Report - pobretv.cab/filme/leo-C10757942

Report Overview

Visited public
2023-12-03 22:09:26
Tags
URL
pobretv.cab/filme/leo-C10757942
Finishing URL
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-12-02 05:14:39	536 B	2.9 kB	192.243.59.20
cdnstatic.stonecarv.top	unknown	unknown	No data	No data	744 B	778 B	172.67.154.38
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	884 B	836 B	18.184.210.76
warilydigestionauction.com	unknown	unknown	No data	No data	2.6 kB	4.3 kB	173.233.137.44
www.highcpmcreativeformat.com	unknown	2023-10-20	2023-10-23 21:49:14	2023-12-03 19:10:32	908 B	23 kB	192.243.61.227
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-03 05:10:51	1.0 kB	155 kB	172.64.140.13
midgetdeliveringsmartly.com	unknown	unknown	No data	No data	7.4 kB	11 kB	173.233.137.60
vvfal.stonecarv.top	unknown	unknown	No data	No data	1.3 kB	25 kB	172.67.154.38
clk.tradedoubler.com	65246	1999-10-10	2012-05-21 15:21:02	2023-12-03 22:15:19	2.2 kB	5.1 kB	3.127.180.170
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-12-03 05:25:53	936 B	15 kB	192.0.77.2
pobretv.cab	unknown	unknown	No data	No data	2.7 kB	128 kB	188.114.97.1
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-03 13:59:03	2.6 kB	4.4 kB	173.233.137.44
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-02 11:47:04	926 B	601 B	192.64.81.118
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-12-03 05:47:50	608 B	1.0 kB	172.67.205.133
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-03 07:56:40	1.4 kB	32 kB	142.250.74.35
vht.tradedoubler.com	99799	1999-10-10	2014-10-10 10:20:39	2023-12-03 13:54:47	421 B	8.4 kB	54.230.111.48
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-03 05:09:22	417 B	31 kB	151.101.66.137
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-03 11:12:04	700 B	1.9 kB	54.230.218.11

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 22:09:16	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	highcpmcreativeformat.com	Sinkholed
2023-12-03	medium	highcpmcreativeformat.com	Sinkholed
2023-12-03	medium	warilydigestionauction.com	Sinkholed
2023-12-03	medium	midgetdeliveringsmartly.com	Sinkholed
2023-12-03	medium	warilydigestionauction.com	Sinkholed
2023-12-03	medium	midgetdeliveringsmartly.com	Sinkholed
2023-12-03	medium	midgetdeliveringsmartly.com	Sinkholed
2023-12-03	medium	midgetdeliveringsmartly.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - 935b78b4643a7d04c59ffcb56f953d47	471 B	2023-12-02 19:20	2024-08-20 17:02
Pretty Observations First Seen2023-12-02 19:20 Last Seen2024-08-20 17:02 Times Seen3 Hash 935b78b4643a7d04c59ffcb56f953d47 cf50218ff1e543fe1f24895cda8d44d3ce5478f5 2627939ed858585c2fce80869a906340155d4315a8d23095c1a34634c59d9a51 Loading...

		Size	First Seen	Last Seen
	#1 Write - c051454ea55174aaaa8c2afe60b7d539	121 B	2023-12-02 19:20	2024-08-20 17:02
Pretty Observations First Seen2023-12-02 19:20 Last Seen2024-08-20 17:02 Times Seen5 Hash c051454ea55174aaaa8c2afe60b7d539 e786241afd850275904c8dd6dfa5cff58a7dcc97 06ba6c1ad228ea16c2b6a3d817c337a92a73eb2050c607b48c2ae98fb19b4054 Loading...

HTTP Transactions (38)

URL IP Response Size

code.jquery.com/jquery-3.3.1.min.js

151.101.66.137

30 kB

URL
code.jquery.com/jquery-3.3.1.min.js
IP
151.101.66.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65451)
Size
30 kB (30288 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 03 Dec 2023 22:09:06 GMT
age: 6839147
x-served-by: cache-lga13622-LGA, cache-bma1663-BMA
x-cache: HIT, HIT
x-cache-hits: 24, 553093
x-timer: S1701641347.938166,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2

i0.wp.com/pobretv.cab/assets/images/loading.gif

192.0.77.2

10 kB

URL
i0.wp.com/pobretv.cab/assets/images/loading.gif
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
10 kB (10272 bytes)
Hash
0190dd9c08070a15cff8a1d4577b9ec3
b84990aed9f6ae9ef5a56d9f5fba8c229cadd888
816d3f4381ccba82e76844909070cdb11ab089c3bf6d5508b6c4c1d8c927ae0f

HTTP Headers

GET /pobretv.cab/assets/images/loading.gif HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:09:06 GMT
content-type: image/webp
content-length: 10272
last-modified: Thu, 23 Nov 2023 09:54:47 GMT
expires: Sat, 22 Nov 2025 21:54:47 GMT
cache-control: public, max-age=63115200
link: <http://pobretv.cab/assets/images/loading.gif>; rel="canonical"
x-content-type-options: nosniff
etag: "c60c5e0a6e98ec3c"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

pobretv.cab/logo.png

188.114.97.1

12 kB

URL
pobretv.cab/logo.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 231 x 73, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11555 bytes)
Hash
f46b8204fc30c3a279928adf3df98715
5b224074c7ccc7ff7ce61d06e7a5d986394d1be5
0acb1198d731f16150bad39e53b11e7466a0dbcf852307eecb4fd6dc777020f1

HTTP Headers

GET /logo.png HTTP/1.1
Host: pobretv.cab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/filme/leo-C10757942
Cookie: PHPSESSID=knku9e244f6cbusc6gh62u8sdl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:06 GMT
content-type: image/png
content-length: 11555
cache-control: public, max-age=43200
expires: Thu, 23 Nov 2023 23:18:26 GMT
etag: "2d23-64d85ecd-1219f2;;;"
last-modified: Sun, 13 Aug 2023 04:40:45 GMT
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B37eFj4%2BUpn49phzWyU8%2Fz%2BSaQuq266npvVkW4gTbPciCQf1cVyEUVcS9UDZuW7y4w7UzqoAl3gu6WeIcWv%2BrYzxLTQy4Y5LtSrkoUW8GiB8fNqwQb7HyejrCMJsfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff21d1f90db4eb-OSL
alt-svc: h3=":443"; ma=86400

pobretv.cab/wp-content/themes/peliscueva/js/sweetalert2.all.js

188.114.97.1

24 kB

URL
pobretv.cab/wp-content/themes/peliscueva/js/sweetalert2.all.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65470), with CRLF line terminators
Size
24 kB (24546 bytes)
Hash
0c928902ffe30c5206432d1729f08254
e01374d633f3aab52e89d6a4fe8014dcb1503962
d4518dee449de763310ad4226483bbb8fd6a9071dc83cfa82de194dcf9a22864

HTTP Headers

GET /wp-content/themes/peliscueva/js/sweetalert2.all.js HTTP/1.1
Host: pobretv.cab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/filme/leo-C10757942
Cookie: PHPSESSID=knku9e244f6cbusc6gh62u8sdl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:06 GMT
content-type: application/x-javascript
cache-control: public, max-age=43200
expires: Thu, 23 Nov 2023 23:18:26 GMT
etag: W/"10daa-6384dd06-1416ee;gz"
last-modified: Mon, 28 Nov 2022 16:08:38 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGAOonDSzO0XPOU4QEkg2yEgElfS6TpuLB6dSkv0S5IgitUhffjQ%2B7BxqKHcpTZ7Z4PziYLsVeGkO54rPivAsVCVsMxCfMEx9435DrJt4u1J1L1p3otjesfLJ7Krtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21d1f913b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.highcpmcreativeformat.com/c6258ed9060234506fb21d2b8ef483c2/invoke.js

192.243.61.227

11 kB

URL
www.highcpmcreativeformat.com/c6258ed9060234506fb21d2b8ef483c2/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29625), with no line terminators
Size
11 kB (10913 bytes)
Hash
9ac76671d5de4e5b3dc8234c0118b7c2
a0b2a8cdb4de5a03d3bf733fd2a58b27531f95fc
f126bd735e3e1561c7797d53e18c3f767e79db2b0d46a66c099a35b32737046b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c6258ed9060234506fb21d2b8ef483c2/invoke.js HTTP/1.1
Host: www.highcpmcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87b86fb7f971f1880a4da884bcd73f79
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.highcpmcreativeformat.com/c6258ed9060234506fb21d2b8ef483c2/invoke.js

192.243.61.227

11 kB

URL
www.highcpmcreativeformat.com/c6258ed9060234506fb21d2b8ef483c2/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29628), with no line terminators
Size
11 kB (10913 bytes)
Hash
e1c098aff2b55b8f24c94b079ba61625
103af933c7ec83509fcde034166285929596ca93
38b2533e4989fedba2053316b990d7dbdda351062a4f79ba25b717d76873d265

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c6258ed9060234506fb21d2b8ef483c2/invoke.js HTTP/1.1
Host: www.highcpmcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 651317fc1552cfa4d5edb2151ad663bb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 22:09:08 GMT
Last-Modified: Sun, 03 Dec 2023 20:20:51 GMT
Server: ECAcc (amb/6B38)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rw07G_TVxKd4COdv6PeB0M_vzZAJPI5abmPpI2T7GonkyHWaru92OQ==
Age: 6497

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
1581f430d6432b917daed1cf56cfb5d5
f3225b0f705bd9b62af69f900cae2fd436affd72
cee47110ed2d4b1df3a43c43c327e5bd74c593a21892dc43fd7bbf4906df46c2

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pobretv.cab
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:09:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://pobretv.cab
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8a026b46-841f-4454-b9cd-9b194170504c:3:1; expires=Wed, 30 Nov 2033 22:09:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3dbb352fe517f15cce2ee66cc0cf2825
aad5e4303987756e901c88acb6531b7fd72d7d37
2ff8b34b7a491ab7c1320b9bb7e6285b676943bac5c883dfe8ba327b981fb13c

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pobretv.cab
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:09:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://pobretv.cab
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=67f867b0-d7e1-416b-8b3d-29cf082831b3:2:1; expires=Wed, 30 Nov 2033 22:09:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

i0.wp.com/www.themoviedb.org/t/p/w185/pD6sL4vntUOXHmuvJPPZAgvyfd9.jpg

192.0.77.2

3.7 kB

URL
i0.wp.com/www.themoviedb.org/t/p/w185/pD6sL4vntUOXHmuvJPPZAgvyfd9.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.7 kB (3742 bytes)
Hash
8606f2dff45ea2d69800416787c22bb7
b10842e9d892601016ebc39d96c4643d2542c22d
f0941672e59c5e0ddb89cd5de5088dcf0a0386c685eed775df3fad9c31fe6056

HTTP Headers

GET /www.themoviedb.org/t/p/w185/pD6sL4vntUOXHmuvJPPZAgvyfd9.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:09:08 GMT
content-type: image/webp
content-length: 3742
last-modified: Sun, 26 Nov 2023 18:52:28 GMT
expires: Wed, 26 Nov 2025 06:52:28 GMT
cache-control: public, max-age=63115200
link: <http://www.themoviedb.org/t/p/w185/pD6sL4vntUOXHmuvJPPZAgvyfd9.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f15440f0a9ef745a"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2

172.64.140.13

79 kB

URL
use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
IP
172.64.140.13:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data
Size
79 kB (79100 bytes)
Hash
5dc01cfcd5336f696cb85da7ce53fa9b
28a1f2fadc35c5343e0280389fe7955e3d1be607
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

HTTP Headers

GET /releases/v5.6.3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pobretv.cab
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:09:08 GMT
content-type: font/woff2
content-length: 79100
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
last-modified: Fri, 22 Sep 2023 01:45:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 908029
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IF6KjrXnb4zHDh1xsNsaXt%2Bucc6dF0EPFlR8XVyrbqlGEaoPgexscE8DaCrKEZBXYGcdHrmuP25n5ze77g1BN%2B1jdfjFXtOkxBk0ZR4jF9AwsLnju7uzJQI%2B2si%2FLLfMfdMVdJ7d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21daee3c6553-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.6.3/webfonts/fa-brands-400.woff2

172.64.140.13

74 kB

URL
use.fontawesome.com/releases/v5.6.3/webfonts/fa-brands-400.woff2
IP
172.64.140.13:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 74288, version 1.0\012- data
Size
74 kB (74288 bytes)
Hash
eac60e8a656781e13d2a674b4d9051c0
0039be9d8a99d1e5cf200ca3e08757692020460e
eed474a49bdbf745c19e463f070e67977c1ab27835603eb749d9e5c249cf81f8

HTTP Headers

GET /releases/v5.6.3/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pobretv.cab
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:09:08 GMT
content-type: font/woff2
content-length: 74288
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "eac60e8a656781e13d2a674b4d9051c0"
last-modified: Fri, 22 Sep 2023 01:45:45 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 908029
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m37jBZerzUWQaz2aLaHzWY6MRDDMjBGeqHigcc7TqFpy%2BEwIfBhBAoz1gdpB4GSHZgouOFAy%2B7BaxjWJnx3EOta3014f41uNFw4Wh5fik2upMqsjQPv4WsPgark5ywQWBg7pJhAG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21dafe516553-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pobretv.cab/wp-content/themes/peliscueva/js/jquery.min.js

188.114.97.1

32 kB

URL
pobretv.cab/wp-content/themes/peliscueva/js/jquery.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65447)
Size
32 kB (32476 bytes)
Hash
17738318d61d394f1de8890d589afaec
f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

HTTP Headers

GET /wp-content/themes/peliscueva/js/jquery.min.js HTTP/1.1
Host: pobretv.cab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/filme/leo-C10757942
Cookie: PHPSESSID=knku9e244f6cbusc6gh62u8sdl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:06 GMT
content-type: application/x-javascript
cache-control: public, max-age=43200
expires: Fri, 24 Nov 2023 22:54:34 GMT
etag: W/"15e54-63826b06-1416e7;gz"
last-modified: Sat, 26 Nov 2022 19:37:42 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQ7ICL0Z4mQ1%2BEN0VFBavtfrMu6VIPnuzAV7%2B9WUjVTHvCP%2BDHa1Cc%2Bs8oQcFh8D%2BIFan0AE5Nxi%2FJXRpC%2BCOyKYGDlrDIijhnqa%2BxqQ8p6F1XnhzrI46lCBef6s1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21d1f910b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pobretv.cab/favicon-192x192.png

188.114.97.1

33 kB

URL
pobretv.cab/favicon-192x192.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
33 kB (33128 bytes)
Hash
36a0128b59bb9c49890a8cf6b5a564ec
5a71768cd3d291b463b4a6f4e524ed5299382280
e96134a9e47ac10c7a2af14bc023b6658bf1e406235f8eaf6fb382a858050df3

HTTP Headers

GET /favicon-192x192.png HTTP/1.1
Host: pobretv.cab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/filme/leo-C10757942
Cookie: PHPSESSID=knku9e244f6cbusc6gh62u8sdl; more_options=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:08 GMT
content-type: image/png
content-length: 33128
cache-control: public, max-age=43200
expires: Tue, 28 Nov 2023 21:52:00 GMT
etag: "8168-64d85b5f-121994;;;"
last-modified: Sun, 13 Aug 2023 04:26:07 GMT
cf-cache-status: HIT
age: 6139
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l06gCyenwZ0LCwmu1GzRhpyLEpQ7ANSJVbRc%2BVAWnp3vIemQ7vy%2BEnszCQfCMypTiBo0XaQiylvcs7VfKhhd1iAWvSLWn3AylkZdJQy%2BEWFuhqDuGfAH67K9er3vxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff21dcdb65b4eb-OSL
alt-svc: h3=":443"; ma=86400

173.233.137.44

0 B

URL
warilydigestionauction.com/watch.747036445011.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=8a026b46-841f-4454-b9cd-9b194170504c%3A3%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.747036445011.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=8a026b46-841f-4454-b9cd-9b194170504c%3A3%3A1 HTTP/1.1
Host: warilydigestionauction.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pobretv.cab
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://pobretv.cab
Access-Control-Allow-Origin: https://pobretv.cab
Access-Control-Allow-Credentials: true
Location: https://warilydigestionauction.com/watch.747036445011.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=8a026b46-841f-4454-b9cd-9b194170504c%3A3%3A1&shu=fd661dac298dc43c43cbfc7e42a747059c152fafd7919414893b076f36928bad4c7d42fd3fa0229c1f823f06951cb917834f9bfec0495ba69b3e87e9f35c08fa270fef6c66026ac369ca6b42bded21aa7e006da5564151f39255625c7b7cf230&pst=1701641408&rmtc=t
Set-Cookie: u_pl=21079756; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BvYnJldHYuY2FiL2ZpbG1lL2xlby1DMTA3NTc5NDIiLCJhciI6W119fQ.tXbbs7Zs3pQOSaVXvSupVzZhpF3JNuQHGttG0SnPiCY; expires=Sun, 03 Dec 2023 22:10:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f07cdc4cfcf0c6804132b684db60fbda
Strict-Transport-Security: max-age=0; includeSubdomains

173.233.137.60

0 B

URL
midgetdeliveringsmartly.com/watch.116702341688.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.116702341688.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1 HTTP/1.1
Host: midgetdeliveringsmartly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pobretv.cab
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://pobretv.cab
Access-Control-Allow-Origin: https://pobretv.cab
Access-Control-Allow-Credentials: true
Location: https://midgetdeliveringsmartly.com/watch.116702341688.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&shu=3ef3e4275d361c40c890aa0d636aec1851eda4a44f1cf624880198e6875ba376af312261514625e4a3a98286ffb7aff5d34ef3d30a85cbda514778e8e525f408f1c399f84134706777953c9862655b6eaa854abb8f369b6238d8b37d17b5c5&pst=1701641408&rmtc=t
Set-Cookie: u_pl=21079756; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BvYnJldHYuY2FiL2ZpbG1lL2xlby1DMTA3NTc5NDIiLCJhciI6W119fQ.tXbbs7Zs3pQOSaVXvSupVzZhpF3JNuQHGttG0SnPiCY; expires=Sun, 03 Dec 2023 22:10:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe48c50d817b345ae5138cdc138ca1f0
Strict-Transport-Security: max-age=0; includeSubdomains

warilydigestionauction.com/watch.747036445011.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=8a026b46-841f-4454-b9cd-9b194170504c%3A3%3A1&shu=fd661dac298dc43c43cbfc7e42a747059c152fafd7919414893b076f36928bad4c7d42fd3fa0229c1f823f06951cb917834f9bfec0495ba69b3e87e9f35c08fa270fef6c66026ac369ca6b42bded21aa7e006da5564151f39255625c7b7cf230&pst=1701641408&rmtc=t

173.233.137.44

643 B

URL
warilydigestionauction.com/watch.747036445011.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=8a026b46-841f-4454-b9cd-9b194170504c%3A3%3A1&shu=fd661dac298dc43c43cbfc7e42a747059c152fafd7919414893b076f36928bad4c7d42fd3fa0229c1f823f06951cb917834f9bfec0495ba69b3e87e9f35c08fa270fef6c66026ac369ca6b42bded21aa7e006da5564151f39255625c7b7cf230&pst=1701641408&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
643 B (643 bytes)
Hash
667141452ba6a188243f15da41264435
00e1a22776d8f9056b1f9044c54d141c2defb3b0
d25be29fcccb1660ff9c45280d58aaf09b434ff0be0c5ca3dc1a1c92d5e89c40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.747036445011.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=8a026b46-841f-4454-b9cd-9b194170504c%3A3%3A1&shu=fd661dac298dc43c43cbfc7e42a747059c152fafd7919414893b076f36928bad4c7d42fd3fa0229c1f823f06951cb917834f9bfec0495ba69b3e87e9f35c08fa270fef6c66026ac369ca6b42bded21aa7e006da5564151f39255625c7b7cf230&pst=1701641408&rmtc=t HTTP/1.1
Host: warilydigestionauction.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pobretv.cab
Referer: https://pobretv.cab/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21079756; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BvYnJldHYuY2FiL2ZpbG1lL2xlby1DMTA3NTc5NDIiLCJhciI6W119fQ.tXbbs7Zs3pQOSaVXvSupVzZhpF3JNuQHGttG0SnPiCY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://pobretv.cab
Access-Control-Allow-Origin: https://pobretv.cab
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8a026b46-841f-4454-b9cd-9b194170504c:3:1; expires=Sun, 10 Dec 2023 22:09:08 GMT; secure; SameSite=None
iprc862409dc90009561d7747e181ff8b7e1=2717343; expires=Tue, 05 Dec 2023 00:09:08 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 22508039372774daca074fb128428c81
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

midgetdeliveringsmartly.com/watch.116702341688.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&shu=3ef3e4275d361c40c890aa0d636aec1851eda4a44f1cf624880198e6875ba376af312261514625e4a3a98286ffb7aff5d34ef3d30a85cbda514778e8e525f408f1c399f84134706777953c9862655b6eaa854abb8f369b6238d8b37d17b5c5&pst=1701641408&rmtc=t

173.233.137.60

2.1 kB

URL
midgetdeliveringsmartly.com/watch.116702341688.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&shu=3ef3e4275d361c40c890aa0d636aec1851eda4a44f1cf624880198e6875ba376af312261514625e4a3a98286ffb7aff5d34ef3d30a85cbda514778e8e525f408f1c399f84134706777953c9862655b6eaa854abb8f369b6238d8b37d17b5c5&pst=1701641408&rmtc=t
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2649)
Size
2.1 kB (2109 bytes)
Hash
34c62a791a5f0d3181ade6ae0a59b5b5
e79548e018b39d3c09b8f87d70906ae13ee78c99
554318f82d4e60f4a40bcb3b1a5be63996049e72711c55c0643671b909d194f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.116702341688.js?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&shu=3ef3e4275d361c40c890aa0d636aec1851eda4a44f1cf624880198e6875ba376af312261514625e4a3a98286ffb7aff5d34ef3d30a85cbda514778e8e525f408f1c399f84134706777953c9862655b6eaa854abb8f369b6238d8b37d17b5c5&pst=1701641408&rmtc=t HTTP/1.1
Host: midgetdeliveringsmartly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pobretv.cab
Referer: https://pobretv.cab/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21079756; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BvYnJldHYuY2FiL2ZpbG1lL2xlby1DMTA3NTc5NDIiLCJhciI6W119fQ.tXbbs7Zs3pQOSaVXvSupVzZhpF3JNuQHGttG0SnPiCY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://pobretv.cab
Access-Control-Allow-Origin: https://pobretv.cab
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=67f867b0-d7e1-416b-8b3d-29cf082831b3:2:1; expires=Sun, 10 Dec 2023 22:09:08 GMT; secure; SameSite=None
iprc03e6a56638621930c0a7e1cb6ffda026=3569808; expires=Mon, 04 Dec 2023 02:09:08 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 22:09:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3fbdf91005366d12647bf3a9e38f6a66
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

midgetdeliveringsmartly.com/watch.116702341688?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1

173.233.137.60

1.5 kB

URL
midgetdeliveringsmartly.com/watch.116702341688?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (940)
Size
1.5 kB (1483 bytes)
Hash
e594ba8e0b8603ec9e48981174d421bf
c8efa713854f88a219fe142941823b039018c381
b8d897305348ece6c76103604fdf95458f67a8174f63a591e4299ac09abc503e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.116702341688?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1 HTTP/1.1
Host: midgetdeliveringsmartly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/
Cookie: u_pl=21079756; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BvYnJldHYuY2FiL2ZpbG1lL2xlby1DMTA3NTc5NDIiLCJhciI6W119fQ.tXbbs7Zs3pQOSaVXvSupVzZhpF3JNuQHGttG0SnPiCY; uid_id2=67f867b0-d7e1-416b-8b3d-29cf082831b3:2:1; iprc03e6a56638621930c0a7e1cb6ffda026=3569808; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoyLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly9wb2JyZXR2LmNhYi9maWxtZS9sZW8tQzEwNzU3OTQyIiwiYXIiOltdfX0.wV29I7ZIo3Rs9MJfV7uklKuyj4N4ldtLajunQT2pTkk; expires=Sun, 03 Dec 2023 22:10:09 GMT; secure; SameSite=None
uid_id2=67f867b0-d7e1-416b-8b3d-29cf082831b3:2:1; expires=Sun, 10 Dec 2023 22:09:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e187c9bcbaa898b4092a7912126f921
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

midgetdeliveringsmartly.com/api/users?token=L3dhdGNoLjExNjcwMjM0MTY4OD9kZXY9ZSZrZXk9YzYyNThlZDkwNjAyMzQ1MDZmYjIxZDJiOGVmNDgzYzIma3c9JTVCJTI2cXVvdCUzQmFzc2lzdGlyJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsZW8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9ubGluZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZW0lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBvcnR1Z3UlQzMlQUFzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0Jwb2JyZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHYlMjZxdW90JTNCJTVEJnBzdD0xNzAxNjQxNDA5JnJlZmVyPWh0dHBzJTNBJTJGJTJGcG9icmV0di5jYWIlMkZmaWxtZSUyRmxlby1DMTA3NTc5NDImcmVzPTE0LjMwOTUmcm10Yz10JnNodT0wMzFhMjZkOTM5MWFmNGFhMmUwYzBiNjAxZjYzZTliNWQ3YjVmMTU0NDY5Y2MzMjg2NDRmZmE3ZGE5ZWUzZTcxZjZjODc2MmIyNjg0YjhmOWEwNjYwZGJkODY4NzMwNWEyZjAxNDRkM2FhZGNjZjE3ZTNjNGJiNmQxMmJiMWZhODA2NmJhOWJlN2FjODc4ODc1ZDIyOTQzODI4NGRkYmM1MjdlMjUzMjMyNzE5Y2ZlYzlkYWNjNzA1OTIyZTA5JnR6PTAmdXVpZD02N2Y4NjdiMC1kN2UxLTQxNmItOGIzZC0yOWNmMDgyODMxYjMlM0EyJTNBMQ%3D%3D&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&pii=&in=false

173.233.137.60

783 B

URL
midgetdeliveringsmartly.com/api/users?token=L3dhdGNoLjExNjcwMjM0MTY4OD9kZXY9ZSZrZXk9YzYyNThlZDkwNjAyMzQ1MDZmYjIxZDJiOGVmNDgzYzIma3c9JTVCJTI2cXVvdCUzQmFzc2lzdGlyJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsZW8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9ubGluZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZW0lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBvcnR1Z3UlQzMlQUFzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0Jwb2JyZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHYlMjZxdW90JTNCJTVEJnBzdD0xNzAxNjQxNDA5JnJlZmVyPWh0dHBzJTNBJTJGJTJGcG9icmV0di5jYWIlMkZmaWxtZSUyRmxlby1DMTA3NTc5NDImcmVzPTE0LjMwOTUmcm10Yz10JnNodT0wMzFhMjZkOTM5MWFmNGFhMmUwYzBiNjAxZjYzZTliNWQ3YjVmMTU0NDY5Y2MzMjg2NDRmZmE3ZGE5ZWUzZTcxZjZjODc2MmIyNjg0YjhmOWEwNjYwZGJkODY4NzMwNWEyZjAxNDRkM2FhZGNjZjE3ZTNjNGJiNmQxMmJiMWZhODA2NmJhOWJlN2FjODc4ODc1ZDIyOTQzODI4NGRkYmM1MjdlMjUzMjMyNzE5Y2ZlYzlkYWNjNzA1OTIyZTA5JnR6PTAmdXVpZD02N2Y4NjdiMC1kN2UxLTQxNmItOGIzZC0yOWNmMDgyODMxYjMlM0EyJTNBMQ%3D%3D&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&pii=&in=false
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (569)
Size
783 B (783 bytes)
Hash
4149672cefe37fc9fa6140b25003c97d
0784355ec02c80e7879685a004e1e4eb6d9bfedf
da4768f2baf86e6ddac55b4fe7d07a4aea0e7c45df882fb11181668ba0abbfbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjExNjcwMjM0MTY4OD9kZXY9ZSZrZXk9YzYyNThlZDkwNjAyMzQ1MDZmYjIxZDJiOGVmNDgzYzIma3c9JTVCJTI2cXVvdCUzQmFzc2lzdGlyJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsZW8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9ubGluZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZW0lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBvcnR1Z3UlQzMlQUFzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0Jwb2JyZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHYlMjZxdW90JTNCJTVEJnBzdD0xNzAxNjQxNDA5JnJlZmVyPWh0dHBzJTNBJTJGJTJGcG9icmV0di5jYWIlMkZmaWxtZSUyRmxlby1DMTA3NTc5NDImcmVzPTE0LjMwOTUmcm10Yz10JnNodT0wMzFhMjZkOTM5MWFmNGFhMmUwYzBiNjAxZjYzZTliNWQ3YjVmMTU0NDY5Y2MzMjg2NDRmZmE3ZGE5ZWUzZTcxZjZjODc2MmIyNjg0YjhmOWEwNjYwZGJkODY4NzMwNWEyZjAxNDRkM2FhZGNjZjE3ZTNjNGJiNmQxMmJiMWZhODA2NmJhOWJlN2FjODc4ODc1ZDIyOTQzODI4NGRkYmM1MjdlMjUzMjMyNzE5Y2ZlYzlkYWNjNzA1OTIyZTA5JnR6PTAmdXVpZD02N2Y4NjdiMC1kN2UxLTQxNmItOGIzZC0yOWNmMDgyODMxYjMlM0EyJTNBMQ%3D%3D&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1&pii=&in=false HTTP/1.1
Host: midgetdeliveringsmartly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://midgetdeliveringsmartly.com/watch.116702341688?key=c6258ed9060234506fb21d2b8ef483c2&kw=%5B%22assistir%22%2C%22leo%22%2C%222023%22%2C%22online%22%2C%22em%22%2C%22portugu%C3%AAs%22%2C%22-%22%2C%22pobre%22%2C%22tv%22%5D&refer=https%3A%2F%2Fpobretv.cab%2Ffilme%2Fleo-C10757942&tz=0&dev=e&res=14.3095&uuid=67f867b0-d7e1-416b-8b3d-29cf082831b3%3A2%3A1
Cookie: u_pl=21079756; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA3OTc1NiwiayI6ImM2MjU4ZWQ5MDYwMjM0NTA2ZmIyMWQyYjhlZjQ4M2MyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTM3MjIzLCJwaWQiOjEzNTQ0NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyMywicHQiOjQsInBrIjoianJ3MTdza2RpZSIsInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoyLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly9wb2JyZXR2LmNhYi9maWxtZS9sZW8tQzEwNzU3OTQyIiwiYXIiOltdfX0.wV29I7ZIo3Rs9MJfV7uklKuyj4N4ldtLajunQT2pTkk; uid_id2=67f867b0-d7e1-416b-8b3d-29cf082831b3:2:1; iprc03e6a56638621930c0a7e1cb6ffda026=3569808; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:09 GMT
Content-Type: text/html
Content-Length: 783
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://pobretv.cab/filme/leo-C10757942
Access-Control-Allow-Origin: https://pobretv.cab/filme/leo-C10757942
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=67f867b0-d7e1-416b-8b3d-29cf082831b3:2:1; expires=Sun, 10 Dec 2023 22:09:09 GMT; secure; SameSite=None
iprc76c6479ffaa4540d6a08482ee42a4488=2717343; expires=Tue, 05 Dec 2023 00:09:09 GMT; secure; SameSite=None
uncs=2; expires=Mon, 04 Dec 2023 22:09:09 GMT; secure; SameSite=None
uncs23=2; expires=Mon, 04 Dec 2023 22:09:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 68ba40150274ab6c512f9ed339f5c771
Strict-Transport-Security: max-age=0; includeSubdomains

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21079756

173.233.137.44

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21079756
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (500)
Size
1.4 kB (1405 bytes)
Hash
123c601e3d7ad83985c4bee01757de1d
6d24a764c04e774ae77a85c09941db4bca385682
d55ead251f59b7e1b794da06df3c0f7e3ce815f51cf57d452c7c1074f5801458

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21079756 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://midgetdeliveringsmartly.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Mon, 04 Dec 2023 22:09:09 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEwNzk3NTYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9taWRnZXRkZWxpdmVyaW5nc21hcnRseS5jb20vIiwiYXIiOltdfX0.a00HJ39UcO-MM8iOa3aX25kSqTfxwuaxLk56XaxtBYs; expires=Sun, 03 Dec 2023 22:10:09 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72876e4cb53926daf74cf9d5508a1730
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMDc5NzU2JnBzdD0xNzAxNjQxNDA5JnJlZmVyPWh0dHBzJTNBJTJGJTJGbWlkZ2V0ZGVsaXZlcmluZ3NtYXJ0bHkuY29tJTJGJnJtdGM9dCZzaHU9NmVkMmViNjczYmUzZWJjZTcxZjQwZDk0NDk0OGU2MjJmYmVlNWU5NWI0ZDM2NjE3ODFmMTdjMzJmZThiM2MxOTAzMTA5MDcxOWJiNDhiNjI0NTZiY2RiZDdmYWUyMjhhOTFmYjM2MTZlZGE2NTA3MTlkYTZiNmI3N2MyODQ1MmJhMGMxNGZlOTU4MjZjZDZiNThhNzg1NTNlZGQwZTZjZDYxOTlkYjdlOTA2ZDgwYzdlODQ5YWMwNjZkZjZjNzQ1ODc%3D&uuid=&pii=&in=false

192.243.61.227

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMDc5NzU2JnBzdD0xNzAxNjQxNDA5JnJlZmVyPWh0dHBzJTNBJTJGJTJGbWlkZ2V0ZGVsaXZlcmluZ3NtYXJ0bHkuY29tJTJGJnJtdGM9dCZzaHU9NmVkMmViNjczYmUzZWJjZTcxZjQwZDk0NDk0OGU2MjJmYmVlNWU5NWI0ZDM2NjE3ODFmMTdjMzJmZThiM2MxOTAzMTA5MDcxOWJiNDhiNjI0NTZiY2RiZDdmYWUyMjhhOTFmYjM2MTZlZGE2NTA3MTlkYTZiNmI3N2MyODQ1MmJhMGMxNGZlOTU4MjZjZDZiNThhNzg1NTNlZGQwZTZjZDYxOTlkYjdlOTA2ZDgwYzdlODQ5YWMwNjZkZjZjNzQ1ODc%3D&uuid=&pii=&in=false
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMDc5NzU2JnBzdD0xNzAxNjQxNDA5JnJlZmVyPWh0dHBzJTNBJTJGJTJGbWlkZ2V0ZGVsaXZlcmluZ3NtYXJ0bHkuY29tJTJGJnJtdGM9dCZzaHU9NmVkMmViNjczYmUzZWJjZTcxZjQwZDk0NDk0OGU2MjJmYmVlNWU5NWI0ZDM2NjE3ODFmMTdjMzJmZThiM2MxOTAzMTA5MDcxOWJiNDhiNjI0NTZiY2RiZDdmYWUyMjhhOTFmYjM2MTZlZGE2NTA3MTlkYTZiNmI3N2MyODQ1MmJhMGMxNGZlOTU4MjZjZDZiNThhNzg1NTNlZGQwZTZjZDYxOTlkYjdlOTA2ZDgwYzdlODQ5YWMwNjZkZjZjNzQ1ODc%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEwNzk3NTYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9taWRnZXRkZWxpdmVyaW5nc21hcnRseS5jb20vIiwiYXIiOltdfX0.a00HJ39UcO-MM8iOa3aX25kSqTfxwuaxLk56XaxtBYs; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 22:09:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3004b432af2fb79dcb70816dfe3011f4&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprcbef24295d9049da1e2912c583c2f7efd=4641329; expires=Mon, 04 Dec 2023 22:09:10 GMT
pdhtkv=true; expires=Mon, 04 Dec 2023 22:09:10 GMT
uncs=1; expires=Mon, 04 Dec 2023 22:09:10 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 22:09:10 GMT
uncs28=1; expires=Mon, 04 Dec 2023 22:09:10 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 30e1290f58dab73a613e77ed9ed9b092
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3004b432af2fb79dcb70816dfe3011f4&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3004b432af2fb79dcb70816dfe3011f4&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3004b432af2fb79dcb70816dfe3011f4&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 03 Dec 2023 22:09:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9ikb4k29l; expires=Mon, 04-Dec-2023 22:09:11 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9ikb4k29l-h9ikb4k29l-hq1m-0-q5a4bl-ftxofe-ft8pdz-65203a; expires=Mon, 04-Dec-2023 22:09:11 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 03 Dec 2023 22:09:11 GMT
content-length: 0
location: https://vvfal.stonecarv.top/allow-button/?pl=zKByXHsQK0ydGD7DogbGyA&sm=allow-button&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660&nrid=bfa7412e3eb74bc087a0174129444776&hash=LC1cBNU4x-A0TL5A5H8Ifw&exp=1701641651
set-cookie: zKByXHsQK0ydGD7DogbGyA=2; max-age=345600; path=/; samesite=lax
__pl=ebe8b95f-7b04-49a9-8e73-4d4ee25a2b9d; expires=Wed, 03 Dec 2025 22:09:11 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DbFNWqswkuG7%2FuD96ZgZLiYBL0UR2CKvKebN9LimIDt3UcysnJecC10BExKcq4lLqL%2BTGmJYdHMCvBffLVTPwhGTyCzCcoZXZP0BihpYaDmiHZKjwZrpbjva8xpL%2FiEw35rshLA8cre4me25"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21ed1dbf56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.stonecarv.top/allow-button/assets/style.css

172.67.154.38

13 kB

URL
vvfal.stonecarv.top/allow-button/assets/style.css
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
13 kB (13404 bytes)
Hash
30d80b4eb5d929d058548bf104eadf4a
a73cd37a03442a044821fd15d89f70e565f43c9d
e992932bc74e41cb59108c3700c7bd98f941c475ac2a19d2c0b48964551901f2

HTTP Headers

GET /allow-button/assets/style.css HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/allow-button/?pl=zKByXHsQK0ydGD7DogbGyA&sm=allow-button&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660&nrid=bfa7412e3eb74bc087a0174129444776&hash=LC1cBNU4x-A0TL5A5H8Ifw&exp=1701641651
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:11 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-253"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UcydaJiVmdOnCNAFHYyBWqXRZP%2BFjWCPoxGhibNFHEZIswnkAjRpObBZvdHhWlnhvX8KoxZPLtvnH9s%2BE1SGI5HuqwK9FzsTR4pyL4PqCdhHg3gAxgBUzUKOQaEFUmfeSNaEce9Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff21efd9440afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/shared-js/assets/static-pl.js?v=2

172.67.154.38

10 kB

URL
vvfal.stonecarv.top/shared-js/assets/static-pl.js?v=2
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
10 kB (10521 bytes)
Hash
7224243dd0b18bb2508a1d77d4b2a0b2
bd833c24aa241861316053fd8bd46a1bef3d343f
920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659

HTTP Headers

GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/allow-button/?pl=zKByXHsQK0ydGD7DogbGyA&sm=allow-button&click_id=c5cb5h9ikb4k29l3a6&sub_id=16122660&nrid=bfa7412e3eb74bc087a0174129444776&hash=LC1cBNU4x-A0TL5A5H8Ifw&exp=1701641651
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:11 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5142
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNyJQ%2FtWAFnqBFt6R%2FhC84YfKR5zJHyzjSPoxJTigK9SdV89xPmtxNaj6KKv4ObK9lLEWUdJ2GxbyS9doQGGWni40QiKjk3830UkwRKTgt463FT2ot5O6V7nK3K%2BX306zJj1FNUB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff21eff9500afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 320620
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pobretv.cab/wp-content/themes/peliscueva/js/bct-public.js

188.114.97.1

23 kB

URL
pobretv.cab/wp-content/themes/peliscueva/js/bct-public.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42384), with no line terminators
Size
23 kB (23055 bytes)
Hash
3d748711644d7e905bd4d7b8050557ad
2b8e649fc3ef173900ba529142cf6100e9c511aa
4aeb4dd79b6790b7cc479ec2e76db4151eaa0f0aad05ddb7f9884b0a5e14fcd3

HTTP Headers

GET /wp-content/themes/peliscueva/js/bct-public.js HTTP/1.1
Host: pobretv.cab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pobretv.cab/filme/leo-C10757942
Cookie: PHPSESSID=knku9e244f6cbusc6gh62u8sdl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:06 GMT
content-type: application/x-javascript
cache-control: public, max-age=43200
expires: Thu, 23 Nov 2023 23:18:26 GMT
etag: W/"a590-6384dd42-1416e6;gz"
last-modified: Mon, 28 Nov 2022 16:09:38 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJz36HdlARRa1oAyjaIj8PQzkLfTdGu84ld1%2FlPQ1H12UEtzJzgyqFd6zdqg6Xs5jrGVidlhreN4CEGZ74fSHGCzCjFvn9SzhPSnl6%2BB%2FjuOUbT59S9OyV3U4sf5gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21d1f914b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 316838
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 320620
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d

192.243.59.20

1.3 kB

URL
www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (408)
Size
1.3 kB (1333 bytes)
Hash
52e42cc8b324d720979d9e1fe52f2104
0f2cdb18731a7e7c8ea03fe63b249be308ced803
a985f52b1c42b3e5241dea8d5f6748ccd1f0171365310adf619b595eed3389aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 22:09:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19854905; expires=Mon, 04 Dec 2023 22:09:13 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; expires=Sun, 03 Dec 2023 22:10:13 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a86d53c882bd0462ad1e3ac2bab32ae1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdnstatic.stonecarv.top/ps/tb?id=zKByXHsQK0ydGD7DogbGyA&sm=allow-button&sub_id=16122660&click_id=c5cb5h9ikb4k29l3a6&nrid=b175fc2203e759f4a512f5646e139ccf&reason=tb_exit&attempt=2

172.67.154.38

169 B

URL
cdnstatic.stonecarv.top/ps/tb?id=zKByXHsQK0ydGD7DogbGyA&sm=allow-button&sub_id=16122660&click_id=c5cb5h9ikb4k29l3a6&nrid=b175fc2203e759f4a512f5646e139ccf&reason=tb_exit&attempt=2
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
d4104832ff18ef8205fd59e3c834ea05
8aa2df5da3e309988c42cd7086e58d13b94c3383
9c3e771c25e43845931dbd1a924081edcb5a3b9addc85e73212fbf568d082fd2

HTTP Headers

GET /ps/tb?id=zKByXHsQK0ydGD7DogbGyA&sm=allow-button&sub_id=16122660&click_id=c5cb5h9ikb4k29l3a6&nrid=b175fc2203e759f4a512f5646e139ccf&reason=tb_exit&attempt=2 HTTP/1.1
Host: cdnstatic.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Cookie: __psu=14fc37bd-8aa5-4c69-a065-513b5ef95aac
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:09:12 GMT
content-type: text/html
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxrGw1gl2QXrB28MfHH3FJ4bnENatY7HRtbP%2FQYmhhcvH4%2Fo5og%2FQAXt6Ng5mDbGHn6rSs0%2B5NiLiyhzXa2koTPnIqPAguKGleQQvuaw2z2RpIDGemGNrLnH6kBj8QhilrWTON3a3fYxlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff21f42c5c0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
635ff90833a493ed2c5f086f31d24851
e492aaea87cf64ee9e5f5b60f5641d34639eea77
0874c8b481431f13d009f27bd0092d14b1859dab41c56bd7998c29f5c9659b98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 22:09:14 GMT
Last-Modified: Sun, 03 Dec 2023 21:35:51 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SYWY3GbgRNsAHxJYYIXpEC7GSOHd4P3xJ_eIQFPvWaEzTlxAbEGIOA==
Age: 2003

clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

3.127.180.170

200 OK

3.6 kB

URL User Request POST HTTP/2
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Size
3.6 kB (3610 bytes)
Hash
dffa9bac5be3f386079d2028d8264f59
e264575195c6ca302170a308b3da31f924b6d60c
43ffd816104a86bae1d1e75330e61c304463fcf25e6bdb5086c34a944b1e4c68

HTTP Headers

GET /click?p=225780&a=3238748&epi=TerraD HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shop.bigbasketshop.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:09:14 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 3610
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

vht.tradedoubler.com/fp/fpjs.js

54.230.111.48

7.7 kB

URL
vht.tradedoubler.com/fp/fpjs.js
IP
54.230.111.48:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (19960)
Size
7.7 kB (7718 bytes)
Hash
e967d9e86ec8ff44db0e24766ced642f
bd488430b8b4283eb82afda802a075cf841c29d3
040dff2a9b3d08a4654dec367d93f2b994a8ea0e573950d5561c0022af4a3c3a

HTTP Headers

GET /fp/fpjs.js HTTP/1.1
Host: vht.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7718
Connection: keep-alive
Date: Sat, 02 Dec 2023 03:49:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 09 Oct 2023 08:54:59 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fehiylLkQlgOCsbSzEcvm2Jj0XRPXJfwp_0nxZpcLvt18s1R1tFw-Q==
Age: 152412
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff

clk.tradedoubler.com/favicon.ico

3.127.180.170

404 Not Found

193 B

URL GET HTTP/2
clk.tradedoubler.com/favicon.ico
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Requested by
https://clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
523cbcb278f348bbe64563fe4cc9f435
5a436481b66ccb6dff53c5e1a14c08ef0b4a8e4b
37b6ca25983f4126bd10c135684bc8f421c8b48a5bdb75b5ad69c849035a84f4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sun, 03 Dec 2023 22:09:14 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 193
X-Firefox-Spdy: h2

clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

3.127.180.170

200 OK

150 B

URL User Request POST HTTP/2
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
150 B (150 bytes)
Hash
dc03e2e45f5c0d5e02f319e7f1e957cf
47725bedccb4c387bfc904021658cc7b343927ab
f064d039c1745fafca89f95ad9748a95b6ed51a78270b7feee25e968faef36b7

HTTP Headers

POST /click?p=225780&a=3238748&epi=TerraD HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 90
Origin: https://clk.tradedoubler.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:09:15 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 150
set-cookie: GUID=1z11zz14NzeHYEqza0ba7c452a4547223b37d4c49c415e61;expires=Mon, 02-Dec-2024 22:09:15 GMT;path=/;domain=.tradedoubler.com
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

clk.tradedoubler.com/favicon.ico

3.127.180.170

404 Not Found

193 B

URL GET HTTP/2
clk.tradedoubler.com/favicon.ico
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Requested by
https://clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
523cbcb278f348bbe64563fe4cc9f435
5a436481b66ccb6dff53c5e1a14c08ef0b4a8e4b
37b6ca25983f4126bd10c135684bc8f421c8b48a5bdb75b5ad69c849035a84f4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Cookie: GUID=1z11zz14NzeHYEqza0ba7c452a4547223b37d4c49c415e61
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sun, 03 Dec 2023 22:09:15 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 193
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (38)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP