Report - download.freeroms.com/psp_roms/x/xyanide_resurrection

Report Overview

Visited public
2023-11-30 18:35:30
Tags
URL
download.freeroms.com/psp_roms/x/xyanide_resurrection_(europe).zip
Finishing URL
www.freeroms.com/errorpages/max_connections.html
IP / ASN
23.237.120.146
#174 COGENT-174
Title
Free ROMS for GBA, NDS, PSP, PSX, N64, SNES and more.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.freeroms.com	750065	1999-02-13	2012-06-23 04:20:10	2023-11-26 03:46:04	8.2 kB	225 kB	64.235.54.28
dacmaiss.com	68570	2021-11-01	2021-11-02 03:48:17	2023-11-18 15:22:49	2.0 kB	32 kB	139.45.197.237
combatbaskstationery.com	unknown	2022-11-03	2022-11-03 02:54:14	2023-11-10 18:18:28	944 B	17 kB	173.233.137.52
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-11-30 05:14:06	445 B	423 B	35.157.159.40
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-11-30 09:23:09	541 B	484 B	139.45.195.254
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-30 06:03:12	873 B	25 kB	142.250.74.106
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29 18:47:27	2023-10-29 14:31:13	490 B	6.4 kB	104.26.7.19
simplewebanalysis.com	unknown	2022-02-15	2022-02-25 05:06:25	2023-08-29 15:49:41	892 B	0 B	0.0.0.0
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-11-30 01:36:15	414 B	86 kB	172.64.196.8
ocsp.netsolssl.com	8381	2005-01-31	2012-05-20 23:51:49	2023-11-30 05:06:18	342 B	963 B	104.18.38.233
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-11-30 05:48:42	918 B	140 kB	104.22.33.172
immaculategirdlewade.com	unknown	2023-11-28	2023-11-29 03:28:10	2023-11-29 04:50:20	4.9 kB	7.4 kB	192.243.61.225
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-30 06:35:27	1.1 kB	33 kB	142.250.74.131
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-11-30 05:14:14	2.9 kB	848 kB	172.64.108.10
gishejuy.com	unknown	2023-10-25	2023-10-25 15:14:32	2023-11-28 16:17:04	3.6 kB	94 kB	139.45.197.242
download.freeroms.com	unknown	1999-02-13	2012-07-01 00:02:10	2023-11-26 18:51:15	448 B	408 B	23.237.120.146
moleconcern.com	unknown	2022-11-04	2022-11-04 05:17:13	2023-11-10 18:18:28	1.0 kB	995 B	173.233.137.60
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-11-30 07:34:39	350 B	942 B	54.230.218.11
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-29 18:38:29	477 B	745 B	139.45.195.8
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-11-30 12:37:55	426 B	837 B	172.67.219.12
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-11-27 18:32:50	1.5 kB	846 B	192.243.59.20
cameesse.net	unknown	2023-10-18	2023-10-18 14:31:33	2023-11-28 21:11:27	413 B	642 B	139.45.197.242
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-11-27 22:42:23	411 B	20 kB	104.21.11.245
addresseepaper.com	18169	2021-11-01	2021-11-01 22:11:31	2023-11-19 19:43:43	414 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-30	medium	combatbaskstationery.com	Sinkholed
2023-11-30	medium	combatbaskstationery.com	Sinkholed
2023-11-30	medium	moleconcern.com	Sinkholed
2023-11-30	medium	moleconcern.com	Sinkholed
2023-11-30	medium	unseenreport.com	Sinkholed
2023-11-30	medium	unseenreport.com	Sinkholed
2023-11-30	medium	immaculategirdlewade.com	Sinkholed
2023-11-30	medium	immaculategirdlewade.com	Sinkholed
2023-11-30	medium	immaculategirdlewade.com	Sinkholed
2023-11-30	medium	gishejuy.com	Sinkholed
2023-11-30	medium	cameesse.net	Sinkholed
2023-11-30	medium	gishejuy.com	Sinkholed
2023-11-30	medium	gishejuy.com	Sinkholed
2023-11-30	medium	immaculategirdlewade.com	Sinkholed
2023-11-30	medium	gishejuy.com	Sinkholed
2023-11-30	medium	addresseepaper.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	www.freeroms.com/errorpages/max_connections.html	ScriptElement	63 kB	2023-03-07	2024-12-19
Pretty URL www.freeroms.com/errorpages/max_connections.html IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:24 Last Seen2024-12-19 19:28 Times Seen40 Hash cb7b43d08d40187b481440aa0ffca1d2 b0271600c8fe4783a882891ce11112c693207642 d6bb18846ca4d3a3de5c1d1fd29ae99671cdf77a3c625bcb7e147e1ee0ba9718 Loading...

	dacmaiss.com/tag.min.js	ScriptElement	81 kB	2023-11-30	2023-11-30
Pretty URL dacmaiss.com/tag.min.js IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 14:03 Last Seen2023-11-30 20:08 Times Seen13 Hash bea6b718fb0247f43168c0dee89219a5 e584dac0a0b284ed9ac096cabb49e2337e1dd81a 52bcb29599bdd96b1e1d2fa618ece2d892c1dda71a7377d60ee7aad72bd00b2f Loading...

	combatbaskstationery.com/c4/d5/3d/c4d53d21b4a90448b5012c00c5cfa5a2.js	ScriptElement	43 kB	2023-11-30	2023-11-30
Pretty URL combatbaskstationery.com/c4/d5/3d/c4d53d21b4a90448b5012c00c5cfa5a2.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 19:35 Last Seen2023-11-30 19:35 Times Seen1 Hash 58306d182ee7dc692dbdd183b425e70b 0e78117f5024f3536acdc3c0af657010fbc5f8e4 c1fab03eaca01e8564cd1267f91ae1df812a596d52d2200f270117106ecb5cc0 Loading...

	gishejuy.com/400/3601099	ScriptElement	89 kB	2023-11-30	2023-11-30
Pretty URL gishejuy.com/400/3601099 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 19:35 Last Seen2023-11-30 19:35 Times Seen1 Hash 793d3ae9c8f39193adf8c763a33242fa 73f6ea65815f08e72aab458918f45503607dd098 321cde030ca1ac7f419753172e6113c433c5bc51301741a7beb32223566b1775 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 104.21.11.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	banquetunarmedgrater.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL banquetunarmedgrater.com/advertisers.js IP 172.67.219.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 12:00 Times Seen4643515 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	ScriptElement	4.1 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:18 Last Seen2024-08-20 17:18 Times Seen6 Hash f2fe70d811f9d442ddfcf8c31f2d96db cb55dc720f8e1d3c8696605f343d3da913e7c79d 67f083501fc19f8941adf4e4eb765b5418b26f473388a9fec647e908ae4293da Loading...

	www.freeroms.com/js/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-10
Pretty URL www.freeroms.com/js/jquery.min.js IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 04:20 Times Seen6117 Hash 895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8 Loading...

	www.freeroms.com/js/front-script.js	ScriptElement	547 B	2023-03-07	2024-12-27
Pretty URL www.freeroms.com/js/front-script.js IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24 Last Seen2024-12-27 19:54 Times Seen57 Hash 623069997deee6979f41b571e8b728cb 035788635c81bb176917731fcdc655cbd2bd2270 50db1f925c9abd1ddc94afe8d5d98125b741a8ae04712ac9df007b0c5871f0b1 Loading...

	www.freeroms.com/errorpages/max_connections.html	ScriptElement	445 B	2023-03-07	2024-12-19
Pretty URL www.freeroms.com/errorpages/max_connections.html IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:24 Last Seen2024-12-19 19:28 Times Seen40 Hash 75664f70c2f91e11d52bb5728fdf0eb7 cecfcf1ea522516d743b298b8b062ee4f6c66f16 41f764893b561ae57966d9d1d1de3010acdc82c144e61f840460fab648ad7838 Loading...

	www.freeroms.com/errorpages/max_connections.html	ScriptElement	88 kB	2023-03-09	2024-12-27
Pretty URL www.freeroms.com/errorpages/max_connections.html IP 64.235.54.28 ASN #26277 PREMIANET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 00:52 Last Seen2024-12-27 19:54 Times Seen56 Hash 32de7999072918ce608cd3bf9cb62e94 b68754107992736b42fc71ffa9dd51838c093830 c1492ae78710e2bdffb32814006c3ca23df1aa3b4ef75ee86650147b49e38489 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 172.64.196.8 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

HTTP Transactions (60)

URL IP Response Size

download.freeroms.com/psp_roms/x/xyanide_resurrection_(europe).zip

23.237.120.146

302 Moved Temporarily

170 B

URL User Request GET HTTP/1.1
download.freeroms.com/psp_roms/x/xyanide_resurrection_(europe).zip
IP
23.237.120.146:80
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
170 B (170 bytes)
Hash
7ae0f3a88d2b351bb1d01f84c43c009e
b0f62bbd08b044b9d9ddc60bdacf10a5568607d9
2399955144f8af99521c3ea8c6f2a5959c500f80902869cbb98d57cde2f48f89

HTTP Headers

GET /psp_roms/x/xyanide_resurrection_(europe).zip HTTP/1.1
Host: download.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 30 Nov 2023 18:35:11 GMT
Content-Type: text/html
Content-Length: 170
Connection: keep-alive
Location: https://www.freeroms.com/errorpages/max_connections.html

ocsp.netsolssl.com/

104.18.38.233

471 B

URL
ocsp.netsolssl.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
7617d11d0d737e7f531ee3fe111da3d4
e3dab77188d9bd6f0cd596c97bd000328b2c211a
85fe5fc8a547cc981156305fdb9ace78dc1312e2e3580e29b5f0b4478dc768f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.netsolssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2023 18:35:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 29 Nov 2023 14:54:49 GMT
Expires: Wed, 06 Dec 2023 14:54:48 GMT
Etag: "e3dab77188d9bd6f0cd596c97bd000328b2c211a"
Cache-Control: max-age=504576,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82e530560f9156ca-OSL

www.freeroms.com/js/front-script.js

64.235.54.28

200 OK

295 B

URL GET HTTP/2
www.freeroms.com/js/front-script.js
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
ASCII text
Size
295 B (295 bytes)
Hash
623069997deee6979f41b571e8b728cb
035788635c81bb176917731fcdc655cbd2bd2270
50db1f925c9abd1ddc94afe8d5d98125b741a8ae04712ac9df007b0c5871f0b1

HTTP Headers

GET /js/front-script.js HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/errorpages/max_connections.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: application/javascript
content-length: 295
x-accel-version: 0.01
last-modified: Mon, 09 Jan 2017 06:39:35 GMT
etag: "223-545a3a17f17c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/logo.png

64.235.54.28

200 OK

9.8 kB

URL GET HTTP/2
www.freeroms.com/images/logo.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 215 x 40, 8-bit/color RGB, non-interlaced\012- data
Size
9.8 kB (9831 bytes)
Hash
14cd0a179797ca4b75eafccd97c8bb29
3b28b50481b500440e2d20df8acfba80d752a090
e94da94c103e98f78880e5458d6cd022cc20d1d6412b985ef8c0b3eeafd40f5c

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/errorpages/max_connections.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 9831
last-modified: Tue, 14 Jul 2015 01:10:45 GMT
etag: "55a46195-2667"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/css/style.css

64.235.54.28

200 OK

5.6 kB

URL GET HTTP/2
www.freeroms.com/css/style.css
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
ASCII text
Size
5.6 kB (5580 bytes)
Hash
398ef8c2ef606ae67b0ba586e1a719b4
c97aedb87e36818212ffc4b54ab3237b219eb35f
0e48283f73694f66f5c82fff2f94a807a7a2e5a846ed7bf38176369deb934989

HTTP Headers

GET /css/style.css HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/errorpages/max_connections.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: text/css
last-modified: Tue, 10 Jan 2023 15:18:36 GMT
etag: W/"63bd81cc-6b3d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_left.gif

64.235.54.28

200 OK

3.0 kB

URL GET HTTP/2
www.freeroms.com/images/circuit_left.gif
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
GIF image data, version 89a, 12 x 320\012- data
Size
3.0 kB (3029 bytes)
Hash
f84caa56ec89113941ed4823aecea88a
dd608663197ad5cf505e06c8a16fbd42f3001153
7925efc9e31cb712e156e1b0663846dea73debe1200b125ed73dfea95efc06f6

HTTP Headers

GET /images/circuit_left.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/gif
content-length: 3029
last-modified: Tue, 14 Jul 2015 01:10:52 GMT
etag: "55a4619c-bd5"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/black.png

64.235.54.28

200 OK

927 B

URL GET HTTP/2
www.freeroms.com/images/black.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
927 B (927 bytes)
Hash
6f78a7c9048c4843d819c2ab39b33b6c
99e314e4b9325f41d0d42512cbf8a4a636871ac4
486e08b2d63e05464d757f1fbf3952a74bff6ff29f9ccace92c478fe8b4e4119

HTTP Headers

GET /images/black.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 927
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:48 GMT
etag: "39f-51acb82299600"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/nav-strip.png

64.235.54.28

200 OK

1.1 kB

URL GET HTTP/2
www.freeroms.com/images/nav-strip.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 7 x 56, 8-bit/color RGB, non-interlaced\012- data
Size
1.1 kB (1094 bytes)
Hash
92f72da7215127fddf06584d40f1f67c
506dec643852f00b64b0a247d5ff68b1c3fe5c7e
d61ce2fb10db1c5814deedb8c6ca63ee220abba2ba29359cd053e28e84f22172

HTTP Headers

GET /images/nav-strip.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 1094
last-modified: Tue, 14 Jul 2015 01:10:45 GMT
etag: "55a46195-446"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/js/jquery.min.js

64.235.54.28

200 OK

32 kB

URL GET HTTP/2
www.freeroms.com/js/jquery.min.js
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32038)
Size
32 kB (32213 bytes)
Hash
895323ed2f7258af4fae2c738c8aea49
276c87ff3e1e3155679c318938e74e5c1b76d809
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/errorpages/max_connections.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: application/javascript
last-modified: Tue, 28 Jul 2015 06:50:01 GMT
etag: W/"55b72619-176d5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.freeroms.com/images/border.png

64.235.54.28

200 OK

938 B

URL GET HTTP/2
www.freeroms.com/images/border.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 2 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
938 B (938 bytes)
Hash
a4de791940d86ff21226a978b905950e
bba1cc2559c7b67cb577f48118604b169a212239
c1ff6bcf530cc998882a66b1a1dafcff6869533caf5a6fea4e137497f0555269

HTTP Headers

GET /images/border.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 938
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:48 GMT
etag: "3aa-51acb82299600"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/default-arr.png

64.235.54.28

200 OK

978 B

URL GET HTTP/2
www.freeroms.com/images/default-arr.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 3 x 7, 8-bit/color RGBA, non-interlaced\012- data
Size
978 B (978 bytes)
Hash
0edc018ca2c25a655a9eeed4b31eab51
dba5918c2b540f28d9365ad1db47d658c2dd8f66
d82b013cdd3a3efcde2e7403046e96555f5f7446efef3f2a6879af699f868218

HTTP Headers

GET /images/default-arr.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 978
x-accel-version: 0.01
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "3d2-51acb829465c0"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.freeroms.com/images/rom.png

64.235.54.28

200 OK

1.4 kB

URL GET HTTP/2
www.freeroms.com/images/rom.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 28 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1365 bytes)
Hash
213bc22990ce0324b563a2714b22749d
514c1c91577fd3fa56b081a73b419015fcb2baf9
0465cb562ac7a714e9e90eb55764b1bc210b3378c5c01a465f8cdaa386f65349

HTTP Headers

GET /images/rom.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 1365
last-modified: Tue, 14 Jul 2015 01:10:46 GMT
etag: "55a46196-555"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_main_right.gif

64.235.54.28

200 OK

1.8 kB

URL GET HTTP/2
www.freeroms.com/images/circuit_main_right.gif
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
GIF image data, version 89a, 12 x 415\012- data
Size
1.8 kB (1849 bytes)
Hash
ca8a951bdcdf29ca49cf66f5e2a963d1
514cdcb098f3e0716f94c53a33cf2fc9f41d40bf
089c688ad07d47949987f81f182752199bb7329fd5d443fa084342f6f9dc2953

HTTP Headers

GET /images/circuit_main_right.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/gif
content-length: 1849
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "55a4619f-739"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/deals.png

64.235.54.28

200 OK

1.7 kB

URL GET HTTP/2
www.freeroms.com/images/deals.png
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
PNG image data, 28 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1703 bytes)
Hash
af70f63ff1d66bbba81818861df6b9c0
1612daa7d1160baa30c9e31fda99def140832cca
1e169d2ec5faf9c54e194c70c39ee11b21f9985eab0e954de8450b964bd51563

HTTP Headers

GET /images/deals.png HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/png
content-length: 1703
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "55a4619f-6a7"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_main_bottom.gif

64.235.54.28

200 OK

1.4 kB

URL GET HTTP/2
www.freeroms.com/images/circuit_main_bottom.gif
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
GIF image data, version 89a, 334 x 40\012- data
Size
1.4 kB (1352 bytes)
Hash
660833b77d6e64a7347b2536658f65d4
7ef5949aa50558090c53c9084bf4e01c8984f5c7
280a43318bfd40a4cf90a00f47e944e7c6ae6221aaed1e7fe23a1b39b79c3635

HTTP Headers

GET /images/circuit_main_bottom.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/gif
content-length: 1352
last-modified: Tue, 14 Jul 2015 01:10:54 GMT
etag: "55a4619e-548"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

dacmaiss.com/tag.min.js

139.45.197.237

200 OK

26 kB

URL GET HTTP/2
dacmaiss.com/tag.min.js
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectdacmaiss.com
FingerprintCC:49:30:23:56:98:15:B1:1A:DC:A9:92:7D:D2:DF:DA:8B:CC:2D:1B
ValiditySun, 22 Oct 2023 05:11:39 GMT - Sat, 20 Jan 2024 05:11:38 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25615 bytes)
Hash
bea6b718fb0247f43168c0dee89219a5
e584dac0a0b284ed9ac096cabb49e2337e1dd81a
52bcb29599bdd96b1e1d2fa618ece2d892c1dda71a7377d60ee7aad72bd00b2f

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: dacmaiss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: text/javascript; charset=utf-8
content-length: 25615
content-encoding: br
x-trace-id: 6c23644f555e772eb9ffd25f5cacdedd
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 30 Nov 2023 12:36:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

combatbaskstationery.com/c4/d5/3d/c4d53d21b4a90448b5012c00c5cfa5a2.js

173.233.137.52

200 OK

16 kB

URL GET HTTP/1.1
combatbaskstationery.com/c4/d5/3d/c4d53d21b4a90448b5012c00c5cfa5a2.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectcombatbaskstationery.com
FingerprintC2:03:EE:0C:A4:E6:5D:AF:91:D4:D2:48:12:F2:C8:1D:43:6E:E5:2C
ValiditySun, 29 Oct 2023 06:19:05 GMT - Sat, 27 Jan 2024 06:19:04 GMT

File type
ASCII text, with very long lines (42841), with no line terminators
Size
16 kB (15460 bytes)
Hash
58306d182ee7dc692dbdd183b425e70b
0e78117f5024f3536acdc3c0af657010fbc5f8e4
c1fab03eaca01e8564cd1267f91ae1df812a596d52d2200f270117106ecb5cc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c4/d5/3d/c4d53d21b4a90448b5012c00c5cfa5a2.js HTTP/1.1
Host: combatbaskstationery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a1a23de26bf86a9a81407f4203dd31a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

combatbaskstationery.com/ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json

173.233.137.52

200 OK

407 B

URL GET HTTP/1.1
combatbaskstationery.com/ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectcombatbaskstationery.com
FingerprintC2:03:EE:0C:A4:E6:5D:AF:91:D4:D2:48:12:F2:C8:1D:43:6E:E5:2C
ValiditySun, 29 Oct 2023 06:19:05 GMT - Sat, 27 Jan 2024 06:19:04 GMT

File type
JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Size
407 B (407 bytes)
Hash
1b6bc78f19e3060fbb8942a38b18a805
b6c6fb8fd7a59bf0d51bfa63c22591bf7a31991b
97a90effddd5f202d6131d5465f16c2c830814715bc66a1ec1263559ae087c1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ea/2d/5d/ea2d5d802b867cf417198fc84113161f.json HTTP/1.1
Host: combatbaskstationery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:13 GMT
Content-Type: application/json
Content-Length: 407
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a7fcaf3dc2ac0caa8d0974e429c6142f
Strict-Transport-Security: max-age=0; includeSubdomains

moleconcern.com/pixel/pure

173.233.137.60

200 OK

0 B

URL POST HTTP/1.1
moleconcern.com/pixel/pure
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectmoleconcern.com
FingerprintEB:1F:59:14:C7:DD:65:50:10:51:62:9F:42:07:6B:62:7A:58:41:AF
ValidityMon, 30 Oct 2023 07:29:08 GMT - Sun, 28 Jan 2024 07:29:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pixel/pure HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.freeroms.com/
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:13 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
1f5ea1de01644aecc419ef2fd3b7052c
1ec2b3adee6069d46937a34cf5d25d3b2566a9e0
dbd64cba305c05822c6c2b6f98eeae215c443e4370856624be3e3b7a5897e7b5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 30 Nov 2023 18:35:13 GMT
Last-Modified: Thu, 30 Nov 2023 17:03:08 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jbJrz3j_hZzVLBxWQuNppqDrpJXglR7u6sPO3cro2bLijj_NQf4G2Q==
Age: 5525

my.rtmark.net/gid.js?userId=41725c7667fa4fca86783cbadd39f464

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=41725c7667fa4fca86783cbadd39f464
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
9047d51ed5b6f45c534884c851984af4
ef4b6544140116097c9febb7ebe5bcf0e39b69c9
4174de719e8649655beb988d1274c2c2e9980e1c897e5d978bf1847193a93188

HTTP Headers

GET /gid.js?userId=41725c7667fa4fca86783cbadd39f464 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=41725c7667fa4fca86783cbadd39f464; expires=Fri, 29 Nov 2024 18:35:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dacmaiss.com/5/2881944/?oo=1&aab=1

139.45.197.237

200 OK

1.4 kB

URL GET HTTP/2
dacmaiss.com/5/2881944/?oo=1&aab=1
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectdacmaiss.com
FingerprintCC:49:30:23:56:98:15:B1:1A:DC:A9:92:7D:D2:DF:DA:8B:CC:2D:1B
ValiditySun, 22 Oct 2023 05:11:39 GMT - Sat, 20 Jan 2024 05:11:38 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.4 kB (1431 bytes)
Hash
c4600c6babc7ddc5f01cd9bc6a6e9ffb
9e646836a7267d449beb0f71ebf33bbdf93f3961
ce12d77ae44c838d11e771196621c616df1c606873a6dd6dc2049975e02c63a0

HTTP Headers

GET /5/2881944/?oo=1&aab=1 HTTP/1.1
Host: dacmaiss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: application/json
x-trace-id: 86b30c60cbf2c3cfe4b0c79f4e23eb54
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://www.freeroms.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=41725c7667fa4fca86783cbadd39f464; expires=Fri, 29 Nov 2024 18:35:12 GMT; path=/; secure; SameSite=None
oaidts=1701369312; expires=Fri, 29 Nov 2024 18:35:12 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

35.157.159.40

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.157.159.40:443
ASN
#16509 AMAZON-02

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ac1093988979b73f7214c7eb5f01712b
d749dbbc480c96ae3dc6a3af3e169708e13e16b1
bb4c81c180672411c454252b3d437b354ce7de0a1cc0388f2d2bc54181ee45c6

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.freeroms.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d3905245-5bad-4d2a-9c8c-980118bda3f7:3:1; expires=Sun, 27 Nov 2033 18:35:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

moleconcern.com/pixel/pure

173.233.137.60

200 OK

0 B

URL POST HTTP/1.1
moleconcern.com/pixel/pure
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectmoleconcern.com
FingerprintEB:1F:59:14:C7:DD:65:50:10:51:62:9F:42:07:6B:62:7A:58:41:AF
ValidityMon, 30 Oct 2023 07:29:08 GMT - Sun, 28 Jan 2024 07:29:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

banquetunarmedgrater.com/advertisers.js

172.67.219.12

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.67.219.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint92:8E:AD:72:AC:AD:3B:21:99:CD:21:A0:9F:BD:F2:AF:0D:98:D8:57
ValidityThu, 09 Nov 2023 11:40:15 GMT - Wed, 07 Feb 2024 11:40:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 7766b421f3558b759420200c483c54bb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 30 Nov 2023 18:35:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBivhRa4SjjNItgqo9%2FSiGot3vfqYYpBi73tMkj0aQV4qjU9fIQyWD04M1kSFYaaj1of4MBldtsOi6HkX4MTqLeejPibu6DAMjoTu%2Bnh9o65y7AtR71KoZb9ceCngoCAzk1jTb3UNKZ6Ulc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e530620cebb509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1385
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 30 Nov 2023 18:35:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.freeroms.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

dacmaiss.com/?rb=BUafQwQrCplW4sjIknIFQZznVUfdiQiHC7MLB6FkUQHWJucbex9n7o2qke6eqNDLKdAB3Lexiq1OYsWZEK9L4dq5LBcxKmKJxb5_i_VTlrwnuPyhdQvsEZ2GAjlB5JRQXNK4dGuRR0ktoVODAMWi7sZ7jAdXbagTzlru-o3sDoDiZ71yoc0NY9pVYhN5lQIsKfMmRafYR3YUGzGFOYW50YOm1F9tdvJcVGTb8mN-QlM%3D&request_ab2=0&zoneid=2881944&js_build=iclick-v1.635.1-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.1-auto&bs=012abab0-20cf-447d-81ae-6a06cc3d1295&userId=41725c7667fa4fca86783cbadd39f464&m=link

139.45.197.237

200 OK

1.4 kB

URL GET HTTP/2
dacmaiss.com/?rb=BUafQwQrCplW4sjIknIFQZznVUfdiQiHC7MLB6FkUQHWJucbex9n7o2qke6eqNDLKdAB3Lexiq1OYsWZEK9L4dq5LBcxKmKJxb5_i_VTlrwnuPyhdQvsEZ2GAjlB5JRQXNK4dGuRR0ktoVODAMWi7sZ7jAdXbagTzlru-o3sDoDiZ71yoc0NY9pVYhN5lQIsKfMmRafYR3YUGzGFOYW50YOm1F9tdvJcVGTb8mN-QlM%3D&request_ab2=0&zoneid=2881944&js_build=iclick-v1.635.1-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.1-auto&bs=012abab0-20cf-447d-81ae-6a06cc3d1295&userId=41725c7667fa4fca86783cbadd39f464&m=link
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectdacmaiss.com
FingerprintCC:49:30:23:56:98:15:B1:1A:DC:A9:92:7D:D2:DF:DA:8B:CC:2D:1B
ValiditySun, 22 Oct 2023 05:11:39 GMT - Sat, 20 Jan 2024 05:11:38 GMT

File type
JSON data\012- , ASCII text, with very long lines (1806), with no line terminators
Size
1.4 kB (1418 bytes)
Hash
cc434e7f936d8212738e4f82e3dab5f4
b9e12b6a26467e00337c16ea182b578b79ffe60d
6dbcb928234dc96be12d4440fba496f0a4b8c9df7a151f937ae08ce7eabea782

HTTP Headers

GET /?rb=BUafQwQrCplW4sjIknIFQZznVUfdiQiHC7MLB6FkUQHWJucbex9n7o2qke6eqNDLKdAB3Lexiq1OYsWZEK9L4dq5LBcxKmKJxb5_i_VTlrwnuPyhdQvsEZ2GAjlB5JRQXNK4dGuRR0ktoVODAMWi7sZ7jAdXbagTzlru-o3sDoDiZ71yoc0NY9pVYhN5lQIsKfMmRafYR3YUGzGFOYW50YOm1F9tdvJcVGTb8mN-QlM%3D&request_ab2=0&zoneid=2881944&js_build=iclick-v1.635.1-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.1-auto&bs=012abab0-20cf-447d-81ae-6a06cc3d1295&userId=41725c7667fa4fca86783cbadd39f464&m=link HTTP/1.1
Host: dacmaiss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.freeroms.com/
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Cookie: OAID=41725c7667fa4fca86783cbadd39f464; oaidts=1701369312
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/json
x-trace-id: 7961155f4c594a53a38a811306e1ee6f
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://www.freeroms.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=41725c7667fa4fca86783cbadd39f464; expires=Fri, 29 Nov 2024 18:35:13 GMT; path=/; secure; SameSite=None
oaidts=1701369313; expires=Fri, 29 Nov 2024 18:35:13 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 07 Dec 2023 18:35:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=&eb=9dc9c1d31cb8b7965ee9d24b6e1f79e7&te=b7f6eb057aaaa451b9eeba0ff496141a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.3095&b_frame=0&pk=c4d53d21b4a90448b5012c00c5cfa5a2&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=&eb=9dc9c1d31cb8b7965ee9d24b6e1f79e7&te=b7f6eb057aaaa451b9eeba0ff496141a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.3095&b_frame=0&pk=c4d53d21b4a90448b5012c00c5cfa5a2&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=&eb=9dc9c1d31cb8b7965ee9d24b6e1f79e7&te=b7f6eb057aaaa451b9eeba0ff496141a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.3095&b_frame=0&pk=c4d53d21b4a90448b5012c00c5cfa5a2&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 18:35:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc833f51eecd44af14ac9978bf4631fd
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=&eb=9dc9c1d31cb8b7965ee9d24b6e1f79e7&te=b7f6eb057aaaa451b9eeba0ff496141a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.3095&b_frame=0&pk=ea2d5d802b867cf417198fc84113161f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=&eb=9dc9c1d31cb8b7965ee9d24b6e1f79e7&te=b7f6eb057aaaa451b9eeba0ff496141a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.3095&b_frame=0&pk=ea2d5d802b867cf417198fc84113161f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=&eb=9dc9c1d31cb8b7965ee9d24b6e1f79e7&te=b7f6eb057aaaa451b9eeba0ff496141a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.3095&b_frame=0&pk=ea2d5d802b867cf417198fc84113161f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 18:35:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f38eff3e1284a6915e2dfcb841571df
Strict-Transport-Security: max-age=0; includeSubdomains

offerimage.com/www/images/1254ddfd42baa84cea2221d2e82fa511.png

104.22.33.172

200 OK

70 kB

URL GET HTTP/2
offerimage.com/www/images/1254ddfd42baa84cea2221d2e82fa511.png
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
70 kB (69506 bytes)
Hash
1254ddfd42baa84cea2221d2e82fa511
84b26dfb937aa8b9746a20e52f9d1330a9a29eab
eba572a9f6836dc915e75251fed8c1e6129c7013cb380af95899e9824a82fd92

HTTP Headers

GET /www/images/1254ddfd42baa84cea2221d2e82fa511.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:14 GMT
content-type: image/png
content-length: 69506
last-modified: Mon, 28 Aug 2023 16:35:16 GMT
etag: "64ecccc4-10f82"
expires: Fri, 01 Dec 2023 06:17:10 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 44284
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e53066c94c2d95-ARN
X-Firefox-Spdy: h2

www.freeroms.com/favicon.ico

64.235.54.28

200 OK

1.2 kB

URL GET HTTP/2
www.freeroms.com/favicon.ico
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
66ccc38a036f42cb9555a65a8f0dd96d
de96c7f3b02ca03d5ab9dd57e7249e3af0a7469f
554982b40d0c899885675b5eb48e7d32b1068623e99c6d361f190427de2387f0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/errorpages/max_connections.html
Cookie: prefetchAd_2881944=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=d3905245-5bad-4d2a-9c8c-980118bda3f7%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:14 GMT
content-type: image/vnd.microsoft.icon
content-length: 1150
last-modified: Thu, 18 Dec 2014 11:03:18 GMT
etag: "5492b476-47e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

immaculategirdlewade.com/sbar.json?key=c4d53d21b4a90448b5012c00c5cfa5a2&uuid=d3905245-5bad-4d2a-9c8c-980118bda3f7%3A3%3A1

192.243.61.225

200 OK

4.2 kB

URL GET HTTP/1.1
immaculategirdlewade.com/sbar.json?key=c4d53d21b4a90448b5012c00c5cfa5a2&uuid=d3905245-5bad-4d2a-9c8c-980118bda3f7%3A3%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectimmaculategirdlewade.com
Fingerprint49:4A:6F:9B:65:8D:09:4F:C4:35:BC:21:E8:5C:C5:E3:43:3E:2E:63
ValidityTue, 28 Nov 2023 10:37:17 GMT - Mon, 26 Feb 2024 10:37:16 GMT

File type
JSON data\012- , ASCII text, with very long lines (5903), with no line terminators
Size
4.2 kB (4219 bytes)
Hash
3bf2fb45a3a8aeaf7994a7f35c2b5744
d54b83d410e21805c7d1fb2d9a7f6512f546b4c4
c6e2a4544f248b409e85c287e39039235ceda9e50b9924e8dfa6e58f854685cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=c4d53d21b4a90448b5012c00c5cfa5a2&uuid=d3905245-5bad-4d2a-9c8c-980118bda3f7%3A3%3A1 HTTP/1.1
Host: immaculategirdlewade.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:14 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.freeroms.com
Access-Control-Allow-Origin: https://www.freeroms.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16560103; expires=Fri, 01 Dec 2023 18:35:14 GMT; secure; SameSite=None
uid_id2=d3905245-5bad-4d2a-9c8c-980118bda3f7:3:1; expires=Thu, 07 Dec 2023 18:35:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 18:35:14 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 18:35:14 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 01 Dec 2023 18:35:14 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 01 Dec 2023 18:35:14 GMT; secure; SameSite=None
slecc4d53d21b4a90448b5012c00c5cfa5a2=[4690994]; expires=Thu, 30 Nov 2023 18:35:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: df11fb724d9d05db1f09c6d5afc94b67
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

immaculategirdlewade.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq5PN7%2FLTg0EPOQhzEP%2BAO1vd052dMQdjjAmLMQlJJDex%2FvVuudVdTVX39GZPwYAERJiAB8FL73d2s%2F4Jaq6CRGa9yIKSEZE9uAc9eBWEePEgMzuw%2BA713qvPO7zvt%2Bq9jWqfhKjY3uU37Lo2hi0kbdp6%2FrrOpa196%2BK1Vkjb9FTrus5Pxqdaa5PD9V8KadKmL7TOK7FqFyIaUhrSsHVOO5XatYUphS7u9cJ2j7bjqB0mMdbcf3tfBfAsgOzvk%2BPQcnxs5fv70GKEPPvqrPKrpS1efC2rDCutQ19uv5mv5rbOkR2WqQuQ5tuzaVg%2FJuSjI7D59kwBbH9zogBcj0nwSwieb8%2FWBO9vHWzKDVQOLv%2BPuj%2BCMiNoNoKwt6DlQwIIiYuXkGd3L1pXsxsHlE3omMw9%2Bgu6HpO5X59Enn1xxui11lVrqlLb3GMtbaDXRtDLIxTVDsr1ALregSjfhZY%2FkIVHF5Bnm5e8sdBy7xnZ6dEkipP5hDM5H8uIzfdEV8z3ujQMu1yyTro4tUjrEXQ6glEDMH8UlQ9Q6QBVGqAqAmRyr8WSXkrpYsrTTqcbCyE6HSGS7kmZyE7cTSkqMdEwQFkMIMwAwt1E4W5iVd95mByHq76FX2ngZQBfEvRlg1oR1J6gZgS1JqhLgrrfbEnjI9%2FclcZXPJzlaJY7zdCWyxtsy5bLKidgbrBR7JMnpv798%2BUfWFV7LRHLpCOjkMesR%2BO4yxMaRoJSkYiUJSyC1w20PwLmA6zrMTnxrEahx%2BTYB%2B%2BDsx14swOhnwKrngarh4sRBVsZxl2K9fxe6pRyNvNtYTNI26Ao51DeCDbMPjkx3eP8hxGU2D39v4%2B3fr%2F6948QrkHhGryjvyNYNreHV2xNNq%2FY2pP7l4pSZ3qdTd74aslKNffZ6%2BpGbZ1cOusHn74iJmBS3rumfHmB5VLny558fkZLqdw564Qi3yz564pfrvzKmcrlVXHh8qvnlrLCKe%2B1zUdg%2BuHbDyD0mDx%2Bd2H6e5%2F7JIN2I7iqQVbtkllA2x2I4iZ8sXuaHHls6eu3EnhL4MzhDC8C1FUzdBE%2FvDSawKjDnvEGXh1awNXugz8P2Ia%2FjWUXgJW3kGcN%2Bq5B3zRgZgBfHR2Whdt9%2BafONMBNMOTGBZvcOHPnwFqv91oqSWmqaKR42uPpIqOyl8Y9znqhWuQJC1H6sVr5%2Bbd%2FAQAA%2F%2F8BAAD%2F%2F%2B3D3X%2BVBAAA

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
immaculategirdlewade.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq5PN7%2FLTg0EPOQhzEP%2BAO1vd052dMQdjjAmLMQlJJDex%2FvVuudVdTVX39GZPwYAERJiAB8FL73d2s%2F4Jaq6CRGa9yIKSEZE9uAc9eBWEePEgMzuw%2BA713qvPO7zvt%2Bq9jWqfhKjY3uU37Lo2hi0kbdp6%2FrrOpa196%2BK1Vkjb9FTrus5Pxqdaa5PD9V8KadKmL7TOK7FqFyIaUhrSsHVOO5XatYUphS7u9cJ2j7bjqB0mMdbcf3tfBfAsgOzvk%2BPQcnxs5fv70GKEPPvqrPKrpS1efC2rDCutQ19uv5mv5rbOkR2WqQuQ5tuzaVg%2FJuSjI7D59kwBbH9zogBcj0nwSwieb8%2FWBO9vHWzKDVQOLv%2BPuj%2BCMiNoNoKwt6DlQwIIiYuXkGd3L1pXsxsHlE3omMw9%2Bgu6HpO5X59Enn1xxui11lVrqlLb3GMtbaDXRtDLIxTVDsr1ALregSjfhZY%2FkIVHF5Bnm5e8sdBy7xnZ6dEkipP5hDM5H8uIzfdEV8z3ujQMu1yyTro4tUjrEXQ6glEDMH8UlQ9Q6QBVGqAqAmRyr8WSXkrpYsrTTqcbCyE6HSGS7kmZyE7cTSkqMdEwQFkMIMwAwt1E4W5iVd95mByHq76FX2ngZQBfEvRlg1oR1J6gZgS1JqhLgrrfbEnjI9%2FclcZXPJzlaJY7zdCWyxtsy5bLKidgbrBR7JMnpv798%2BUfWFV7LRHLpCOjkMesR%2BO4yxMaRoJSkYiUJSyC1w20PwLmA6zrMTnxrEahx%2BTYB%2B%2BDsx14swOhnwKrngarh4sRBVsZxl2K9fxe6pRyNvNtYTNI26Ao51DeCDbMPjkx3eP8hxGU2D39v4%2B3fr%2F6948QrkHhGryjvyNYNreHV2xNNq%2FY2pP7l4pSZ3qdTd74aslKNffZ6%2BpGbZ1cOusHn74iJmBS3rumfHmB5VLny558fkZLqdw564Qi3yz564pfrvzKmcrlVXHh8qvnlrLCKe%2B1zUdg%2BuHbDyD0mDx%2Bd2H6e5%2F7JIN2I7iqQVbtkllA2x2I4iZ8sXuaHHls6eu3EnhL4MzhDC8C1FUzdBE%2FvDSawKjDnvEGXh1awNXugz8P2Ia%2FjWUXgJW3kGcN%2Bq5B3zRgZgBfHR2Whdt9%2BafONMBNMOTGBZvcOHPnwFqv91oqSWmqaKR42uPpIqOyl8Y9znqhWuQJC1H6sVr5%2Bbd%2FAQAA%2F%2F8BAAD%2F%2F%2B3D3X%2BVBAAA
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectimmaculategirdlewade.com
Fingerprint49:4A:6F:9B:65:8D:09:4F:C4:35:BC:21:E8:5C:C5:E3:43:3E:2E:63
ValidityTue, 28 Nov 2023 10:37:17 GMT - Mon, 26 Feb 2024 10:37:16 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq5PN7%2FLTg0EPOQhzEP%2BAO1vd052dMQdjjAmLMQlJJDex%2FvVuudVdTVX39GZPwYAERJiAB8FL73d2s%2F4Jaq6CRGa9yIKSEZE9uAc9eBWEePEgMzuw%2BA713qvPO7zvt%2Bq9jWqfhKjY3uU37Lo2hi0kbdp6%2FrrOpa196%2BK1Vkjb9FTrus5Pxqdaa5PD9V8KadKmL7TOK7FqFyIaUhrSsHVOO5XatYUphS7u9cJ2j7bjqB0mMdbcf3tfBfAsgOzvk%2BPQcnxs5fv70GKEPPvqrPKrpS1efC2rDCutQ19uv5mv5rbOkR2WqQuQ5tuzaVg%2FJuSjI7D59kwBbH9zogBcj0nwSwieb8%2FWBO9vHWzKDVQOLv%2BPuj%2BCMiNoNoKwt6DlQwIIiYuXkGd3L1pXsxsHlE3omMw9%2Bgu6HpO5X59Enn1xxui11lVrqlLb3GMtbaDXRtDLIxTVDsr1ALregSjfhZY%2FkIVHF5Bnm5e8sdBy7xnZ6dEkipP5hDM5H8uIzfdEV8z3ujQMu1yyTro4tUjrEXQ6glEDMH8UlQ9Q6QBVGqAqAmRyr8WSXkrpYsrTTqcbCyE6HSGS7kmZyE7cTSkqMdEwQFkMIMwAwt1E4W5iVd95mByHq76FX2ngZQBfEvRlg1oR1J6gZgS1JqhLgrrfbEnjI9%2FclcZXPJzlaJY7zdCWyxtsy5bLKidgbrBR7JMnpv798%2BUfWFV7LRHLpCOjkMesR%2BO4yxMaRoJSkYiUJSyC1w20PwLmA6zrMTnxrEahx%2BTYB%2B%2BDsx14swOhnwKrngarh4sRBVsZxl2K9fxe6pRyNvNtYTNI26Ao51DeCDbMPjkx3eP8hxGU2D39v4%2B3fr%2F6948QrkHhGryjvyNYNreHV2xNNq%2FY2pP7l4pSZ3qdTd74aslKNffZ6%2BpGbZ1cOusHn74iJmBS3rumfHmB5VLny558fkZLqdw564Qi3yz564pfrvzKmcrlVXHh8qvnlrLCKe%2B1zUdg%2BuHbDyD0mDx%2Bd2H6e5%2F7JIN2I7iqQVbtkllA2x2I4iZ8sXuaHHls6eu3EnhL4MzhDC8C1FUzdBE%2FvDSawKjDnvEGXh1awNXugz8P2Ia%2FjWUXgJW3kGcN%2Bq5B3zRgZgBfHR2Whdt9%2BafONMBNMOTGBZvcOHPnwFqv91oqSWmqaKR42uPpIqOyl8Y9znqhWuQJC1H6sVr5%2Bbd%2FAQAA%2F%2F8BAAD%2F%2F%2B3D3X%2BVBAAA HTTP/1.1
Host: immaculategirdlewade.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: u_pl=16560103; uid_id2=d3905245-5bad-4d2a-9c8c-980118bda3f7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2a165dfd12109095c2558bf1b82a452
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png

172.64.108.10

200 OK

9.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 374 x 158, 8-bit colormap, non-interlaced\012- data
Size
9.9 kB (9865 bytes)
Hash
820ad88853e09bfa31ecc6dfd93c07ec
c8d408a8618a825a5111c51a6fe2e30f4d53098c
948bc0c4bd13d058c1c64f903453f928ecfdcd87686eebe6f9a73618e24d4bbd

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/img/button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:15 GMT
content-type: image/png
content-length: 9865
last-modified: Thu, 19 Oct 2023 16:12:57 GMT
etag: "65315589-2689"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1613770
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vw2Fnb%2FaC37PW32YimnvVfgKxP%2BseB4Md45yflVMs%2Fp7NzdX7MWpWS5OfAggG9ubITROiHspx0NpQj3x3ct7L7hGey0kSvtxpUFYNokCR2%2BPcoy8Y%2F8SKOAUg9FhOFszHDuJDHZ4HuYK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306afe25778c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/8/index.html

104.26.7.19

200 OK

5.6 kB

URL GET HTTP/2
cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/8/index.html
IP
104.26.7.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
5.6 kB (5647 bytes)
Hash
3ba8c6ee4184fd58396eb4ca22879c0d
3a299ade06247933036e312785d51449d429786d
ae8af8d3ded72e9a7568fa4e7281c9f28e13921a307972a68ff71aee18bc6423

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:14 GMT
content-type: text/html
last-modified: Thu, 19 Oct 2023 16:12:54 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJQxRafWkl60d9vaV47c%2FB333B%2FSChx8gGBOUJg%2B%2BeZjTt5u%2BP9QNgJgMIllg%2ByuD1DVmGr4szmbyHFOWv3oQR5teUEWtL08KonrmKy4tg9COBPnX9gFtZdO6scdsVXyGIe6F1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e53069ab9c56ba-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/js/script.js

172.64.108.10

200 OK

1.6 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/js/script.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
Unicode text, UTF-8 text
Size
1.6 kB (1553 bytes)
Hash
f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:15 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 16:13:00 GMT
etag: W/"6531558c-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4f4jV%2F41DCGGFEg5duvsYTbWw4vZQltX8CWzsqm2iiNC1yoBqTMTg9jvWAAKPWicfx4IITr9VRilWkMgXsgeU0oTbShdosMI8HSjvCQW9%2F8WQmBCC30kO80xA25xi2DjePNdVBfkGIt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306abdaf778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

immaculategirdlewade.com/pixel/sbs?c=1

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
immaculategirdlewade.com/pixel/sbs?c=1
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectimmaculategirdlewade.com
Fingerprint49:4A:6F:9B:65:8D:09:4F:C4:35:BC:21:E8:5C:C5:E3:43:3E:2E:63
ValidityTue, 28 Nov 2023 10:37:17 GMT - Mon, 26 Feb 2024 10:37:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: immaculategirdlewade.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: u_pl=16560103; uid_id2=d3905245-5bad-4d2a-9c8c-980118bda3f7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/style.css

172.64.108.10

200 OK

376 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/style.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
376 kB (376136 bytes)
Hash
557c0926d0e3e54bc6740f4986353a92
077be1fd5ad2de339c0c121c4a3c30ed91fbbc32
39085561aabf95993548b91b139b647f6e6b4332fd045ada6ff2c075990e8ebe

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:15 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 16:12:56 GMT
etag: W/"65315588-958"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SNgpPFLRm2SQRbZsSqJHAtuthFjrnp4w98Q5T7S%2Fqlk2gQsbbfN3K0y6lwIgdGuVBFHbwQxte6awUNoFGUtc%2Fn88e4W%2FT%2Byf%2BlO%2FbTuqhdH%2FCJ6etPbH10bebPdrDFOe4FOG3QVMHHf%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306abdb5778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gishejuy.com/impression/myyNktaxkoWZINGOha-b3hb39WSWXFQvogjA2wTxsjJ2rVjR7on-n7vk9JQFDvWrHeKip0VT5_xrbIxGDxRs7dRjbdg7eflK6lSLypMKeHJLpnwWXO6g8rfyda0s5MHMoG4u-VJDuBVC6-F3d_HIU9D7dEWMjI_LXfj1SbpBNlJHuJDrZBhvFL2sHla4aDi32iKliSWtMCre8WpmlTWqA1kQ7d5Trp0g2Y__3x1_h4_RvDDLPznf5TeEXEu6BqND6odlckrd1Hw6R5I82WAiM20B52WvdIW1sdJiEeK_U-SLfT0hqv54XwL_WdSQ8LrE__KlL5VgAhYgtJn4cLeo0U3rEnbVdDB--lhI3xMpi7U5MQkTOn83QKZskX82QEplNLoMTQau5Z2jjIATMXz8_12P6_HRnnHE8CfVzGKMZjK2hZF1fxV-E7ZdL4-Dw-r058r0_731KPAMUloak34qxGir8qtB-4JY233zk8jFsTw3_HioWA1gzT8ACxJXoM6G9OfKS_Crvq1VxSl1EVrqU6QCP8sJsbbp9cTVeMvBfowGauDETxjbhZ3D1FwqshjXDQwZYqfDDAvbhoLDZXTTUo5OJtz0lIBV5enUqUMOv7uCRbYekONgBTF2bZtx1x6rmJ2nhbIy3osM8JQoAfET_eHSPDXXv8sGp3s_Z9YNGr_0z_DeSfi8P9eOE8iubIeuK0j1Orq_xIY7iII3RdMzQU0Sxcy7MYZnGdPp9qHpyppz1e_NEjGNC_XwztVoFqJg80X8EPlBlZ43r6_Z_wIw4rhzf65tm-8EZewIvc37OExNb3zrSdoazYuDx4F4r1J_?_z=3601099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/myyNktaxkoWZINGOha-b3hb39WSWXFQvogjA2wTxsjJ2rVjR7on-n7vk9JQFDvWrHeKip0VT5_xrbIxGDxRs7dRjbdg7eflK6lSLypMKeHJLpnwWXO6g8rfyda0s5MHMoG4u-VJDuBVC6-F3d_HIU9D7dEWMjI_LXfj1SbpBNlJHuJDrZBhvFL2sHla4aDi32iKliSWtMCre8WpmlTWqA1kQ7d5Trp0g2Y__3x1_h4_RvDDLPznf5TeEXEu6BqND6odlckrd1Hw6R5I82WAiM20B52WvdIW1sdJiEeK_U-SLfT0hqv54XwL_WdSQ8LrE__KlL5VgAhYgtJn4cLeo0U3rEnbVdDB--lhI3xMpi7U5MQkTOn83QKZskX82QEplNLoMTQau5Z2jjIATMXz8_12P6_HRnnHE8CfVzGKMZjK2hZF1fxV-E7ZdL4-Dw-r058r0_731KPAMUloak34qxGir8qtB-4JY233zk8jFsTw3_HioWA1gzT8ACxJXoM6G9OfKS_Crvq1VxSl1EVrqU6QCP8sJsbbp9cTVeMvBfowGauDETxjbhZ3D1FwqshjXDQwZYqfDDAvbhoLDZXTTUo5OJtz0lIBV5enUqUMOv7uCRbYekONgBTF2bZtx1x6rmJ2nhbIy3osM8JQoAfET_eHSPDXXv8sGp3s_Z9YNGr_0z_DeSfi8P9eOE8iubIeuK0j1Orq_xIY7iII3RdMzQU0Sxcy7MYZnGdPp9qHpyppz1e_NEjGNC_XwztVoFqJg80X8EPlBlZ43r6_Z_wIw4rhzf65tm-8EZewIvc37OExNb3zrSdoazYuDx4F4r1J_?_z=3601099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/myyNktaxkoWZINGOha-b3hb39WSWXFQvogjA2wTxsjJ2rVjR7on-n7vk9JQFDvWrHeKip0VT5_xrbIxGDxRs7dRjbdg7eflK6lSLypMKeHJLpnwWXO6g8rfyda0s5MHMoG4u-VJDuBVC6-F3d_HIU9D7dEWMjI_LXfj1SbpBNlJHuJDrZBhvFL2sHla4aDi32iKliSWtMCre8WpmlTWqA1kQ7d5Trp0g2Y__3x1_h4_RvDDLPznf5TeEXEu6BqND6odlckrd1Hw6R5I82WAiM20B52WvdIW1sdJiEeK_U-SLfT0hqv54XwL_WdSQ8LrE__KlL5VgAhYgtJn4cLeo0U3rEnbVdDB--lhI3xMpi7U5MQkTOn83QKZskX82QEplNLoMTQau5Z2jjIATMXz8_12P6_HRnnHE8CfVzGKMZjK2hZF1fxV-E7ZdL4-Dw-r058r0_731KPAMUloak34qxGir8qtB-4JY233zk8jFsTw3_HioWA1gzT8ACxJXoM6G9OfKS_Crvq1VxSl1EVrqU6QCP8sJsbbp9cTVeMvBfowGauDETxjbhZ3D1FwqshjXDQwZYqfDDAvbhoLDZXTTUo5OJtz0lIBV5enUqUMOv7uCRbYekONgBTF2bZtx1x6rmJ2nhbIy3osM8JQoAfET_eHSPDXXv8sGp3s_Z9YNGr_0z_DeSfi8P9eOE8iubIeuK0j1Orq_xIY7iII3RdMzQU0Sxcy7MYZnGdPp9qHpyppz1e_NEjGNC_XwztVoFqJg80X8EPlBlZ43r6_Z_wIw4rhzf65tm-8EZewIvc37OExNb3zrSdoazYuDx4F4r1J_?_z=3601099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: OAID=41725c7667fa4fca86783cbadd39f464
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:23 GMT
content-type: image/gif
content-length: 43
x-trace-id: 153fa3148b1bce9cd353c2a2fc4a3b3d
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/1254ddfd42baa84cea2221d2e82fa511.png

104.22.33.172

200 OK

70 kB

URL GET HTTP/2
offerimage.com/www/images/1254ddfd42baa84cea2221d2e82fa511.png
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
70 kB (69506 bytes)
Hash
1254ddfd42baa84cea2221d2e82fa511
84b26dfb937aa8b9746a20e52f9d1330a9a29eab
eba572a9f6836dc915e75251fed8c1e6129c7013cb380af95899e9824a82fd92

HTTP Headers

GET /www/images/1254ddfd42baa84cea2221d2e82fa511.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:23 GMT
content-type: image/png
content-length: 69506
last-modified: Mon, 28 Aug 2023 16:35:16 GMT
etag: "64ecccc4-10f82"
expires: Fri, 01 Dec 2023 06:17:10 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 44293
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e530a10d462d95-ARN
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

200 OK

17 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
17 kB (16655 bytes)
Hash
fcc7ee5678541adea03770b8cfafd146
e5d4c9d76cabeef9e8faa14ff0ed07bd097396fc
1474e26a5116379d3fa3f65cec9f195f0d826c24891a55a15f39c92dae12405d

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 30 Nov 2023 18:35:23 GMT
date: Thu, 30 Nov 2023 18:35:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 23:43:03 GMT
expires: Tue, 26 Nov 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 240740
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.freeroms.com/images/circuit_main_top.gif

64.235.54.28

200 OK

1.4 kB

URL GET HTTP/2
www.freeroms.com/images/circuit_main_top.gif
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
GIF image data, version 89a, 334 x 40\012- data
Size
1.4 kB (1366 bytes)
Hash
8ce66b9116fdb0a263fbbf0ec7299e1c
3f2868999529378d7e40c4acce440c0fdd0963bb
7ee186a06b35fc6499ca0fe10faa3f137fdee61cbfd4163aaba28414b8e65063

HTTP Headers

GET /images/circuit_main_top.gif HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: image/gif
content-length: 1366
last-modified: Tue, 14 Jul 2015 01:10:55 GMT
etag: "55a4619f-556"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

cameesse.net/1?z=3056520

139.45.197.242

404 Not Found

0 B

URL GET HTTP/2
cameesse.net/1?z=3056520
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=3056520 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0fd7fe70e86cce361c8c1add960296db
access-control-expose-headers: X-Sc
x-sc: 4KdnrdofxFOHMlcU
set-cookie: scm=1; expires=Fri, 29 Nov 2024 18:35:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

gishejuy.com/400/3601099

139.45.197.242

200 OK

89 kB

URL GET HTTP/2
gishejuy.com/400/3601099
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88930 bytes)
Hash
793d3ae9c8f39193adf8c763a33242fa
73f6ea65815f08e72aab458918f45503607dd098
321cde030ca1ac7f419753172e6113c433c5bc51301741a7beb32223566b1775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/3601099 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/javascript
x-trace-id: b08491d94a415bb811c6652f892aca73
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=8e0b48547e2145d68be21a53825a23e1; expires=Fri, 29 Nov 2024 18:35:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 30 Nov 2023 18:35:15 GMT
date: Thu, 30 Nov 2023 18:35:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gishejuy.com/500/3601099?excludes=&oaid=41725c7667fa4fca86783cbadd39f464&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.242

200 OK

1.7 kB

URL GET HTTP/2
gishejuy.com/500/3601099?excludes=&oaid=41725c7667fa4fca86783cbadd39f464&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1745), with no line terminators
Size
1.7 kB (1720 bytes)
Hash
4821c70c222a7f678e95d7d227d06d5e
76123fa68d5b5ad476ef995b972769a9653db3f3
7124b8d9f0e04f2559e136c1bee3cec7cd9b56be0b1799c401cb608a0b787983

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/3601099?excludes=&oaid=41725c7667fa4fca86783cbadd39f464&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: OAID=8e0b48547e2145d68be21a53825a23e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/javascript
x-trace-id: fce69a57d78165d7874f249b3d8c268f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://www.freeroms.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=41725c7667fa4fca86783cbadd39f464; expires=Fri, 29 Nov 2024 18:35:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg

172.64.108.10

200 OK

1.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
SVG Scalable Vector Graphics image\012- XML document, ASCII text, with very long lines (1275), with no line terminators
Size
1.2 kB (1181 bytes)
Hash
ee9084e5f63b44e99321603aeadcf5b3
7ad5af3b9bd4f16852d7491fa0d2d27208318d10
780911a80399262efd3de45d684bb03fc965406402d3b60720d3dcfe7a4a3fc0

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:15 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Oct 2023 16:12:58 GMT
etag: W/"6531558a-49d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 131261
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTwbPbkboYLY3LBxbSdd0Mym0PXZnHcukOYZWZlhdoJPcwwq5CpLxQaC9T3%2FH7JT2hShc7YhRrp1yblzKlNYcZM8G5puM%2BiJAIljHHChbLTOIdnt57sukIvygrFnBLukhFgquJ5RGyHR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306aee0d778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg

172.64.108.10

200 OK

376 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
376 kB (375458 bytes)
Hash
65b98e31f2a22bfc2ae827300f514b93
8d66b3140eaabf1eff5990961d013af5e948df5a
6ea2b64aa9ed05099682f877c6f257d5ebc03814c5910a9dc91a3eae94bf6879

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 18:35:15 GMT
content-type: image/jpeg
content-length: 375458
last-modified: Thu, 19 Oct 2023 16:13:01 GMT
etag: "6531558d-5baa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 47736
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=23jPaZPl7iZ4aUVlqibm51T1AUhmWkO%2BCks2%2FfiV0VU4iKpRNCMpZ9rSuHQ7aK1k%2BLO1Oo0ki%2BNp3lobH3JR3QK4hBLJ1Tisl6KK%2BOTSEJFVOpaGiGeKFUWb%2BTWn0SECztEYhHJh0Kol"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306d6e0c4141-LHR
alt-svc: h3=":443"; ma=86400

immaculategirdlewade.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSTYgcxRvGq5PN%2F%2FLXg0EPOQhzED%2FAne3PzIw5GGNMWIxJSCJ7E6urqmfLre5qqrqnZ%2Fe0GJCACBPwIHjpfWY%2F%2FFjUXAWJzHqRBWVHRPbgHvTgVRDixYPM7MDie6j3fev3Ht7nqXpvozwiHkp6ePMNvSaVogtR0208vyQzrivbuH6n4blN90JjSWbnwwuN%2FuQwvZc8N2q6LzSuCraiF3zXc13P9RpXpBGJ7i9MKWS%2B2%2FGaHbcZ%2Bk0vCtE3%2F%2B1t6cBSB7x3RM5C8vGZ5e8fQLIRsvSry8KuFDp%2F8bW0VLTQBj2%2B82a2kukqQ3pSJsZBku3MpqHtmJCPTkFnOzMF0L3NiQLEckycXzzE2c5sTcS9reNNYwWRIeb%2FR9UbQagRJB2B6buQ%2FIAAjOP6DWTp9nVtKrp6TOmEjsnco78gqzGZ%2B%2FVJZOkXl5TsN25rVRZSZxb9pIbsjyC7I%2BTlHoo1B7LaAyveheQ%2FkIVH15Clmzes0pD88BkedNzID6P5KKZ8PuQ%2Bne%2BwNpvvtF3Pa8ecBklrapGUI8hkBCUGoPY0SuuglA7KxEGZO0j5YYNGncR1W0mcBEE7ZIwFAWNR%2BzyPeBC2Exclm2gYoMgHYGoAZtaRm3WsyPsH0VmY8lvY5RqWO7AFQY%2FXqARBZQkqSlBJgqogqHr1FlfWt%2FU2V7aMvVn2Zzmoh7robtAtXXRFRkDNYCM%2FIk9M%2Ffvnyz%2BwIg4bLORRwH0vDmnHDcN2HLmez1yXRSyhEfVhZQ1pT4FaB2tyTM49K5HLMTnzwfuI6R6s2gOTT4GWT4NWw5bvgi4Pw7aLtWw3MUIYndom0ym4rpEXcyhWnQ11RM5N97j6oQ%2FB9i%2F%2B7%2BOt32%2F%2F%2FSOYqZGbGu%2FI7wi66t7wlq7I5i1dWfLgRl7IVK7RyRvfLmgh5j57XaxW2vDFy3bw6StsAibl7h1hi2s04zLrWvL5Jcm5MFe0YYJ8s2iXRHyztMuXSpOV%2BbWbr15ZTHMjrJU6G4HKg7cfgskxeXx7Yfp7n%2FskhTQjmLJGWu6TWUDqPbB8HTbfv0hOPbb49VsRrCYw6mQmzh1UZT00fnxyqSSBEic9jWtYcWJBLPYf%2FnnMNuw9dI0DWtxFltbomRo9VYOqAWx5eljkZv%2Fln4JpIFbOMFbG2YyVUfePrbXysBF5oWjH7RbjPBaMey0%2FaAeu63MetjrC66CwY7H882%2F%2FAgAA%2F%2F8BAAD%2F%2F%2FnLU5mVBAAA

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
immaculategirdlewade.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSTYgcxRvGq5PN%2F%2FLXg0EPOQhzED%2FAne3PzIw5GGNMWIxJSCJ7E6urqmfLre5qqrqnZ%2Fe0GJCACBPwIHjpfWY%2F%2FFjUXAWJzHqRBWVHRPbgHvTgVRDixYPM7MDie6j3fev3Ht7nqXpvozwiHkp6ePMNvSaVogtR0208vyQzrivbuH6n4blN90JjSWbnwwuN%2FuQwvZc8N2q6LzSuCraiF3zXc13P9RpXpBGJ7i9MKWS%2B2%2FGaHbcZ%2Bk0vCtE3%2F%2B1t6cBSB7x3RM5C8vGZ5e8fQLIRsvSry8KuFDp%2F8bW0VLTQBj2%2B82a2kukqQ3pSJsZBku3MpqHtmJCPTkFnOzMF0L3NiQLEckycXzzE2c5sTcS9reNNYwWRIeb%2FR9UbQagRJB2B6buQ%2FIAAjOP6DWTp9nVtKrp6TOmEjsnco78gqzGZ%2B%2FVJZOkXl5TsN25rVRZSZxb9pIbsjyC7I%2BTlHoo1B7LaAyveheQ%2FkIVH15Clmzes0pD88BkedNzID6P5KKZ8PuQ%2Bne%2BwNpvvtF3Pa8ecBklrapGUI8hkBCUGoPY0SuuglA7KxEGZO0j5YYNGncR1W0mcBEE7ZIwFAWNR%2BzyPeBC2Exclm2gYoMgHYGoAZtaRm3WsyPsH0VmY8lvY5RqWO7AFQY%2FXqARBZQkqSlBJgqogqHr1FlfWt%2FU2V7aMvVn2Zzmoh7robtAtXXRFRkDNYCM%2FIk9M%2Ffvnyz%2BwIg4bLORRwH0vDmnHDcN2HLmez1yXRSyhEfVhZQ1pT4FaB2tyTM49K5HLMTnzwfuI6R6s2gOTT4GWT4NWw5bvgi4Pw7aLtWw3MUIYndom0ym4rpEXcyhWnQ11RM5N97j6oQ%2FB9i%2F%2B7%2BOt32%2F%2F%2FSOYqZGbGu%2FI7wi66t7wlq7I5i1dWfLgRl7IVK7RyRvfLmgh5j57XaxW2vDFy3bw6StsAibl7h1hi2s04zLrWvL5Jcm5MFe0YYJ8s2iXRHyztMuXSpOV%2BbWbr15ZTHMjrJU6G4HKg7cfgskxeXx7Yfp7n%2FskhTQjmLJGWu6TWUDqPbB8HTbfv0hOPbb49VsRrCYw6mQmzh1UZT00fnxyqSSBEic9jWtYcWJBLPYf%2FnnMNuw9dI0DWtxFltbomRo9VYOqAWx5eljkZv%2Fln4JpIFbOMFbG2YyVUfePrbXysBF5oWjH7RbjPBaMey0%2FaAeu63MetjrC66CwY7H882%2F%2FAgAA%2F%2F8BAAD%2F%2F%2FnLU5mVBAAA
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectimmaculategirdlewade.com
Fingerprint49:4A:6F:9B:65:8D:09:4F:C4:35:BC:21:E8:5C:C5:E3:43:3E:2E:63
ValidityTue, 28 Nov 2023 10:37:17 GMT - Mon, 26 Feb 2024 10:37:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSTYgcxRvGq5PN%2F%2FLXg0EPOQhzED%2FAne3PzIw5GGNMWIxJSCJ7E6urqmfLre5qqrqnZ%2Fe0GJCACBPwIHjpfWY%2F%2FFjUXAWJzHqRBWVHRPbgHvTgVRDixYPM7MDie6j3fev3Ht7nqXpvozwiHkp6ePMNvSaVogtR0208vyQzrivbuH6n4blN90JjSWbnwwuN%2FuQwvZc8N2q6LzSuCraiF3zXc13P9RpXpBGJ7i9MKWS%2B2%2FGaHbcZ%2Bk0vCtE3%2F%2B1t6cBSB7x3RM5C8vGZ5e8fQLIRsvSry8KuFDp%2F8bW0VLTQBj2%2B82a2kukqQ3pSJsZBku3MpqHtmJCPTkFnOzMF0L3NiQLEckycXzzE2c5sTcS9reNNYwWRIeb%2FR9UbQagRJB2B6buQ%2FIAAjOP6DWTp9nVtKrp6TOmEjsnco78gqzGZ%2B%2FVJZOkXl5TsN25rVRZSZxb9pIbsjyC7I%2BTlHoo1B7LaAyveheQ%2FkIVH15Clmzes0pD88BkedNzID6P5KKZ8PuQ%2Bne%2BwNpvvtF3Pa8ecBklrapGUI8hkBCUGoPY0SuuglA7KxEGZO0j5YYNGncR1W0mcBEE7ZIwFAWNR%2BzyPeBC2Exclm2gYoMgHYGoAZtaRm3WsyPsH0VmY8lvY5RqWO7AFQY%2FXqARBZQkqSlBJgqogqHr1FlfWt%2FU2V7aMvVn2Zzmoh7robtAtXXRFRkDNYCM%2FIk9M%2Ffvnyz%2BwIg4bLORRwH0vDmnHDcN2HLmez1yXRSyhEfVhZQ1pT4FaB2tyTM49K5HLMTnzwfuI6R6s2gOTT4GWT4NWw5bvgi4Pw7aLtWw3MUIYndom0ym4rpEXcyhWnQ11RM5N97j6oQ%2FB9i%2F%2B7%2BOt32%2F%2F%2FSOYqZGbGu%2FI7wi66t7wlq7I5i1dWfLgRl7IVK7RyRvfLmgh5j57XaxW2vDFy3bw6StsAibl7h1hi2s04zLrWvL5Jcm5MFe0YYJ8s2iXRHyztMuXSpOV%2BbWbr15ZTHMjrJU6G4HKg7cfgskxeXx7Yfp7n%2FskhTQjmLJGWu6TWUDqPbB8HTbfv0hOPbb49VsRrCYw6mQmzh1UZT00fnxyqSSBEic9jWtYcWJBLPYf%2FnnMNuw9dI0DWtxFltbomRo9VYOqAWx5eljkZv%2Fln4JpIFbOMFbG2YyVUfePrbXysBF5oWjH7RbjPBaMey0%2FaAeu63MetjrC66CwY7H882%2F%2FAgAA%2F%2F8BAAD%2F%2F%2FnLU5mVBAAA HTTP/1.1
Host: immaculategirdlewade.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Cookie: u_pl=16560103; uid_id2=d3905245-5bad-4d2a-9c8c-980118bda3f7:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 18:35:15 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81a5ca6a7458dcdbd2b033697b19699c
Strict-Transport-Security: max-age=0; includeSubdomains

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/3601099?excludes=&oaid=41725c7667fa4fca86783cbadd39f464&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/3601099?excludes=&oaid=41725c7667fa4fca86783cbadd39f464&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwww.freeroms.com%2Ferrorpages%2Fmax_connections.html&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.freeroms.com/
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:13 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.freeroms.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

0.0.0.0

0 B

URL GET
simplewebanalysis.com/stats
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.freeroms.com/errorpages/max_connections.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.freeroms.com/errorpages/max_connections.html

64.235.54.28

200 OK

0 B

URL HEAD HTTP/2
www.freeroms.com/errorpages/max_connections.html
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /errorpages/max_connections.html HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/errorpages/max_connections.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:12 GMT
content-type: text/html
content-length: 53615
x-accel-version: 0.01
last-modified: Thu, 23 Feb 2023 01:02:29 GMT
etag: "26531-5f553911f6ffc-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.196.8

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.196.8:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4ecd27cce2322b93554f3ae6a3865c5c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 30 Nov 2023 18:35:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVe5YVyusYZb%2Btokdei86OsQLR2HX9NwIbcQdtHzFYqlSX0SUA2%2BE9XGZlKUlnGjXDXA8q4E8aaN2Pqq1rgtY%2BSIiTm%2BX8QlePbk9f8q1Qn%2FC0CqPzxfNvVmEqgK2Am1EdakBow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306019ef3690-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/animate.css

172.64.108.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/animate.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/games/hentai-heroes/main/8/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:15 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 16:12:56 GMT
etag: W/"65315588-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqfJVIv2P%2BMIkJJ2AJBhT2XUyLW1CbIY5cXjJZD2pk3G8iOXQxFaRaLfXGiS4F9c31DPitidaf62d5jo%2BDdKbeP5TkvHCicWJzYSeKDD%2FtHYZh86fdSR%2BGfaE6URnWc%2B0Ozg6xcY6yC0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e5306acddb778c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.freeroms.com/errorpages/max_connections.html

64.235.54.28

200 OK

157 kB

URL User Request GET HTTP/2
www.freeroms.com/errorpages/max_connections.html
IP
64.235.54.28:443
ASN
#26277 PREMIANET

Certificate
IssuerNetwork Solutions L.L.C.
Subjectwww.freeroms.com
Fingerprint76:6C:B0:F0:67:FF:14:98:E7:B6:EB:77:80:B0:36:83:14:99:FE:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Fri, 14 Jun 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (59616)
Size
157 kB (156977 bytes)
Hash
0e11563e9120a465bc72aba0b0d37144
bbcf720886ef5c62101a0c562ccc86c5ebc26f49
0bfb12b626fea338cfac77f8de892cbde8cfd56e661347a1b269692e5c8cf087

HTTP Headers

GET /errorpages/max_connections.html HTTP/1.1
Host: www.freeroms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 30 Nov 2023 18:35:11 GMT
content-type: text/html
last-modified: Thu, 23 Feb 2023 01:02:29 GMT
etag: W/"63f6bb25-26531"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.11.245

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.11.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint52:B8:ED:73:BB:55:6F:9C:F8:97:7C:04:34:2B:AD:DB:55:0A:C9:6A
ValidityThu, 05 Oct 2023 17:59:18 GMT - Wed, 03 Jan 2024 17:59:17 GMT

File type
ASCII text, with very long lines (18369)
Size
19 kB (19019 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 18:35:13 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 427
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqWNef%2BmLzuqYNUSF%2FG5UKTc%2FuZwqPxSrCHRRerY8YxviIADGKrcIDEPDkhqHRjLjddMPNequuHX9U4ofhnjrC%2BJSgCZ1G%2Bu8IJ%2FZE38VUDYVbIfdkC5qUcf%2FMvuyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e530620ea356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.freeroms.com/errorpages/max_connections.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

simplewebanalysis.com/stats

0.0.0.0

0 B

URL GET
simplewebanalysis.com/stats
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.freeroms.com/errorpages/max_connections.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://www.freeroms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://www.freeroms.com/errorpages/max_connections.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.freeroms.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:52:12 GMT
expires: Thu, 28 Nov 2024 21:52:12 GMT
cache-control: public, max-age=31536000
age: 74591
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash