| track.amon1.net/wtf.js?cid=101890&aid=241887&fid=3&sid=25991&zid=112193&chk=1&uid=7166af92a42194145c510c1b4bf6fab70714b41b&page=https%3A%2F%2Fhotmovs.com%2Fvideos%2F9661915%2Fjapan-gay-video-45%2F%3Fautostart%3D1%26start_time%3D2039.359797&lang=ja&impTagId=adzone_30153&dsp=3&dsps=300x250&_t=1716505293&_h=40af3a1138e3f07cd68889a440d2eae3505da61f&r=272213 | 188.114.97.1 | 204 No Content | 0 B |
URL GET HTTP/3track.amon1.net/wtf.js?cid=101890&aid=241887&fid=3&sid=25991&zid=112193&chk=1&uid=7166af92a42194145c510c1b4bf6fab70714b41b&page=https%3A%2F%2Fhotmovs.com%2Fvideos%2F9661915%2Fjapan-gay-video-45%2F%3Fautostart%3D1%26start_time%3D2039.359797&lang=ja&impTagId=adzone_30153&dsp=3&dsps=300x250&_t=1716505293&_h=40af3a1138e3f07cd68889a440d2eae3505da61f&r=272213 IP 188.114.97.1:443
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerGoogle Trust Services LLC Subjectamon1.net FingerprintA3:19:B5:CD:A1:20:88:23:94:A8:7E:F7:0A:13:A4:4B:94:0E:69:9D ValidityTue, 16 Apr 2024 14:33:57 GMT - Mon, 15 Jul 2024 14:33:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wtf.js?cid=101890&aid=241887&fid=3&sid=25991&zid=112193&chk=1&uid=7166af92a42194145c510c1b4bf6fab70714b41b&page=https%3A%2F%2Fhotmovs.com%2Fvideos%2F9661915%2Fjapan-gay-video-45%2F%3Fautostart%3D1%26start_time%3D2039.359797&lang=ja&impTagId=adzone_30153&dsp=3&dsps=300x250&_t=1716505293&_h=40af3a1138e3f07cd68889a440d2eae3505da61f&r=272213 HTTP/1.1
Host: track.amon1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 23 May 2024 22:58:33 GMT
content-type: application/javascript
set-cookie: aso_ui=56n3_sfi7tl; expires=Sat, 22-Jun-2024 22:58:33 GMT; Max-Age=2592000; path=/; domain=.amon1.net; secure; SameSite=None
cache-control: no-store, max-age=0
expires: Sun, 27 May 1979 00:00:00 GMT
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KsuSUFykbDYmK%2FUud0Z6JlcCU0V3QU0UEyirURtajYGGlkq2vASg0L8DBKCVLaKRUiRJWWBEqU1NWmRHMmszDVVKrXh%2BfI%2B9uxKWQqTD9DQ6QWnT3U2HMc3dfH4ljZKnaIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a6bf6bbf5696-OSL
alt-svc: h3=":443"; ma=86400
|
|
| track.amon1.net/favicon.ico | 188.114.97.1 | 410 Gone | 9 B |
URL GET HTTP/3track.amon1.net/favicon.ico IP 188.114.97.1:443
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerGoogle Trust Services LLC Subjectamon1.net FingerprintA3:19:B5:CD:A1:20:88:23:94:A8:7E:F7:0A:13:A4:4B:94:0E:69:9D ValidityTue, 16 Apr 2024 14:33:57 GMT - Mon, 15 Jul 2024 14:33:56 GMT
File typeASCII text, with no line terminators Hash1a1bec3b74ebfe798d7a051e87461b9b 0a6589d2d8987561254c1eb3e3eb1fad8be56e20 e4a5e80761d3547c36121adec3fc23c48c0946654e4935f9340716f4ba3ea3d5
GET /favicon.ico HTTP/1.1
Host: track.amon1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739
Cookie: aso_ui=56n3_sfi7tl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 410 Gone
date: Thu, 23 May 2024 22:58:33 GMT
content-type: image/x-icon
content-length: 9
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOcIVuukjzw7XbPAvoQiL%2FG5uxXS755fuAhCyeWMcxIEYqaESBL2yZVAkz89aWDTk6GlJ1Pboz0lwUYTzxRb7ZsHmnCm0UQOb01CBor8TIqnJfLfUs%2BFHTiPedB46qnPh6o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a6bfcbd95696-OSL
alt-svc: h3=":443"; ma=86400
|
|
| prefixburdenspanish.com/183eed0eb267187bddb3231c2b3ba7d3/invoke.js | 192.243.59.20 | 200 OK | 12 kB |
URL GET HTTP/1.1prefixburdenspanish.com/183eed0eb267187bddb3231c2b3ba7d3/invoke.js IP 192.243.59.20:443
ASN#39572 DataWeb Global Group B.V.
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerLet's Encrypt Subjectprefixburdenspanish.com FingerprintB5:B9:EA:2C:68:76:46:EE:18:FE:E8:80:BA:AF:48:22:B5:60:E5:D9 ValidityTue, 07 May 2024 12:28:53 GMT - Mon, 05 Aug 2024 12:28:52 GMT
File typeJavaScript source, ASCII text, with very long lines (31277), with no line terminators Hash96d3497e0d74cf6105eea39570c219b3 75ef0d04a6839915c01f6d57be50b679fe6eef7a e59116455e94e17e9707f87f20199074f71259ce282abd3948fadf945b32aba9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /183eed0eb267187bddb3231c2b3ba7d3/invoke.js HTTP/1.1
Host: prefixburdenspanish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://track.amon1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 23 May 2024 22:58:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dd56aab65d8b295716e93e6b0487ec33
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP 143.204.53.97:0
Hash69d603406344f6425cc82d3f77b3c04c 50dda9a792070e75bbfb814bff6760a5d5037973 a432a2d3fafb3494a1f80bd470d18380117002c5c661753058eed345409b1e38
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 23 May 2024 22:58:34 GMT
Last-Modified: Thu, 23 May 2024 22:24:29 GMT
Server: ECAcc (ska/F77E)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: R39Akx0tGTDcUFxhTQ-tMMh-UOschCeTz_FQeBzbHLzdmmUrg9-8EQ==
Age: 2046
|
|
| proftrafficcounter.com/stats | 52.59.123.150 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP 52.59.123.150:443
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash8c65770143aaee4afab532ff66307f28 60da954e30b24e6281de6a76893a512a49b5c2d9 de9aaebe569ed3d85e0029456fda4b7cf111f627b7b86f03461f00e0d3544ca9
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://track.amon1.net
DNT: 1
Connection: keep-alive
Referer: https://track.amon1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:58:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://track.amon1.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=dd00ed35-a018-4734-ab2c-303b2cdb56fa:3:1; expires=Sun, 21 May 2034 22:58:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| skilledskillemergency.com/watch.1296364207752.js?key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&refer=&tz=0&dev=e&res=14.2071&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1 | 172.240.253.132 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1skilledskillemergency.com/watch.1296364207752.js?key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&refer=&tz=0&dev=e&res=14.2071&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1 IP 172.240.253.132:443
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerLet's Encrypt Subjectskilledskillemergency.com Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03 ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1296364207752.js?key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&refer=&tz=0&dev=e&res=14.2071&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://track.amon1.net
DNT: 1
Connection: keep-alive
Referer: https://track.amon1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 23 May 2024 22:58:34 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://track.amon1.net
Access-Control-Allow-Origin: https://track.amon1.net
Access-Control-Allow-Credentials: true
Location: https://skilledskillemergency.com/watch.1296364207752.js?dev=e&key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&pst=1716505174&refer=&res=14.2071&rmtc=t&shu=483d577f9a517f6e08d955dbdd567a93369cffb58648de1e93e12a35699af7b1a5ac3b64f590921436dfe3b404c514d7c7b77a6c6e7a9e26a9c1219a5767a67362e00be915790f75ae37d100ff9529c4624fca4a35fbf673c0816e0f8925&tz=0&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1
Set-Cookie: u_pl=23119272; expires=Fri, 24 May 2024 22:58:34 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzExOTI3MiwiayI6IjE4M2VlZDBlYjI2NzE4N2JkZGIzMjMxYzJiM2JhN2QzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODEyMzY1LCJwaWQiOjE4MjUwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJiemVhYWNuNHciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90cmFjay5hbW9uMS5uZXQvIiwiYXIiOltdfX0.hD4PZRK7lpKhNicEIB_6K093SYCdfZMwWdFVIkGry98; expires=Thu, 23 May 2024 22:59:34 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a65d4602c7bdbf68f7528ec7b7db5f29
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| skilledskillemergency.com/watch.1296364207752.js?dev=e&key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&pst=1716505174&refer=&res=14.2071&rmtc=t&shu=483d577f9a517f6e08d955dbdd567a93369cffb58648de1e93e12a35699af7b1a5ac3b64f590921436dfe3b404c514d7c7b77a6c6e7a9e26a9c1219a5767a67362e00be915790f75ae37d100ff9529c4624fca4a35fbf673c0816e0f8925&tz=0&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1 | 172.240.253.132 | 200 OK | 2.5 kB |
URL GET HTTP/1.1skilledskillemergency.com/watch.1296364207752.js?dev=e&key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&pst=1716505174&refer=&res=14.2071&rmtc=t&shu=483d577f9a517f6e08d955dbdd567a93369cffb58648de1e93e12a35699af7b1a5ac3b64f590921436dfe3b404c514d7c7b77a6c6e7a9e26a9c1219a5767a67362e00be915790f75ae37d100ff9529c4624fca4a35fbf673c0816e0f8925&tz=0&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1 IP 172.240.253.132:443
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerLet's Encrypt Subjectskilledskillemergency.com Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03 ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT
File typeJavaScript source, ASCII text, with very long lines (3150) Hash3fcafb4fbe8916a829bfe752155897b0 25c843c4818e072b6e5fb9f649ffb2e183f4ad93 c245ece6d52f7c195306e81699fc4af08b8548b8d47ed6839df0a196ccf5d048
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1296364207752.js?dev=e&key=183eed0eb267187bddb3231c2b3ba7d3&kw=%5B%22iframe%22%5D&pst=1716505174&refer=&res=14.2071&rmtc=t&shu=483d577f9a517f6e08d955dbdd567a93369cffb58648de1e93e12a35699af7b1a5ac3b64f590921436dfe3b404c514d7c7b77a6c6e7a9e26a9c1219a5767a67362e00be915790f75ae37d100ff9529c4624fca4a35fbf673c0816e0f8925&tz=0&uuid=dd00ed35-a018-4734-ab2c-303b2cdb56fa%3A3%3A1 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://track.amon1.net
Referer: https://track.amon1.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23119272; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzExOTI3MiwiayI6IjE4M2VlZDBlYjI2NzE4N2JkZGIzMjMxYzJiM2JhN2QzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODEyMzY1LCJwaWQiOjE4MjUwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJiemVhYWNuNHciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90cmFjay5hbW9uMS5uZXQvIiwiYXIiOltdfX0.hD4PZRK7lpKhNicEIB_6K093SYCdfZMwWdFVIkGry98
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 23 May 2024 22:58:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://track.amon1.net
Access-Control-Allow-Origin: https://track.amon1.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dd00ed35-a018-4734-ab2c-303b2cdb56fa:3:1; expires=Thu, 30 May 2024 22:58:34 GMT; secure; SameSite=None
iprcb2a9f4238bd090461377668b83804d10=3569681; expires=Fri, 24 May 2024 02:58:34 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 24 May 2024 22:58:34 GMT; secure; SameSite=None
uncs=1; expires=Fri, 24 May 2024 22:58:34 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 24 May 2024 22:58:34 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 24 May 2024 22:58:34 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3710f0b2d3cc02cac6b253f893517cd6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png | 45.133.44.10 | 200 OK | 145 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png IP 45.133.44.10:443
ASN#39572 DataWeb Global Group B.V.
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC0:36:FD:5D:4E:7E:6F:E0:13:60:82:58:0C:BC:8B:40:A2:6B:2C:22 ValidityTue, 21 May 2024 05:00:31 GMT - Mon, 19 Aug 2024 05:00:30 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size145 kB (145012 bytes) Hash620dee7dda3ab0a55fef5e66735e48e1 c03458e7950bed758e4352ec7a78bb434a3164b1 8552142726040854ba6a1d57037aa513e8cb424e3e5b96f017fb742f7c9255c3
GET /cti/bb/16/b7/bb16b71b76fc43a6abd135721b32a822/1658915518.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:58:34 GMT
content-type: image/png
content-length: 145012
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:52:06 GMT
etag: "62e10ac6-23674"
expires: Sat, 25 May 2024 22:58:34 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 | 188.114.97.1 | 200 OK | 3.7 kB |
URL User Request GET HTTP/2track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 IP 188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjectamon1.net FingerprintA3:19:B5:CD:A1:20:88:23:94:A8:7E:F7:0A:13:A4:4B:94:0E:69:9D ValidityTue, 16 Apr 2024 14:33:57 GMT - Mon, 15 Jul 2024 14:33:56 GMT
File typeHTML document, ASCII text, with very long lines (3760), with no line terminators Hashd9d1bf1f4bcbda69656d28c455300511 b9882d4f6a2c8168a81422a32230c183744f382b dcf1af1cd85123c4a3307fdd95cf1f38e9b4a2ec561af04381caa44c132d3db9
GET /rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 HTTP/1.1
Host: track.amon1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:58:33 GMT
content-type: text/html; charset=UTF-8
cache-control: no-store, max-age=0
expires: Sun, 27 May 1979 00:00:00 GMT
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8M%2BfuZrM0CwD%2FMYS6Uebm3znNjtMRfFlKAhNLt4OTfWhHJdxlqR15vSa6ExO8gmxvmKtn1fXy59lymAn7NYb49mM3pEx%2FUBeMWgYn1m1c1qnaE5NyFPmD8rWosqHj2kPTLw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8888a6bc7b72568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| media.amon1.net/js/code.min.js | 172.67.179.172 | 200 OK | 38 kB |
URL GET HTTP/2media.amon1.net/js/code.min.js IP 172.67.179.172:443
Requested byhttps://track.amon1.net/rotor/ifr?_d=UllSCgJUBw4IAxRRW1YMBAAICw0PRF5eBQsDF0ALXFgBUFhcBkBLDVUNBwYBVQ8FF1BaWw8DF0NdXQ4CCVQOVgcPAlAHUAlcB1RVUFRTAFRSAVQDUQIAUFBRBQAFAwVUAAhRE0gDX1JcXkRFQxEdVnJAUyMSVHcMXkRbWEUXGFVeXhcCdERYUlFWQBAKJAEBVwcJAAZHCiNZBBEEWUtWBUgdQF5XAVkbBQYXAnQXAnBVTEdaSxZZRRUTA3UCRwpTQBEAF0M5RQ1cVRMEd1YGBQgdAQULBQgBElVSW19fUlZHX11BZwNfLFdYAAFNCV8BbgMGBgZXEFJCQw8DFFZCRkcEAAUIGgoCURBvRQ5TD1QFUFFQBFUGQm5YCw8DXFAHBwACBFZUUFMHXwYHCwYAD1RVVgYEUA9RA1JYB1MHBQYGAVU=&clk=&r=614739 CertificateIssuerGoogle Trust Services LLC Subjectamon1.net FingerprintA3:19:B5:CD:A1:20:88:23:94:A8:7E:F7:0A:13:A4:4B:94:0E:69:9D ValidityTue, 16 Apr 2024 14:33:57 GMT - Mon, 15 Jul 2024 14:33:56 GMT
File typeJavaScript source, ASCII text, with very long lines (15751) Hash6b2a4f66c655a1a8927ed28a61144bb2 4ea2ce642429aa7956c6309179c819f679f942c6 e56104a74a73f6e812a69c279ffdd03876229c3e7001151e57a4326fd9f120ca
GET /js/code.min.js HTTP/1.1
Host: media.amon1.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://track.amon1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 May 2024 22:58:33 GMT
content-type: application/javascript
last-modified: Mon, 29 Apr 2024 09:02:24 GMT
etag: W/"662f6220-9609"
expires: Thu, 02 May 2024 09:36:33 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
content-encoding: gzip
cf-cache-status: HIT
age: 2011263
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZh4eTAcW4uG7P7YMfujXM0wmdijFSfBGbQi3pVCJJ%2BFMqA5Sc4mpGPOAmjLvVPZLQliD0Fpc4yb4nUh%2FQaFbF%2BKUHnFr5PvmQguGQN79L7nlsKdTQig%2BtT9anYGm%2FKISWo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8888a6befc2056cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|