| clickadnow.com/assets/images/logo.png | 104.21.96.128 | 200 OK | 20 kB |
URL GET HTTP/2clickadnow.com/assets/images/logo.png IP104.21.96.128:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectclickadnow.com FingerprintDB:74:93:45:0D:D5:4B:DC:7B:3B:BC:3C:37:21:D6:F8:B7:51:4D:64 ValidityFri, 01 Mar 2024 04:13:06 GMT - Thu, 30 May 2024 04:13:05 GMT
File typePNG image data, 481 x 88, 8-bit/color RGBA, non-interlaced Hashacfb51216a6fa2a6402bba802c2b0172 fa7fa8392f5675142c8bde2f6fd6993ea171f528 323ff7bcc82c7369b2a38d0e2d65e25e9fd2c347104d0c729044e304287f3a60
GET /assets/images/logo.png HTTP/1.1
Host: clickadnow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: image/png
content-length: 19612
last-modified: Thu, 07 Sep 2023 10:06:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 42571
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOH1VscxdWFAFjPHwvqjzbH7ySJmcN1l%2Frg1QNxe%2F119%2FSC1jZn9q2eJ%2BCzPazMstJPWCt%2Bw%2FFC59hbEPDBpJuTxKCUSbirVdS90mres2B04w%2BSIBHMuh9TBXT1dyuCIQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a790016996569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xmaturs.com/favicon.ico | 188.114.96.1 | 404 Not Found | 5.3 kB |
IP188.114.96.1:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerGoogle Trust Services LLC Subjectxmaturs.com Fingerprint57:1B:6B:EA:F2:D6:B4:7C:B9:2E:5A:56:B1:8A:52:F0:ED:51:B9:9E ValidityMon, 22 Apr 2024 07:12:11 GMT - Sun, 21 Jul 2024 07:12:10 GMT
File typeHTML document, ASCII text Hashdedd5b1a43ed071ef2e80fb8c3a797b5 a4d9e54d9a9a64d200b37710fb0b2a5c263e7649 8d65def506c99fccc4cefdeafed5949af13e0e06f8e8a428360845aeffb86d58
GET /favicon.ico HTTP/1.1
Host: xmaturs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/ads/hiltopads/instreams.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 15:21:26 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xupgkoQaXhJTJlwrpJ7g6tBYKF%2B8btyYufhAPd72QuZ1IDJQUQz07eovgeRsNJKyA7Bj%2BG2oBFi2OLxnBpXe%2FHgkvEENrNvNyL27UHI2oYLKsXUXUK9%2BEjhhmiqe2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a790038fec56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 10945-4.s.cdn15.com/creatives/152327/199273/530466_04d09.mp4 | 67.216.89.16 | 206 Partial Content | 283 kB |
URL GET HTTP/210945-4.s.cdn15.com/creatives/152327/199273/530466_04d09.mp4 IP67.216.89.16:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerSectigo Limited Subject*.s.cdn15.com Fingerprint83:79:A5:D7:C8:5D:B4:A5:B9:DC:F5:F4:59:D5:63:FC:F1:69:5A:0E ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeISO Media, MP4 v2 [ISO 14496-14] Size283 kB (282597 bytes) Hash445590fb22f2215e63d81cf5a27cda81 0d7698fb140e3244d417ba5ca00949b72dd200c1 c972d6857992a046c284df7c77a1ca7470bcd039dd3e958ee07793d2a40a1e60
GET /creatives/152327/199273/530466_04d09.mp4 HTTP/1.1
Host: 10945-4.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
server: ucdn/1.24.0
date: Fri, 26 Apr 2024 15:21:26 GMT
content-type: video/mp4
content-length: 5272044
last-modified: Thu, 14 Sep 2023 15:58:56 GMT
etag: "d7205e767636d022adc2f61f43ad7db4"
x-timestamp: 1694707135.86125
x-trans-id: txb2533cb87dee44bfa5f5c-00661fcc11
x-openstack-request-id: txb2533cb87dee44bfa5f5c-00661fcc11
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr+x1j09hJYthKF4j0Vk8BdGEByJQyhOC8MENovHnWAlPYfr6RO3mwsJAG8WiB2Xy4r9ZCzEX+KXj7FcuF7pXjs
x-served-from: l1
expires: Fri, 27 Sep 2024 21:03:20 GMT
cache-control: max-age=13326114
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 106, 17229
content-range: bytes 0-5272043/5272044
X-Firefox-Spdy: h2
|
|
| 10945-4.s.cdn15.com/creatives/152327/199273/530469_e241c.mp4 | 67.216.89.16 | 206 Partial Content | 6.6 MB |
URL GET HTTP/210945-4.s.cdn15.com/creatives/152327/199273/530469_e241c.mp4 IP67.216.89.16:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerSectigo Limited Subject*.s.cdn15.com Fingerprint83:79:A5:D7:C8:5D:B4:A5:B9:DC:F5:F4:59:D5:63:FC:F1:69:5A:0E ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeISO Media, MP4 v2 [ISO 14496-14] Size6.6 MB (6646987 bytes) Hash02bb85cc4b0778da26d587eda1bae141 c20fff5c21bcb007041ca9043bc0556b99a7bcf0 1b5fe5d9b01d00945de05336836babe98f0c6fe8b40ff852757314bbf1786b58
GET /creatives/152327/199273/530469_e241c.mp4 HTTP/1.1
Host: 10945-4.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
server: ucdn/1.24.0
date: Fri, 26 Apr 2024 15:21:27 GMT
content-type: video/mp4
content-length: 1811699
last-modified: Thu, 14 Sep 2023 15:59:23 GMT
etag: "00537f5f7cf5341a6ca15ce80f7b0aad"
x-timestamp: 1694707162.49533
x-trans-id: txc84b4cc38f6f46dbbf2c8-00661fcdb3
x-openstack-request-id: txc84b4cc38f6f46dbbf2c8-00661fcdb3
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr+x1j09hJYthKF4j0Vk8BdGEByJQyhOC8MENovHnWAlPYfr6RO3mwsJAG8WiB2Xy4r9ZCzEX+KXj7FcuF7pXjs
x-served-from: l1
expires: Fri, 27 Sep 2024 21:10:18 GMT
cache-control: max-age=13326531
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 86, 17791
content-range: bytes 0-1811698/1811699
X-Firefox-Spdy: h2
|
|
| faraway-exercise.com/djmAFYzWd.GwlptyPM3JpZv/bPmrVrJJZcDn0H1HMKz/IK1/NPzScQ3IL/T/UdzTMRjpUe3sN/z/gi | 88.85.68.219 | 404 Not Found | 0 B |
URL GET HTTP/2faraway-exercise.com/djmAFYzWd.GwlptyPM3JpZv/bPmrVrJJZcDn0H1HMKz/IK1/NPzScQ3IL/T/UdzTMRjpUe3sN/z/gi IP88.85.68.219:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectfaraway-exercise.com Fingerprint4A:71:C9:88:C9:16:73:8D:72:8D:9C:A5:FB:36:4A:F9:EA:E2:2A:90 ValidityThu, 04 Apr 2024 16:02:10 GMT - Wed, 03 Jul 2024 16:02:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /djmAFYzWd.GwlptyPM3JpZv/bPmrVrJJZcDn0H1HMKz/IK1/NPzScQ3IL/T/UdzTMRjpUe3sN/z/gi HTTP/1.1
Host: faraway-exercise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 15:21:28 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
X-Firefox-Spdy: h2
|
|
| untimely-ball.com/dGmHF-z.dJGKVL2MZ_WO5P0QPR2-FTkUSVWWQ_9YNZTaYb3-NdTeUf2gJ_miFjkkdln-Nn1oYpmql_ksPtSuZvh-cx2yMz9AM_iCZDlEdFm-VHuIdJFKR_5McNGOUP9-MRiSZTrUd_zW1X4YbZW-Fb0cddXeJ_zgJhniBjh-elWm9n1od_Dq0rwsJtn-JvlwdxmyV_uAdBWCUD9-MFCGZHyIc_mKlLkMPNT-gPzQZRTSA_3UNVWWRXm-MZjaNbmcN_GeQf5gOhW-VjhkYlmmE_1oYp2qMr0-ZtTuYv3wM_jyUz4AMBj-gD2EJFnGN_JIZJDK0Lm-cN0OlPkQM_jS0TmUcV0-lXkYMZza0_mccd3eMf9-NhSiZjzkd_Dm0nyoJpn-Rrvsat2uV_uwPxSyZz1-bBmClDxEQ_nGlHaIbJ2-5LlMPNTOE_mQdRWS5Tp-cVUWJX5YW_ma9bucZdV-Rf5gchGiU_9kMlimZn2-YpXqNr0sV_Gu9vrwZxW-4z9AQB2Cd_KETF1GRHC-SJUKpLZMb_kOpP2QWRV-dTSUaVVWl_XYNZWatbL-adUeEf1gW_kidjZkMl0-5ntoTpmqx_NsVt1uZvq-Tx0yRzFAe_UC1DqERFT-BHPIRJEKp_qMWNmOpPW-aRVSlTUUZ_GW1XNYVZ1-Fb5cTdnep_FgMhUi1jE-RlDmNnqoS_yq5r4sQtm-pvpwTxTyR_BARBkClDC-UFSG0HtIJ_nKpLvMbNm-VPJQZRDS0_1UMVjWIXy-MZzaQb0c | 88.85.68.219 | 200 OK | 0 B |
URL GET HTTP/2untimely-ball.com/dGmHF-z.dJGKVL2MZ_WO5P0QPR2-FTkUSVWWQ_9YNZTaYb3-NdTeUf2gJ_miFjkkdln-Nn1oYpmql_ksPtSuZvh-cx2yMz9AM_iCZDlEdFm-VHuIdJFKR_5McNGOUP9-MRiSZTrUd_zW1X4YbZW-Fb0cddXeJ_zgJhniBjh-elWm9n1od_Dq0rwsJtn-JvlwdxmyV_uAdBWCUD9-MFCGZHyIc_mKlLkMPNT-gPzQZRTSA_3UNVWWRXm-MZjaNbmcN_GeQf5gOhW-VjhkYlmmE_1oYp2qMr0-ZtTuYv3wM_jyUz4AMBj-gD2EJFnGN_JIZJDK0Lm-cN0OlPkQM_jS0TmUcV0-lXkYMZza0_mccd3eMf9-NhSiZjzkd_Dm0nyoJpn-Rrvsat2uV_uwPxSyZz1-bBmClDxEQ_nGlHaIbJ2-5LlMPNTOE_mQdRWS5Tp-cVUWJX5YW_ma9bucZdV-Rf5gchGiU_9kMlimZn2-YpXqNr0sV_Gu9vrwZxW-4z9AQB2Cd_KETF1GRHC-SJUKpLZMb_kOpP2QWRV-dTSUaVVWl_XYNZWatbL-adUeEf1gW_kidjZkMl0-5ntoTpmqx_NsVt1uZvq-Tx0yRzFAe_UC1DqERFT-BHPIRJEKp_qMWNmOpPW-aRVSlTUUZ_GW1XNYVZ1-Fb5cTdnep_FgMhUi1jE-RlDmNnqoS_yq5r4sQtm-pvpwTxTyR_BARBkClDC-UFSG0HtIJ_nKpLvMbNm-VPJQZRDS0_1UMVjWIXy-MZzaQb0c IP88.85.68.219:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectuntimely-ball.com Fingerprint3F:D2:E8:77:66:41:F8:39:75:53:74:2E:A8:16:85:8E:B6:67:5D:FF ValiditySun, 14 Apr 2024 02:52:01 GMT - Sat, 13 Jul 2024 02:52:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dGmHF-z.dJGKVL2MZ_WO5P0QPR2-FTkUSVWWQ_9YNZTaYb3-NdTeUf2gJ_miFjkkdln-Nn1oYpmql_ksPtSuZvh-cx2yMz9AM_iCZDlEdFm-VHuIdJFKR_5McNGOUP9-MRiSZTrUd_zW1X4YbZW-Fb0cddXeJ_zgJhniBjh-elWm9n1od_Dq0rwsJtn-JvlwdxmyV_uAdBWCUD9-MFCGZHyIc_mKlLkMPNT-gPzQZRTSA_3UNVWWRXm-MZjaNbmcN_GeQf5gOhW-VjhkYlmmE_1oYp2qMr0-ZtTuYv3wM_jyUz4AMBj-gD2EJFnGN_JIZJDK0Lm-cN0OlPkQM_jS0TmUcV0-lXkYMZza0_mccd3eMf9-NhSiZjzkd_Dm0nyoJpn-Rrvsat2uV_uwPxSyZz1-bBmClDxEQ_nGlHaIbJ2-5LlMPNTOE_mQdRWS5Tp-cVUWJX5YW_ma9bucZdV-Rf5gchGiU_9kMlimZn2-YpXqNr0sV_Gu9vrwZxW-4z9AQB2Cd_KETF1GRHC-SJUKpLZMb_kOpP2QWRV-dTSUaVVWl_XYNZWatbL-adUeEf1gW_kidjZkMl0-5ntoTpmqx_NsVt1uZvq-Tx0yRzFAe_UC1DqERFT-BHPIRJEKp_qMWNmOpPW-aRVSlTUUZ_GW1XNYVZ1-Fb5cTdnep_FgMhUi1jE-RlDmNnqoS_yq5r4sQtm-pvpwTxTyR_BARBkClDC-UFSG0HtIJ_nKpLvMbNm-VPJQZRDS0_1UMVjWIXy-MZzaQb0c HTTP/1.1
Host: untimely-ball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 15:21:28 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
set-cookie: kadCCap=200583:1:1713785027; max-age=1745680888; path=/
kadACap=560690:3:1713782741;534910:1:1714144115; max-age=1745680888; path=/
kadASCap=534910:1:1714144115; path=/
kadUnP3=CAMQ34avsQYaDQip+uwBEAEY34avsQYaDQiPgcQCEAEY84avsQYaDQjI374CEAEY+IyvsQYiCggDEAEY34avsQYiCggOEAIY84avsQYqDAiUoCwQARj4jK+xBioMCJDRHhABGN+Gr7EGKgwI/OAsEAEY84avsQY=; max-age=1745680888; path=/
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| untimely-ball.com/d/m/F/z/d.GeN/v/Z/GrUW/teomd9CuxZ/UDlmkcP/TvUHy/MDjDIfzfNBDjQztMNdThIoy/MhjUMl0DNtQS | 88.85.68.219 | 200 OK | 11 kB |
URL GET HTTP/2untimely-ball.com/d/m/F/z/d.GeN/v/Z/GrUW/teomd9CuxZ/UDlmkcP/TvUHy/MDjDIfzfNBDjQztMNdThIoy/MhjUMl0DNtQS IP88.85.68.219:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectuntimely-ball.com Fingerprint3F:D2:E8:77:66:41:F8:39:75:53:74:2E:A8:16:85:8E:B6:67:5D:FF ValiditySun, 14 Apr 2024 02:52:01 GMT - Sat, 13 Jul 2024 02:52:00 GMT
File typeASCII text, with very long lines (7864), with no line terminators Hashe27b8b2e04900aeed7e2c41b198469e9 6d7f7a3e9af00f4d76c5fdcd96989b926eee0d0e b074d9a35ad6d2a14e5b403a5f99e1b8f1f44ac1e8b2048a3aec5ad7f770d395
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /d/m/F/z/d.GeN/v/Z/GrUW/teomd9CuxZ/UDlmkcP/TvUHy/MDjDIfzfNBDjQztMNdThIoy/MhjUMl0DNtQS HTTP/1.1
Host: untimely-ball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xmaturs.com
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 15:21:26 GMT
content-type: text/xml
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://xmaturs.com
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| untimely-ball.com/dbmcF.zdd-GfVg2hZiW_5k0lPm2nF-kpSqWrQs9_NuTvYw3xN-TzUA2BJCm_FEkFdGnHN-1JYKmLlMk_POSPZQhRc-2TMU9VMWi_ZYlZdambV-uddeFfRg5_ciGjUk9lN-SnZorpdqz_1s4tbuWvF-0xdyXzJAz_JCnDBEhFe-WH9I1JdKD_0MwNJOnPJ-lRdSmTVUu_dWWXUY9ZM-CbZcydcem_lgkhPiTjg-zlZmTnAo3_NqWrRsmtM-jvNwmxNyG_QA5BOCWDV-hFYGmHEI1_YK2LMM0NZ-TPYQ3RMSj_UU4VMWjXg-2ZJanbNcJ_ZeDf0gmhc-0jlkklMmj_0ompcq0rl-ktMuzv0wm_cy3zMA9BN-SDZEzFdGD_0IyJJKnLR-vNaO2PVQu_PSSTZU1Vb-mXlYxZQan_lcadbe2f5-lhPiTjEkm_dmWn5oppc-UrJs5tWum_9wuxZyVzR-5BcCGDUE9_MGiHZI2JY-XLNM0NVOG_9QrRZSWT4-9VQW2XdYK_Ta1bRcCdS-UfpgZhbik_pk2lWmVnd-SpaqVrlsX_NuWvtwLxa-UzEA1BWCk_dEZFMG0H5-tJTKmLxMN_VO1PZQqRT-0TRUFVeWU_1YqZRaTbB-PdReEfpgq_WimjpkWla-VnloUpZqG_1sNtVu1vF-5xTynzpAF_MCUD1EEFR-DHNIqJSKy_5M4NQOmPp-pRSSTTlUn_UWkXlYCZU-Sb0ctdJen_pgvhbimjV-JlZmDn0o1_MqjrIsytM-zvQw0x | 88.85.68.219 | 200 OK | 0 B |
URL GET HTTP/2untimely-ball.com/dbmcF.zdd-GfVg2hZiW_5k0lPm2nF-kpSqWrQs9_NuTvYw3xN-TzUA2BJCm_FEkFdGnHN-1JYKmLlMk_POSPZQhRc-2TMU9VMWi_ZYlZdambV-uddeFfRg5_ciGjUk9lN-SnZorpdqz_1s4tbuWvF-0xdyXzJAz_JCnDBEhFe-WH9I1JdKD_0MwNJOnPJ-lRdSmTVUu_dWWXUY9ZM-CbZcydcem_lgkhPiTjg-zlZmTnAo3_NqWrRsmtM-jvNwmxNyG_QA5BOCWDV-hFYGmHEI1_YK2LMM0NZ-TPYQ3RMSj_UU4VMWjXg-2ZJanbNcJ_ZeDf0gmhc-0jlkklMmj_0ompcq0rl-ktMuzv0wm_cy3zMA9BN-SDZEzFdGD_0IyJJKnLR-vNaO2PVQu_PSSTZU1Vb-mXlYxZQan_lcadbe2f5-lhPiTjEkm_dmWn5oppc-UrJs5tWum_9wuxZyVzR-5BcCGDUE9_MGiHZI2JY-XLNM0NVOG_9QrRZSWT4-9VQW2XdYK_Ta1bRcCdS-UfpgZhbik_pk2lWmVnd-SpaqVrlsX_NuWvtwLxa-UzEA1BWCk_dEZFMG0H5-tJTKmLxMN_VO1PZQqRT-0TRUFVeWU_1YqZRaTbB-PdReEfpgq_WimjpkWla-VnloUpZqG_1sNtVu1vF-5xTynzpAF_MCUD1EEFR-DHNIqJSKy_5M4NQOmPp-pRSSTTlUn_UWkXlYCZU-Sb0ctdJen_pgvhbimjV-JlZmDn0o1_MqjrIsytM-zvQw0x IP88.85.68.219:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectuntimely-ball.com Fingerprint3F:D2:E8:77:66:41:F8:39:75:53:74:2E:A8:16:85:8E:B6:67:5D:FF ValiditySun, 14 Apr 2024 02:52:01 GMT - Sat, 13 Jul 2024 02:52:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dbmcF.zdd-GfVg2hZiW_5k0lPm2nF-kpSqWrQs9_NuTvYw3xN-TzUA2BJCm_FEkFdGnHN-1JYKmLlMk_POSPZQhRc-2TMU9VMWi_ZYlZdambV-uddeFfRg5_ciGjUk9lN-SnZorpdqz_1s4tbuWvF-0xdyXzJAz_JCnDBEhFe-WH9I1JdKD_0MwNJOnPJ-lRdSmTVUu_dWWXUY9ZM-CbZcydcem_lgkhPiTjg-zlZmTnAo3_NqWrRsmtM-jvNwmxNyG_QA5BOCWDV-hFYGmHEI1_YK2LMM0NZ-TPYQ3RMSj_UU4VMWjXg-2ZJanbNcJ_ZeDf0gmhc-0jlkklMmj_0ompcq0rl-ktMuzv0wm_cy3zMA9BN-SDZEzFdGD_0IyJJKnLR-vNaO2PVQu_PSSTZU1Vb-mXlYxZQan_lcadbe2f5-lhPiTjEkm_dmWn5oppc-UrJs5tWum_9wuxZyVzR-5BcCGDUE9_MGiHZI2JY-XLNM0NVOG_9QrRZSWT4-9VQW2XdYK_Ta1bRcCdS-UfpgZhbik_pk2lWmVnd-SpaqVrlsX_NuWvtwLxa-UzEA1BWCk_dEZFMG0H5-tJTKmLxMN_VO1PZQqRT-0TRUFVeWU_1YqZRaTbB-PdReEfpgq_WimjpkWla-VnloUpZqG_1sNtVu1vF-5xTynzpAF_MCUD1EEFR-DHNIqJSKy_5M4NQOmPp-pRSSTTlUn_UWkXlYCZU-Sb0ctdJen_pgvhbimjV-JlZmDn0o1_MqjrIsytM-zvQw0x HTTP/1.1
Host: untimely-ball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 15:21:28 GMT
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| xyouxxx.com/videoplayback.mp4 | 0.0.0.0 | | 0 B |
URL GET xyouxxx.com/videoplayback.mp4 IP0.0.0.0:0
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectxyouxxx.com FingerprintE0:61:2B:3F:0E:08:46:FD:86:41:74:5C:F1:25:98:85:E9:79:7C:21 ValiditySun, 14 Apr 2024 04:58:12 GMT - Sat, 13 Jul 2024 04:58:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /videoplayback.mp4 HTTP/1.1
Host: xyouxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 206 Partial Content
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: video/mp4
content-length: 8540094
last-modified: Thu, 01 Feb 2024 01:51:28 GMT
etag: "65baf920-824fbe"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3414
content-range: bytes 0-8540093/8540094
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gME4HquvF1FqI5ZE7oV8cTIFqVdv1wiy6LSohLVHy4PHLSu3VJ7KRcCtQ7BTJyxMCurc2ar4lcoad24VFD5lhs3j83FLylLDKyllTWJOdgv6klbmF1T%2Bmt0EYuuspg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a790016e1b56c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| xmaturs.com/ads/hiltopads/instreams.html | 188.114.96.1 | 200 OK | 4.5 kB |
URL User Request GET HTTP/2xmaturs.com/ads/hiltopads/instreams.html IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectxmaturs.com Fingerprint57:1B:6B:EA:F2:D6:B4:7C:B9:2E:5A:56:B1:8A:52:F0:ED:51:B9:9E ValidityMon, 22 Apr 2024 07:12:11 GMT - Sun, 21 Jul 2024 07:12:10 GMT
File typeJavaScript source, ASCII text, with very long lines (4676), with no line terminators Hash9582960eb8887bd902a8e94ae542e278 d08be2886f8ea307490fe207e130f67018aa1ec8 c7a07f3fdc79a7945c9c9555f335b2aadd673e55d339673ff73c46c215250ffb
GET /ads/hiltopads/instreams.html HTTP/1.1
Host: xmaturs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: text/html
last-modified: Thu, 25 Apr 2024 23:55:58 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdDbbmCO3Jb8YTV%2FPcFvR78zSmHIC6gOsNyJnZCWqB7UlJ4Y9a%2BTIU1cIDzocg3akncNdE87CBiyG2B2KS8UoezF4DUOUTu3MHL9noGAFhsOPWdG5NY6LmBfXBKW%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a78ffd686656ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 10945-4.s.cdn15.com/creatives/152327/199273/530465_f0754z.webm | 67.216.89.16 | 206 Partial Content | 6.1 MB |
URL GET HTTP/210945-4.s.cdn15.com/creatives/152327/199273/530465_f0754z.webm IP67.216.89.16:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerSectigo Limited Subject*.s.cdn15.com Fingerprint83:79:A5:D7:C8:5D:B4:A5:B9:DC:F5:F4:59:D5:63:FC:F1:69:5A:0E ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
Size6.1 MB (6147275 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /creatives/152327/199273/530465_f0754z.webm HTTP/1.1
Host: 10945-4.s.cdn15.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
server: ucdn/1.24.0
date: Fri, 26 Apr 2024 15:21:28 GMT
content-type: video/webm
content-length: 6147275
last-modified: Thu, 14 Sep 2023 16:05:52 GMT
etag: "ebf87a434bb85b3fb48284f0fcaf5c88"
x-timestamp: 1694707551.88925
x-trans-id: txc4c94076cad241d083bab-00661fc98e
x-openstack-request-id: txc4c94076cad241d083bab-00661fc98e
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsr+x1j09hJYthKF4j0Vk8BdFA3uo8svsia+dH2GDY8f+2WFKlOXOXOXfGLht+484/JC/kTVa8h8xeARaXSLXoYP
x-served-from: l1
expires: Fri, 27 Sep 2024 20:52:37 GMT
cache-control: max-age=13325469
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, OPTIONS
x-vhostid: 109, 26296
content-range: bytes 0-6147274/6147275
X-Firefox-Spdy: h2
|
|
| xyouxxx.com/ads/vast/adplayer.js | 104.21.79.162 | 200 OK | 152 kB |
URL GET HTTP/2xyouxxx.com/ads/vast/adplayer.js IP104.21.79.162:443
Requested byhttps://xmaturs.com/ads/hiltopads/instreams.html CertificateIssuerLet's Encrypt Subjectxyouxxx.com FingerprintE0:61:2B:3F:0E:08:46:FD:86:41:74:5C:F1:25:98:85:E9:79:7C:21 ValiditySun, 14 Apr 2024 04:58:12 GMT - Sat, 13 Jul 2024 04:58:11 GMT
Size152 kB (152170 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/vast/adplayer.js HTTP/1.1
Host: xyouxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xmaturs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:21:25 GMT
content-type: application/javascript
last-modified: Wed, 17 Jan 2024 01:55:23 GMT
vary: Accept-Encoding
etag: W/"65a7338b-2526a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 767620
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tt0zT%2BKhuPCVqWMaVqb9Whf5wf83R%2BYghyJrSiMeIO0xXJw8UXrZpqshY3781e37zK%2BRvZHOl5hTkZPTf%2BpyKC7XNrQT2YDLqnoyMzPM9TPay2wotxdV97lLbDVF%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a790004bbf1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|