| GET secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc |  52.57.231.141 | 202 Accepted | 2.0 kB |
URL User Request GET secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc IP52.57.231.141:443
CertificateIssuerAmazon Subjectclips4sale.com Fingerprint83:3C:25:1D:CC:FA:C2:78:54:BD:AD:30:DF:36:13:86:2C:D6:33:BA ValidityMon, 23 Dec 2024 00:00:00 GMT - Thu, 22 Jan 2026 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (406) Hash78c08f0309bf22db798662bca4edc1b5 919afd11851e1b811014e8ac5064e785d5057f46 855c8ff034ee670319ce70a9fb486c9ff7b6517605409bb8626a4d78fd21aa97
GET /b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc HTTP/1.1
Host: secure3.clips4sale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 202 Accepted
server: awselb/2.0
date: Sun, 11 May 2025 01:32:04 GMT
content-length: 2002
x-amzn-waf-action: challenge
cache-control: no-store, max-age=0
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,GET,POST
access-control-allow-headers: x-amzn-waf-action
X-Firefox-Spdy: h2
|
|
| GET b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com/b890ab53ca05/3e00c8587ca5/d6f99d2d3653/inputs?client=browser |  54.240.174.98 | 200 OK | 480 B |
URL GET b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com/b890ab53ca05/3e00c8587ca5/d6f99d2d3653/inputs?client=browser IP54.240.174.98:443
Requested byhttps://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc CertificateIssuerAmazon Subject*.97e24a71.eu-central-1.token.awswaf.com FingerprintC0:06:DD:10:92:C9:5C:79:C8:F0:78:08:E8:C0:29:62:BD:4B:84:6E ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT
Hash15850d74ae6b20beceef56d1aa23046b 17898c2449516db9a80231d50cb678c146dccea6 d41ee2e0244d706e955eef833f412e5be8307f01039e60ff447e861185187211
GET /b890ab53ca05/3e00c8587ca5/d6f99d2d3653/inputs?client=browser HTTP/1.1
Host: b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure3.clips4sale.com/
Origin: https://secure3.clips4sale.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/json
content-length: 480
alt-svc: h3=":443"; ma=86400
date: Sun, 11 May 2025 01:32:05 GMT
x-amzn-waf-challenge-id: Root=1-681ffe15-11943d553dfb36a558d85d0e
access-control-max-age: 86400
access-control-allow-origin: *
access-control-allow-methods: OPTIONS,GET,POST
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ORiJV04ogfvmfjRZLJnR7NwRSxLp39nFaLkwjq3U0n3n_j_N9ldPnQ==
|
|
| GET secure3.clips4sale.com/favicon.ico | 35.156.66.75 | 404 Not Found | 6.6 kB |
URL GET secure3.clips4sale.com/favicon.ico IP35.156.66.75:443
Requested byhttps://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc CertificateIssuerAmazon Subjectclips4sale.com Fingerprint83:3C:25:1D:CC:FA:C2:78:54:BD:AD:30:DF:36:13:86:2C:D6:33:BA ValidityMon, 23 Dec 2024 00:00:00 GMT - Thu, 22 Jan 2026 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (5391) Hash543ac81966d87ac815e08eb0e436d719 e35bb4e32ccf08c11a3935084b50660feb835350 8cbc10ee9755ef972000f666711a5c4d0e025d3cedf53079ba3bfd8f2b19a968
GET /favicon.ico HTTP/1.1
Host: secure3.clips4sale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc
Cookie: aws-waf-token=9af99019-fcfe-4839-9bdb-2d1d05abab5f:CQoAqTwJp76YAQAA:cKP2RKGcQESbFNwOTEr+ew4ieLMbmBO0VsBRLsn15KsQAaJfoYwOexbF1TtASUvULK3xw/ML4bxqZlimZG+mzjnAb5xPd6awUXiD2z0emKDSMG/S+jFjZFVjL6fc2+SU90s9dCFeOdrB46OS+YhmjMzPBCHglf/bgSsEzbyX6BBruhFQc/CW+0jjC2/sgrtTpVNtGoK2PqeRFFiGZa8c; AWSALB=lcyWupS0ownKgRCOe8DUAGyK2CYnkpukePyZ5h5Fl2+ZLvuhdy46f3qs8o12hquPwtZW6SWI5LPYqCwSGlbvxJBGxmIqAAULw29gLalONBDqgO+YzWVMnHkO+/0e; AWSALBCORS=lcyWupS0ownKgRCOe8DUAGyK2CYnkpukePyZ5h5Fl2+ZLvuhdy46f3qs8o12hquPwtZW6SWI5LPYqCwSGlbvxJBGxmIqAAULw29gLalONBDqgO+YzWVMnHkO+/0e; laravel_session=6TVw4lU3KAFbzQ6QbKM9ZeeaEpkNuxTmHGZ7Tasn
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Sun, 11 May 2025 01:32:05 GMT
content-type: text/html; charset=UTF-8
set-cookie: AWSALB=h/VamCn5FGO0/aIIEy917AezRzfqj+Nvnz0XoPCcaGZWa/FSSy5XLxb879Bqqae/CxvmVbW6MILAP+3DMd0qcmWSEc6ql30FunbPfmhhsdfzj0TtdtfvwQp2WB2e; Expires=Sun, 18 May 2025 01:32:05 GMT; Path=/
AWSALBCORS=h/VamCn5FGO0/aIIEy917AezRzfqj+Nvnz0XoPCcaGZWa/FSSy5XLxb879Bqqae/CxvmVbW6MILAP+3DMd0qcmWSEc6ql30FunbPfmhhsdfzj0TtdtfvwQp2WB2e; Expires=Sun, 18 May 2025 01:32:05 GMT; Path=/; SameSite=None; Secure
laravel_session=6TVw4lU3KAFbzQ6QbKM9ZeeaEpkNuxTmHGZ7Tasn; expires=Sun, 11 May 2025 03:32:05 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: nginx
vary: Accept-Encoding
cache-control: no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| GET b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com/b890ab53ca05/3e00c8587ca5/d6f99d2d3653/challenge.js | 54.240.174.98 | 200 OK | 1.1 MB |
URL GET b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com/b890ab53ca05/3e00c8587ca5/d6f99d2d3653/challenge.js IP54.240.174.98:443
Requested byhttps://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc CertificateIssuerAmazon Subject*.97e24a71.eu-central-1.token.awswaf.com FingerprintC0:06:DD:10:92:C9:5C:79:C8:F0:78:08:E8:C0:29:62:BD:4B:84:6E ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size1.1 MB (1097802 bytes) Hash6de11ed5d3fff99a3a6acbb764833bb4 747d21a45bcd86a2586eb2535a553976ff641b4a fcdf8ca5c1bc837a7ad94bc2f5b53ae39bf15a9285a334aed75d9ca1712206c4
| Analyzer | Verdict | Alert |
|---|
| Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework |
GET /b890ab53ca05/3e00c8587ca5/d6f99d2d3653/challenge.js HTTP/1.1
Host: b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure3.clips4sale.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 11 May 2025 01:32:05 GMT
expires: 0
x-amzn-waf-challenge-id: Root=1-681ffe15-5998cb6f7c3dfebf6d06772d
cache-control: private, max-age=86400, stale-while-revalidate=604800
last-modified: Sun, 11 May 2025 01:32:05 +0000
pragma: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: oZns2g_lffQB81XjcgfeIq34gTRXKP7Tag2fh4GpIhDJ0TUmxQO-eA==
X-Firefox-Spdy: h2
|
|
| GET secure3.clips4sale.com/favicon.ico | 52.57.231.141 | 202 Accepted | 0 B |
URL GET secure3.clips4sale.com/favicon.ico IP52.57.231.141:443
Requested byhttps://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc CertificateIssuerAmazon Subjectclips4sale.com Fingerprint83:3C:25:1D:CC:FA:C2:78:54:BD:AD:30:DF:36:13:86:2C:D6:33:BA ValidityMon, 23 Dec 2024 00:00:00 GMT - Thu, 22 Jan 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: secure3.clips4sale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 202 Accepted
server: awselb/2.0
date: Sun, 11 May 2025 01:32:05 GMT
content-length: 0
x-amzn-waf-action: challenge
cache-control: no-store, max-age=0
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,GET,POST
access-control-allow-headers: x-amzn-waf-action
X-Firefox-Spdy: h2
|
|
| POST b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com/b890ab53ca05/3e00c8587ca5/d6f99d2d3653/verify | 54.240.174.98 | 200 OK | 292 B |
URL POST b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com/b890ab53ca05/3e00c8587ca5/d6f99d2d3653/verify IP54.240.174.98:443
Requested byhttps://secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc CertificateIssuerAmazon Subject*.97e24a71.eu-central-1.token.awswaf.com FingerprintC0:06:DD:10:92:C9:5C:79:C8:F0:78:08:E8:C0:29:62:BD:4B:84:6E ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT
Hash85842e196b14b21122e844d184c0c00f 44a827fe77176db9f0f74bb93eb6bdf171350be4 a988e3d296c82421a55439c04e14ddfe2ee3bd5daa31ece21536c6db4925844e
POST /b890ab53ca05/3e00c8587ca5/d6f99d2d3653/verify HTTP/1.1
Host: b890ab53ca05.97e24a71.eu-central-1.token.awswaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secure3.clips4sale.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 8931
Origin: https://secure3.clips4sale.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| GET secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc | 35.156.66.75 | 404 Not Found | 6.6 kB |
URL User Request GET secure3.clips4sale.com/b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc IP35.156.66.75:443
CertificateIssuerAmazon Subjectclips4sale.com Fingerprint83:3C:25:1D:CC:FA:C2:78:54:BD:AD:30:DF:36:13:86:2C:D6:33:BA ValidityMon, 23 Dec 2024 00:00:00 GMT - Thu, 22 Jan 2026 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (5391) Hash543ac81966d87ac815e08eb0e436d719 e35bb4e32ccf08c11a3935084b50660feb835350 8cbc10ee9755ef972000f666711a5c4d0e025d3cedf53079ba3bfd8f2b19a968
GET /b8be5cdce87e7ebf02a2fbe1c68cfe07/pay-form-cc HTTP/1.1
Host: secure3.clips4sale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: aws-waf-token=9af99019-fcfe-4839-9bdb-2d1d05abab5f:CQoAqTwJp76YAQAA:cKP2RKGcQESbFNwOTEr+ew4ieLMbmBO0VsBRLsn15KsQAaJfoYwOexbF1TtASUvULK3xw/ML4bxqZlimZG+mzjnAb5xPd6awUXiD2z0emKDSMG/S+jFjZFVjL6fc2+SU90s9dCFeOdrB46OS+YhmjMzPBCHglf/bgSsEzbyX6BBruhFQc/CW+0jjC2/sgrtTpVNtGoK2PqeRFFiGZa8c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Sun, 11 May 2025 01:32:05 GMT
content-type: text/html; charset=UTF-8
set-cookie: AWSALB=lcyWupS0ownKgRCOe8DUAGyK2CYnkpukePyZ5h5Fl2+ZLvuhdy46f3qs8o12hquPwtZW6SWI5LPYqCwSGlbvxJBGxmIqAAULw29gLalONBDqgO+YzWVMnHkO+/0e; Expires=Sun, 18 May 2025 01:32:05 GMT; Path=/
AWSALBCORS=lcyWupS0ownKgRCOe8DUAGyK2CYnkpukePyZ5h5Fl2+ZLvuhdy46f3qs8o12hquPwtZW6SWI5LPYqCwSGlbvxJBGxmIqAAULw29gLalONBDqgO+YzWVMnHkO+/0e; Expires=Sun, 18 May 2025 01:32:05 GMT; Path=/; SameSite=None; Secure
laravel_session=6TVw4lU3KAFbzQ6QbKM9ZeeaEpkNuxTmHGZ7Tasn; expires=Sun, 11 May 2025 03:32:05 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: nginx
vary: Accept-Encoding
cache-control: no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
|
|