 Hash 078765228e0eb215d584111d4ad8238b 9070f294aa7ca2b95e72378eed9f23cd7ae37a7a 3bfb9239fe3772ef4d0feeb7db3cbf091a8a8890255f7f414c13f2ba0aa1f074 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	489 B	2023-03-07	2024-02-16
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:03 Last Seen2024-02-16 12:44:28 Times Seen5069 Hash b59d52e5c8c1c905dd20084f27bc5261 492b79822be8f2f1d46714e43274e2500de5c0c5 4795baeddefb045a60541029990e6da282eb7d0cb2f9d20da866382567029649 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	27 B	2023-03-07	2024-04-26
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27:36 Last Seen2024-04-26 05:44:24 Times Seen3012 Hash dcdca1271ff14fa2a37aac2fdd562ad7 6f8d97801b33f24f2a736c00e1bc5805d9fd5eb7 66d82b0643143d1e9fa6ec2c7e07af701b2b274bc4db74b60ee4dcf5862d229c Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	5.8 kB	2023-06-01	2023-06-01
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:15:40 Last Seen2023-06-01 00:15:40 Times Seen1 Hash 159a46489c5ec5bc4ca8f431e97716d9 3a29a08873f5df163ac67fa51b08f7a59235b1b3 d5039eb903d5108d46e9ad65b9e0b45b90ccb48a7c7da540a59f21b88e3b1fa3 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	2.8 kB	2023-03-26	2024-04-26
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 05:18:26 Last Seen2024-04-26 05:44:24 Times Seen856 Hash fb795700058b50216760c6c0106b5986 61fb020ce71c0f2e0279fbf4181f53193b91e6e8 bc7a22aa06586c1dcd0ac89f0329e96dd2936308987969b449395a2e3d0eda78 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	243 B	2023-03-07	2024-04-26
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:21:30 Last Seen2024-04-26 05:44:24 Times Seen1021 Hash 9c8b4c2757a2ba84e7374a4a2fb73e6d 824c4afa2e871938c12f7c5698fe98f3f19a95c5 415d44cc3ea93f4be94854a2677c8fef5a136343c45546c218d0fb25d5092bc1 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	2.1 kB	2023-05-06	2023-06-18
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-06 08:56:16 Last Seen2023-06-18 14:14:20 Times Seen30 Hash 11f7d18f8c2a943cebabefab42914d6f b2eb1e147739c185d283ee2cc7575d14e358b838 137f71fbf4e5ac024d3dba7f394549d3fdd9ad44672e93b8379f02e5e989749a Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	3.7 kB	2023-04-05	2023-07-04
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 01:39:26 Last Seen2023-07-04 05:43:10 Times Seen122 Hash 4e514f316db401f0fb6c33bec933bbb6 dfa09cc56c2a4165089fe971aaec7f4c70f32741 f053895f5402707a43b7c5cb0d4e6435a1d6959251fb414d9ff3bfc76ab5fdb5 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	2.8 kB	2023-05-06	2023-06-18
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-06 08:56:16 Last Seen2023-06-18 14:14:20 Times Seen30 Hash 50f620e3a2e1be673d78ee100465bb94 47ab93f5b948eab0f3cece6ab9ecd04b5f795ca5 7c7c0275a1450450c33d230fbdce2efdacf7e35999662d3048d830485315b371 Loading...

	ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed	1.1 kB	2023-03-25	2023-06-01
Pretty URL ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed IP 139.45.197.163 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-25 22:34:06 Last Seen2023-06-01 07:46:37 Times Seen380 Hash a3f2eb1e87786470d9c60c53a5112adb 730110a46df1420db96bf4c8b701bf2826749d2b 50395585c83bc32f1d6db92b1a77d529f15513583659d46614707598cb7c1aeb Loading...

HTTP Transactions (11)

URL IP Response Size

littlecdn.com/apps/templates/_assets/videos/dating/1.mp4

172.67.10.98

206 Partial Content

342 kB

URL GET HTTP/2
littlecdn.com/apps/templates/_assets/videos/dating/1.mp4
IP
172.67.10.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
342 kB (342422 bytes)
Hash
5841092fcc1d651999a0e75f86306f87
0d9c9071cfb1861e05b9ec3c7d3af3048eb0aa29
f385d25ffcf716b080dadd46aab2de1c5c973b62a4f44031a87e835e4921c663

HTTP Headers

GET /apps/templates/_assets/videos/dating/1.mp4 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://ptoafteewhu.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
date: Wed, 31 May 2023 22:15:21 GMT
content-type: video/mp4
content-length: 342422
last-modified: Tue, 30 May 2023 08:42:55 GMT
vary: Accept-Encoding
etag: "6475b70f-53996"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 5246
content-range: bytes 0-342421/342422
server: cloudflare
cf-ray: 7d0293390d6bb523-OSL
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=2e1c19e27378ff93bb68a28f2ba7cc63

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=2e1c19e27378ff93bb68a28f2ba7cc63
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
f0e6c7fd5876b63b23e6d57ead29de69
57b8121db42f0acfcb47c32a842b00aab4f311a8
cbb752e93403d0d235bac7da943f8e1cac3ebfabb470ca8a989d7e22579cb13b

HTTP Headers

GET /gid.js?userId=2e1c19e27378ff93bb68a28f2ba7cc63 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptoafteewhu.com/
Origin: https://ptoafteewhu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ptoafteewhu.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2e1c19e27378ff93bb68a28f2ba7cc63; expires=Thu, 30 May 2024 22:15:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
ee89fee4faf9c6657adf66c8816b5678
c6a846d3d0696c9c42abfbd36bebc125c51aedd6
8a8296fb83988a2c0ceabeb28760d832360e4181be2b1cfa3ba5c490a3102495

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptoafteewhu.com/
Origin: https://ptoafteewhu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:22 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ptoafteewhu.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=daf55a17ae5f4e679648c37974d43d90; expires=Thu, 30 May 2024 22:15:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ptoafteewhu.com/zone?&pub=0&zone_id=5614998&is_mobile=false&domain=ptoafteewhu.com&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var_3=16289354_429290&var_4=&dsig=&action=prerequest

139.45.197.163

200 OK

0 B

URL POST HTTP/2
ptoafteewhu.com/zone?&pub=0&zone_id=5614998&is_mobile=false&domain=ptoafteewhu.com&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var_3=16289354_429290&var_4=&dsig=&action=prerequest
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=5614998&is_mobile=false&domain=ptoafteewhu.com&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var_3=16289354_429290&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ptoafteewhu.com
DNT: 1
Connection: keep-alive
Referer: https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; OAID=2e1c19e27378ff93bb68a28f2ba7cc63; oaidts=1685571321; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:22 GMT
content-length: 0
x-trace-id: a78aafe2e2dcbefd43a4520bb6371c63
access-control-allow-origin: https://ptoafteewhu.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptoafteewhu.com/favicon.ico

139.45.197.163

204 No Content

0 B

URL GET HTTP/2
ptoafteewhu.com/favicon.ico
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; OAID=2e1c19e27378ff93bb68a28f2ba7cc63; oaidts=1685571321; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 31 May 2023 22:15:22 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptoafteewhu.com/pfe/current/micro.tag.min.js?uhd=1&z=5614998&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var=5628284&sw=/sw-check-permissions/5614998&var_3=16289354_429290

139.45.197.163

200 OK

42 kB

URL GET HTTP/2
ptoafteewhu.com/pfe/current/micro.tag.min.js?uhd=1&z=5614998&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var=5628284&sw=/sw-check-permissions/5614998&var_3=16289354_429290
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type
C source, ASCII text, with very long lines (42013), with no line terminators
Size
42 kB (42013 bytes)
Hash
08e98e4f47791d72e641ff48532dc235
a23e14bf683483b3c529d524ce3baa0e01f5291d
bb6886cb97046948e4ec675547e499fd99fe80b42584a8f93e0d0335e3d0103b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?uhd=1&z=5614998&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var=5628284&sw=/sw-check-permissions/5614998&var_3=16289354_429290 HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; OAID=2e1c19e27378ff93bb68a28f2ba7cc63; oaidts=1685571321
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:21 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2023 12:46:48 GMT
vary: Accept-Encoding
etag: W/"6475f038-a41d"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2

ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed

139.45.197.163

200 OK

52 kB

URL User Request GET HTTP/2
ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type

Size
52 kB (51630 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; expires=Wed, 31-May-2023 23:15:21 GMT; Max-Age=3600; path=/
OAID=2e1c19e27378ff93bb68a28f2ba7cc63; expires=Fri, 29-Oct-2077 20:30:42 GMT; Max-Age=1717193721; path=/
oaidts=1685571321; expires=Fri, 29-Oct-2077 20:30:42 GMT; Max-Age=1717193721; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

littlecdn.com/apps/templates/questions/video-bg/css/style.css?v=1

172.67.10.98

200 OK

5.9 kB

URL GET HTTP/2
littlecdn.com/apps/templates/questions/video-bg/css/style.css?v=1
IP
172.67.10.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6289), with no line terminators
Size
5.9 kB (5873 bytes)
Hash
12c178d07c2d854af16b9527ff43b6d4
140d579c530f5b9aa068c4488f7ef5cae108265c
1fbd5955c653000637d7437681a9f3f1e398b8fd0682af3f688d9694e0235a73

HTTP Headers

GET /apps/templates/questions/video-bg/css/style.css?v=1 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptoafteewhu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 31 May 2023 22:15:21 GMT
content-type: text/css
last-modified: Tue, 30 May 2023 08:42:55 GMT
vary: Accept-Encoding
etag: W/"6475b70f-16f1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 1509
server: cloudflare
cf-ray: 7d0293390d70b523-OSL
content-encoding: br
X-Firefox-Spdy: h2

ptoafteewhu.com/track-impression-applab?z=5628284&b=16289354&ymid=6477c6e9e79eb000016485ed&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var_3=16289354_429290&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A5628284%253A474_89a3984a-749c-48ba-be56-29d12d6d1b93__%253A1%253A%7Bbrowser%7D%26mt_sub2%3D5628284%26mt_creative%3D16289354%26land_state%3Dbefore_render%26land_id%3DDOLVqvJtHQeByA2%26land_generation_time%3D2023-05-31_17%3A15%3A21%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D2e1c19e27378ff93bb68a28f2ba7cc63

139.45.197.163

200 OK

751 B

URL GET HTTP/2
ptoafteewhu.com/track-impression-applab?z=5628284&b=16289354&ymid=6477c6e9e79eb000016485ed&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var_3=16289354_429290&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A5628284%253A474_89a3984a-749c-48ba-be56-29d12d6d1b93__%253A1%253A%7Bbrowser%7D%26mt_sub2%3D5628284%26mt_creative%3D16289354%26land_state%3Dbefore_render%26land_id%3DDOLVqvJtHQeByA2%26land_generation_time%3D2023-05-31_17%3A15%3A21%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D2e1c19e27378ff93bb68a28f2ba7cc63
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (802), with no line terminators
Size
751 B (751 bytes)
Hash
1bc278f9d34838cffc1aa31ac48ee438
df56a65c1a22aa1fd0ecfe81c01954d42fec2040
0fcbf8cdc91606ff26a85827283efa5b21b5939e41e39d539bb13de484ee6191

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track-impression-applab?z=5628284&b=16289354&ymid=6477c6e9e79eb000016485ed&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&var_3=16289354_429290&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A5628284%253A474_89a3984a-749c-48ba-be56-29d12d6d1b93__%253A1%253A%7Bbrowser%7D%26mt_sub2%3D5628284%26mt_creative%3D16289354%26land_state%3Dbefore_render%26land_id%3DDOLVqvJtHQeByA2%26land_generation_time%3D2023-05-31_17%3A15%3A21%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D2e1c19e27378ff93bb68a28f2ba7cc63 HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
DNT: 1
Connection: keep-alive
Cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; OAID=2e1c19e27378ff93bb68a28f2ba7cc63; oaidts=1685571321
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:21 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: ab533bf6906b904941a346724b7bed1d
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

ptoafteewhu.com/sw-check-permissions/5614998?var=5628284&var_3=16289354_429290&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&uhd=1

139.45.197.163

200 OK

936 B

URL GET HTTP/2
ptoafteewhu.com/sw-check-permissions/5614998?var=5628284&var_3=16289354_429290&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&uhd=1
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type
ASCII text, with very long lines (997), with no line terminators
Size
936 B (936 bytes)
Hash
860d9983306fca0aebf7023bee8b8110
e012cfb6d5626dd948d62cff7b5ea2f727e77e05
11006c2c02c4b58c2d5a6ee64211a0492f3a8ffb67c83d0e4d361ce25e884756

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sw-check-permissions/5614998?var=5628284&var_3=16289354_429290&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&uhd=1 HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; OAID=2e1c19e27378ff93bb68a28f2ba7cc63; oaidts=1685571321; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:22 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

ptoafteewhu.com/rotate?zz=5822560&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&uid=daf55a17ae5f4e679648c37974d43d90

139.45.197.163

200 OK

720 B

URL GET HTTP/2
ptoafteewhu.com/rotate?zz=5822560&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&uid=daf55a17ae5f4e679648c37974d43d90
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
Certificate
IssuerLet's Encrypt
Subjectptoafteewhu.com
Fingerprint87:A3:0B:EB:37:64:32:10:19:C7:FF:14:A4:FA:81:FD:7A:F5:0C:B8
ValidityWed, 24 May 2023 10:22:04 GMT - Tue, 22 Aug 2023 10:22:03 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (727), with no line terminators
Size
720 B (720 bytes)
Hash
69057d452c49cfdfd57ffe66eca1325a
49a6adfa242820cb914e94ad743697ec189b2934
8696d8b8acf13a30716921d52156eee4de003bd6b503253794c91f7de6c9a102

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /rotate?zz=5822560&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&uid=daf55a17ae5f4e679648c37974d43d90 HTTP/1.1
Host: ptoafteewhu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptoafteewhu.com/?l=DOLVqvJtHQeByA2&b=16289354&z=5628284&s=6477c6e9e79eb000016485ed&campid=429290&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__&ymid=6477c6e9e79eb000016485ed
DNT: 1
Connection: keep-alive
Cookie: reverse=E-IP3L4KqTPQC7HfWMupnsXHM9SsH9w7oVqbV8YcRXw; OAID=2e1c19e27378ff93bb68a28f2ba7cc63; oaidts=1685571321; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 31 May 2023 22:15:22 GMT
content-type: application/javascript
x-trace-id: e7153b50284d4f76864150ce7628ba96
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding, Origin
access-control-allow-origin: https://ptoafteewhu.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=daf55a17ae5f4e679648c37974d43d90; expires=Thu, 30 May 2024 22:15:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML