Report - xmaturs.com/ads/hiltopads/instreams.html

Report Overview

Submitted URL
xmaturs.com/ads/hiltopads/instreams.html
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 15:21:52
Access
public
Website Title
xmaturs.com/ads/hiltopads/instreams.html
Final URL
xmaturs.com/ads/hiltopads/instreams.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
clickadnow.com	unknown	unknown	No data	No data	428 B	20 kB	104.21.96.128
xmaturs.com	unknown	unknown	No data	No data	953 B	11 kB	188.114.96.1
10945-4.s.cdn15.com	684462	2017-10-05	2020-05-17	2024-01-25	1.6 kB	13 MB	67.216.89.16
faraway-exercise.com	unknown	unknown	No data	No data	469 B	451 B	88.85.68.219
untimely-ball.com	unknown	2024-02-12	2024-02-12	2024-02-28	2.9 kB	12 kB	88.85.68.219
xyouxxx.com	unknown	unknown	No data	No data	889 B	154 kB	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	untimely-ball.com	Sinkholed
2024-04-26	medium	untimely-ball.com	Sinkholed
2024-04-26	medium	untimely-ball.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	xyouxxx.com/ads/vast/adplayer.js	152 kB	2024-04-26	2024-04-26
Pretty URL xyouxxx.com/ads/vast/adplayer.js IP 104.21.79.162 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:21:59 Last Seen2024-04-26 17:21:59 Times Seen1 Hash 294926047ff7ddc02f7e0ce99e210026 098196a6d27126eda4b71a249f56888471c2a99a 9bd215fbf65a9cf495fbf420512cf8fed8dd279915d6231c1764b7252542ecce Loading...

	xmaturs.com/ads/hiltopads/instreams.html	0 B	2023-03-07	2024-05-07
Pretty URL xmaturs.com/ads/hiltopads/instreams.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 07:59:34 Times Seen37397253 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	xmaturs.com/ads/hiltopads/instreams.html	0 B	2023-03-07	2024-05-07
Pretty URL xmaturs.com/ads/hiltopads/instreams.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 07:59:34 Times Seen37397253 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (12)

URL IP Response Size

clickadnow.com/assets/images/logo.png

104.21.96.128

200 OK

20 kB

URL GET HTTP/2
clickadnow.com/assets/images/logo.png
IP
104.21.96.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectclickadnow.com
FingerprintDB:74:93:45:0D:D5:4B:DC:7B:3B:BC:3C:37:21:D6:F8:B7:51:4D:64
ValidityFri, 01 Mar 2024 04:13:06 GMT - Thu, 30 May 2024 04:13:05 GMT

File type
PNG image data, 481 x 88, 8-bit/color RGBA, non-interlaced
Size
20 kB (19612 bytes)
Hash
acfb51216a6fa2a6402bba802c2b0172
fa7fa8392f5675142c8bde2f6fd6993ea171f528
323ff7bcc82c7369b2a38d0e2d65e25e9fd2c347104d0c729044e304287f3a60

HTTP Headers

GET /assets/images/logo.png HTTP/1.1
Host: clickadnow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: image/png
content-length: 19612
last-modified: Thu, 07 Sep 2023 10:06:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 42571
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOH1VscxdWFAFjPHwvqjzbH7ySJmcN1l%2Frg1QNxe%2F119%2FSC1jZn9q2eJ%2BCzPazMstJPWCt%2Bw%2FFC59hbEPDBpJuTxKCUSbirVdS90mres2B04w%2BSIBHMuh9TBXT1dyuCIQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a790016996569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xmaturs.com/favicon.ico

188.114.96.1

404 Not Found

5.3 kB

URL GET HTTP/3
xmaturs.com/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerGoogle Trust Services LLC
Subjectxmaturs.com
Fingerprint57:1B:6B:EA:F2:D6:B4:7C:B9:2E:5A:56:B1:8A:52:F0:ED:51:B9:9E
ValidityMon, 22 Apr 2024 07:12:11 GMT - Sun, 21 Jul 2024 07:12:10 GMT

File type
HTML document, ASCII text
Size
5.3 kB (5286 bytes)
Hash
dedd5b1a43ed071ef2e80fb8c3a797b5
a4d9e54d9a9a64d200b37710fb0b2a5c263e7649
8d65def506c99fccc4cefdeafed5949af13e0e06f8e8a428360845aeffb86d58

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xmaturs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/ads/hiltopads/instreams.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 15:21:26 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xupgkoQaXhJTJlwrpJ7g6tBYKF%2B8btyYufhAPd72QuZ1IDJQUQz07eovgeRsNJKyA7Bj%2BG2oBFi2OLxnBpXe%2FHgkvEENrNvNyL27UHI2oYLKsXUXUK9%2BEjhhmiqe2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a790038fec56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

10945-4.s.cdn15.com/creatives/152327/199273/530466_04d09.mp4

67.216.89.16

206 Partial Content

283 kB

URL GET HTTP/2
10945-4.s.cdn15.com/creatives/152327/199273/530466_04d09.mp4
IP
67.216.89.16:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerSectigo Limited
Subject*.s.cdn15.com
Fingerprint83:79:A5:D7:C8:5D:B4:A5:B9:DC:F5:F4:59:D5:63:FC:F1:69:5A:0E
ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
283 kB (282597 bytes)
Hash
445590fb22f2215e63d81cf5a27cda81
0d7698fb140e3244d417ba5ca00949b72dd200c1
c972d6857992a046c284df7c77a1ca7470bcd039dd3e958ee07793d2a40a1e60

HTTP Headers

GET /creatives/152327/199273/530466_04d09.mp4 HTTP/1.1
Host: 10945-4.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
server: ucdn/1.24.0
date: Fri, 26 Apr 2024 15:21:26 GMT
content-type: video/mp4
content-length: 5272044
last-modified: Thu, 14 Sep 2023 15:58:56 GMT
etag: "d7205e767636d022adc2f61f43ad7db4"
x-timestamp: 1694707135.86125
x-trans-id: txb2533cb87dee44bfa5f5c-00661fcc11
x-openstack-request-id: txb2533cb87dee44bfa5f5c-00661fcc11
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr+x1j09hJYthKF4j0Vk8BdGEByJQyhOC8MENovHnWAlPYfr6RO3mwsJAG8WiB2Xy4r9ZCzEX+KXj7FcuF7pXjs
x-served-from: l1
expires: Fri, 27 Sep 2024 21:03:20 GMT
cache-control: max-age=13326114
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 106, 17229
content-range: bytes 0-5272043/5272044
X-Firefox-Spdy: h2

10945-4.s.cdn15.com/creatives/152327/199273/530469_e241c.mp4

67.216.89.16

206 Partial Content

6.6 MB

URL GET HTTP/2
10945-4.s.cdn15.com/creatives/152327/199273/530469_e241c.mp4
IP
67.216.89.16:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerSectigo Limited
Subject*.s.cdn15.com
Fingerprint83:79:A5:D7:C8:5D:B4:A5:B9:DC:F5:F4:59:D5:63:FC:F1:69:5A:0E
ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
6.6 MB (6646987 bytes)
Hash
02bb85cc4b0778da26d587eda1bae141
c20fff5c21bcb007041ca9043bc0556b99a7bcf0
1b5fe5d9b01d00945de05336836babe98f0c6fe8b40ff852757314bbf1786b58

HTTP Headers

GET /creatives/152327/199273/530469_e241c.mp4 HTTP/1.1
Host: 10945-4.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: ucdn/1.24.0
date: Fri, 26 Apr 2024 15:21:27 GMT
content-type: video/mp4
content-length: 1811699
last-modified: Thu, 14 Sep 2023 15:59:23 GMT
etag: "00537f5f7cf5341a6ca15ce80f7b0aad"
x-timestamp: 1694707162.49533
x-trans-id: txc84b4cc38f6f46dbbf2c8-00661fcdb3
x-openstack-request-id: txc84b4cc38f6f46dbbf2c8-00661fcdb3
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr+x1j09hJYthKF4j0Vk8BdGEByJQyhOC8MENovHnWAlPYfr6RO3mwsJAG8WiB2Xy4r9ZCzEX+KXj7FcuF7pXjs
x-served-from: l1
expires: Fri, 27 Sep 2024 21:10:18 GMT
cache-control: max-age=13326531
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 86, 17791
content-range: bytes 0-1811698/1811699
X-Firefox-Spdy: h2

faraway-exercise.com/djmAFYzWd.GwlptyPM3JpZv/bPmrVrJJZcDn0H1HMKz/IK1/NPzScQ3IL/T/UdzTMRjpUe3sN/z/gi

88.85.68.219

404 Not Found

0 B

URL GET HTTP/2
faraway-exercise.com/djmAFYzWd.GwlptyPM3JpZv/bPmrVrJJZcDn0H1HMKz/IK1/NPzScQ3IL/T/UdzTMRjpUe3sN/z/gi
IP
88.85.68.219:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectfaraway-exercise.com
Fingerprint4A:71:C9:88:C9:16:73:8D:72:8D:9C:A5:FB:36:4A:F9:EA:E2:2A:90
ValidityThu, 04 Apr 2024 16:02:10 GMT - Wed, 03 Jul 2024 16:02:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /djmAFYzWd.GwlptyPM3JpZv/bPmrVrJJZcDn0H1HMKz/IK1/NPzScQ3IL/T/UdzTMRjpUe3sN/z/gi HTTP/1.1
Host: faraway-exercise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 15:21:28 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2

untimely-ball.com/dGmHF-z.dJGKVL2MZ_WO5P0QPR2-FTkUSVWWQ_9YNZTaYb3-NdTeUf2gJ_miFjkkdln-Nn1oYpmql_ksPtSuZvh-cx2yMz9AM_iCZDlEdFm-VHuIdJFKR_5McNGOUP9-MRiSZTrUd_zW1X4YbZW-Fb0cddXeJ_zgJhniBjh-elWm9n1od_Dq0rwsJtn-JvlwdxmyV_uAdBWCUD9-MFCGZHyIc_mKlLkMPNT-gPzQZRTSA_3UNVWWRXm-MZjaNbmcN_GeQf5gOhW-VjhkYlmmE_1oYp2qMr0-ZtTuYv3wM_jyUz4AMBj-gD2EJFnGN_JIZJDK0Lm-cN0OlPkQM_jS0TmUcV0-lXkYMZza0_mccd3eMf9-NhSiZjzkd_Dm0nyoJpn-Rrvsat2uV_uwPxSyZz1-bBmClDxEQ_nGlHaIbJ2-5LlMPNTOE_mQdRWS5Tp-cVUWJX5YW_ma9bucZdV-Rf5gchGiU_9kMlimZn2-YpXqNr0sV_Gu9vrwZxW-4z9AQB2Cd_KETF1GRHC-SJUKpLZMb_kOpP2QWRV-dTSUaVVWl_XYNZWatbL-adUeEf1gW_kidjZkMl0-5ntoTpmqx_NsVt1uZvq-Tx0yRzFAe_UC1DqERFT-BHPIRJEKp_qMWNmOpPW-aRVSlTUUZ_GW1XNYVZ1-Fb5cTdnep_FgMhUi1jE-RlDmNnqoS_yq5r4sQtm-pvpwTxTyR_BARBkClDC-UFSG0HtIJ_nKpLvMbNm-VPJQZRDS0_1UMVjWIXy-MZzaQb0c

88.85.68.219

200 OK

0 B

URL GET HTTP/2
untimely-ball.com/dGmHF-z.dJGKVL2MZ_WO5P0QPR2-FTkUSVWWQ_9YNZTaYb3-NdTeUf2gJ_miFjkkdln-Nn1oYpmql_ksPtSuZvh-cx2yMz9AM_iCZDlEdFm-VHuIdJFKR_5McNGOUP9-MRiSZTrUd_zW1X4YbZW-Fb0cddXeJ_zgJhniBjh-elWm9n1od_Dq0rwsJtn-JvlwdxmyV_uAdBWCUD9-MFCGZHyIc_mKlLkMPNT-gPzQZRTSA_3UNVWWRXm-MZjaNbmcN_GeQf5gOhW-VjhkYlmmE_1oYp2qMr0-ZtTuYv3wM_jyUz4AMBj-gD2EJFnGN_JIZJDK0Lm-cN0OlPkQM_jS0TmUcV0-lXkYMZza0_mccd3eMf9-NhSiZjzkd_Dm0nyoJpn-Rrvsat2uV_uwPxSyZz1-bBmClDxEQ_nGlHaIbJ2-5LlMPNTOE_mQdRWS5Tp-cVUWJX5YW_ma9bucZdV-Rf5gchGiU_9kMlimZn2-YpXqNr0sV_Gu9vrwZxW-4z9AQB2Cd_KETF1GRHC-SJUKpLZMb_kOpP2QWRV-dTSUaVVWl_XYNZWatbL-adUeEf1gW_kidjZkMl0-5ntoTpmqx_NsVt1uZvq-Tx0yRzFAe_UC1DqERFT-BHPIRJEKp_qMWNmOpPW-aRVSlTUUZ_GW1XNYVZ1-Fb5cTdnep_FgMhUi1jE-RlDmNnqoS_yq5r4sQtm-pvpwTxTyR_BARBkClDC-UFSG0HtIJ_nKpLvMbNm-VPJQZRDS0_1UMVjWIXy-MZzaQb0c
IP
88.85.68.219:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectuntimely-ball.com
Fingerprint3F:D2:E8:77:66:41:F8:39:75:53:74:2E:A8:16:85:8E:B6:67:5D:FF
ValiditySun, 14 Apr 2024 02:52:01 GMT - Sat, 13 Jul 2024 02:52:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dGmHF-z.dJGKVL2MZ_WO5P0QPR2-FTkUSVWWQ_9YNZTaYb3-NdTeUf2gJ_miFjkkdln-Nn1oYpmql_ksPtSuZvh-cx2yMz9AM_iCZDlEdFm-VHuIdJFKR_5McNGOUP9-MRiSZTrUd_zW1X4YbZW-Fb0cddXeJ_zgJhniBjh-elWm9n1od_Dq0rwsJtn-JvlwdxmyV_uAdBWCUD9-MFCGZHyIc_mKlLkMPNT-gPzQZRTSA_3UNVWWRXm-MZjaNbmcN_GeQf5gOhW-VjhkYlmmE_1oYp2qMr0-ZtTuYv3wM_jyUz4AMBj-gD2EJFnGN_JIZJDK0Lm-cN0OlPkQM_jS0TmUcV0-lXkYMZza0_mccd3eMf9-NhSiZjzkd_Dm0nyoJpn-Rrvsat2uV_uwPxSyZz1-bBmClDxEQ_nGlHaIbJ2-5LlMPNTOE_mQdRWS5Tp-cVUWJX5YW_ma9bucZdV-Rf5gchGiU_9kMlimZn2-YpXqNr0sV_Gu9vrwZxW-4z9AQB2Cd_KETF1GRHC-SJUKpLZMb_kOpP2QWRV-dTSUaVVWl_XYNZWatbL-adUeEf1gW_kidjZkMl0-5ntoTpmqx_NsVt1uZvq-Tx0yRzFAe_UC1DqERFT-BHPIRJEKp_qMWNmOpPW-aRVSlTUUZ_GW1XNYVZ1-Fb5cTdnep_FgMhUi1jE-RlDmNnqoS_yq5r4sQtm-pvpwTxTyR_BARBkClDC-UFSG0HtIJ_nKpLvMbNm-VPJQZRDS0_1UMVjWIXy-MZzaQb0c HTTP/1.1
Host: untimely-ball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 15:21:28 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
set-cookie: kadCCap=200583:1:1713785027; max-age=1745680888; path=/
kadACap=560690:3:1713782741;534910:1:1714144115; max-age=1745680888; path=/
kadASCap=534910:1:1714144115; path=/
kadUnP3=CAMQ34avsQYaDQip+uwBEAEY34avsQYaDQiPgcQCEAEY84avsQYaDQjI374CEAEY+IyvsQYiCggDEAEY34avsQYiCggOEAIY84avsQYqDAiUoCwQARj4jK+xBioMCJDRHhABGN+Gr7EGKgwI/OAsEAEY84avsQY=; max-age=1745680888; path=/
x-content-type-options: nosniff
X-Firefox-Spdy: h2

untimely-ball.com/d/m/F/z/d.GeN/v/Z/GrUW/teomd9CuxZ/UDlmkcP/TvUHy/MDjDIfzfNBDjQztMNdThIoy/MhjUMl0DNtQS

88.85.68.219

200 OK

11 kB

URL GET HTTP/2
untimely-ball.com/d/m/F/z/d.GeN/v/Z/GrUW/teomd9CuxZ/UDlmkcP/TvUHy/MDjDIfzfNBDjQztMNdThIoy/MhjUMl0DNtQS
IP
88.85.68.219:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectuntimely-ball.com
Fingerprint3F:D2:E8:77:66:41:F8:39:75:53:74:2E:A8:16:85:8E:B6:67:5D:FF
ValiditySun, 14 Apr 2024 02:52:01 GMT - Sat, 13 Jul 2024 02:52:00 GMT

File type
ASCII text, with very long lines (7864), with no line terminators
Size
11 kB (10587 bytes)
Hash
e27b8b2e04900aeed7e2c41b198469e9
6d7f7a3e9af00f4d76c5fdcd96989b926eee0d0e
b074d9a35ad6d2a14e5b403a5f99e1b8f1f44ac1e8b2048a3aec5ad7f770d395

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d/m/F/z/d.GeN/v/Z/GrUW/teomd9CuxZ/UDlmkcP/TvUHy/MDjDIfzfNBDjQztMNdThIoy/MhjUMl0DNtQS HTTP/1.1
Host: untimely-ball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xmaturs.com
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 15:21:26 GMT
content-type: text/xml
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://xmaturs.com
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

untimely-ball.com/dbmcF.zdd-GfVg2hZiW_5k0lPm2nF-kpSqWrQs9_NuTvYw3xN-TzUA2BJCm_FEkFdGnHN-1JYKmLlMk_POSPZQhRc-2TMU9VMWi_ZYlZdambV-uddeFfRg5_ciGjUk9lN-SnZorpdqz_1s4tbuWvF-0xdyXzJAz_JCnDBEhFe-WH9I1JdKD_0MwNJOnPJ-lRdSmTVUu_dWWXUY9ZM-CbZcydcem_lgkhPiTjg-zlZmTnAo3_NqWrRsmtM-jvNwmxNyG_QA5BOCWDV-hFYGmHEI1_YK2LMM0NZ-TPYQ3RMSj_UU4VMWjXg-2ZJanbNcJ_ZeDf0gmhc-0jlkklMmj_0ompcq0rl-ktMuzv0wm_cy3zMA9BN-SDZEzFdGD_0IyJJKnLR-vNaO2PVQu_PSSTZU1Vb-mXlYxZQan_lcadbe2f5-lhPiTjEkm_dmWn5oppc-UrJs5tWum_9wuxZyVzR-5BcCGDUE9_MGiHZI2JY-XLNM0NVOG_9QrRZSWT4-9VQW2XdYK_Ta1bRcCdS-UfpgZhbik_pk2lWmVnd-SpaqVrlsX_NuWvtwLxa-UzEA1BWCk_dEZFMG0H5-tJTKmLxMN_VO1PZQqRT-0TRUFVeWU_1YqZRaTbB-PdReEfpgq_WimjpkWla-VnloUpZqG_1sNtVu1vF-5xTynzpAF_MCUD1EEFR-DHNIqJSKy_5M4NQOmPp-pRSSTTlUn_UWkXlYCZU-Sb0ctdJen_pgvhbimjV-JlZmDn0o1_MqjrIsytM-zvQw0x

88.85.68.219

200 OK

0 B

URL GET HTTP/2
untimely-ball.com/dbmcF.zdd-GfVg2hZiW_5k0lPm2nF-kpSqWrQs9_NuTvYw3xN-TzUA2BJCm_FEkFdGnHN-1JYKmLlMk_POSPZQhRc-2TMU9VMWi_ZYlZdambV-uddeFfRg5_ciGjUk9lN-SnZorpdqz_1s4tbuWvF-0xdyXzJAz_JCnDBEhFe-WH9I1JdKD_0MwNJOnPJ-lRdSmTVUu_dWWXUY9ZM-CbZcydcem_lgkhPiTjg-zlZmTnAo3_NqWrRsmtM-jvNwmxNyG_QA5BOCWDV-hFYGmHEI1_YK2LMM0NZ-TPYQ3RMSj_UU4VMWjXg-2ZJanbNcJ_ZeDf0gmhc-0jlkklMmj_0ompcq0rl-ktMuzv0wm_cy3zMA9BN-SDZEzFdGD_0IyJJKnLR-vNaO2PVQu_PSSTZU1Vb-mXlYxZQan_lcadbe2f5-lhPiTjEkm_dmWn5oppc-UrJs5tWum_9wuxZyVzR-5BcCGDUE9_MGiHZI2JY-XLNM0NVOG_9QrRZSWT4-9VQW2XdYK_Ta1bRcCdS-UfpgZhbik_pk2lWmVnd-SpaqVrlsX_NuWvtwLxa-UzEA1BWCk_dEZFMG0H5-tJTKmLxMN_VO1PZQqRT-0TRUFVeWU_1YqZRaTbB-PdReEfpgq_WimjpkWla-VnloUpZqG_1sNtVu1vF-5xTynzpAF_MCUD1EEFR-DHNIqJSKy_5M4NQOmPp-pRSSTTlUn_UWkXlYCZU-Sb0ctdJen_pgvhbimjV-JlZmDn0o1_MqjrIsytM-zvQw0x
IP
88.85.68.219:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectuntimely-ball.com
Fingerprint3F:D2:E8:77:66:41:F8:39:75:53:74:2E:A8:16:85:8E:B6:67:5D:FF
ValiditySun, 14 Apr 2024 02:52:01 GMT - Sat, 13 Jul 2024 02:52:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dbmcF.zdd-GfVg2hZiW_5k0lPm2nF-kpSqWrQs9_NuTvYw3xN-TzUA2BJCm_FEkFdGnHN-1JYKmLlMk_POSPZQhRc-2TMU9VMWi_ZYlZdambV-uddeFfRg5_ciGjUk9lN-SnZorpdqz_1s4tbuWvF-0xdyXzJAz_JCnDBEhFe-WH9I1JdKD_0MwNJOnPJ-lRdSmTVUu_dWWXUY9ZM-CbZcydcem_lgkhPiTjg-zlZmTnAo3_NqWrRsmtM-jvNwmxNyG_QA5BOCWDV-hFYGmHEI1_YK2LMM0NZ-TPYQ3RMSj_UU4VMWjXg-2ZJanbNcJ_ZeDf0gmhc-0jlkklMmj_0ompcq0rl-ktMuzv0wm_cy3zMA9BN-SDZEzFdGD_0IyJJKnLR-vNaO2PVQu_PSSTZU1Vb-mXlYxZQan_lcadbe2f5-lhPiTjEkm_dmWn5oppc-UrJs5tWum_9wuxZyVzR-5BcCGDUE9_MGiHZI2JY-XLNM0NVOG_9QrRZSWT4-9VQW2XdYK_Ta1bRcCdS-UfpgZhbik_pk2lWmVnd-SpaqVrlsX_NuWvtwLxa-UzEA1BWCk_dEZFMG0H5-tJTKmLxMN_VO1PZQqRT-0TRUFVeWU_1YqZRaTbB-PdReEfpgq_WimjpkWla-VnloUpZqG_1sNtVu1vF-5xTynzpAF_MCUD1EEFR-DHNIqJSKy_5M4NQOmPp-pRSSTTlUn_UWkXlYCZU-Sb0ctdJen_pgvhbimjV-JlZmDn0o1_MqjrIsytM-zvQw0x HTTP/1.1
Host: untimely-ball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 15:21:28 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
x-content-type-options: nosniff
X-Firefox-Spdy: h2

xyouxxx.com/videoplayback.mp4

0.0.0.0

0 B

URL GET
xyouxxx.com/videoplayback.mp4
IP
0.0.0.0:0
ASN
#0

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectxyouxxx.com
FingerprintE0:61:2B:3F:0E:08:46:FD:86:41:74:5C:F1:25:98:85:E9:79:7C:21
ValiditySun, 14 Apr 2024 04:58:12 GMT - Sat, 13 Jul 2024 04:58:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /videoplayback.mp4 HTTP/1.1
Host: xyouxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: video/mp4
content-length: 8540094
last-modified: Thu, 01 Feb 2024 01:51:28 GMT
etag: "65baf920-824fbe"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3414
content-range: bytes 0-8540093/8540094
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gME4HquvF1FqI5ZE7oV8cTIFqVdv1wiy6LSohLVHy4PHLSu3VJ7KRcCtQ7BTJyxMCurc2ar4lcoad24VFD5lhs3j83FLylLDKyllTWJOdgv6klbmF1T%2Bmt0EYuuspg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a790016e1b56c9-OSL
alt-svc: h3=":443"; ma=86400

xmaturs.com/ads/hiltopads/instreams.html

188.114.96.1

200 OK

4.5 kB

URL User Request GET HTTP/2
xmaturs.com/ads/hiltopads/instreams.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectxmaturs.com
Fingerprint57:1B:6B:EA:F2:D6:B4:7C:B9:2E:5A:56:B1:8A:52:F0:ED:51:B9:9E
ValidityMon, 22 Apr 2024 07:12:11 GMT - Sun, 21 Jul 2024 07:12:10 GMT

File type
JavaScript source, ASCII text, with very long lines (4676), with no line terminators
Size
4.5 kB (4500 bytes)
Hash
9582960eb8887bd902a8e94ae542e278
d08be2886f8ea307490fe207e130f67018aa1ec8
c7a07f3fdc79a7945c9c9555f335b2aadd673e55d339673ff73c46c215250ffb

HTTP Headers

GET /ads/hiltopads/instreams.html HTTP/1.1
Host: xmaturs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: text/html
last-modified: Thu, 25 Apr 2024 23:55:58 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdDbbmCO3Jb8YTV%2FPcFvR78zSmHIC6gOsNyJnZCWqB7UlJ4Y9a%2BTIU1cIDzocg3akncNdE87CBiyG2B2KS8UoezF4DUOUTu3MHL9noGAFhsOPWdG5NY6LmBfXBKW%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a78ffd686656ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

10945-4.s.cdn15.com/creatives/152327/199273/530465_f0754z.webm

67.216.89.16

206 Partial Content

6.1 MB

URL GET HTTP/2
10945-4.s.cdn15.com/creatives/152327/199273/530465_f0754z.webm
IP
67.216.89.16:443
ASN
#35415 Webzilla B.V.

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerSectigo Limited
Subject*.s.cdn15.com
Fingerprint83:79:A5:D7:C8:5D:B4:A5:B9:DC:F5:F4:59:D5:63:FC:F1:69:5A:0E
ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type

Size
6.1 MB (6147275 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /creatives/152327/199273/530465_f0754z.webm HTTP/1.1
Host: 10945-4.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
server: ucdn/1.24.0
date: Fri, 26 Apr 2024 15:21:28 GMT
content-type: video/webm
content-length: 6147275
last-modified: Thu, 14 Sep 2023 16:05:52 GMT
etag: "ebf87a434bb85b3fb48284f0fcaf5c88"
x-timestamp: 1694707551.88925
x-trans-id: txc4c94076cad241d083bab-00661fc98e
x-openstack-request-id: txc4c94076cad241d083bab-00661fc98e
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr+x1j09hJYthKF4j0Vk8BdFA3uo8svsia+dH2GDY8f+2WFKlOXOXOXfGLht+484/JC/kTVa8h8xeARaXSLXoYP
x-served-from: l1
expires: Fri, 27 Sep 2024 20:52:37 GMT
cache-control: max-age=13325469
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 109, 26296
content-range: bytes 0-6147274/6147275
X-Firefox-Spdy: h2

xyouxxx.com/ads/vast/adplayer.js

104.21.79.162

200 OK

152 kB

URL GET HTTP/2
xyouxxx.com/ads/vast/adplayer.js
IP
104.21.79.162:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xmaturs.com/ads/hiltopads/instreams.html
Certificate
IssuerLet's Encrypt
Subjectxyouxxx.com
FingerprintE0:61:2B:3F:0E:08:46:FD:86:41:74:5C:F1:25:98:85:E9:79:7C:21
ValiditySun, 14 Apr 2024 04:58:12 GMT - Sat, 13 Jul 2024 04:58:11 GMT

File type

Size
152 kB (152170 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ads/vast/adplayer.js HTTP/1.1
Host: xyouxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: application/javascript
last-modified: Wed, 17 Jan 2024 01:55:23 GMT
vary: Accept-Encoding
etag: W/"65a7338b-2526a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 767620
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tt0zT%2BKhuPCVqWMaVqb9Whf5wf83R%2BYghyJrSiMeIO0xXJw8UXrZpqshY3781e37zK%2BRvZHOl5hTkZPTf%2BpyKC7XNrQT2YDLqnoyMzPM9TPay2wotxdV97lLbDVF%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a790004bbf1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate