Report - matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/

Report Overview

Visited public
2023-12-03 21:18:55
Tags
URL
matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Finishing URL
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP / ASN
185.77.97.181
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.
Title
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	2.2 kB	74 kB	142.250.74.131
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-03 18:40:38	426 B	30 kB	104.21.234.32
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-02 11:47:04	926 B	601 B	192.64.81.118
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-03 07:56:40	928 B	22 kB	142.250.74.35
curryoxygencheaper.com	unknown	2023-11-28	2023-11-28 10:22:05	2023-11-30 20:15:22	3.2 kB	6.0 kB	173.233.137.44
crevicedepressingpumpkin.com	unknown	2020-09-24	2020-09-24 12:40:16	2023-11-12 08:24:38	460 B	25 kB	192.243.61.225
cdn.ampproject.org	329	2015-08-31	2015-10-09 06:27:01	2023-12-03 05:30:26	428 B	9.2 kB	172.217.21.161
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-03 11:12:04	700 B	1.9 kB	54.230.218.11
vvfal.stonecarv.top	unknown	unknown	No data	No data	2.6 kB	28 kB	172.67.154.38
vht.tradedoubler.com	99799	1999-10-10	2014-10-10 10:20:39	2023-12-03 13:54:47	421 B	8.4 kB	54.230.111.94
shop.bigbasketshop.com	unknown	2013-11-21	2023-09-20 16:46:16	2023-12-03 07:57:56	549 B	1.1 kB	172.67.218.148
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	1.8 kB	234 kB	142.250.74.168
bakertangiblebehaved.com	unknown	unknown	No data	No data	3.2 kB	107 kB	173.233.137.36
matshortener.xyz	unknown	2019-07-06	2019-07-07 12:59:32	2023-10-22 01:32:05	14 kB	260 kB	185.77.97.181
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-12-03 08:25:07	2.1 kB	874 B	216.239.34.36
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	962 B	722 B	18.184.210.76
treasonemphasis.com	unknown	2023-11-28	2023-11-28 12:58:17	2023-12-03 15:11:26	3.2 kB	4.7 kB	173.233.137.36
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-03 13:59:03	2.5 kB	4.4 kB	173.233.137.52
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-12-02 05:14:39	1.8 kB	991 B	192.243.61.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	1.1 kB	4.5 kB	142.250.74.42
archaicin.com	unknown	2023-11-28	2023-11-28 15:15:37	2023-12-01 17:33:09	3.1 kB	9.8 kB	173.233.137.36
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-12-03 05:47:50	608 B	1.0 kB	172.67.205.133
cdnstatic.stonecarv.top	unknown	unknown	No data	No data	1.2 kB	25 kB	172.67.154.38
a.stonecarv.top	unknown	unknown	No data	No data	3.1 kB	51 kB	172.67.154.38
clk.tradedoubler.com	65246	1999-10-10	2012-05-21 15:21:02	2023-12-02 17:58:35	1.7 kB	4.8 kB	3.127.180.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 21:18:46	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	treasonemphasis.com	Sinkholed
2023-12-03	medium	curryoxygencheaper.com	Sinkholed
2023-12-03	medium	bakertangiblebehaved.com	Sinkholed
2023-12-03	medium	treasonemphasis.com	Sinkholed
2023-12-03	medium	curryoxygencheaper.com	Sinkholed
2023-12-03	medium	archaicin.com	Sinkholed
2023-12-03	medium	archaicin.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	archaicin.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

		Size	First Seen	Last Seen
	#1 Eval - 6d2edc646943c68040e930ede309495f	471 B	2023-12-03 22:19	2024-08-20 16:54
Pretty Observations First Seen2023-12-03 22:19 Last Seen2024-08-20 16:54 Times Seen2 Hash 6d2edc646943c68040e930ede309495f 2294b70c0bdfc81bd46f2f0ce91430f563beace3 9064487a04a93425c2dfc23d80a60cd4aeeaab6d21325c34d7dd87d3997d6a7b Loading...

	#2 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

		Size	First Seen	Last Seen
	#1 Write - d11c965ad2ac1069536741693442403f	116 B	2023-12-03 22:19	2024-08-20 16:54
Pretty Observations First Seen2023-12-03 22:19 Last Seen2024-08-20 16:54 Times Seen4 Hash d11c965ad2ac1069536741693442403f 597280fb86e682cd231a216bbdfd46bfea4095df 4c3277872b43b5d72f8fd476b658199e173280f50874552e81ad3b8ef0a2d466 Loading...

	#2 Write - ab81947862f5f5caa549bea7a96741b3	116 B	2023-12-03 22:19	2024-08-20 16:54
Pretty Observations First Seen2023-12-03 22:19 Last Seen2024-08-20 16:54 Times Seen3 Hash ab81947862f5f5caa549bea7a96741b3 3a2c305dcbd7ddcf4762d41f66917901d3bfe6d6 57f5180ef602c98bf18a621e136624c0b59522375b11dad1bfe9808ff9c0ed6a Loading...

HTTP Transactions (80)

URL IP Response Size

matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/

185.77.97.181

41 kB

URL
matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19943), with CRLF, LF line terminators
Size
41 kB (41147 bytes)
Hash
0c1c6d885e4a5cc6ebae5d9db5317088
1d9c484b8e128e2dbe83c1c9bedc02dd0707e38d
1342633dd574c88e189f36ed1b94c82feeb7eae9d19804bf5c46946191bfdad5

HTTP Headers

GET /nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/ HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:37 GMT
content-type: text/html; charset=UTF-8
content-length: 41147
x-powered-by: PHP/7.4.33
x-pingback: https://matshortener.xyz/xmlrpc.php
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://matshortener.xyz/wp-json/>; rel="https://api.w.org/", <https://matshortener.xyz/wp-json/wp/v2/posts/3062>; rel="alternate"; type="application/json", <https://matshortener.xyz/?p=3062>; rel=shortlink
etag: "50710-1701630011;br"
x-litespeed-cache: hit
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 40729f5d3668a9706a2139903ed9bbda-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.559
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/js/nav.js?ver=1697166435

185.77.97.181

2.2 kB

URL
matshortener.xyz/wp-content/themes/incolor/js/nav.js?ver=1697166435
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with CRLF line terminators
Size
2.2 kB (2205 bytes)
Hash
0133febd7b73b55f693f91eb81a495f6
10ed53f66c469cb4b5b8d68aedb43a6e940cc365
bcd1fc77d1d8787ac24a9383e483152dc4c59dbe2367e6081029b5158e44a065

HTTP Headers

GET /wp-content/themes/incolor/js/nav.js?ver=1697166435 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:37 GMT
content-type: application/x-javascript
content-length: 2205
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:08:13 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "2393-6528b463-239edfcb6b6efbad;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 624
x-hcdn-request-id: 8c8974353ae02b1e67e01727ff3a59ad-fast-edge3
x-hcdn-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-auto-ads-0.1.js

172.217.21.161

7.6 kB

URL
cdn.ampproject.org/v0/amp-auto-ads-0.1.js
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (24943)
Size
7.6 kB (7563 bytes)
Hash
a11532f8623e7e0c505c835aa66edf26
a2c4f8bbd44fff3cdadf954a723e4478c5f8b772
ee68598e4bdebf85ba8642baae946c975c28e5a85d16856b4fb9eadb2672ba53

HTTP Headers

GET /v0/amp-auto-ads-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 7563
date: Sun, 03 Dec 2023 21:18:37 GMT
expires: Sun, 03 Dec 2023 21:18:37 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "85d24ee2caa4b4d4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-T01GWM97WV

142.250.74.168

93 kB

URL
www.googletagmanager.com/gtag/js?id=G-T01GWM97WV
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5955)
Size
93 kB (93138 bytes)
Hash
f94584765d12c35f8398f2ccbb8a3bd1
699cae40233c4c1625721b12638dfeed3482616c
a36e3a512df51dbfa54389be99fac2c8dd65af2a4d2f8d7cbdcc7b0d99a6d496

HTTP Headers

GET /gtag/js?id=G-T01GWM97WV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 21:18:37 GMT
expires: Sun, 03 Dec 2023 21:18:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93138
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-96236159-2

142.250.74.168

69 kB

URL
www.googletagmanager.com/gtag/js?id=UA-96236159-2
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4179)
Size
69 kB (69065 bytes)
Hash
30c20450c47be478ddca66c1d24efce9
828f3b758dc2868b98fc6228aff9d27f42bbd3b2
e8c7b2f10b5ab6b23e70f2fa8214beaa02d72bf527fdc18f8eb470f0a7570e9c

HTTP Headers

GET /gtag/js?id=UA-96236159-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 21:18:37 GMT
expires: Sun, 03 Dec 2023 21:18:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69065
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

matshortener.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1

185.77.97.181

13 kB

URL
matshortener.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (57084)
Size
13 kB (13320 bytes)
Hash
99ab466e0866c823ae5db517d59cebd1
5595a586cbd42b31377681b9d35293278d75d336
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/css
content-length: 13320
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Thu, 09 Nov 2023 04:42:11 GMT
etag: "1add3-654c6323-3065f365597afb7d;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 95f85a37ef87131a9e269d8b551e6e7a-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.554
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/style.css?ver=6.4.1

185.77.97.181

14 kB

URL
matshortener.xyz/wp-content/themes/incolor/style.css?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
HTML document, ASCII text, with very long lines (485), with CRLF line terminators
Size
14 kB (13573 bytes)
Hash
7477bb3eb7e55cefa04dad5840096bd2
76d99da4bf9854b4615aa4f164dae4508ebf48ff
954bf83d7bb774736f3052c5a961d118f58024d64afadef5319157bfb9417d91

HTTP Headers

GET /wp-content/themes/incolor/style.css?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/css
content-length: 13573
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "13b9c-6528b463-d5a31fc1c2ca2bd8;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: adf3871958f9b18bd309f31e09feb060-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.559
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.2.6

185.77.97.181

3.4 kB

URL
matshortener.xyz/wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.2.6
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (29468)
Size
3.4 kB (3420 bytes)
Hash
34a754a30d0bce2f99794dd0d892e69c
3a88f7e922509694b9850c164b5e99a5b0ee6c03
316a308f7f072efd9044e2bad379035a4e5f1d27ff9fece18bf829162aea0e50

HTTP Headers

GET /wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.2.6 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/css
content-length: 3420
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 10 Nov 2023 15:52:54 GMT
etag: "731d-654e51d6-51d358b31a8fa282;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 8c006ebc7d3403fcc6ee51681cf45486-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.567
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/code-snippet-dm/public/css/main.min.css?ver=2.0.3

185.77.97.181

1.9 kB

URL
matshortener.xyz/wp-content/plugins/code-snippet-dm/public/css/main.min.css?ver=2.0.3
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (10722)
Size
1.9 kB (1931 bytes)
Hash
0899e2d3903d7c72d3ea5b25106c02f3
4ec0230b97b4d81b8e969ff5779b71dc2acfa61f
6dc038e2fc9dd8b994415d2b1eada4137b78dfe6f77aae1f9b4971738e619c5c

HTTP Headers

GET /wp-content/plugins/code-snippet-dm/public/css/main.min.css?ver=2.0.3 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/css
content-length: 1931
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 17 Nov 2023 07:51:26 GMT
etag: "2a0b-65571b7e-3a4a3cb78228bb8a;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 05ebdc0c004302350fd09c52dccb9a56-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.567
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/wp-dark-mode/assets/js/frontend.min.js?ver=4.2.6

185.77.97.181

1.3 kB

URL
matshortener.xyz/wp-content/plugins/wp-dark-mode/assets/js/frontend.min.js?ver=4.2.6
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (4989), with no line terminators
Size
1.3 kB (1287 bytes)
Hash
e6eb9d830e59ea5d2ccf630d80e748c4
fd402372efb9adeb232049f9115529e33f7dbf57
95c212910ebf54b89de652fda2a870facc0e7c9b0b9bc0975fe399df1d1087de

HTTP Headers

GET /wp-content/plugins/wp-dark-mode/assets/js/frontend.min.js?ver=4.2.6 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 1287
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 10 Nov 2023 15:52:54 GMT
etag: "137d-654e51d6-b5660aca3997e082;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 1a2a185a468ab375adf8432548adf251-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.557
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.22.0

185.77.97.181

3.0 kB

URL
matshortener.xyz/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.22.0
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (1392)
Size
3.0 kB (3028 bytes)
Hash
9593c634b81c031342cbe0fa03903d47
dd68ee9d73731b22fb7252f66be8bea5d17227c7
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a

HTTP Headers

GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.22.0 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 3028
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Wed, 29 Nov 2023 16:19:11 GMT
etag: "2da9-6567647f-5a26265d3e66d295;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 317fce03aae1c4e9802ec1c7256c456b-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.560
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/responsive.css?ver=6.4.1

185.77.97.181

1.6 kB

URL
matshortener.xyz/wp-content/themes/incolor/responsive.css?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1560 bytes)
Hash
72f2003039de70da126e23e53aaffee4
0f52f534b8c3a5e0fb75718bdb9fe6f29ac57c72
60beae1a1e8ca88e4bc62c2a0774c94b97963b96a4ba7a9bad4c53032a1b78bd

HTTP Headers

GET /wp-content/themes/incolor/responsive.css?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/css
content-length: 1560
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "1c84-6528b463-fc7521d8ced9651b;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 92ff4ceda9d50a8c0505965e77f7d3c9-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.569
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=3.1.7

185.77.97.181

6.1 kB

URL
matshortener.xyz/wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=3.1.7
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
HTML document, ASCII text, with very long lines (18811), with no line terminators
Size
6.1 kB (6138 bytes)
Hash
ff6d879d8afbedf4fa598132e11e44f3
e12e900a10ae5035ecaaad92e69ae24cdbb9aa4b
21887c5b83211b384496919a3ede8fc99cd6d6bab068bd714b00eb05cec0c056

HTTP Headers

GET /wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=3.1.7 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 6138
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 17 Nov 2023 06:25:15 GMT
etag: "497b-6557074b-34e2564f5ae7464;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 2ee573d5e9d571f3884cac018cc29252-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.562
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Fira+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.42

1.9 kB

URL
fonts.googleapis.com/css2?family=Fira+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
1.9 kB (1948 bytes)
Hash
b342e0f71a6e07a396b345a7eaca7ddd
8e766b7bba6a1e67aa8ca093168b214c6fb21f2c
f125a842481514f93b3c8bf0a5a7347ba7dc7348497499fe42453177ef3b611a

HTTP Headers

GET /css2?family=Fira+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 21:18:37 GMT
date: Sun, 03 Dec 2023 21:18:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

matshortener.xyz/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

185.77.97.181

4.7 kB

URL
matshortener.xyz/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (13479)
Size
4.7 kB (4671 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 4671
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 20:51:20 GMT
etag: "3509-6529adc8-7504735dac13db5f;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 5845d63dd0cd1ac820c6c720e4d3a9c0-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.556
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/js/slick.min.js?ver=6.4.1

185.77.97.181

10 kB

URL
matshortener.xyz/wp-content/themes/incolor/js/slick.min.js?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (32026), with CRLF line terminators
Size
10 kB (10506 bytes)
Hash
04f7e97a54f61407f230196b17a3b5c8
e3d1d3bdc40c2e3788e2b83b1cf70084e330eaa3
254d80a49d0c9fced2fd0c272e7b868ca726df8189dc9c5735c56a33e7853dfc

HTTP Headers

GET /wp-content/themes/incolor/js/slick.min.js?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 10506
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "ab7a-6528b463-76f6e0e60277b945;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 8f6d02c533f19773d4edd42aae469a10-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.556
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/js/jquery.fitvids.js?ver=6.4.1

185.77.97.181

1.1 kB

URL
matshortener.xyz/wp-content/themes/incolor/js/jquery.fitvids.js?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.1 kB (1132 bytes)
Hash
6e0892565e2b1daaa774e779447293ae
e195dcaa1ad9b1aa1fb73e835426bc9ece4790f1
9c29ff6cb8ebb7a83af704c02a235b37fd77ce8cc48d87aaef2bfd9727fbd166

HTTP Headers

GET /wp-content/themes/incolor/js/jquery.fitvids.js?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 1132
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "ce7-6528b463-b8832da20de87a97;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: afab71053e5b573b2bfaf7e098d9349c-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.560
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/code-snippet-dm-public.js?ver=2.0.3

185.77.97.181

495 B

URL
matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/code-snippet-dm-public.js?ver=2.0.3
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text
Size
495 B (495 bytes)
Hash
c13dc99b8e113875b8ad097b161ed030
39018c46e450db0d6edff411b94701791832933f
02263fd2d872f9c8f1d6175ab98265268e1847ea51cf08d0d87d0d2740c970cf

HTTP Headers

GET /wp-content/plugins/code-snippet-dm/public/js/code-snippet-dm-public.js?ver=2.0.3 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 495
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 17 Nov 2023 07:51:26 GMT
etag: "5be-65571b7e-14b3d5a855d2499;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 9ad86ef370a3769fd1e242d0adf67fa2-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.564
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/manually-start-prism.js?ver=2.0.3

185.77.97.181

178 B

URL
matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/manually-start-prism.js?ver=2.0.3
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd6d7e5027f81f2261cf22a0ade5ef53
38406ada9ecc3970a41edfeb6a947a688dfc1ee1
0e44762101e93d560d481cee2f5b320dc3f71391acf54136c40b982497a94f6d

HTTP Headers

GET /wp-content/plugins/code-snippet-dm/public/js/manually-start-prism.js?ver=2.0.3 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 178
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 17 Nov 2023 07:51:26 GMT
etag: "13f-65571b7e-69cf27982099e7eb;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 800fa89948b3325574055b4de30d6211-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.566
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/js/scripts.js?ver=6.4.1

185.77.97.181

1.9 kB

URL
matshortener.xyz/wp-content/themes/incolor/js/scripts.js?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1865 bytes)
Hash
8738f93e3e2537d3bff9dec24eca0a71
d842da13ec10368b430d0731613f0592a4a24e58
34f19cc9375127e9ead4eab4303199201eecd6853762170485e11975e6b3fe7d

HTTP Headers

GET /wp-content/themes/incolor/js/scripts.js?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 1865
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "1848-6528b463-6286617c1d021aa9;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: f7e31ab5a2ff1bbeac435becc29537c8-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.564
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/clipboardv201.min.js?ver=2.0.3

185.77.97.181

3.0 kB

URL
matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/clipboardv201.min.js?ver=2.0.3
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
Unicode text, UTF-8 text, with very long lines (8941), with CRLF line terminators
Size
3.0 kB (3008 bytes)
Hash
776662dc1ffe9e448e749a7a5863bdca
324645cc99411a4a150894ffab45a6ba26685824
1757235e02a869302c404e4fc1257c96ed8abf468d9635ffb2e17d053d72424a

HTTP Headers

GET /wp-content/plugins/code-snippet-dm/public/js/clipboardv201.min.js?ver=2.0.3 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 3008
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 17 Nov 2023 07:51:26 GMT
etag: "2352-65571b7e-e47cfda04e7b7987;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 8c9baeeb08e37195ca717d79c0ff9ec8-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.571
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/prism.js?ver=2.0.3

185.77.97.181

16 kB

URL
matshortener.xyz/wp-content/plugins/code-snippet-dm/public/js/prism.js?ver=2.0.3
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (7422)
Size
16 kB (15642 bytes)
Hash
c76ec4c2c11241f16a1dd7cd1e5f65b5
02b33f4fbd8bf40ebe87a17feda851d110dbe9a6
e754011a74dab74662f1741504f6fb8aae60d143b50bbe43c02e9446d313468a

HTTP Headers

GET /wp-content/plugins/code-snippet-dm/public/js/prism.js?ver=2.0.3 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 15642
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 17 Nov 2023 07:51:26 GMT
etag: "b11c-65571b7e-ae2a9578b51829d9;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: e18ec678250fa8ac2109e1a87f852cbe-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.572
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-includes/js/comment-reply.min.js?ver=6.4.1

185.77.97.181

1.2 kB

URL
matshortener.xyz/wp-includes/js/comment-reply.min.js?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (2946)
Size
1.2 kB (1229 bytes)
Hash
492f2c1a7ea7eb83fe42e0ff7cb51aa2
db36a77f6aaa2063bfbec02c2c0e967438c5a245
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

HTTP Headers

GET /wp-includes/js/comment-reply.min.js?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 1229
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 20:51:19 GMT
etag: "ba5-6529adc7-94d8778e4a838abe;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 735166368275a7b27fddab35784b30f5-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.569
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

185.77.97.181

10 kB

URL
matshortener.xyz/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
10 kB (10218 bytes)
Hash
558ced41818158100b2bfc25c132d9db
e0ce1393b344b00e2f465ff992e5c822995d92e7
e968713d9cbe14d0cc766b36545da3681a4008aa242559b66e71d0047596d288

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: image/webp
content-length: 10218
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
x-hcdn-image-optimizer: f:webp q:70 w:1600
x-hcdn-request-id: 2683681150ea5717741ce8408aa37e99-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.669
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.2.6

185.77.97.181

19 kB

URL
matshortener.xyz/wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.2.6
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (31976)
Size
19 kB (18893 bytes)
Hash
e35012a903a999d437749f5de8539b2c
5e543d99ebdb1f8ee0c5cba4f599dbdc93026aa4
d230fa6c14bf1f2df177f38c46f0d091f90ea57753e36e035616a381bd43a2db

HTTP Headers

GET /wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.2.6 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 18893
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 10 Nov 2023 15:52:54 GMT
etag: "ee60-654e51d6-918378bbdb6d67e5;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: ac73ada886ad058acd0e8059cd6bf0a8-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.558
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/themes/incolor/fonts/all.min.css?ver=6.4.1

185.77.97.181

22 kB

URL
matshortener.xyz/wp-content/themes/incolor/fonts/all.min.css?ver=6.4.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (52276)
Size
22 kB (21583 bytes)
Hash
3ea504b0a29956803d501ff3359af394
cefeac7cfae575b5f247940d1069da3241684875
3dc0bc2b534e4bde8b4eba93fe618d4c13250708d8236979ea7a1aed051b4a35

HTTP Headers

GET /wp-content/themes/incolor/fonts/all.min.css?ver=6.4.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/css
content-length: 21583
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Fri, 13 Oct 2023 03:07:15 GMT
etag: "18e59-6528b463-f691011a997352fb;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: ddaf1133bc3410972dfeee0ce01919b8-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.566
accept-ranges: bytes
X-Firefox-Spdy: h2

matshortener.xyz/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

185.77.97.181

30 kB

URL
matshortener.xyz/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (65447)
Size
30 kB (29531 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: application/x-javascript
content-length: 29531
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
last-modified: Thu, 09 Nov 2023 04:42:11 GMT
etag: "15601-654c6323-22b3b7cccab003ea;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: e6520c11d69f3281346fbb39b609139d-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.569
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-96236159-2&l=dataLayer&cx=c

142.250.74.168

68 kB

URL
www.googletagmanager.com/gtag/js?id=UA-96236159-2&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4179)
Size
68 kB (68228 bytes)
Hash
b7672dcbc0e2474bd9e6c25568969c40
843038cdeccd03830d9adc46cf020e598f64db33
3984eacf506fd8248348cd4bddbc9466b5992b95018de3753f4113a8a9f33744

HTTP Headers

GET /gtag/js?id=UA-96236159-2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 21:18:38 GMT
expires: Sun, 03 Dec 2023 21:18:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68228
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-8ZJYMV7NR4&l=dataLayer&cx=c

142.250.74.168

1.6 kB

URL
www.googletagmanager.com/gtag/js?id=G-8ZJYMV7NR4&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1609 bytes)
Hash
4ac1abbb376543dab40a93a710a3f687
4cae3845ca766e904dde43e2d4aa152f6f86e02c
d47c61721756f415890e1ae0cffd86d522b620a09feab4a87c975ce5c889d8ff

HTTP Headers

GET /gtag/js?id=G-8ZJYMV7NR4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 21:18:38 GMT
content-type: text/html; charset=UTF-8
server: Google Tag Manager
content-length: 1609
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

crevicedepressingpumpkin.com/6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js

192.243.61.225

24 kB

URL
crevicedepressingpumpkin.com/6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23939 bytes)
Hash
76da345573b6958f03d2cfa35e66cb5d
b40ed64aa5920332ddea6be60ffa5b32c7bf5d16
8e44f64bf9a81a5d5efd6565708377bab9a3e89897224ecdf90107ee50826908

HTTP Headers

GET /6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js HTTP/1.1
Host: crevicedepressingpumpkin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20f95a9f009dabc5216ff306d0a79251
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

bakertangiblebehaved.com/6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js

173.233.137.36

24 kB

URL
bakertangiblebehaved.com/6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23943 bytes)
Hash
6130ff3a930d8e5754e7895b0c06c307
0db2bbebbd3e061036f35db25914d1de86baa9c0
6abeeb74c2ce139c90c4a34d52b51f9d6bc84a47dd70168998845a0106bbf6a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a186c28c526a770efece627ebae80c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:52:12 GMT
expires: Thu, 28 Nov 2024 21:52:12 GMT
cache-control: public, max-age=31536000
age: 343587
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.131

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:31 GMT
expires: Fri, 29 Nov 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 317588
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js

173.233.137.36

11 kB

URL
bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29604), with no line terminators
Size
11 kB (10907 bytes)
Hash
90ac1adba14f657c6eed3121f5ed5387
3226a1f1222beb00d780d81ec775a1ce2a2ccf1b
8bc155a7735f8afa6915345699f27e92e90590403d7915c71f40b476a0f711eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f8397e4bf5afba070b5b67912826af5a/invoke.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be877b1ce0277dadde794b078b55018d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 23:43:03 GMT
expires: Tue, 26 Nov 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 509736
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-T01GWM97WV&gtm=45je3bt0v9100384128&_p=1701638323139&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZGIzZG&cid=197131596.1701638324&ul=en-us&sr=1280x1024&_s=1&sid=1701638323&sct=1&seg=0&dl=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&dt=NUEVO%20SCRIPT%20ACTUALIZADO%20DE%20PET%20SIMULATOR%2099%20%5BACTUALIZADO%5D%20%7C%20AUTO%20FARM%2C%20AUTO%20EGG%2C%20TELEPORT%20Y%20M%C3%81S!%20%E2%80%93%20RinconDeVideojuegos&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1553

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-T01GWM97WV&gtm=45je3bt0v9100384128&_p=1701638323139&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZGIzZG&cid=197131596.1701638324&ul=en-us&sr=1280x1024&_s=1&sid=1701638323&sct=1&seg=0&dl=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&dt=NUEVO%20SCRIPT%20ACTUALIZADO%20DE%20PET%20SIMULATOR%2099%20%5BACTUALIZADO%5D%20%7C%20AUTO%20FARM%2C%20AUTO%20EGG%2C%20TELEPORT%20Y%20M%C3%81S!%20%E2%80%93%20RinconDeVideojuegos&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1553
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-T01GWM97WV&gtm=45je3bt0v9100384128&_p=1701638323139&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZGIzZG&cid=197131596.1701638324&ul=en-us&sr=1280x1024&_s=1&sid=1701638323&sct=1&seg=0&dl=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&dt=NUEVO%20SCRIPT%20ACTUALIZADO%20DE%20PET%20SIMULATOR%2099%20%5BACTUALIZADO%5D%20%7C%20AUTO%20FARM%2C%20AUTO%20EGG%2C%20TELEPORT%20Y%20M%C3%81S!%20%E2%80%93%20RinconDeVideojuegos&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1553 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://matshortener.xyz
date: Sun, 03 Dec 2023 21:18:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

matshortener.xyz/wp-content/uploads/2023/12/PETSIM99-740x416.png

185.77.97.181

40 kB

URL
matshortener.xyz/wp-content/uploads/2023/12/PETSIM99-740x416.png
IP
185.77.97.181:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
40 kB (40148 bytes)
Hash
72d13dfb341ca98f4322f07b91cefe91
1813c427f5d174dc014c249c1cfc337514a494b7
923019540267525918a55573247bc138f94719b7f793d9b98ed9e40c8c79d6ca

HTTP Headers

GET /wp-content/uploads/2023/12/PETSIM99-740x416.png HTTP/1.1
Host: matshortener.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Sun, 03 Dec 2023 21:18:39 GMT
content-type: image/webp
content-length: 40148
cache-control: public, max-age=31557600
expires: Tue, 03 Dec 2024 03:18:38 GMT
x-hcdn-image-optimizer: f:webp q:70 w:1600
x-hcdn-request-id: 9ef5a8ef512ecf2944dbc09b74ad2f4d-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 1.407
accept-ranges: bytes
X-Firefox-Spdy: h2

bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js

173.233.137.36

11 kB

URL
bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Size
11 kB (10912 bytes)
Hash
2ef6574313c6d9f09f07feada774ab21
ff8b6bb8fb8759a645b26d0e9b55f08c20417bb5
d37ac1ba0a6e2f285b3721a2ea8ea31d4bc6b6802397aec61ec38c8f2d5404c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f8397e4bf5afba070b5b67912826af5a/invoke.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 07c897c010d547efb59be890c045a0d8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 21:18:39 GMT
Last-Modified: Sun, 03 Dec 2023 20:18:57 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: a-ib14bvZyxepUYkopwP9BQvEUIhPLDXASn70kfhHIoEeoF_qyjs4Q==
Age: 3582

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
98bfc6e34479dd05656e0c8ae709e1fb
411d964092ca950c681f8706e5b9434d54cdf452
2a790cb50392a26bdae0f36f56c8138f46c5cd5b2a595b1033daedf02a1b6481

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:18:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://matshortener.xyz
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e10f092e-ac41-478d-ad99-bd34262f4ec1:3:1; expires=Wed, 30 Nov 2033 21:18:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
98bfc6e34479dd05656e0c8ae709e1fb
411d964092ca950c681f8706e5b9434d54cdf452
2a790cb50392a26bdae0f36f56c8138f46c5cd5b2a595b1033daedf02a1b6481

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Cookie: uid_id2=e10f092e-ac41-478d-ad99-bd34262f4ec1:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:18:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://matshortener.xyz
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

bakertangiblebehaved.com/6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js

173.233.137.36

24 kB

URL
bakertangiblebehaved.com/6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23933 bytes)
Hash
107b279c35844e9d01b30686acc0d6ce
feaf50af30015a8f611b2583113e125a106baca1
044f0c6bd83f281a064c39213eba2704f7d065e10908c315ea999fc4ac01d3f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6d/3c/e6/6d3ce64dc82ab5ef0688e0525ada09f9.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f976ec92a8a46e10c9201eb41bf7d440
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js

173.233.137.36

11 kB

URL
bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29586), with no line terminators
Size
11 kB (10905 bytes)
Hash
320edc663aca9417c667c2ba286ae4ee
cba2a8b9e141ae0d95c4cf5c27a2c6099db290b1
6e9739ed431cab514d6a5187a8bc2baeb1350f72ff67722f10908fed27b067ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f8397e4bf5afba070b5b67912826af5a/invoke.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f4a6ec5e919c2523dce64d58b7b00631
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js

173.233.137.36

11 kB

URL
bakertangiblebehaved.com/f8397e4bf5afba070b5b67912826af5a/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29628), with no line terminators
Size
11 kB (10913 bytes)
Hash
8f46aae1e84c398b56d94d7964fa9899
92508f1ed4a5dc9e6acece4d2c53be30f6e3f231
5cec8e043a40ab2413772741a674620b8ade74b2922fd83044f1fa53353d535c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f8397e4bf5afba070b5b67912826af5a/invoke.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 863aae7f69b4382b6ef9967b90a5e087
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

treasonemphasis.com/watch.802007970352.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1

173.233.137.36

0 B

URL
treasonemphasis.com/watch.802007970352.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.802007970352.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1 HTTP/1.1
Host: treasonemphasis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://matshortener.xyz
Access-Control-Allow-Origin: https://matshortener.xyz
Access-Control-Allow-Credentials: true
Location: https://treasonemphasis.com/watch.802007970352.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=bee3e68ad2e8da91b41a6b036824b7717806a796df5b441a422ec677e0177208ed2dba4c143d5c44d9af9ff92bedbe5ba0739e870abe517ef91c2ce1af01e1431e2ed22cad4350758fb60b8a643cdb90fa1221b0b46f0a209e55b0433bae31927e&pst=1701638379&rmtc=t
Set-Cookie: u_pl=15587023; expires=Mon, 04 Dec 2023 21:18:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU4NzAyMywiayI6ImY4Mzk3ZTRiZjVhZmJhMDcwYjViNjc5MTI4MjZhZjVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ0NjIwc2d2azFoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.v-IJSQS6Xi-DQ149W7SCHddLdxhLS2Rg_zgESeD9d04; expires=Sun, 03 Dec 2023 21:19:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a7c5f6c780b99c4a5a5a2943fb908c2
Strict-Transport-Security: max-age=0; includeSubdomains

curryoxygencheaper.com/watch.144613056051.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1

173.233.137.44

0 B

URL
curryoxygencheaper.com/watch.144613056051.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.144613056051.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1 HTTP/1.1
Host: curryoxygencheaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://matshortener.xyz
Access-Control-Allow-Origin: https://matshortener.xyz
Access-Control-Allow-Credentials: true
Location: https://curryoxygencheaper.com/watch.144613056051.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=1ab0428fdeb9aca7c5fbb3e02d20c58552647e19a93250da15f9fe15b4ba4ba0c9c83ffde8f903eeb4b414356f273723b3ca32f3627e7f1fb232d635905ecc0a6a951df77fdfd6b7fd8fca0ec32bf3d4db3ce24fd710b53c0b593c22f8856d&pst=1701638379&rmtc=t
Set-Cookie: u_pl=15587023; expires=Mon, 04 Dec 2023 21:18:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU4NzAyMywiayI6ImY4Mzk3ZTRiZjVhZmJhMDcwYjViNjc5MTI4MjZhZjVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ0NjIwc2d2azFoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.v-IJSQS6Xi-DQ149W7SCHddLdxhLS2Rg_zgESeD9d04; expires=Sun, 03 Dec 2023 21:19:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 202570117b345693194844dfad482631
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.gstatic.com/s/firasans/v17/va9B4kDNxMZdWfMOD5VnPKreRhf6.woff2

142.250.74.131

24 kB

URL
fonts.gstatic.com/s/firasans/v17/va9B4kDNxMZdWfMOD5VnPKreRhf6.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23620, version 1.0\012- data
Size
24 kB (23620 bytes)
Hash
6798f8f19d0631ef01d56a7ebed65f73
345e7a3f1b50ccd8569988f4c54d1994a8ab7a31
f8fb86afe5b79eaff2c4a5a44459de5444d04a7b395fd7bd627e70b95e5e5347

HTTP Headers

GET /s/firasans/v17/va9B4kDNxMZdWfMOD5VnPKreRhf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 21:16:45 GMT
expires: Wed, 27 Nov 2024 21:16:45 GMT
cache-control: public, max-age=31536000
age: 432114
last-modified: Tue, 02 May 2023 14:50:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bakertangiblebehaved.com/64b7aceffd358a09b102df804e73ffe6/invoke.js

173.233.137.36

11 kB

URL
bakertangiblebehaved.com/64b7aceffd358a09b102df804e73ffe6/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29617), with no line terminators
Size
11 kB (10937 bytes)
Hash
686b2b37ed53cfaa7d4e501bb359cc4a
7346ef8cfca9d4f4ef688002b07c7b73747112bf
eb1199f58201453079b6209bae745eba0d1eb9854a1bb1b1da407d2ca11b7062

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /64b7aceffd358a09b102df804e73ffe6/invoke.js HTTP/1.1
Host: bakertangiblebehaved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8aab389b0a3e0debe51befe837e81f4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.137.36

644 B

URL
treasonemphasis.com/watch.802007970352.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=bee3e68ad2e8da91b41a6b036824b7717806a796df5b441a422ec677e0177208ed2dba4c143d5c44d9af9ff92bedbe5ba0739e870abe517ef91c2ce1af01e1431e2ed22cad4350758fb60b8a643cdb90fa1221b0b46f0a209e55b0433bae31927e&pst=1701638379&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
644 B (644 bytes)
Hash
6749b23ed93a3ca6b07f837b36d150e7
d7ac99942fde2a0e3f2219666f0759eae91cf291
f9f39435fe35440ca340dc932b48c5f1a19fea9a094dea68bda88df39bfd47c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.802007970352.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=bee3e68ad2e8da91b41a6b036824b7717806a796df5b441a422ec677e0177208ed2dba4c143d5c44d9af9ff92bedbe5ba0739e870abe517ef91c2ce1af01e1431e2ed22cad4350758fb60b8a643cdb90fa1221b0b46f0a209e55b0433bae31927e&pst=1701638379&rmtc=t HTTP/1.1
Host: treasonemphasis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
Referer: https://matshortener.xyz/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15587023; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU4NzAyMywiayI6ImY4Mzk3ZTRiZjVhZmJhMDcwYjViNjc5MTI4MjZhZjVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ0NjIwc2d2azFoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.v-IJSQS6Xi-DQ149W7SCHddLdxhLS2Rg_zgESeD9d04
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://matshortener.xyz
Access-Control-Allow-Origin: https://matshortener.xyz
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e10f092e-ac41-478d-ad99-bd34262f4ec1:3:1; expires=Sun, 10 Dec 2023 21:18:39 GMT; secure; SameSite=None
iprc29f8c42394d685b7841ddce077e62743=2717343; expires=Mon, 04 Dec 2023 23:18:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 21:18:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 21:18:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 21:18:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 21:18:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 444a502aa85dc37f426f76651037d2a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.137.44

2.1 kB

URL
curryoxygencheaper.com/watch.144613056051.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=1ab0428fdeb9aca7c5fbb3e02d20c58552647e19a93250da15f9fe15b4ba4ba0c9c83ffde8f903eeb4b414356f273723b3ca32f3627e7f1fb232d635905ecc0a6a951df77fdfd6b7fd8fca0ec32bf3d4db3ce24fd710b53c0b593c22f8856d&pst=1701638379&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2550)
Size
2.1 kB (2060 bytes)
Hash
0c1a6196585df80e67c0a098f2cfeb45
aa9ac6976a9d1e03a80b78ac19ba8f6b92fcfd7f
cb900a94f551c8301b42a12c835fa3dd721a9f557d2deeb1a82d21b33c004924

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.144613056051.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=1ab0428fdeb9aca7c5fbb3e02d20c58552647e19a93250da15f9fe15b4ba4ba0c9c83ffde8f903eeb4b414356f273723b3ca32f3627e7f1fb232d635905ecc0a6a951df77fdfd6b7fd8fca0ec32bf3d4db3ce24fd710b53c0b593c22f8856d&pst=1701638379&rmtc=t HTTP/1.1
Host: curryoxygencheaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
Referer: https://matshortener.xyz/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15587023; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU4NzAyMywiayI6ImY4Mzk3ZTRiZjVhZmJhMDcwYjViNjc5MTI4MjZhZjVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ0NjIwc2d2azFoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.v-IJSQS6Xi-DQ149W7SCHddLdxhLS2Rg_zgESeD9d04
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://matshortener.xyz
Access-Control-Allow-Origin: https://matshortener.xyz
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e10f092e-ac41-478d-ad99-bd34262f4ec1:3:1; expires=Sun, 10 Dec 2023 21:18:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 35c08fb7fcdbe0aea2054dab4c87f5e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

archaicin.com/watch.268294522764.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1

173.233.137.36

0 B

URL
archaicin.com/watch.268294522764.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.268294522764.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1 HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://matshortener.xyz
Access-Control-Allow-Origin: https://matshortener.xyz
Access-Control-Allow-Credentials: true
Location: https://archaicin.com/watch.268294522764.js?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1&shu=afe7053e5788c3e0b128586f160107d05f43a6902483c067d9258a22f861f3e2dcc53bc1de4b0970ce35d765a2d70bb8e313cb1614d1ec6bf267b6415b954c125a8b45819f5a7101974d0d2e1b37e64a09bc798d57d1a8780b376a437bb047ee63&pst=1701638380&rmtc=t
Set-Cookie: u_pl=15587023; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU4NzAyMywiayI6ImY4Mzk3ZTRiZjVhZmJhMDcwYjViNjc5MTI4MjZhZjVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ0NjIwc2d2azFoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.v-IJSQS6Xi-DQ149W7SCHddLdxhLS2Rg_zgESeD9d04; expires=Sun, 03 Dec 2023 21:19:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bdf70ed7c71c55a147b47afa6b15b562
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.googleapis.com/css?family=Roboto%3A400%2C300italic%2C300%2C400italic%2C700&subset=latin%2Clatin-ext&ver=6.4.1

142.250.74.42

1.3 kB

URL
fonts.googleapis.com/css?family=Roboto%3A400%2C300italic%2C300%2C400italic%2C700&subset=latin%2Clatin-ext&ver=6.4.1
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
1.3 kB (1332 bytes)
Hash
3285423fffc1a12f57a4f6654e8dc09c
5a9e36fa0780147035e4adb42ee77f354f3496fe
a243a77f92f183aea6fc0edbd3afc71947ee7e91e926fdec2114ed846fc2e8f4

HTTP Headers

GET /css?family=Roboto%3A400%2C300italic%2C300%2C400italic%2C700&subset=latin%2Clatin-ext&ver=6.4.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 21:18:37 GMT
date: Sun, 03 Dec 2023 21:18:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.32

29 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
29 kB (28752 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0a41bd2e3d413049a6e300365e8df995
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 21:18:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WnDuihpxavHOsWzho81HatVfpYbFwrS5mGBbtL7xedhQkIUvZCeUlDZOfExFLH5I7xF9odlj7%2FshjMEys9aUqHoGaDcgoueUhUMQXzDcLG4iYFWRbyKSdRQ1MMDUxF2Jtmgirco%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7e989e04c82-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400

archaicin.com/watch.268294522764?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1

173.233.137.36

1.6 kB

URL
archaicin.com/watch.268294522764?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1372)
Size
1.6 kB (1622 bytes)
Hash
e6ff099c57775b92ecb7ed536098f076
4937928ef65e9f32e899fcf5c986750addb7d91d
701b87d87299c20e1a3882d6063b55c5c17fe7636a5cc644967f9011d0f34b8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.268294522764?key=f8397e4bf5afba070b5b67912826af5a&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1 HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=15587023; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU4NzAyMywiayI6ImY4Mzk3ZTRiZjVhZmJhMDcwYjViNjc5MTI4MjZhZjVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ0NjIwc2d2azFoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.v-IJSQS6Xi-DQ149W7SCHddLdxhLS2Rg_zgESeD9d04; expires=Sun, 03 Dec 2023 21:19:40 GMT; secure; SameSite=None
uid_id2=e10f092e-ac41-478d-ad99-bd34262f4ec1:3:1; expires=Sun, 10 Dec 2023 21:18:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d1453b16f8dce345f3a6d3cfca1fed64
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15587023

173.233.137.52

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15587023
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (476)
Size
1.4 kB (1390 bytes)
Hash
e48089434ed36a6cc241e838ec9d5b4c
3456765260950dd193090543abb6b3a611f7e58b
aa7e7940db798c5edfc35e5589081cb48ef4bc716f4e2f7a126718bda7a9aab0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15587023 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Mon, 04 Dec 2023 21:18:40 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTU1ODcwMjMiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9tYXRzaG9ydGVuZXIueHl6LyIsImFyIjpbXX19.lleOddbQeMJJkBr0v22LrWasUW3PeSNsYUYExSusNHw; expires=Sun, 03 Dec 2023 21:19:40 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20cd38a04beca7b9dbcccf1ff7b807dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

archaicin.com/watch.1455845779304?key=64b7aceffd358a09b102df804e73ffe6&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1

173.233.137.36

1.6 kB

URL
archaicin.com/watch.1455845779304?key=64b7aceffd358a09b102df804e73ffe6&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1380)
Size
1.6 kB (1633 bytes)
Hash
4d07cb1b04ad305f4d520478aecdf4c3
c91c8b13eca52950a41ef4c124f6f36bc45f3f8d
0a76fc5381eef7199916ff4df5a64e9e243ba053926130ef6d07804d95fc6b4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1455845779304?key=64b7aceffd358a09b102df804e73ffe6&kw=%5B%22nuevo%22%2C%22script%22%2C%22actualizado%22%2C%22de%22%2C%22pet%22%2C%22simulator%22%2C%2299%22%2C%22actualizado%22%2C%22auto%22%2C%22farm%22%2C%22auto%22%2C%22egg%22%2C%22teleport%22%2C%22y%22%2C%22m%C3%A1s%22%2C%22%E2%80%93%22%2C%22rincondevideojuegos%22%5D&refer=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&tz=0&dev=e&res=14.3095&uuid=e10f092e-ac41-478d-ad99-bd34262f4ec1%3A3%3A1 HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=15622284; expires=Mon, 04 Dec 2023 21:18:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTYyMjI4NCwiayI6IjY0YjdhY2VmZmQzNThhMDliMTAyZGY4MDRlNzNmZmU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUwMzQ2LCJwaWQiOjIxMzc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Im1ka2I4YjlwZnQiLCJjcGtzIjp7IjI4IjoiYzUxY2FmNjM1MGUxN2IzYTk4MGQ1Y2FkYTZiNWUwZmMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWF0c2hvcnRlbmVyLnh5ei9udWV2by1zY3JpcHQtYWN0dWFsaXphZG8tZGUtcGV0LXNpbXVsYXRvci05OS1hY3R1YWxpemFkby1hdXRvLWZhcm0tYXV0by1lZ2ctdGVsZXBvcnQteS1tYXMvIiwiYXIiOltdfX0.8iiLHFhTDx71iumqWVXCrKIFCe_aWgcWQCEnnWxXqq0; expires=Sun, 03 Dec 2023 21:19:40 GMT; secure; SameSite=None
uid_id2=e10f092e-ac41-478d-ad99-bd34262f4ec1:3:1; expires=Sun, 10 Dec 2023 21:18:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 662cafee61a79df203155816bb2892e1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

region1.analytics.google.com/g/collect?v=2&tid=G-T01GWM97WV&gtm=45je3bt0v9100384128&_p=1701638323139&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZGIzZG&cid=197131596.1701638324&ul=en-us&sr=1280x1024&_eu=AEA&_s=2&sid=1701638323&sct=1&seg=0&dl=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&dt=NUEVO%20SCRIPT%20ACTUALIZADO%20DE%20PET%20SIMULATOR%2099%20%5BACTUALIZADO%5D%20%7C%20AUTO%20FARM%2C%20AUTO%20EGG%2C%20TELEPORT%20Y%20M%C3%81S!%20%E2%80%93%20RinconDeVideojuegos&en=scroll&ep.forceSSL=true&ep.link_attribution=true&epn.percent_scrolled=90&tfd=4172

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-T01GWM97WV&gtm=45je3bt0v9100384128&_p=1701638323139&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZGIzZG&cid=197131596.1701638324&ul=en-us&sr=1280x1024&_eu=AEA&_s=2&sid=1701638323&sct=1&seg=0&dl=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&dt=NUEVO%20SCRIPT%20ACTUALIZADO%20DE%20PET%20SIMULATOR%2099%20%5BACTUALIZADO%5D%20%7C%20AUTO%20FARM%2C%20AUTO%20EGG%2C%20TELEPORT%20Y%20M%C3%81S!%20%E2%80%93%20RinconDeVideojuegos&en=scroll&ep.forceSSL=true&ep.link_attribution=true&epn.percent_scrolled=90&tfd=4172
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://matshortener.xyz/nuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-T01GWM97WV&gtm=45je3bt0v9100384128&_p=1701638323139&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZGIzZG&cid=197131596.1701638324&ul=en-us&sr=1280x1024&_eu=AEA&_s=2&sid=1701638323&sct=1&seg=0&dl=https%3A%2F%2Fmatshortener.xyz%2Fnuevo-script-actualizado-de-pet-simulator-99-actualizado-auto-farm-auto-egg-teleport-y-mas%2F&dt=NUEVO%20SCRIPT%20ACTUALIZADO%20DE%20PET%20SIMULATOR%2099%20%5BACTUALIZADO%5D%20%7C%20AUTO%20FARM%2C%20AUTO%20EGG%2C%20TELEPORT%20Y%20M%C3%81S!%20%E2%80%93%20RinconDeVideojuegos&en=scroll&ep.forceSSL=true&ep.link_attribution=true&epn.percent_scrolled=90&tfd=4172 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://matshortener.xyz
DNT: 1
Connection: keep-alive
Referer: https://matshortener.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://matshortener.xyz
date: Sun, 03 Dec 2023 21:18:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1NTg3MDIzJnBzdD0xNzAxNjM4MzgwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbWF0c2hvcnRlbmVyLnh5eiUyRiZybXRjPXQmc2h1PTRkZWE4YTFhNjZmZWIwODUzMjkwNzA4NTY2NTljYjM2MDg2M2U4MjBjOTgxNjFmOWM4ZmYzZjA2MGEyYzRlMWI1MGJkOWU0ODAzMmYxZWNmNTE4M2VjYTU1ZmQ5MjVhM2E2OGI3NzdhMjBkOTg4N2YzM2E4NTFiZjBjZjFjNzczNzU3N2E2ZmJmYjc5YzgxYzI3ZTZkZTgyNTZjNjc1ZDZlMzdlY2ZiMWFjNWRiMDU4NmFlZDIzZDBlNzc0&uuid=&pii=&in=false

173.233.137.44

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1NTg3MDIzJnBzdD0xNzAxNjM4MzgwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbWF0c2hvcnRlbmVyLnh5eiUyRiZybXRjPXQmc2h1PTRkZWE4YTFhNjZmZWIwODUzMjkwNzA4NTY2NTljYjM2MDg2M2U4MjBjOTgxNjFmOWM4ZmYzZjA2MGEyYzRlMWI1MGJkOWU0ODAzMmYxZWNmNTE4M2VjYTU1ZmQ5MjVhM2E2OGI3NzdhMjBkOTg4N2YzM2E4NTFiZjBjZjFjNzczNzU3N2E2ZmJmYjc5YzgxYzI3ZTZkZTgyNTZjNjc1ZDZlMzdlY2ZiMWFjNWRiMDU4NmFlZDIzZDBlNzc0&uuid=&pii=&in=false
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1NTg3MDIzJnBzdD0xNzAxNjM4MzgwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbWF0c2hvcnRlbmVyLnh5eiUyRiZybXRjPXQmc2h1PTRkZWE4YTFhNjZmZWIwODUzMjkwNzA4NTY2NTljYjM2MDg2M2U4MjBjOTgxNjFmOWM4ZmYzZjA2MGEyYzRlMWI1MGJkOWU0ODAzMmYxZWNmNTE4M2VjYTU1ZmQ5MjVhM2E2OGI3NzdhMjBkOTg4N2YzM2E4NTFiZjBjZjFjNzczNzU3N2E2ZmJmYjc5YzgxYzI3ZTZkZTgyNTZjNjc1ZDZlMzdlY2ZiMWFjNWRiMDU4NmFlZDIzZDBlNzc0&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTU1ODcwMjMiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9tYXRzaG9ydGVuZXIueHl6LyIsImFyIjpbXX19.lleOddbQeMJJkBr0v22LrWasUW3PeSNsYUYExSusNHw; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3001ef6325a6adcd5dec20f5118f60dc&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprcf7b0800cc65f4c32f467a114b7573060=4641329; expires=Mon, 04 Dec 2023 21:18:41 GMT
pdhtkv=true; expires=Mon, 04 Dec 2023 21:18:41 GMT
uncs=1; expires=Mon, 04 Dec 2023 21:18:41 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 21:18:41 GMT
uncs28=1; expires=Mon, 04 Dec 2023 21:18:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9241c316266ffb6f2171d2c3474178f0
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3001ef6325a6adcd5dec20f5118f60dc&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3001ef6325a6adcd5dec20f5118f60dc&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3001ef6325a6adcd5dec20f5118f60dc&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 03 Dec 2023 21:18:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9ik52qd9z; expires=Mon, 04-Dec-2023 21:18:41 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9ik52qd9z-h9ik52qd9z-hq1m-0-q5a4bl-ftxofe-ft8pdz-8ecd91; expires=Mon, 04-Dec-2023 21:18:41 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 03 Dec 2023 21:18:42 GMT
content-length: 0
location: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
set-cookie: zKByXHsQK0ydGD7DogbGyA=5; max-age=345600; path=/; samesite=lax
__pl=0e9feee0-b09e-42cd-bbbc-3456299a5ee7; expires=Wed, 03 Dec 2025 21:18:42 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0e9Dz65ke6nWSIWFW%2FFXnzeIeHA%2BVwQAMPbV1PCXmv2fTCR47ipE4gHoLnxIqyKiDrHlHJohNYqOOGH67XGCHPY7l37ZiIvkflJ6iEq%2BdUHULIcymzraQUeHZznjqsxtwBjdLPk3YQIv%2BFOP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fed7f8adceb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.stonecarv.top/eyes-robot/assets/1.png

172.67.154.38

11 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/1.png
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2113
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2vR5PsTpUSJdudka7yBB1B7Erv33HH%2FE18v0UzcnjFAmkOPsNLHJLJVHHl00zCzJUEWHf6kFx%2Bligo9pHMSaZcmftpk9u4%2FLHLYAtvUqhIceXjW9ycKFJfKDWQx2wGfBSEPuITn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fb0fea56bf-OSL
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/eyes-robot/assets/2.png

172.67.154.38

1.1 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/2.png
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2113
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaLFmJ3sTn53Y1ZMoKRIL%2BYkldqCB3of9VtRqgGjuupoc3iUB2kKi%2BV5WJM01hqpgFHhKuz%2B2rmL%2ByuQVssfYSDxLnl3ssTg5BLUkUF4G6WV5KvhJ6v3eci%2FPHjngdjuVZkB2ssg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fb0fed56bf-OSL
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/eyes-robot/assets/trls.js

172.67.154.38

13 kB

URL
vvfal.stonecarv.top/eyes-robot/assets/trls.js
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
13 kB (12776 bytes)
Hash
0cdacbfa8d68265ac3893b159a75682a
a85878b59036d00ac878739dc187305bc29df8c3
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

HTTP Headers

GET /eyes-robot/assets/trls.js HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-2af6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgwX6BGarcDH3oYhuFyHWQ4bOZ8PvBFVi3HAxW0%2F4eNq2MAqUwMigFp3y3rmx%2FrNN8%2Fv4gVjPHao%2B0qnUBkImOhOzQUQEqOgZqWVPVBChdNqXhw1RGXjfHAoJcW9WqAHW7fOsW77"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fb0fe656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.stonecarv.top/eyes-robot/assets/style.css

172.67.154.38

933 B

URL
vvfal.stonecarv.top/eyes-robot/assets/style.css
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
933 B (933 bytes)
Hash
a18afa3eac509b6062c9362a725ac421
5e06e9b3af42189e9456a7ea3bda665e10c86405
29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-cf6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fuCEIDJipPZWaz6imdPqmxQoleHf1g71vh9Mpg2h7FcCqAKwG4QYN%2F6rdLu13ooapiNQ8iDfqyh4ybiYCQJ3w07lWghg%2FWqgTiz6FWv0dBbAPRlN1V7mEB%2BynUfcUvTOJyxcZgOQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fb0fe756bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnstatic.stonecarv.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA

172.67.154.38

9.5 kB

URL
cdnstatic.stonecarv.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
9.5 kB (9540 bytes)
Hash
512755a6a34075b4a23c875b7ae24013
f8cecb3663d1d20fcf19a10af2a47d8238636ed3
d9cc92407823fafcd54c6e83fb6b9a51fbf3a4d9c73b2f4da64243d24ce2f81a

HTTP Headers

GET /ps/config.js?id=zKByXHsQK0ydGD7DogbGyA HTTP/1.1
Host: cdnstatic.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Cookie: __psu=d1e94894-4789-4ced-ad34-5798c0781ecc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iC5LLkT%2F%2BcSmteVxxXeYSG2s9fQr6%2BxbPRq7bpEcD7ubdDFiRnuJZIExZUfDiigrD2NL3Z6Nt1Cqem6fDJ7GZPis5%2BTqw4VqVWj9J452uGp0QhrJrOmDp%2F8rcUV4A9ww%2BNRUASgMP1l2lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fc092256bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 317590
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a.stonecarv.top/eyes-robot/assets/1.png

172.67.154.38

11 kB

URL
a.stonecarv.top/eyes-robot/assets/1.png
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4m%2B%2Bmwxq7STRcoznNhpLd7c7V611VMOo4nl5IB5kMSVIxFp37V61CGaHZbuNm0%2B%2BAG5K4Ov86nt9kAwtadyeVrqIJ78urdxxwZf3UbUdwruppTU2bYNqk5prol861Pb3X%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fdfbdb56bf-OSL
alt-svc: h3=":443"; ma=86400

cdnstatic.stonecarv.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&appspot=&d=https%3A%2F%2Fcdnstatic.stonecarv.top&timeout=30&tb=true&nrid=dff1d494ea854d54b127dbf1d8b31617

172.67.154.38

14 kB

URL
cdnstatic.stonecarv.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&appspot=&d=https%3A%2F%2Fcdnstatic.stonecarv.top&timeout=30&tb=true&nrid=dff1d494ea854d54b127dbf1d8b31617
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (31622), with no line terminators
Size
14 kB (14196 bytes)
Hash
29a2409b23e1b2b249587e000d5c69c4
72e8b9711987b787382871ddf1578d5627f06a39
d59c7e5bc985c4eb5dd2bbde325c69cb6f9b9aea95a04b60ca159e6ba8cb3c2f

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&appspot=&d=https%3A%2F%2Fcdnstatic.stonecarv.top&timeout=30&tb=true&nrid=dff1d494ea854d54b127dbf1d8b31617 HTTP/1.1
Host: cdnstatic.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __psu=d1e94894-4789-4ced-ad34-5798c0781ecc; expires=Wed, 03 Dec 2025 21:18:42 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqyBMUGjh4vBduz6%2B1SlgZNPcUMxQ5T5qRslkvIsdkIriZ3Gg%2BHoqWu9WzBsp%2FkFvlY55fxTCUnhrc%2B7An00DxlECAt%2BDMJa1EBr3rNqgvGuA6R%2BRhPmZI9DoE5DBnGPlfAIZD4mG0G92Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fb786656bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/eyes-robot/assets/image.png

172.67.154.38

11 kB

URL
a.stonecarv.top/eyes-robot/assets/image.png
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11043 bytes)
Hash
ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

HTTP Headers

GET /eyes-robot/assets/image.png HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/assets/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: image/png
content-length: 11043
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-2b23"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ppCbKMAFyH9i6V0dl5nsNpmf%2FQ3WPglousHQ6N7lMrMlkXpE%2BE0CRHzE8NB60iKVn76sikOJBmNacoHOd6EXh45JuUS%2BwM15KcXFbrGmyHJvDwgx36Fz2RBgXhAIQieSsoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fe2c2756bf-OSL
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/favicon.ico

172.67.154.38

0 B

URL
a.stonecarv.top/favicon.ico
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 03 Dec 2023 21:18:42 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2396
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=He0PpdPdsbXKWT021rsbAfaoXLvi3diZfhAVZhauLhVI6S%2Bz8iz2D5mZAGbUHEUfNa38Dy8z7xeqsw85rzKz1DSTSEOH1gsvG%2FHr1JGqRAMMBJgy58kh79ZeOyW5DAWhqxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fe8c9856bf-OSL
alt-svc: h3=":443"; ma=86400

a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622

172.67.154.38

23 kB

URL
a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
23 kB (23121 bytes)
Hash
d091598187b0c2607db0dc04029e3457
0594d408ea97d509719300d8e4c19ce49078f55b
9f40361e807d9f0d4bbb68b5e68f9626231ae6b04fb26262190529eff247ddf8

HTTP Headers

GET /eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622 HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: text/html
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20JWXb8LY94ZtVWbyiaJNUNKzc28jV8%2Br0sNy2E6Ise8oInl6gBcj%2BQMX9cEzHPJaU1mKb3c888nGcYDY6t4aeZ0Wlf6MXTS8CMiPlxavdtHTK%2Fz9vWOfDEu1nE6N3cv%2FR8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fed7fd3a8e56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 317591
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.stonecarv.top/eyes-robot/assets/trls.js

172.67.154.38

3.1 kB

URL
a.stonecarv.top/eyes-robot/assets/trls.js
IP
172.67.154.38:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
3.1 kB (3070 bytes)
Hash
0cdacbfa8d68265ac3893b159a75682a
a85878b59036d00ac878739dc187305bc29df8c3
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

HTTP Headers

GET /eyes-robot/assets/trls.js HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=4ac6ah9ik52qd9zb8a&sub_id=16122660&nrid=dff1d494ea854d54b127dbf1d8b31617&hash=bGuLlWhu6HN7Mlzgv9XA2g&exp=1701638622
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 21:18:42 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-2af6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SB%2F52iHhjGRRlwL3HJCD8LPBQh4jqX9RP%2FYJq0FMofqFqBwl%2FXMNR9OCYGEcFy1TcllskkdmnJFbbehIunVY4QjX1C94B1BXooMSeRzhAdIhhoBFwb%2F8kiSAOOOPZ%2BmLQ30%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fed7fdebd256bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjM4MzgzJnJtdGM9dCZzaHU9OGM1ZWUzYjk0NTk1NjY1MjM3NmE4MzlkMzZjOWNlMDNjNWU5OWQ0M2MyYmRiN2Q3ZjljODY1NDBkZWE2MzMwNjNhZmRmYjMyYjRhYTcyNDE2ZjdkYjhiNjRjODU4NmQ5YTgxMzJhYzQ5ZmZiOTgxYzhiMDQyOGJmNDRjYjI2ZWNkNzMwNmVhNGNkZjA3MmYyMzVhMjY2MGU4ZTc1ZTlkYzMxNjQ2YjFjODlhOWI1ZjE4MDIyYjk1MTY3OWMzZDlm&uuid=&pii=&in=false

192.243.61.227

0 B

URL
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjM4MzgzJnJtdGM9dCZzaHU9OGM1ZWUzYjk0NTk1NjY1MjM3NmE4MzlkMzZjOWNlMDNjNWU5OWQ0M2MyYmRiN2Q3ZjljODY1NDBkZWE2MzMwNjNhZmRmYjMyYjRhYTcyNDE2ZjdkYjhiNjRjODU4NmQ5YTgxMzJhYzQ5ZmZiOTgxYzhiMDQyOGJmNDRjYjI2ZWNkNzMwNmVhNGNkZjA3MmYyMzVhMjY2MGU4ZTc1ZTlkYzMxNjQ2YjFjODlhOWI1ZjE4MDIyYjk1MTY3OWMzZDlm&uuid=&pii=&in=false
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjM4MzgzJnJtdGM9dCZzaHU9OGM1ZWUzYjk0NTk1NjY1MjM3NmE4MzlkMzZjOWNlMDNjNWU5OWQ0M2MyYmRiN2Q3ZjljODY1NDBkZWE2MzMwNjNhZmRmYjMyYjRhYTcyNDE2ZjdkYjhiNjRjODU4NmQ5YTgxMzJhYzQ5ZmZiOTgxYzhiMDQyOGJmNDRjYjI2ZWNkNzMwNmVhNGNkZjA3MmYyMzVhMjY2MGU4ZTc1ZTlkYzMxNjQ2YjFjODlhOWI1ZjE4MDIyYjk1MTY3OWMzZDlm&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 21:18:44 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://shop.bigbasketshop.com/track?q=kghXWdDErq
Set-Cookie: iprca2333582bb24f4d1e562d3c5fe54bbfc=4591122; expires=Mon, 04 Dec 2023 21:18:44 GMT
pdhtkv=true; expires=Mon, 04 Dec 2023 21:18:44 GMT
uncs=1; expires=Mon, 04 Dec 2023 21:18:44 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 21:18:44 GMT
uncs28=1; expires=Mon, 04 Dec 2023 21:18:44 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 12728fdc7c40e17f42fc30e952e85aa5
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
635ff90833a493ed2c5f086f31d24851
e492aaea87cf64ee9e5f5b60f5641d34639eea77
0874c8b481431f13d009f27bd0092d14b1859dab41c56bd7998c29f5c9659b98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 03 Dec 2023 21:18:45 GMT
Last-Modified: Sun, 03 Dec 2023 19:36:58 GMT
Server: ECAcc (ska/F7B4)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6G-hNQMm8_ZoeAVvPVCYiEmI_yHO7nguNpdSLJc_9NTMSExn_5Y1Hg==
Age: 6107

clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

3.127.180.170

200 OK

3.6 kB

URL User Request POST HTTP/2
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Size
3.6 kB (3610 bytes)
Hash
dffa9bac5be3f386079d2028d8264f59
e264575195c6ca302170a308b3da31f924b6d60c
43ffd816104a86bae1d1e75330e61c304463fcf25e6bdb5086c34a944b1e4c68

HTTP Headers

GET /click?p=225780&a=3238748&epi=TerraD HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shop.bigbasketshop.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:18:45 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 3610
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

vht.tradedoubler.com/fp/fpjs.js

54.230.111.94

7.7 kB

URL
vht.tradedoubler.com/fp/fpjs.js
IP
54.230.111.94:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (19960)
Size
7.7 kB (7718 bytes)
Hash
e967d9e86ec8ff44db0e24766ced642f
bd488430b8b4283eb82afda802a075cf841c29d3
040dff2a9b3d08a4654dec367d93f2b994a8ea0e573950d5561c0022af4a3c3a

HTTP Headers

GET /fp/fpjs.js HTTP/1.1
Host: vht.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7718
Connection: keep-alive
Date: Sat, 02 Dec 2023 03:49:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 09 Oct 2023 08:54:59 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CSuppbVhMrAnzheSNwfMGMOm_g2bmlz500zKSicbay-kDuE5Ys_HXw==
Age: 149383
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff

clk.tradedoubler.com/favicon.ico

3.127.180.170

404 Not Found

193 B

URL GET HTTP/2
clk.tradedoubler.com/favicon.ico
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Requested by
https://clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
523cbcb278f348bbe64563fe4cc9f435
5a436481b66ccb6dff53c5e1a14c08ef0b4a8e4b
37b6ca25983f4126bd10c135684bc8f421c8b48a5bdb75b5ad69c849035a84f4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sun, 03 Dec 2023 21:18:45 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 193
X-Firefox-Spdy: h2

clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD

3.127.180.170

200 OK

150 B

URL User Request POST HTTP/2
clk.tradedoubler.com/click?p=225780&a=3238748&epi=TerraD
IP
3.127.180.170:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.tradedoubler.com
FingerprintE6:E6:D1:02:6C:9A:BE:00:C1:0E:B5:BC:61:D1:C1:FD:74:73:C4:9E
ValidityWed, 06 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
150 B (150 bytes)
Hash
dc03e2e45f5c0d5e02f319e7f1e957cf
47725bedccb4c387bfc904021658cc7b343927ab
f064d039c1745fafca89f95ad9748a95b6ed51a78270b7feee25e968faef36b7

HTTP Headers

POST /click?p=225780&a=3238748&epi=TerraD HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 90
Origin: https://clk.tradedoubler.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:18:45 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 150
set-cookie: GUID=1z11zz14Nz5IDUszdf38ca5ee7eda57299d823aed4ddff78;expires=Mon, 02-Dec-2024 21:18:45 GMT;path=/;domain=.tradedoubler.com
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

shop.bigbasketshop.com/track?q=kghXWdDErq

172.67.218.148

521 B

URL
shop.bigbasketshop.com/track?q=kghXWdDErq
IP
172.67.218.148:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
521 B (521 bytes)
Hash
2129f04cf419ddd3d96308fb99c64348
57421316a628b410aa3cd43589ee53a33736f013
b17b736976b6082bad51a75f2bb083ac7090e6f81b89284335330bef43cf136f

HTTP Headers

GET /track?q=kghXWdDErq HTTP/1.1
Host: shop.bigbasketshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 21:18:44 GMT
content-type: text/html
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OO7aoVEVKNWqGvTwx9ZCuL1Cv4Tt86X5nNNvmpoS%2BhOe2CCE2sF%2B5pwE%2BduxVELVT9vlpxwt7AFhAzitMFUxALSMgGjFeXIy66PePctbeM3N9mkpdX%2Bl1a3TB7HYV2lM6xtIeN5RTQ%2BB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fed80819e256b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (80)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP