Report - driveseed.org/file/r817JoRznr

Report Overview

Submitted URL
driveseed.org/file/r817JoRznr
IP
172.67.217.237
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 15:43:51
Access
public
Website Title
Star.Wars.Tales.Of.The.Empire.S01.1080p.x264.English.Msubs.MoviesMod.org.zip
Final URL
driveseed.org/file/r817JoRznr
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
push-sdk.com	unknown	2022-10-25	2022-12-23	2024-05-03	863 B	16 kB	23.88.8.125
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-03	1.5 kB	846 B	192.243.59.12
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-03	440 B	15 kB	45.133.44.10
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-03	1.4 kB	225 kB	74.125.131.84
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-03	882 B	43 kB	104.17.2.184
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	420 B	101 kB	142.250.74.168
dialoguemarvellouswound.com	unknown	2022-08-18	2022-08-18	2024-02-25	444 B	31 kB	172.240.108.76
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	427 B	420 B	52.29.105.35
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	820 B	173 kB	104.21.35.227
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-02	486 B	3.4 kB	45.133.44.3
rankonefoldonefold.com	unknown	2024-04-29	2024-04-30	2024-05-03	925 B	17 kB	172.240.108.76
driveseed.org	unknown	2022-12-22	2022-12-22	2024-04-16	2.3 kB	1.7 MB	104.21.70.18
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-03	2.2 kB	111 kB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	1.0 kB	33 kB	216.58.207.227
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-04	2.1 kB	187 kB	104.17.24.14
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-03	412 B	327 B	172.240.127.234
threeinvincible.com	unknown	2024-04-30	2024-05-02	2024-05-02	7.4 kB	12 kB	192.243.61.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	887 B	11 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	rankonefoldonefold.com	Sinkholed
2024-05-04	medium	rankonefoldonefold.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	dialoguemarvellouswound.com/4c/be/72/4cbe72587f6e9ca9ffb0658725161a01.js	84 kB	2024-05-04	2024-05-04
Pretty URL dialoguemarvellouswound.com/4c/be/72/4cbe72587f6e9ca9ffb0658725161a01.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 17:43:52 Last Seen2024-05-04 17:43:53 Times Seen2 Hash cf95a1213c2b3073c1c9386218d20a9a d285fe5b17cb0b8f1f0fe1ebc3445862d60103ea 612053272b02d7c903597e18fffabf2181d2bd12d4de1bd41a67aaedc5605b68 Loading...

	driveseed.org/file/r817JoRznr	77 B	2023-09-16	2024-05-08
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 17:48:47 Last Seen2024-05-08 05:54:20 Times Seen23 Hash 62a18a19ed36f04e3049dec097bc5dda da9d42ddb7858c22ae42246fcf4c82583cd977e9 a3935ac9dae96466669dc1f2d869346278af63b1396d3d316a8a1894acb57b11 Loading...

	driveseed.org/content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/js/mdb.min.js	1.2 MB	2023-03-26	2024-05-08
Pretty URL driveseed.org/content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/js/mdb.min.js IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:27:36 Last Seen2024-05-08 05:54:20 Times Seen63 Hash ecbe27474ff737c51caa845a21ec36a8 61c9d5dcaa862083e7c5fc49baa8623b66fd7cc8 487155a58bd6d8049ba1e5a1f9254d85d86dd32c2f7761013c9d31884c47c864 Loading...

	driveseed.org/file/r817JoRznr	628 B	2024-05-04	2024-05-04
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 17:43:53 Last Seen2024-05-04 17:43:53 Times Seen1 Hash e4e1bfa82c940130eb2ef94c6fc7cef2 0e6b225ad1557b295d075bf5b8b70308bb45232f 5b69b28b86591745417fc7b2cc6acfa2301f908e07e8620cd481623c6466e2ef Loading...

	push-sdk.com/f/sdk.js?z=972674	53 kB	2024-02-06	2024-05-17
Pretty URL push-sdk.com/f/sdk.js?z=972674 IP 23.88.8.125 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-06 12:08:15 Last Seen2024-05-17 11:33:16 Times Seen496 Hash f25dc1587ebc5a30e3ba48b7b40f7b42 f5729d7b87661e4a0eb540163437b888739a3887 00cc1d6f8359763349a09d2c5b32b6d1de9b0642a6838c22ee34e9b329447da5 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js	90 kB	2023-03-07	2024-05-18
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-05-18 10:06:44 Times Seen4181 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	driveseed.org/file/r817JoRznr	500 B	2023-03-29	2024-05-04
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 21:30:36 Last Seen2024-05-04 17:43:53 Times Seen22 Hash 0307a0b4c2f2e02aba29c5427bc846fb 92fdfc32e30c85e1a0b0cb64185f37ad6fb3f887 d92d5cad0568f925036b409946de2387c0682758dddcbe4c2aba6bfc5d0811c3 Loading...

	driveseed.org/file/r817JoRznr	6.5 kB	2024-05-04	2024-05-04
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 17:43:53 Last Seen2024-05-04 17:43:53 Times Seen1 Hash 6b8981e8d471d581cedfd99f4cd31119 e25f64ab1e2f3addc383fe5c4153eade90c2f423 2d633008e75e68eaf428809587716035e9e1c117f00234156ae06812962dc46a Loading...

	rankonefoldonefold.com/01/d4/69/01d469142f198ed5932aff8b9bb4d31c.js	45 kB	2024-05-04	2024-05-04
Pretty URL rankonefoldonefold.com/01/d4/69/01d469142f198ed5932aff8b9bb4d31c.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 17:43:53 Last Seen2024-05-04 17:43:53 Times Seen2 Hash c314a78944d7e2c286bb63637d6fae1b e3ecf4637b621fb25858eaeee9195005b309080f 4ef5b4983d2513223a67e905d2127090ed42789230230ae5044681725ac8bf14 Loading...

	accounts.google.com/gsi/client	221 kB	2024-05-02	2024-05-08
Pretty URL accounts.google.com/gsi/client IP 74.125.131.84 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 15:51:13 Last Seen2024-05-08 10:20:39 Times Seen47 Hash 9e824aefbb6435d61e675accdab1ffe7 106799355ee44ce47c153a298f54f5338ddd0df8 303bd7ad954181179d059f0713ecf11a9bd5edfd6122dc787b6e40abcb69970d Loading...

	unknown	564 B	2024-04-29	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-29 06:41:41 Last Seen2024-05-04 17:43:53 Times Seen3 Hash 46efba8776255e81649048cb520815e4 df3988179208e14ea462c6e3b03bcf135b64dd93 cf186ff635f48f79e3ec49ee1be1dcb6a10f5955b4f8e40849aaea9e47b1409f Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 11:21:17 Times Seen37783174 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	driveseed.org/file/r817JoRznr	713 B	2023-09-16	2024-05-04
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 17:48:47 Last Seen2024-05-04 17:43:53 Times Seen12 Hash ff0396813cefc2df9eba164ea68dc00e 436962b1a099baddfaf52f78695273ce1b8811e4 f0fd2f8d942a7930766d3a72b3f7b50600a44c77158f051d97ce4e9e0b88ec62 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	43 kB	2024-04-25	2024-05-06
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:17:04 Last Seen2024-05-06 16:14:42 Times Seen2299 Hash 65b0a652c40c95d12c4ddb3b4567c1ea c654efa19d01d6553ed4e0f500d350011e023ad1 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7 Loading...

	driveseed.org/file/r817JoRznr	153 B	2023-06-13	2024-05-04
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 20:22:49 Last Seen2024-05-04 17:43:53 Times Seen8 Hash 75d723d8d38c948f62d382097345e0db a0fa4c3b000eaa8bd1b1a8476dd4c2e30876e67e 41a94662fd06860d3882e0c1e5bbcc934e982ad52b62efee96c7a76b66aa93ab Loading...

	driveseed.org/file/r817JoRznr	254 B	2023-03-26	2024-05-08
Pretty URL driveseed.org/file/r817JoRznr IP 104.21.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 04:27:36 Last Seen2024-05-08 05:54:20 Times Seen34 Hash 3db2b487c91efeb4823c23b39c1ff8ef e0d46fcdcb896102c717e1212c52df1f6d12f676 e7314d3f22575c29f4cc5045e172a6ac07e7aabc860990c87c966c36a3168320 Loading...

	www.googletagmanager.com/gtag/js?id=G-X7YH5Q7J95	299 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-X7YH5Q7J95 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 17:43:53 Last Seen2024-05-04 17:43:53 Times Seen2 Hash 346fed83092e6b80fced6ac0c5a2706c d5d42e57998c39a373fe6413ed43bdff200f9b23 30219f687eac71341894c45e86b8aa1e989f78fb625d58cd18025b641fde23d3 Loading...

HTTP Transactions (44)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css

104.17.24.14

200 OK

10 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (59158)
Size
10 kB (10491 bytes)
Hash
b227b1617a1763c8bc056772f05482b4
c508528feb9fd540454f838653cd4863b290df2e
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

HTTP Headers

GET /ajax/libs/font-awesome/5.15.1/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:23 GMT
content-type: text/css; charset=utf-8
content-length: 10491
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-e7d0"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 339397
expires: Thu, 24 Apr 2025 15:43:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eYmIllByAdgtoU4VAa3y%2FjNPTXk%2B973AmFp%2FVbE1uxW0BaFLIMcQiPLW78yGrz7ubxs22grp7T9OO5tj2GLTy2D8hksyU5h%2Bv4glMDAA1PUjb4t9Oi2%2Fb9cy%2BDVcb7NSYLA6Ljzl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e99b299c025693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.2.184

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 04 May 2024 15:43:23 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /turnstile/v0/g/d0ff3ebede6b/api.js
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b29b9cab503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-regular-400.woff2

104.17.24.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-regular-400.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13548, version 331.-31392
Size
14 kB (13548 bytes)
Hash
4a74738e7728e93c4394b8604081da62
fb9648469530a05fa9aac80e47d4d6960472a242
ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d

HTTP Headers

GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:23 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 13548
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f7b5b5f-34ec"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 334322
expires: Thu, 24 Apr 2025 15:43:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AS8oSQLZuaq4j8%2BJFFYqAT7rhL3KpxV7PlmgHym52jNgohalFjbgiKtnd4g%2Fy482un2xk%2FCznIRofS0cnN7bbU%2FCDFsIUBS8PD%2BYHrtxnP4hWbvhLUiDB46nw%2FkCwBqF5Gq6kzoC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e99b2b3efeb505-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

80 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80300, version 331.-31392
Size
80 kB (80300 bytes)
Hash
8e1ed89b6ccb8ce41faf5cb672677105
9b592048b9062b00f0b2dd782d70a95b7dc69b83
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

HTTP Headers

GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:23 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 80300
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f7b5b5f-139ac"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 241500
expires: Thu, 24 Apr 2025 15:43:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0UlvCSU8yLS7kjPm3HAUde%2FLmmKOiFScS2QHitEmJbR3mSP%2F6bWI8t6sO5gJYphoSk9Bba%2FtHUwYf85cSN%2FvBRi9n54GxcgA%2FE7UAeJs7W9k6yDujb5DPnby7wE3ib1Y9LWoS8O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e99b2b3f00b505-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-X7YH5Q7J95

142.250.74.168

200 OK

100 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-X7YH5Q7J95
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
100 kB (100158 bytes)
Hash
346fed83092e6b80fced6ac0c5a2706c
d5d42e57998c39a373fe6413ed43bdff200f9b23
30219f687eac71341894c45e86b8aa1e989f78fb625d58cd18025b641fde23d3

HTTP Headers

GET /gtag/js?id=G-X7YH5Q7J95 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 15:43:23 GMT
expires: Sat, 04 May 2024 15:43:23 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100158
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dialoguemarvellouswound.com/4c/be/72/4cbe72587f6e9ca9ffb0658725161a01.js

172.240.108.76

200 OK

31 kB

URL GET HTTP/1.1
dialoguemarvellouswound.com/4c/be/72/4cbe72587f6e9ca9ffb0658725161a01.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectdialoguemarvellouswound.com
FingerprintDB:84:09:79:90:27:28:06:AF:13:AB:79:8B:F5:21:F7:7C:56:91:83
ValidityTue, 09 Apr 2024 06:27:18 GMT - Mon, 08 Jul 2024 06:27:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30664 bytes)
Hash
cf95a1213c2b3073c1c9386218d20a9a
d285fe5b17cb0b8f1f0fe1ebc3445862d60103ea
612053272b02d7c903597e18fffabf2181d2bd12d4de1bd41a67aaedc5605b68

HTTP Headers

GET /4c/be/72/4cbe72587f6e9ca9ffb0658725161a01.js HTTP/1.1
Host: dialoguemarvellouswound.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dd6a8e753ba9c82fde7b856cd4a1c290
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
312b10c476de1a8f83e2f24f3406291c
439d20736dee5db9df87dd51b9ff1f81584a8b72
ff3f3b1c3c92273fd7143bfd3b2856044b600dc2fcc222cdf260d5d4e9f22594

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://driveseed.org
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; expires=Tue, 02 May 2034 15:43:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2

104.17.24.14

200 OK

78 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 78460, version 331.-31392
Size
78 kB (78460 bytes)
Hash
f075c50f89795e4cdb4d45b51f1a6800
f726c4275bb494a045fde059175f072de06c01df
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

HTTP Headers

GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:24 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78460
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f7b5b5f-1327c"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 334323
expires: Thu, 24 Apr 2025 15:43:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoyU8cZAzfAxZpSa7OdN2BdjlKEAWWV8yvKnWu%2F45h%2F6O43TgF6C%2FvjKNM0l%2FMLLK%2FfmJJTrZLHwTCOvuKScQPmgy4fgEo89g5TfJ1alKZ0juC09OA16J3FYGKHQ2oWMqI3QG501"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e99b303ddcb505-OSL
alt-svc: h3=":443"; ma=86400

push-sdk.com/f/sdk.js?z=972674

23.88.8.125

200 OK

15 kB

URL GET HTTP/2
push-sdk.com/f/sdk.js?z=972674
IP
23.88.8.125:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectpush-sdk.com
FingerprintDB:4D:3B:77:64:B4:DD:5C:20:07:53:34:81:42:A0:E7:99:CE:E7:EC
ValiditySun, 14 Apr 2024 03:34:47 GMT - Sat, 13 Jul 2024 03:34:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (53344), with no line terminators
Size
15 kB (14884 bytes)
Hash
f25dc1587ebc5a30e3ba48b7b40f7b42
f5729d7b87661e4a0eb540163437b888739a3887
00cc1d6f8359763349a09d2c5b32b6d1de9b0642a6838c22ee34e9b329447da5

HTTP Headers

GET /f/sdk.js?z=972674 HTTP/1.1
Host: push-sdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Angie
date: Sat, 04 May 2024 15:43:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 14884
content-encoding: gzip
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate
vary: Accept-Encoding
X-Firefox-Spdy: h2

push-sdk.com/event?z=972674

23.88.8.125

200 OK

0 B

URL POST HTTP/2
push-sdk.com/event?z=972674
IP
23.88.8.125:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectpush-sdk.com
FingerprintDB:4D:3B:77:64:B4:DD:5C:20:07:53:34:81:42:A0:E7:99:CE:E7:EC
ValiditySun, 14 Apr 2024 03:34:47 GMT - Sat, 13 Jul 2024 03:34:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /event?z=972674 HTTP/1.1
Host: push-sdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 82
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Angie
date: Sat, 04 May 2024 15:43:24 GMT
content-length: 0
access-control-allow-origin: https://driveseed.org
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2

rankonefoldonefold.com/pixel/purst?dl=0&th=0&sc=0&rs=1596&rd=1596&fd=965&bv=24.5.6485&tmpl=70

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
rankonefoldonefold.com/pixel/purst?dl=0&th=0&sc=0&rs=1596&rd=1596&fd=965&bv=24.5.6485&tmpl=70
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectrankonefoldonefold.com
Fingerprint67:10:15:7B:C3:5D:D8:61:74:11:87:7E:20:DC:94:C4:34:E6:4F:95
ValidityMon, 29 Apr 2024 12:50:12 GMT - Sun, 28 Jul 2024 12:50:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1596&rd=1596&fd=965&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: rankonefoldonefold.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:24 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

rankonefoldonefold.com/01/d4/69/01d469142f198ed5932aff8b9bb4d31c.js

172.240.108.76

200 OK

16 kB

URL GET HTTP/1.1
rankonefoldonefold.com/01/d4/69/01d469142f198ed5932aff8b9bb4d31c.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectrankonefoldonefold.com
Fingerprint67:10:15:7B:C3:5D:D8:61:74:11:87:7E:20:DC:94:C4:34:E6:4F:95
ValidityMon, 29 Apr 2024 12:50:12 GMT - Sun, 28 Jul 2024 12:50:11 GMT

File type
JavaScript source, ASCII text, with very long lines (45366), with no line terminators
Size
16 kB (16029 bytes)
Hash
c314a78944d7e2c286bb63637d6fae1b
e3ecf4637b621fb25858eaeee9195005b309080f
4ef5b4983d2513223a67e905d2127090ed42789230230ae5044681725ac8bf14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /01/d4/69/01d469142f198ed5932aff8b9bb4d31c.js HTTP/1.1
Host: rankonefoldonefold.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Tue, 07 May 2024 18:43:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 181b91945b6ac4dd12c0040168f2d002
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:24 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b96c7ddffc2634f8b2d8d3bce56740b8
Strict-Transport-Security: max-age=0; includeSubdomains

driveseed.org/content/images/unverified.png

104.21.70.18

200 OK

5.2 kB

URL GET HTTP/3
driveseed.org/content/images/unverified.png
IP
104.21.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectdriveseed.org
FingerprintBA:FA:6A:7F:6D:B4:89:DB:FC:E6:A4:15:63:E0:0C:A5:4B:1A:CB:A2
ValidityTue, 09 Apr 2024 18:49:06 GMT - Mon, 08 Jul 2024 18:49:05 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Size
5.2 kB (5163 bytes)
Hash
0125f6d789267b830afafd80740766ac
447f55d7084d616934e11b466d594f2be44ce061
8f9ea4854a64df608a33a9289f598a2c321f44aa04a7909739c629842a3e8683

HTTP Headers

GET /content/images/unverified.png HTTP/1.1
Host: driveseed.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/file/r817JoRznr
Cookie: PHPSESSID=748595365bd11844bbe6f7055711c5d3; dom3ic8zudi28v8lr6fgphwffqoz0j6c=bbce5349-014d-479f-b973-dfbabd0c4683%3A1%3A1; _ga_X7YH5Q7J95=GS1.1.1714837404.1.0.1714837404.0.0.0; _ga=GA1.1.77330584.1714837404; pp_main_4cbe72587f6e9ca9ffb0658725161a01=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:24 GMT
content-type: image/png
content-length: 5163
cache-control: public, max-age=604800
expires: Tue, 07 May 2024 16:18:09 GMT
last-modified: Tue, 20 Dec 2022 13:15:07 GMT
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 343515
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gRAsJgcGwFhWT5fyCFmdyJtF4ELJK8P6CUGtGy9NmwyUjhAsgmyjqRrDmHLo4IKgw2CMg%2BtavaqT%2FNtnRjaLsbfVjQla5PqKxPa16XU%2BSMfArRUC0T7RKqounWZSdMhP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b34acbc0b41-OSL

unseenreport.com/pxf.gif?uuid=bbce5349-014d-479f-b973-dfbabd0c4683&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4cbe72587f6e9ca9ffb0658725161a01&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=bbce5349-014d-479f-b973-dfbabd0c4683&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4cbe72587f6e9ca9ffb0658725161a01&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=bbce5349-014d-479f-b973-dfbabd0c4683&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4cbe72587f6e9ca9ffb0658725161a01&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 15:43:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 862fea5c10e07f2dedf7b3c9cb427e57
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=bbce5349-014d-479f-b973-dfbabd0c4683&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=01d469142f198ed5932aff8b9bb4d31c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=bbce5349-014d-479f-b973-dfbabd0c4683&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=01d469142f198ed5932aff8b9bb4d31c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=bbce5349-014d-479f-b973-dfbabd0c4683&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=01d469142f198ed5932aff8b9bb4d31c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 15:43:25 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 94a80927e9e592ec446e75432a50896f
Strict-Transport-Security: max-age=0; includeSubdomains

threeinvincible.com/sbar.json?key=01d469142f198ed5932aff8b9bb4d31c&psid=CF-3448_1&uuid=bbce5349-014d-479f-b973-dfbabd0c4683%3A1%3A1

192.243.61.227

200 OK

7.4 kB

URL GET HTTP/1.1
threeinvincible.com/sbar.json?key=01d469142f198ed5932aff8b9bb4d31c&psid=CF-3448_1&uuid=bbce5349-014d-479f-b973-dfbabd0c4683%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type
JSON text data
Size
7.4 kB (7437 bytes)
Hash
51e321e59d4fae7143f24bf592d06f5c
0f87764ce5d9e72691084b671fbcb08bed611e30
2ef729f3658f6d06a4d232351d1f58ef9d1be3c8d100dfa1e2171221e1063fa5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=01d469142f198ed5932aff8b9bb4d31c&psid=CF-3448_1&uuid=bbce5349-014d-479f-b973-dfbabd0c4683%3A1%3A1 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:30 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://driveseed.org
Access-Control-Allow-Origin: https://driveseed.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18886252; expires=Sun, 05 May 2024 15:43:30 GMT; secure; SameSite=None
uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; expires=Sat, 11 May 2024 15:43:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 15:43:30 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 15:43:30 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 15:43:30 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 15:43:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 566952218b238713433dceace0efc7d6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

threeinvincible.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSu3uxNEJTcQmAOHiK4s93TvT3T5hDcrCuLazYkkXgLVV3Vs%2BVWdzVV3dOzc1oMSI6Dv6D3m90s0SjJVTDIbMDDgpARD3twL%2F4DlZxlxsHRB1Xvvfpewfe%2B9748LC9ICyU93%2FhED6RSdHWt6TaufeZ51xvbMiv7jX4nfBAG1xum934UNt13Gx%2BJeE%2BvtlzPdT3Xa2xKIxLdX52CkPnTyGtGbjNoNb21AH3z%2F9yWDix1wHsX5G1IPll%2B6VyGjMfI0mcbwu4VOn%2Fvw7RUtNAGPX7yabaX6SpDuggT4yDJTubV0PbV5gvo7HhGF7r3byGTE%2BL89AIsO5mTBOsdzXgyBZGB8TdQ9cYQagxJx4j1Q0j%2BigAxx60dZOnjW9pUdP8flE7RCVl%2B%2FSdkNSHLv11Gln63rmS%2FcVerspA6s%2BgnNWR%2FDNkdIy9PUQyWIKtTxMUXkPxnsvp6G1l6tGOVhuTn7zAWizU%2FiFZcL%2BArQTtKVljU9ld4wijjbhyEHX8mkJRjyGQMJYag1kE5PdJBmTgocwcpP2%2FEnue1XR5TtxPFsc%2FbgoXc9Wg78ajnhh2U8bSHIYp8iFgNEZsD5OYAe3IIU%2F4Iu1vDcge2IOjxGpUgqCxBRQkqSVAVBFWvPubKtmz9mCtbMm%2FuW3Pv1yNddA%2FpsS66IiOgZgjD68P8grw1FdBpNBX2xHnD9XgQRl7QSryoI%2Fha5LdoknRYxFjAfS%2BGlU9ubq74QdB54EHapVnfAzkhVwd%2FIZcTshz8CkZPYdUpYumAlldBqxp0t8Yg%2B7bc5anuSWGbudHgukZeLKPYdw7VBbkyG%2BbWzjOI%2BOzG7%2F7MEJsauanxuXxJ0FWPRnd0RY7u6MqS5zt5IVM5oNNB3y1oIS59%2FbHYr7ThWxt2%2BOSDeApMw6f3hC22acZl1rXkm3XJuTCb2sSC%2FLBl7wt2u7S766XJynz79s3NrTQ3wlqpszHodGf%2FMIjlhLx55d5sh699vwNpxjBljbQ8I3OD1GPE%2BQFsvuBvNYFRixqWO6jKemRabPGoJIESi5yyGvY%2FOVvEI0Onv6msD%2B0jdM0SaPEQWVqjZ2r0VA2qhrDlpVGRm7Mbv8xpMLU0YsosHTFl1FczmafXc1h53mj7vkvDaM1rt6los6DVSUKPU9oKwlYYUh%2BFnSThffwNAAD%2F%2FwEAAP%2F%2F1T5%2BmJ0EAAA%3D

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
threeinvincible.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSu3uxNEJTcQmAOHiK4s93TvT3T5hDcrCuLazYkkXgLVV3Vs%2BVWdzVV3dOzc1oMSI6Dv6D3m90s0SjJVTDIbMDDgpARD3twL%2F4DlZxlxsHRB1Xvvfpewfe%2B9748LC9ICyU93%2FhED6RSdHWt6TaufeZ51xvbMiv7jX4nfBAG1xum934UNt13Gx%2BJeE%2BvtlzPdT3Xa2xKIxLdX52CkPnTyGtGbjNoNb21AH3z%2F9yWDix1wHsX5G1IPll%2B6VyGjMfI0mcbwu4VOn%2Fvw7RUtNAGPX7yabaX6SpDuggT4yDJTubV0PbV5gvo7HhGF7r3byGTE%2BL89AIsO5mTBOsdzXgyBZGB8TdQ9cYQagxJx4j1Q0j%2BigAxx60dZOnjW9pUdP8flE7RCVl%2B%2FSdkNSHLv11Gln63rmS%2FcVerspA6s%2BgnNWR%2FDNkdIy9PUQyWIKtTxMUXkPxnsvp6G1l6tGOVhuTn7zAWizU%2FiFZcL%2BArQTtKVljU9ld4wijjbhyEHX8mkJRjyGQMJYag1kE5PdJBmTgocwcpP2%2FEnue1XR5TtxPFsc%2FbgoXc9Wg78ajnhh2U8bSHIYp8iFgNEZsD5OYAe3IIU%2F4Iu1vDcge2IOjxGpUgqCxBRQkqSVAVBFWvPubKtmz9mCtbMm%2FuW3Pv1yNddA%2FpsS66IiOgZgjD68P8grw1FdBpNBX2xHnD9XgQRl7QSryoI%2Fha5LdoknRYxFjAfS%2BGlU9ubq74QdB54EHapVnfAzkhVwd%2FIZcTshz8CkZPYdUpYumAlldBqxp0t8Yg%2B7bc5anuSWGbudHgukZeLKPYdw7VBbkyG%2BbWzjOI%2BOzG7%2F7MEJsauanxuXxJ0FWPRnd0RY7u6MqS5zt5IVM5oNNB3y1oIS59%2FbHYr7ThWxt2%2BOSDeApMw6f3hC22acZl1rXkm3XJuTCb2sSC%2FLBl7wt2u7S766XJynz79s3NrTQ3wlqpszHodGf%2FMIjlhLx55d5sh699vwNpxjBljbQ8I3OD1GPE%2BQFsvuBvNYFRixqWO6jKemRabPGoJIESi5yyGvY%2FOVvEI0Onv6msD%2B0jdM0SaPEQWVqjZ2r0VA2qhrDlpVGRm7Mbv8xpMLU0YsosHTFl1FczmafXc1h53mj7vkvDaM1rt6los6DVSUKPU9oKwlYYUh%2BFnSThffwNAAD%2F%2FwEAAP%2F%2F1T5%2BmJ0EAAA%3D
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSu3uxNEJTcQmAOHiK4s93TvT3T5hDcrCuLazYkkXgLVV3Vs%2BVWdzVV3dOzc1oMSI6Dv6D3m90s0SjJVTDIbMDDgpARD3twL%2F4DlZxlxsHRB1Xvvfpewfe%2B9748LC9ICyU93%2FhED6RSdHWt6TaufeZ51xvbMiv7jX4nfBAG1xum934UNt13Gx%2BJeE%2BvtlzPdT3Xa2xKIxLdX52CkPnTyGtGbjNoNb21AH3z%2F9yWDix1wHsX5G1IPll%2B6VyGjMfI0mcbwu4VOn%2Fvw7RUtNAGPX7yabaX6SpDuggT4yDJTubV0PbV5gvo7HhGF7r3byGTE%2BL89AIsO5mTBOsdzXgyBZGB8TdQ9cYQagxJx4j1Q0j%2BigAxx60dZOnjW9pUdP8flE7RCVl%2B%2FSdkNSHLv11Gln63rmS%2FcVerspA6s%2BgnNWR%2FDNkdIy9PUQyWIKtTxMUXkPxnsvp6G1l6tGOVhuTn7zAWizU%2FiFZcL%2BArQTtKVljU9ld4wijjbhyEHX8mkJRjyGQMJYag1kE5PdJBmTgocwcpP2%2FEnue1XR5TtxPFsc%2FbgoXc9Wg78ajnhh2U8bSHIYp8iFgNEZsD5OYAe3IIU%2F4Iu1vDcge2IOjxGpUgqCxBRQkqSVAVBFWvPubKtmz9mCtbMm%2FuW3Pv1yNddA%2FpsS66IiOgZgjD68P8grw1FdBpNBX2xHnD9XgQRl7QSryoI%2Fha5LdoknRYxFjAfS%2BGlU9ubq74QdB54EHapVnfAzkhVwd%2FIZcTshz8CkZPYdUpYumAlldBqxp0t8Yg%2B7bc5anuSWGbudHgukZeLKPYdw7VBbkyG%2BbWzjOI%2BOzG7%2F7MEJsauanxuXxJ0FWPRnd0RY7u6MqS5zt5IVM5oNNB3y1oIS59%2FbHYr7ThWxt2%2BOSDeApMw6f3hC22acZl1rXkm3XJuTCb2sSC%2FLBl7wt2u7S766XJynz79s3NrTQ3wlqpszHodGf%2FMIjlhLx55d5sh699vwNpxjBljbQ8I3OD1GPE%2BQFsvuBvNYFRixqWO6jKemRabPGoJIESi5yyGvY%2FOVvEI0Onv6msD%2B0jdM0SaPEQWVqjZ2r0VA2qhrDlpVGRm7Mbv8xpMLU0YsosHTFl1FczmafXc1h53mj7vkvDaM1rt6los6DVSUKPU9oKwlYYUh%2BFnSThffwNAAD%2F%2FwEAAP%2F%2F1T5%2BmJ0EAAA%3D HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 14fdf1cb09a829c659a10833c2660683
Strict-Transport-Security: max-age=0; includeSubdomains

threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=97

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=97
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=97 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png

188.114.96.1

200 OK

6.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 335107
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mPlhRjN1opqdQguxj5sybbvB%2FoxYI%2Fpjzu9Qahe77V2jRAezWR6y%2ByZF9EXgz7n0jt61YZYH3NUlDZzPJSMZGcOaOMjOb8gI%2B2CejBtpJs1heSseV4MTezfFN%2Fbe%2FmsY1el6Lr21yPa%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b5c6c46b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png

45.133.44.10

200 OK

14 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
14 kB (14496 bytes)
Hash
962ac416cce3fad636d4904386c8d3d4
811166fceb971353dc6a9ea3a153367f20b47592
ec6c8e1c030499a846897265d0c1f66dedc6ece17c1ea6006b700faf37e73555

HTTP Headers

GET /si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: image/png
content-length: 14496
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:05:10 GMT
etag: "656d25c6-38a0"
expires: Mon, 06 May 2024 15:43:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

717 B

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
717 B (717 bytes)
Hash
5e48f11f5e65274412215f94f73f8c49
4dd35e5b5136df76bd7ff9da1f119d0ec0e57ff7
40992eb57d95a0165a6d56399cd9afd60cc2cac6f06579b8d87079ccaab91e29

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 15:43:31 GMT
date: Sat, 04 May 2024 15:43:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=351

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=351
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=351 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 22494
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=289

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=289
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=289 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 222511
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/gsi/status?client_id=608852925065-31qhpcqkrps7i8idi0brjp41jonplkl5.apps.googleusercontent.com&as=a3V%2BrBpTStzrAbMDjnJz6g

74.125.131.84

200 OK

66 B

URL GET HTTP/3
accounts.google.com/gsi/status?client_id=608852925065-31qhpcqkrps7i8idi0brjp41jonplkl5.apps.googleusercontent.com&as=a3V%2BrBpTStzrAbMDjnJz6g
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text
Size
66 B (66 bytes)
Hash
cd67d3657fb1d9a9aa47d7818caadbc9
b260b2971dccd11281a1bd504a92c36bade340a9
573c699a4996d6c49aef9ba03c1665a6e3700c61bf651d20a46d54a2e8a8ca82

HTTP Headers

GET /gsi/status?client_id=608852925065-31qhpcqkrps7i8idi0brjp41jonplkl5.apps.googleusercontent.com&as=a3V%2BrBpTStzrAbMDjnJz6g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
x-content-type-options: nosniff
access-control-allow-origin: https://driveseed.org
access-control-allow-credentials: true
access-control-allow-methods: GET
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 15:43:25 GMT
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
content-security-policy: script-src 'nonce-T_vLQC9FaM3wxHxKbY-uMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css

188.114.96.1

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
4.9 kB (4867 bytes)
Hash
fc638645a938f69e69360c75335ffd1a
143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4
7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90

HTTP Headers

GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1PzmsoUGsoJaIDDtMds5vz4ikaEH3FLBhHc0ievyacHZr%2FpQr4OwhS5kcJxJrMfwjpcvr6b9je5vdmyHrDeIZN7YEUW47i%2FeIm6e0X6tOkFAsAB1eERa1ZAE%2Bza2%2FIgD0MLBpfs%2BRX3k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b5beb8fb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css

188.114.96.1

200 OK

6.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
6.2 kB (6159 bytes)
Hash
630f303dfe147dec2c4a226287393b69
3e9f8270b84e09595181bd55de6785a89f53ba10
967d085a33a12064d83cb38f582c3e418e021a2d523dd9597bb75dc00589fec7

HTTP Headers

GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdOC%2B%2FCrrotZXhB2WdJl3DnYUJbN%2FWRxfK7xwr0P6oAmMifN0xX%2BhWM840UGCLC13HZCeDW%2BmaGPPmvjkfG%2BKYUzTvQ8mACWF71Dw7REBiM9dUK%2FkDi6NLYJMlGBRhtNY%2FfbU6wpSFAP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b5beb88b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

threeinvincible.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSu3uxNEJTcQmAOHiK4s90zPb%2FMIZjElcU1G5JIvIX61bPlVnc1Vd3Ts3NaDEiOg39B7ze7WaJRkqtgkNmAhwUhIx724F78D1Rylh4HRx9UvffqewXf%2B9778iA%2FJw3k9OzmJ2aktKbrrbpfu%2FJZEFytbakkH9aG3faDdni1Zgfv99p1%2F93aR5LvmvWGH%2Fh%2B4Ae1DWVlZIbrFQiVPu0F9Z5fDxv1oBViaP%2Bfu9yDox7E4Jy8DSVmqy%2B9i1B8iiR%2BdlO63cyk730Y55pmxmIgjj9NdhNTJIiXYWQ9RMnxohrGvdp4AZMczenCDP4tZGpGvJ9egCXHC5Jgg8M5T6YhEzDxBorBFFJPoegU3DyEEq8IwAVubSOJH98ytqB7%2F6C0Qmdk9fWfUMWMrP52EUn83XWthrW7RueZMonDMCqhhlOo%2FhRpfoJstAJVnIBnX0CJn8n66y0k8eG20wZKnL3DGJetZthb84NQrIWdXrTGep3mmogYZcLnYbvbnAuk1BQqmkLLMajzkFdHecgjD3nqIRZnNR4EQccXnPrdHudN0ZGsLfyAdqKABn67i5xXPYyRpWNwPQa3%2B0jtPnbVGDb%2FEW6nhBMeXEYwECUKSVA4goISFIqgyAiKQXkktGu48rHQLmfBwjcWvllOTNY%2FoEcm68uEgNoxrCgP0nPyViWgV6tr7Mqzmh%2BIsN0LwkYU9LpStHrNBo2iLusxFopmwOHUkxsba80w7D4IoNzKvO%2BRmpHLo7%2BQqhlZDX8Foydw%2BgRceaD5ZdCiBN0pMUq%2BzXdEbAZKunpqDYQpkWaryPa8A31OLs2Hubn9DJKfXvu9OTdwWyK1JT5XLwn6%2BtHkjinI4R1TOPJ8O81UrEa0GvTdjGbywtcfy73CWLF5042ffMAroAqf3pMu26KJUEnfkW%2BuKyGk3TCWS%2FLDprsv2e3c7VzPbZKnW7dvbGzGqZXOKZNMQaud%2FcOCqxl589K9%2BQ5f%2BX4byk5h8xJxfkoWBmWm4Ok%2BXLrk7wyB1csalnoo8nJiG2z5qBWBlsucshLuPzlbxhNLq99UlQfuEfp2BTR7iCQuMbAlBroE1WO4%2FMIkS%2B3ptV8WNJhemTBtVw6ZtvqruczV9RxOndWavugwGckOk2ErjCQXrNViPo84a4pulyNzs6h9H38DAAD%2F%2FwEAAP%2F%2FVeqrcJ0EAAA%3D

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSu3uxNEJTcQmAOHiK4s90zPb%2FMIZjElcU1G5JIvIX61bPlVnc1Vd3Ts3NaDEiOg39B7ze7WaJRkqtgkNmAhwUhIx724F78D1Rylh4HRx9UvffqewXf%2B9778iA%2FJw3k9OzmJ2aktKbrrbpfu%2FJZEFytbakkH9aG3faDdni1Zgfv99p1%2F93aR5LvmvWGH%2Fh%2B4Ae1DWVlZIbrFQiVPu0F9Z5fDxv1oBViaP%2Bfu9yDox7E4Jy8DSVmqy%2B9i1B8iiR%2BdlO63cyk730Y55pmxmIgjj9NdhNTJIiXYWQ9RMnxohrGvdp4AZMczenCDP4tZGpGvJ9egCXHC5Jgg8M5T6YhEzDxBorBFFJPoegU3DyEEq8IwAVubSOJH98ytqB7%2F6C0Qmdk9fWfUMWMrP52EUn83XWthrW7RueZMonDMCqhhlOo%2FhRpfoJstAJVnIBnX0CJn8n66y0k8eG20wZKnL3DGJetZthb84NQrIWdXrTGep3mmogYZcLnYbvbnAuk1BQqmkLLMajzkFdHecgjD3nqIRZnNR4EQccXnPrdHudN0ZGsLfyAdqKABn67i5xXPYyRpWNwPQa3%2B0jtPnbVGDb%2FEW6nhBMeXEYwECUKSVA4goISFIqgyAiKQXkktGu48rHQLmfBwjcWvllOTNY%2FoEcm68uEgNoxrCgP0nPyViWgV6tr7Mqzmh%2BIsN0LwkYU9LpStHrNBo2iLusxFopmwOHUkxsba80w7D4IoNzKvO%2BRmpHLo7%2BQqhlZDX8Foydw%2BgRceaD5ZdCiBN0pMUq%2BzXdEbAZKunpqDYQpkWaryPa8A31OLs2Hubn9DJKfXvu9OTdwWyK1JT5XLwn6%2BtHkjinI4R1TOPJ8O81UrEa0GvTdjGbywtcfy73CWLF5042ffMAroAqf3pMu26KJUEnfkW%2BuKyGk3TCWS%2FLDprsv2e3c7VzPbZKnW7dvbGzGqZXOKZNMQaud%2FcOCqxl589K9%2BQ5f%2BX4byk5h8xJxfkoWBmWm4Ok%2BXLrk7wyB1csalnoo8nJiG2z5qBWBlsucshLuPzlbxhNLq99UlQfuEfp2BTR7iCQuMbAlBroE1WO4%2FMIkS%2B3ptV8WNJhemTBtVw6ZtvqruczV9RxOndWavugwGckOk2ErjCQXrNViPo84a4pulyNzs6h9H38DAAD%2F%2FwEAAP%2F%2FVeqrcJ0EAAA%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSu3uxNEJTcQmAOHiK4s90zPb%2FMIZjElcU1G5JIvIX61bPlVnc1Vd3Ts3NaDEiOg39B7ze7WaJRkqtgkNmAhwUhIx724F78D1Rylh4HRx9UvffqewXf%2B9778iA%2FJw3k9OzmJ2aktKbrrbpfu%2FJZEFytbakkH9aG3faDdni1Zgfv99p1%2F93aR5LvmvWGH%2Fh%2B4Ae1DWVlZIbrFQiVPu0F9Z5fDxv1oBViaP%2Bfu9yDox7E4Jy8DSVmqy%2B9i1B8iiR%2BdlO63cyk730Y55pmxmIgjj9NdhNTJIiXYWQ9RMnxohrGvdp4AZMczenCDP4tZGpGvJ9egCXHC5Jgg8M5T6YhEzDxBorBFFJPoegU3DyEEq8IwAVubSOJH98ytqB7%2F6C0Qmdk9fWfUMWMrP52EUn83XWthrW7RueZMonDMCqhhlOo%2FhRpfoJstAJVnIBnX0CJn8n66y0k8eG20wZKnL3DGJetZthb84NQrIWdXrTGep3mmogYZcLnYbvbnAuk1BQqmkLLMajzkFdHecgjD3nqIRZnNR4EQccXnPrdHudN0ZGsLfyAdqKABn67i5xXPYyRpWNwPQa3%2B0jtPnbVGDb%2FEW6nhBMeXEYwECUKSVA4goISFIqgyAiKQXkktGu48rHQLmfBwjcWvllOTNY%2FoEcm68uEgNoxrCgP0nPyViWgV6tr7Mqzmh%2BIsN0LwkYU9LpStHrNBo2iLusxFopmwOHUkxsba80w7D4IoNzKvO%2BRmpHLo7%2BQqhlZDX8Foydw%2BgRceaD5ZdCiBN0pMUq%2BzXdEbAZKunpqDYQpkWaryPa8A31OLs2Hubn9DJKfXvu9OTdwWyK1JT5XLwn6%2BtHkjinI4R1TOPJ8O81UrEa0GvTdjGbywtcfy73CWLF5042ffMAroAqf3pMu26KJUEnfkW%2BuKyGk3TCWS%2FLDprsv2e3c7VzPbZKnW7dvbGzGqZXOKZNMQaud%2FcOCqxl589K9%2BQ5f%2BX4byk5h8xJxfkoWBmWm4Ok%2BXLrk7wyB1csalnoo8nJiG2z5qBWBlsucshLuPzlbxhNLq99UlQfuEfp2BTR7iCQuMbAlBroE1WO4%2FMIkS%2B3ptV8WNJhemTBtVw6ZtvqruczV9RxOndWavugwGckOk2ErjCQXrNViPo84a4pulyNzs6h9H38DAAD%2F%2FwEAAP%2F%2FVeqrcJ0EAAA%3D HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6053455ad26d203f68972f5c2cca6248
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:24 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4ee96e1261c2bb028de33728a3a19fd7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 15:43:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hFt7xoY0%2Fp9%2F8GFL3oFyZhlFwlmsDN2nEjJceV5xWib2IQNHKO690EewmTUzu14VnaobqXxK5z%2BkJuT%2Bm82uN%2BK52N44n2UNosdMuYEdA1POLhYgxQeWOuLjF%2FrkjzzcNOCof9DeNzi9Tlw8lnk%2B%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b2f6fe156c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js

188.114.96.1

200 OK

382 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (411), with no line terminators
Size
382 B (382 bytes)
Hash
9ffae600059bf4e6adb35ebb274ae385
6130e466c04551baa2a5d650e6bd5a87daba73a7
a7d15e051fb3d3c31494683306bb7752478354894825b110d26d333cbeaaeb39

HTTP Headers

GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71P5xrTbA8fokM8v9PkJOLmsqNyEISzMZvXiLjW2dHuD4OxQCZ5l%2FtjVfdIE2OTT6L04YfeOB4NWOjXKT4VYsuIgz3WeMC45WfUst1KFHT7QCKClcMJeoybBWeryHZUl4DOKEN4xiyax"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b5d1d37b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js

188.114.96.1

200 OK

90 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89492 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 343555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BxXcvj%2BUlNfQi4mCHcHHHJSZVcUTbqRfMmF%2Fl9rArEI1%2FWq7puu1uRVqcWnm1KI0T6xAVwCFbFB%2BnpUdYcUj0CvxBw4ctGsn4hi8X6umpWd60P9zN5b%2BG0ujDjpEMXtuSnmiRBiMdsF1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b5c7c57b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=188

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=188
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=188 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

driveseed.org/content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/js/mdb.min.js

104.21.70.18

200 OK

1.2 MB

URL GET HTTP/3
driveseed.org/content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/js/mdb.min.js
IP
104.21.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectdriveseed.org
FingerprintBA:FA:6A:7F:6D:B4:89:DB:FC:E6:A4:15:63:E0:0C:A5:4B:1A:CB:A2
ValidityTue, 09 Apr 2024 18:49:06 GMT - Mon, 08 Jul 2024 18:49:05 GMT

File type

Size
1.2 MB (1179897 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/js/mdb.min.js HTTP/1.1
Host: driveseed.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/file/r817JoRznr
Cookie: PHPSESSID=748595365bd11844bbe6f7055711c5d3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:23 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Tue, 07 May 2024 18:38:17 GMT
last-modified: Tue, 20 Dec 2022 13:15:07 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 335106
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZPkVWL7nlHqm628o4PmE15og55G6tmxHQiehEx1cl2fTIskB%2BiHkPqnOqSWRZE%2BXCHMXfU8TVEkRy3UrnWipQQt8MJZqA63Imu09H%2BPh01BPRPfBciS4V%2F3slNFaBy5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e99b294ffd0b41-OSL
content-encoding: br

accounts.google.com/gsi/style

74.125.131.84

200 OK

530 B

URL GET HTTP/3
accounts.google.com/gsi/style
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text, with very long lines (530), with no line terminators
Size
530 B (530 bytes)
Hash
6ce3c682ce6b9e0b88670395a63345c8
8cbfc0856a52320e3567792dfe2487748ac07458
524f1ea2ac242c6fae3c1cc52c7ae7d05a8a7db466fe3c7b46e8efcfc2d95e53

HTTP Headers

GET /gsi/style HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
expires: Sat, 04 May 2024 15:43:25 GMT
date: Sat, 04 May 2024 15:43:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-EohVJENW61_rYYsZ8vVOxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

driveseed.org/content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/css/mdb.dark.min.css

104.21.70.18

200 OK

456 kB

URL GET HTTP/3
driveseed.org/content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/css/mdb.dark.min.css
IP
104.21.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectdriveseed.org
FingerprintBA:FA:6A:7F:6D:B4:89:DB:FC:E6:A4:15:63:E0:0C:A5:4B:1A:CB:A2
ValidityTue, 09 Apr 2024 18:49:06 GMT - Mon, 08 Jul 2024 18:49:05 GMT

File type

Size
456 kB (456152 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /content/data/MDB5-STANDARD-UI-KIT-Free-3.9.0/css/mdb.dark.min.css HTTP/1.1
Host: driveseed.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/file/r817JoRznr
Cookie: PHPSESSID=748595365bd11844bbe6f7055711c5d3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:23 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Tue, 07 May 2024 16:17:52 GMT
last-modified: Tue, 20 Dec 2022 13:15:07 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 343530
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQCJNX4Xj4%2B3zd2Tb%2F1dS5B52x1V6vGUla0lvO1t3XhuVtxV186HQpX4xnVEaz%2BjgVL%2BuFun1DCRo2ei5uDH2GGSJBI4ScTq%2BpKIlN1AAgpaWqFpKXqLJK3zg5BfoupL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e99b293fdc0b41-OSL
content-encoding: br

challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js

104.17.2.184

200 OK

43 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42565)
Size
43 kB (42566 bytes)
Hash
65b0a652c40c95d12c4ddb3b4567c1ea
c654efa19d01d6553ed4e0f500d350011e023ad1
c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7

HTTP Headers

GET /turnstile/v0/g/d0ff3ebede6b/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://driveseed.org/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:23 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b2af8951bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

driveseed.org/file/r817JoRznr

104.21.70.18

200 OK

17 kB

URL User Request GET HTTP/2
driveseed.org/file/r817JoRznr
IP
104.21.70.18:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdriveseed.org
FingerprintBA:FA:6A:7F:6D:B4:89:DB:FC:E6:A4:15:63:E0:0C:A5:4B:1A:CB:A2
ValidityTue, 09 Apr 2024 18:49:06 GMT - Mon, 08 Jul 2024 18:49:05 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
17 kB (16608 bytes)
Hash
a13df00f76b162ef26c0f31588162a80
8f56bc3987d26e13b3fe5a1830e4f88e55e42f25
a05d339e6972962e2b7ed6dda42ab817a5e5689b6735ee9378cc3f3628c3a6c5

HTTP Headers

GET /file/r817JoRznr HTTP/1.1
Host: driveseed.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=748595365bd11844bbe6f7055711c5d3; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fK4eIiXCmo90tTZqHApF2yqsLnhTDguBaz745JL883H9cZR1Vb9AiDHP9VQLB8ZLJdA1l8OiqPry7Iq3xbuNc%2FGR%2Fwe59ZpIoGAXh4fBPK4VdAMnAJb8imyXA3vJ5I06"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e99b253ff9712e-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html

45.133.44.3

200 OK

3.0 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text, with very long lines (3229), with no line terminators
Size
3.0 kB (2977 bytes)
Hash
0b579b1f5697d55d3bc0856975d08243
e68a8e8bc08f86086744aba736df40ca7bea6d01
8ac4909eb5c0efc3278c66a43990535925fb271226f96261415df027fe40cb0c

HTTP Headers

GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://driveseed.org
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 15:43:31 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 16:43:31 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

threeinvincible.com/pixel/sbs?c=1

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/pixel/sbs?c=1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Cookie: u_pl=18886252; uid_id2=bbce5349-014d-479f-b973-dfbabd0c4683:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 15:43:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

accounts.google.com/gsi/client

74.125.131.84

200 OK

221 kB

URL GET HTTP/2
accounts.google.com/gsi/client
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
JavaScript source, ASCII text, with very long lines (3111)
Size
221 kB (220988 bytes)
Hash
9e824aefbb6435d61e675accdab1ffe7
106799355ee44ce47c153a298f54f5338ddd0df8
303bd7ad954181179d059f0713ecf11a9bd5edfd6122dc787b6e40abcb69970d

HTTP Headers

GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Sat, 04 May 2024 15:43:24 GMT
date: Sat, 04 May 2024 15:43:24 GMT
cache-control: private, max-age=1800
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-Lzss0dbeULJc9Iv-maaSnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700%26display=swap

142.250.74.106

200 OK

8.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700%26display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (8956), with no line terminators
Size
8.7 kB (8732 bytes)
Hash
91804c0df51e58b0bf469561e1ac2732
cc5a9023e310b49ef8f8ae32bb89ea774fe116ec
8a8aed46bfb9cdec8e34e76343b7e66796cf09926aef42efdfe5fa8a1fdda8aa

HTTP Headers

GET /css?family=Roboto:300,400,500,700%26display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 15:43:23 GMT
date: Sat, 04 May 2024 15:43:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/3
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://driveseed.org/file/r817JoRznr
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveseed.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 15:43:24 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ef493b264f61b068d5ac2a57bf63acf2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 15:43:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FXqLOSWuJaoaI4yGZqO7aCJFn8Zv2H6ZaiEO9pfdoFb%2BKqVD0JZ3Ev8mLnep7gYPlqF6Zb8rI6Nny4gOhGgKhc%2FDKfZmkWSt3dNRZB%2Bb3w2PNMZuGcBfwEicDdrk0gDX3N42pwDzx9NWA%2FqsbjKnAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e99b33cb930b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML