Report - patpexels.web.app/

Report Overview

Submitted URL
patpexels.web.app/
IP
199.36.158.100
ASN
#54113 FASTLY
Submitted
2024-05-07 08:25:32
Access
public
Website Title
(1) New Message!
Final URL
patpexels.web.app/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
free-webdesigner.com	unknown	2013-12-09	2014-10-29	2023-11-02	458 B	14 kB	202.254.239.35
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29	2024-05-06	485 B	1.2 kB	104.26.7.19
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	849 B	10 kB	142.250.74.138
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2024-05-06	488 B	142 kB	104.18.10.207
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	1.6 kB	56 kB	142.250.74.163
cse.google.com	2642	1997-09-15	2015-03-18	2024-05-06	434 B	2.3 kB	142.250.74.174
i.pinimg.com	689	2010-05-29	2015-10-15	2024-05-04	460 B	27 kB	199.232.40.84
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-06	736 B	423 B	192.243.59.12
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-06	2.9 kB	330 kB	188.114.97.1
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-06	448 B	24 kB	151.101.130.137
edua29146y.com	unknown	2018-06-08	2018-06-19	2023-10-22	435 B	17 kB	192.243.59.12
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-05	414 B	87 kB	188.114.97.1
patpexels.web.app	unknown	unknown	No data	No data	1.0 kB	22 kB	199.36.158.100
t.pimg.jp	546213	2010-12-15	2013-09-20	2024-03-04	447 B	12 kB	54.230.83.175
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-06	435 B	424 B	18.185.9.67
disclosestockingsprestigious.com	unknown	2024-04-29	2024-04-30	2024-05-06	8.0 kB	10 kB	172.240.127.234
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-05-06	467 B	31 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-06	medium	unseenreport.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed
2024-05-07	medium	disclosestockingsprestigious.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.2.1.slim.min.js	70 kB	2023-03-07	2024-05-19
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-05-19 14:46:41 Times Seen110084 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-05-19
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-19 17:04:35 Times Seen141226 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	edua29146y.com/9c/34/55/9c3455fd6a937763dcb96e5be1a4920f.js	44 kB	2024-05-07	2024-05-07
Pretty URL edua29146y.com/9c/34/55/9c3455fd6a937763dcb96e5be1a4920f.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 10:25:39 Last Seen2024-05-07 10:25:39 Times Seen2 Hash c432c26ad9b08909c4cb4d1a79b3dc89 c1b2d0ed8fe4f5bab4de23ca798c2d1fca80d99a 41c404105fc6ffd970c70576e8e67e9470eeeec48a20128d6ccf92f420e33cbb Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	9.7 kB	2024-05-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 10:25:39 Last Seen2024-05-07 10:25:39 Times Seen1 Hash ce2658bc344f11ff9fb3b7e460d08e6b 1f84e937fb475cc0d3e631920e89dc032def3570 497df62a4beff29a3453024a41699e6d09c43b2f9302854b38bf84aead7cc043 Loading...

HTTP Transactions (33)

URL IP Response Size

patpexels.web.app/

199.36.158.100

200 OK

9.9 kB

URL User Request GET HTTP/2
patpexels.web.app/
IP
199.36.158.100:443
ASN
#54113 FASTLY

Certificate
IssuerGoogle Trust Services LLC
Subjectweb.app
Fingerprint6C:B8:FC:5E:5B:DF:AB:31:E6:02:C5:A6:D8:E2:D0:77:BB:5D:BC:7B
ValidityThu, 21 Mar 2024 15:14:42 GMT - Wed, 19 Jun 2024 15:14:41 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2393)
Size
9.9 kB (9923 bytes)
Hash
e73064f82218c473497e0bc26b922595
d0af40b072d793e8d170f088c4648303fb23961f
add33e43e43218b05d99334a2f44e83b63cd6d52bb1ff2ddc48beaf49474054f

HTTP Headers

GET / HTTP/1.1
Host: patpexels.web.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "08984b90a9263713eb67e081bd1e570eefd7099c36f12c32f9762da0b08d8fb7-br"
last-modified: Thu, 22 Oct 2020 00:02:17 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 07 May 2024 08:25:05 GMT
x-served-by: cache-hel1410034-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715070305.971772,VS0,VE172
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9923
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

151.101.130.137

200 OK

24 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://patpexels.web.app/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32012)
Size
24 kB (23856 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 08:25:05 GMT
age: 352927
x-served-by: cache-lga21963-LGA, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 43, 26551
x-timer: S1715070306.596873,VS0,VE0
vary: Accept-Encoding
content-length: 23856
X-Firefox-Spdy: h2

fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2

142.250.74.163

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22432, version 1.0
Size
22 kB (22432 bytes)
Hash
cfd6d958f6802c9f4f64c05575b70801
7f0644e43c42902b466b66723aad8a95ba094b0c
3e44fb721d3be9376c6e5e946109067a04da84ae10b3f27a03ada7a3731e515c

HTTP Headers

GET /s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:36:09 GMT
expires: Fri, 02 May 2025 14:36:09 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 May 2024 20:31:54 GMT
content-type: font/woff2
age: 409736
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t.pimg.jp/060/344/310/1/60344310.jpg

54.230.83.175

200 OK

11 kB

URL GET HTTP/2
t.pimg.jp/060/344/310/1/60344310.jpg
IP
54.230.83.175:443
ASN
#16509 AMAZON-02

Requested by
https://patpexels.web.app/
Certificate
IssuerAmazon
Subject*.pimg.jp
Fingerprint5C:48:3F:AC:7D:1B:53:53:15:FD:32:DC:FC:0C:23:B4:0D:8F:9F:B2
ValidityMon, 23 Oct 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 450x337, Scaling: [none]x[none], YUV color, decoders should clamp
Size
11 kB (11086 bytes)
Hash
c530fa752fd44df5cb0bb8f893eda7b0
55bfbab2c0cd0f3acd0fdd80a7d7dbee7161db0a
333b822a96b3fb994b4c10ce72fce7f3884024e9c1d67630c6be6f7be98dcdea

HTTP Headers

GET /060/344/310/1/60344310.jpg HTTP/1.1
Host: t.pimg.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/webp
content-length: 11086
access-control-allow-origin: *
cache-control: public, max-age=31536000
date: Tue, 07 May 2024 08:25:05 GMT
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cq6KHAOh06hYov8_5AykzqY4lfWI2h63wK_FM8tUi20IpfXrJ6yYFw==
X-Firefox-Spdy: h2

edua29146y.com/9c/34/55/9c3455fd6a937763dcb96e5be1a4920f.js

192.243.59.12

200 OK

16 kB

URL GET HTTP/1.1
edua29146y.com/9c/34/55/9c3455fd6a937763dcb96e5be1a4920f.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectedua29146y.com
Fingerprint05:5D:88:7E:12:5F:7E:EE:BF:17:DF:F1:76:39:9A:57:02:DD:76:0E
ValidityFri, 19 Apr 2024 06:48:01 GMT - Thu, 18 Jul 2024 06:48:00 GMT

File type
JavaScript source, ASCII text, with very long lines (44130), with no line terminators
Size
16 kB (15839 bytes)
Hash
c432c26ad9b08909c4cb4d1a79b3dc89
c1b2d0ed8fe4f5bab4de23ca798c2d1fca80d99a
41c404105fc6ffd970c70576e8e67e9470eeeec48a20128d6ccf92f420e33cbb

HTTP Headers

GET /9c/34/55/9c3455fd6a937763dcb96e5be1a4920f.js HTTP/1.1
Host: edua29146y.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 07 May 2024 08:25:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d020269f292e45e05fef6049d311e31c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://patpexels.web.app/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
91bfe3cad16c703d5bc646292453bc22
2784528c8a8578ededd748e52d9fb17ccd615676
a08c7a34c9e216d09c7295e480454b821cbede01bd3a6a6fbb79019ea1345182

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://patpexels.web.app
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; expires=Fri, 05 May 2034 08:25:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

patpexels.web.app/favicon.ico

199.36.158.100

404 Not Found

11 kB

URL GET HTTP/3
patpexels.web.app/favicon.ico
IP
199.36.158.100:443
ASN
#54113 FASTLY

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectweb.app
Fingerprint6C:B8:FC:5E:5B:DF:AB:31:E6:02:C5:A6:D8:E2:D0:77:BB:5D:BC:7B
ValidityThu, 21 Mar 2024 15:14:42 GMT - Wed, 19 Jun 2024 15:14:41 GMT

File type
HTML document, ASCII text, with very long lines (8125)
Size
11 kB (10712 bytes)
Hash
30b57fc35a6c2b706de9ce2c38f257c2
7270e201ec681343de06bf6c1c63ae61de526c98
e5be0c3483138abfc50dae40ad4ebc51443cf8693b3cee01469d88bcf36bfd76

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: patpexels.web.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8e09568e-5fbe-401e-b0f9-5d70b03bdce9%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
content-length: 10712
cache-control: max-age=3600
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 07 May 2024 08:25:06 GMT
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715070307.596610,VS0,VE54
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cse.google.com/cse.js?cx=004665799172052902787:3gvpzbavio0

142.250.74.174

404 Not Found

1.6 kB

URL GET HTTP/2
cse.google.com/cse.js?cx=004665799172052902787:3gvpzbavio0
IP
142.250.74.174:443
ASN
#15169 GOOGLE

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1604 bytes)
Hash
7c9ea1a887fe175ab93527f5ea6689a1
a6e99bf8f109d38c0217f4c703388737dbbaee33
4ee5ba7687c4692c194329c897f36ae9985eeb1b66a6d4fd92bda085cbf2c312

HTTP Headers

GET /cse.js?cx=004665799172052902787:3gvpzbavio0 HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-9NiJjJk49Zg_DuRB4zTytA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Tue, 07 May 2024 08:25:06 GMT
server: gws
content-length: 1604
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.pinimg.com/736x/cd/1d/60/cd1d60589d8ade306ab9f427da62a611.jpg

199.232.40.84

200 OK

26 kB

URL GET HTTP/2
i.pinimg.com/736x/cd/1d/60/cd1d60589d8ade306ab9f427da62a611.jpg
IP
199.232.40.84:443
ASN
#54113 FASTLY

Requested by
https://patpexels.web.app/
Certificate
IssuerDigiCert Inc
Subject*.pinterest.com
Fingerprint4D:02:6D:A8:DF:FA:2E:1C:D3:43:46:EF:CF:92:F1:7A:41:8F:BA:0B
ValidityMon, 31 Jul 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, progressive, precision 8, 700x700, components 3
Size
26 kB (26360 bytes)
Hash
7c40e34dab6dd70fc327ec0c73fe6526
6b447f64931c61f08a5f3b5f76fdcee1c8eeef93
9dce2ce0c7a331064efb7cb3ffed3b80e74497a737aeaaff4b544e123248c80e

HTTP Headers

GET /736x/cd/1d/60/cd1d60589d8ade306ab9f427da62a611.jpg HTTP/1.1
Host: i.pinimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "7c40e34dab6dd70fc327ec0c73fe6526"
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
vary: Origin
x-cdn: fastly
alt-svc: h3=":443";ma=600
date: Tue, 07 May 2024 08:25:06 GMT
content-length: 26360
X-Firefox-Spdy: h2

free-webdesigner.com/fw/wp-content/uploads/2014/10/atm-l4.gif

202.254.239.35

200 OK

14 kB

URL GET HTTP/2
free-webdesigner.com/fw/wp-content/uploads/2014/10/atm-l4.gif
IP
202.254.239.35:443
ASN
#131965 Xserver Inc.

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectwww.free-webdesigner.com
FingerprintEE:87:62:FC:94:33:F1:44:C7:AC:67:D8:08:A3:47:18:9E:9F:F8:03
ValidityWed, 01 May 2024 04:24:34 GMT - Tue, 30 Jul 2024 04:24:33 GMT

File type
GIF image data, version 89a, 600 x 150
Size
14 kB (14194 bytes)
Hash
7a6f11c4c337924d2e9077e8a86897ce
a63d4ee9f3b57d90783687d8c2ebebd37cd09005
d83491c3cd683bb911ab79cbc31d8fa55ad563e49763ce1dbf5730f3265da479

HTTP Headers

GET /fw/wp-content/uploads/2014/10/atm-l4.gif HTTP/1.1
Host: free-webdesigner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 08:25:06 GMT
content-type: image/gif
content-length: 14194
last-modified: Thu, 24 Dec 2015 09:14:32 GMT
etag: "3772-527a14442ce00"
cache-control: max-age=604800
expires: Tue, 14 May 2024 08:25:06 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

disclosestockingsprestigious.com/sbar.json?key=9c3455fd6a937763dcb96e5be1a4920f&uuid=8e09568e-5fbe-401e-b0f9-5d70b03bdce9%3A1%3A1

172.240.127.234

200 OK

4.9 kB

URL GET HTTP/1.1
disclosestockingsprestigious.com/sbar.json?key=9c3455fd6a937763dcb96e5be1a4920f&uuid=8e09568e-5fbe-401e-b0f9-5d70b03bdce9%3A1%3A1
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type
JSON text data
Size
4.9 kB (4881 bytes)
Hash
2f633becc4eca9be0e0850491e408078
816e637d4b4ee4b278b919962759542cd381a1de
32e6272a7095a8b4415042a0b1358882f3e94c796ef24639e627e5a021236fbe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=9c3455fd6a937763dcb96e5be1a4920f&uuid=8e09568e-5fbe-401e-b0f9-5d70b03bdce9%3A1%3A1 HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://patpexels.web.app
Access-Control-Allow-Origin: https://patpexels.web.app
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15464788; expires=Wed, 08 May 2024 08:25:07 GMT; secure; SameSite=None
uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; expires=Tue, 14 May 2024 08:25:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 08 May 2024 08:25:07 GMT; secure; SameSite=None
uncs=1; expires=Wed, 08 May 2024 08:25:07 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 08 May 2024 08:25:07 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 08 May 2024 08:25:07 GMT; secure; SameSite=None
slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]; expires=Tue, 07 May 2024 08:25:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7cfb1f273b9dd9e07bb552c9d62f93b9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

disclosestockingsprestigious.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtc1Rs%2Bd5rdb1F%2B0p0Is3Ch0EzunY87c%2B2iWNtIMDalrSioyPm6k%2BOcuedyzr1zJ1kFA9Ll4MbtzTNJg1o0%2FgG2Mim4CAgZV1mYjXQliCAU3MlMB4MvHN73Pc9z4Hmf93y%2Bl5%2BTOnJ6dvNds620piutml997YMguFZdV0k%2BrA474Sdh81rVDt6Iwpr%2FevVtyXtmpe4Hvh%2F4QXVVWRmb4coMhEofRUEt8mvNei1oNTG0%2F%2B1d7sFRD2JwTl6CEtOlp94VKD5B0j%2B6KV0vM%2BnVW%2F1c08xYDMThe0kvMUWC%2FkUZWw9xcrhgw7jT1ccwycFcLszgXyJTU%2BL99BgsOVyIBBvsz3UyDZmAif%2BhGEwg9QSKTsDNLpQ4JQAXuL2BpP%2FwtrEF3XqB0hk6JUvP%2F4IqpmTp1ytI%2Bt%2Fe0GpYvWd0nimTOAzjEmo4gepOkObHyLYrUMUxePYZlPiZrDxfR9Lf33DaQImzVzvSj1phRy63YiaXm34gl5kfR8st0faZ32CCy2hukFITqHgCLUegzkM%2BO8pDHnvIUw99cVblQRC0fcGp34k4b4i2ZKHwA9qOAxr4YQc5n80wQpaOwPUI3O4gtTvoqRFs%2FiPcZgknPLiMYCBKFJKgcAQFJSgUQZERFIPyQGhXd%2BVDoV3OgkWuL3KjHJusu0cPTNaVCQG1I1hR7qXn5P9zA3%2F%2F%2Bz568qwa8Uaz1YpFSKNGux02BGdRKFtMBrQZ1f0YTpVQrjIfd1tNSeXyx0hnS%2F0uAqPHcPoYXF0CzV8BLUrQzRLbyVGPJt2EOpvXCslqSkCYEmm2hGzL29Pn5OW5io1dB8lPrv8RzwPclkhtiU%2FVU4KufjC%2Bawqyf9cUjny%2FkWaqr7bpbMX3MprJpa%2FfkVuFsWLtpht99SafAbPy0X3psnWaCJV0HfnmhhJC2lVjuSQ%2FrLn3JbuTu80buU3ydP3OW6tr%2FdRK55RJJqDq9NaX4GpKLj%2F5aP53r374DMpOYPMS%2FfyELALKHIOnO3DpyfXfGvOAMwRWX3BY6qHIy7Gts4tLrQi0vOgpK%2BHkhQVMnjz58wU2tnT2mqpyzz1A11ZAs10k%2FRIDW2KgS1A9gssvjbPUnlz%2FZSGD6cqYaVvZZ9rqL%2BYmT8naxhGcOqu2Gw2fhlEraLepbLNmvROHgaC03gzrYUgbyNw0jp7xfwAAAP%2F%2FAQAA%2F%2F9x2vNslQQAAA%3D%3D

172.240.127.234

200 OK

7 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtc1Rs%2Bd5rdb1F%2B0p0Is3Ch0EzunY87c%2B2iWNtIMDalrSioyPm6k%2BOcuedyzr1zJ1kFA9Ll4MbtzTNJg1o0%2FgG2Mim4CAgZV1mYjXQliCAU3MlMB4MvHN73Pc9z4Hmf93y%2Bl5%2BTOnJ6dvNds620piutml997YMguFZdV0k%2BrA474Sdh81rVDt6Iwpr%2FevVtyXtmpe4Hvh%2F4QXVVWRmb4coMhEofRUEt8mvNei1oNTG0%2F%2B1d7sFRD2JwTl6CEtOlp94VKD5B0j%2B6KV0vM%2BnVW%2F1c08xYDMThe0kvMUWC%2FkUZWw9xcrhgw7jT1ccwycFcLszgXyJTU%2BL99BgsOVyIBBvsz3UyDZmAif%2BhGEwg9QSKTsDNLpQ4JQAXuL2BpP%2FwtrEF3XqB0hk6JUvP%2F4IqpmTp1ytI%2Bt%2Fe0GpYvWd0nimTOAzjEmo4gepOkObHyLYrUMUxePYZlPiZrDxfR9Lf33DaQImzVzvSj1phRy63YiaXm34gl5kfR8st0faZ32CCy2hukFITqHgCLUegzkM%2BO8pDHnvIUw99cVblQRC0fcGp34k4b4i2ZKHwA9qOAxr4YQc5n80wQpaOwPUI3O4gtTvoqRFs%2FiPcZgknPLiMYCBKFJKgcAQFJSgUQZERFIPyQGhXd%2BVDoV3OgkWuL3KjHJusu0cPTNaVCQG1I1hR7qXn5P9zA3%2F%2F%2Bz568qwa8Uaz1YpFSKNGux02BGdRKFtMBrQZ1f0YTpVQrjIfd1tNSeXyx0hnS%2F0uAqPHcPoYXF0CzV8BLUrQzRLbyVGPJt2EOpvXCslqSkCYEmm2hGzL29Pn5OW5io1dB8lPrv8RzwPclkhtiU%2FVU4KufjC%2Bawqyf9cUjny%2FkWaqr7bpbMX3MprJpa%2FfkVuFsWLtpht99SafAbPy0X3psnWaCJV0HfnmhhJC2lVjuSQ%2FrLn3JbuTu80buU3ydP3OW6tr%2FdRK55RJJqDq9NaX4GpKLj%2F5aP53r374DMpOYPMS%2FfyELALKHIOnO3DpyfXfGvOAMwRWX3BY6qHIy7Gts4tLrQi0vOgpK%2BHkhQVMnjz58wU2tnT2mqpyzz1A11ZAs10k%2FRIDW2KgS1A9gssvjbPUnlz%2FZSGD6cqYaVvZZ9rqL%2BYmT8naxhGcOqu2Gw2fhlEraLepbLNmvROHgaC03gzrYUgbyNw0jp7xfwAAAP%2F%2FAQAA%2F%2F9x2vNslQQAAA%3D%3D
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtc1Rs%2Bd5rdb1F%2B0p0Is3Ch0EzunY87c%2B2iWNtIMDalrSioyPm6k%2BOcuedyzr1zJ1kFA9Ll4MbtzTNJg1o0%2FgG2Mim4CAgZV1mYjXQliCAU3MlMB4MvHN73Pc9z4Hmf93y%2Bl5%2BTOnJ6dvNds620piutml997YMguFZdV0k%2BrA474Sdh81rVDt6Iwpr%2FevVtyXtmpe4Hvh%2F4QXVVWRmb4coMhEofRUEt8mvNei1oNTG0%2F%2B1d7sFRD2JwTl6CEtOlp94VKD5B0j%2B6KV0vM%2BnVW%2F1c08xYDMThe0kvMUWC%2FkUZWw9xcrhgw7jT1ccwycFcLszgXyJTU%2BL99BgsOVyIBBvsz3UyDZmAif%2BhGEwg9QSKTsDNLpQ4JQAXuL2BpP%2FwtrEF3XqB0hk6JUvP%2F4IqpmTp1ytI%2Bt%2Fe0GpYvWd0nimTOAzjEmo4gepOkObHyLYrUMUxePYZlPiZrDxfR9Lf33DaQImzVzvSj1phRy63YiaXm34gl5kfR8st0faZ32CCy2hukFITqHgCLUegzkM%2BO8pDHnvIUw99cVblQRC0fcGp34k4b4i2ZKHwA9qOAxr4YQc5n80wQpaOwPUI3O4gtTvoqRFs%2FiPcZgknPLiMYCBKFJKgcAQFJSgUQZERFIPyQGhXd%2BVDoV3OgkWuL3KjHJusu0cPTNaVCQG1I1hR7qXn5P9zA3%2F%2F%2Bz568qwa8Uaz1YpFSKNGux02BGdRKFtMBrQZ1f0YTpVQrjIfd1tNSeXyx0hnS%2F0uAqPHcPoYXF0CzV8BLUrQzRLbyVGPJt2EOpvXCslqSkCYEmm2hGzL29Pn5OW5io1dB8lPrv8RzwPclkhtiU%2FVU4KufjC%2Bawqyf9cUjny%2FkWaqr7bpbMX3MprJpa%2FfkVuFsWLtpht99SafAbPy0X3psnWaCJV0HfnmhhJC2lVjuSQ%2FrLn3JbuTu80buU3ydP3OW6tr%2FdRK55RJJqDq9NaX4GpKLj%2F5aP53r374DMpOYPMS%2FfyELALKHIOnO3DpyfXfGvOAMwRWX3BY6qHIy7Gts4tLrQi0vOgpK%2BHkhQVMnjz58wU2tnT2mqpyzz1A11ZAs10k%2FRIDW2KgS1A9gssvjbPUnlz%2FZSGD6cqYaVvZZ9rqL%2BYmT8naxhGcOqu2Gw2fhlEraLepbLNmvROHgaC03gzrYUgbyNw0jp7xfwAAAP%2F%2FAQAA%2F%2F9x2vNslQQAAA%3D%3D HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:07 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 80764e39edada3fbc16ee7dddf6c0782
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=8e09568e-5fbe-401e-b0f9-5d70b03bdce9&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9c3455fd6a937763dcb96e5be1a4920f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=8e09568e-5fbe-401e-b0f9-5d70b03bdce9&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9c3455fd6a937763dcb96e5be1a4920f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8e09568e-5fbe-401e-b0f9-5d70b03bdce9&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=9c3455fd6a937763dcb96e5be1a4920f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 07 May 2024 08:25:07 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e9c6919077a268401e47639c0e34916
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.yourwebbars.com/sb/notifications/gambling/default/android-btn/8/index.html

104.26.7.19

200 OK

480 B

URL GET HTTP/2
cdn.yourwebbars.com/sb/notifications/gambling/default/android-btn/8/index.html
IP
104.26.7.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
480 B (480 bytes)
Hash
988cd00695890a395de736ef1f43180a
fc35045adb5a0bb89e9150574db517cffb44b0c9
100f83963832c14a85c4d7095f0279b0962b83ee6323481ece9b1b2b39515036

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:08 GMT
content-type: text/html
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lMlsu4onZZLApGoTmPBO526ca0P6azYIO%2B6Q8uwHtnDquk1Jw%2BIqArQ1NnpFJVEa9eTdiZoTeOwBMUrga14S0H88LZfmwlIKA9f8wC1CBVH3OVJbW%2BKCxPKdygRLtGuCWrkIQVw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd14d3b0856ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif

188.114.97.1

200 OK

206 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
GIF image data, version 89a, 480 x 360
Size
206 kB (206291 bytes)
Hash
0b33face774f2203446507ce5f075538
1dd3522529bce7739df0687f47f5bc84356698a0
ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:08 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: "65aa8644-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 567935
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEq0HbcsSjfyT2zoDY30ncDHwU2yOmCgkfIwvGv6d3ZNCDKsqVFutIjhE%2FAsgtQ5aM4cxpy7GE8fjtjdCEKpkH0sn5FFDAG7fEe21Y1%2Bloli7FRsWmWqmA%2FeA6m1bpNirVBvhq27TNuP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd1520de456aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4

188.114.97.1

206 Partial Content

34 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
34 kB (34238 bytes)
Hash
69e52ff16a779d8ab66a1156cc50ab23
27f8897a2acc3bcfd319c267d137aaa4650fb3c5
2048e8325f6d17e0fefb2226c4191a9e300c562f2bc46543ac616d49ff971d61

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
date: Tue, 07 May 2024 08:25:08 GMT
content-type: video/mp4
content-length: 34238
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: "65aa8644-85be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 567926
content-range: bytes 0-34237/34238
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGU%2Bak42pTAonQhAygnr8n0qssbo%2BdUws9AqVXOKIiQ4aKp5L57qb633wcYdqcCMx%2FpwF1qV93EPiKF4MssqY%2B4mLUfygg9Cqk8kkrWQznJNeaqUh75WAcFVljnhPMRMNeOxL4bX6wfD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd1526e7f56aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=367

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=367
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=367 HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 353809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

30 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
JavaScript source, ASCII text, with very long lines (48664)
Size
30 kB (30286 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:05 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 03/18/2024 12:46:36
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 98e88e8f7055cdb9c3d76c94531d5420
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87ffd1417e960afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg

188.114.97.1

200 OK

575 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
SVG Scalable Vector Graphics image
Size
575 B (575 bytes)
Hash
b3011bde2653e373d1150594a8bbd06d
e47948cdb4d6ecf6257106805e690e3bf0211317
6499ec40e3f2ac55bf1b5c9a2dbbc212adb74114645bccac0373074f98ef8a01

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:08 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 572292
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iapNoQWvDPUNPRAvC6D84sd79SBVkJ5bVEo2Z%2FwPE%2FidvzOc9gOFsIfSH4z%2Bom4Yrqd3Fpx1HMF2Sn4LpnaqHr3o1qYFFQ7wa8loMe9PcgkL5Koa4X80hzQnizNmNcbuGL8dsaleKB7h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd1520de156aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

disclosestockingsprestigious.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns3Nw6LsTYQ5eFDYTLrnd7uHYMxGgnGz7K4oqEj96kk5NV1NVff0JKdgQPY4ePHa%2BSbZoC4a%2FwB3ZbLgISBkPOVgLrInQQRhwZvM7GDYB8V7r76v4Hvfqy%2F3swtSRUbPV983O0prutSo%2BOU3PgqCG%2BUNFWeD8qDd%2FKxZv1G2%2FbfCZsV%2Fs%2Fyu5F2zVPUD3w%2F8oLymrIzMYGkKQiUPw6AS%2BpV6tRI06hjYF3uXeXDUg%2BhfkFegxGThiXcNio8R945XpeumJrl%2Bs5dpmhqLvjj6IO7GJo%2FRuywj6yGKj%2BZsGHe29ggmPpzJhen%2FT2RqQrxfHoHFR3ORYP2DmU6mIWMw8RLy%2FhhSj6HoGNzsQYkzAnCBW5uIew9uGZvT7econaITsvDsH6h8QhZ%2Bv4a49%2F2KVoPyXaOzVJnYYRAVUIMxVGeMJDtBulOCyk%2FA0y%2BgxK9k6dkG4t7BptMGSpy%2F3pZ%2B2Gi25WIjYnKx7gdykflRuNgQLZ%2F5NSa4DGcGKTWGisbQcgjqPGTTozxkkYcs8dAT52UeBEHLF5z67ZDzmmhJ1hR%2BQFtRQAO%2F2UbGpzMMkSZDcD0Et7tI7C66agib%2FQy3VcAJDy4l6IsCuSTIHUFOCXJFkKcEeb84FNpVXfFAaJexYJ6r81wrRibt7NNDk3ZkTEDtEFYU%2B8kFeXlm4J%2F%2F3kNXnpdDXqs3GpFo0rDWajVrgrOwKRtMBrQeVv0IThVQrjQbd0dNSOnqp0imS%2F0hBKMncPoEXF0BzV4DzQvQrQI78XGXxp2YOptVcskqSkCYAkm6gHTb29cX5NWZis09B8lPl%2F%2BKZgFuCyS2wOfqCUFH3x%2FdMTk5uGNyR37cTFLVUzt0uuK7KU3lwrfvye3cWLG%2B6obfvM2nwLR8eE%2B6dIPGQsUdR75bUUJIu2Ysl%2BSndfehZLczt7WS2ThLNm6%2Fs7beS6x0Tpl4DKrObn4Nribk6uNPZn%2F3%2BsdPoewYNivQy07JPKDMCXiyC5ecLv9RmwWcIbD6ksMSD3lWjGyVXV5qRaDlZU9ZAScvLWDy9PHfz7GRpdPXVBX77j46tgSa7iHuFejbAn1dgOohXHZllCb2dPm3uQymSyOmbemAaau%2Fmpk8Ieubx3DqvFzzRYvJSLaYrDfqkeSCNRrM5xFnNdFuc6RuEoVP%2BX8AAAD%2F%2FwEAAP%2F%2F8Q4mhJUEAAA%3D

172.240.127.234

200 OK

7 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns3Nw6LsTYQ5eFDYTLrnd7uHYMxGgnGz7K4oqEj96kk5NV1NVff0JKdgQPY4ePHa%2BSbZoC4a%2FwB3ZbLgISBkPOVgLrInQQRhwZvM7GDYB8V7r76v4Hvfqy%2F3swtSRUbPV983O0prutSo%2BOU3PgqCG%2BUNFWeD8qDd%2FKxZv1G2%2FbfCZsV%2Fs%2Fyu5F2zVPUD3w%2F8oLymrIzMYGkKQiUPw6AS%2BpV6tRI06hjYF3uXeXDUg%2BhfkFegxGThiXcNio8R945XpeumJrl%2Bs5dpmhqLvjj6IO7GJo%2FRuywj6yGKj%2BZsGHe29ggmPpzJhen%2FT2RqQrxfHoHFR3ORYP2DmU6mIWMw8RLy%2FhhSj6HoGNzsQYkzAnCBW5uIew9uGZvT7econaITsvDsH6h8QhZ%2Bv4a49%2F2KVoPyXaOzVJnYYRAVUIMxVGeMJDtBulOCyk%2FA0y%2BgxK9k6dkG4t7BptMGSpy%2F3pZ%2B2Gi25WIjYnKx7gdykflRuNgQLZ%2F5NSa4DGcGKTWGisbQcgjqPGTTozxkkYcs8dAT52UeBEHLF5z67ZDzmmhJ1hR%2BQFtRQAO%2F2UbGpzMMkSZDcD0Et7tI7C66agib%2FQy3VcAJDy4l6IsCuSTIHUFOCXJFkKcEeb84FNpVXfFAaJexYJ6r81wrRibt7NNDk3ZkTEDtEFYU%2B8kFeXlm4J%2F%2F3kNXnpdDXqs3GpFo0rDWajVrgrOwKRtMBrQeVv0IThVQrjQbd0dNSOnqp0imS%2F0hBKMncPoEXF0BzV4DzQvQrQI78XGXxp2YOptVcskqSkCYAkm6gHTb29cX5NWZis09B8lPl%2F%2BKZgFuCyS2wOfqCUFH3x%2FdMTk5uGNyR37cTFLVUzt0uuK7KU3lwrfvye3cWLG%2B6obfvM2nwLR8eE%2B6dIPGQsUdR75bUUJIu2Ysl%2BSndfehZLczt7WS2ThLNm6%2Fs7beS6x0Tpl4DKrObn4Nribk6uNPZn%2F3%2BsdPoewYNivQy07JPKDMCXiyC5ecLv9RmwWcIbD6ksMSD3lWjGyVXV5qRaDlZU9ZAScvLWDy9PHfz7GRpdPXVBX77j46tgSa7iHuFejbAn1dgOohXHZllCb2dPm3uQymSyOmbemAaau%2Fmpk8Ieubx3DqvFzzRYvJSLaYrDfqkeSCNRrM5xFnNdFuc6RuEoVP%2BX8AAAD%2F%2FwEAAP%2F%2F8Q4mhJUEAAA%3D
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns3Nw6LsTYQ5eFDYTLrnd7uHYMxGgnGz7K4oqEj96kk5NV1NVff0JKdgQPY4ePHa%2BSbZoC4a%2FwB3ZbLgISBkPOVgLrInQQRhwZvM7GDYB8V7r76v4Hvfqy%2F3swtSRUbPV983O0prutSo%2BOU3PgqCG%2BUNFWeD8qDd%2FKxZv1G2%2FbfCZsV%2Fs%2Fyu5F2zVPUD3w%2F8oLymrIzMYGkKQiUPw6AS%2BpV6tRI06hjYF3uXeXDUg%2BhfkFegxGThiXcNio8R945XpeumJrl%2Bs5dpmhqLvjj6IO7GJo%2FRuywj6yGKj%2BZsGHe29ggmPpzJhen%2FT2RqQrxfHoHFR3ORYP2DmU6mIWMw8RLy%2FhhSj6HoGNzsQYkzAnCBW5uIew9uGZvT7econaITsvDsH6h8QhZ%2Bv4a49%2F2KVoPyXaOzVJnYYRAVUIMxVGeMJDtBulOCyk%2FA0y%2BgxK9k6dkG4t7BptMGSpy%2F3pZ%2B2Gi25WIjYnKx7gdykflRuNgQLZ%2F5NSa4DGcGKTWGisbQcgjqPGTTozxkkYcs8dAT52UeBEHLF5z67ZDzmmhJ1hR%2BQFtRQAO%2F2UbGpzMMkSZDcD0Et7tI7C66agib%2FQy3VcAJDy4l6IsCuSTIHUFOCXJFkKcEeb84FNpVXfFAaJexYJ6r81wrRibt7NNDk3ZkTEDtEFYU%2B8kFeXlm4J%2F%2F3kNXnpdDXqs3GpFo0rDWajVrgrOwKRtMBrQeVv0IThVQrjQbd0dNSOnqp0imS%2F0hBKMncPoEXF0BzV4DzQvQrQI78XGXxp2YOptVcskqSkCYAkm6gHTb29cX5NWZis09B8lPl%2F%2BKZgFuCyS2wOfqCUFH3x%2FdMTk5uGNyR37cTFLVUzt0uuK7KU3lwrfvye3cWLG%2B6obfvM2nwLR8eE%2B6dIPGQsUdR75bUUJIu2Ysl%2BSndfehZLczt7WS2ThLNm6%2Fs7beS6x0Tpl4DKrObn4Nribk6uNPZn%2F3%2BsdPoewYNivQy07JPKDMCXiyC5ecLv9RmwWcIbD6ksMSD3lWjGyVXV5qRaDlZU9ZAScvLWDy9PHfz7GRpdPXVBX77j46tgSa7iHuFejbAn1dgOohXHZllCb2dPm3uQymSyOmbemAaau%2Fmpk8Ieubx3DqvFzzRYvJSLaYrDfqkeSCNRrM5xFnNdFuc6RuEoVP%2BX8AAAD%2F%2FwEAAP%2F%2F8Q4mhJUEAAA%3D HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e58646f5dd321cb8dbf9df2a088cbdbb
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/style.css

188.114.97.1

200 OK

1.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
1.0 kB (1019 bytes)
Hash
af19abbabe1a862a20cb0e0a3ef31c7e
efcc04c4011905e4f013adae56ea928dc47ac7ef
8a72b4d48ce36805c492e3927213e1327c8d924544a595527da9955fd8916e19

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:08 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-d14"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tMUVQPAEH1SM1PmNTucGSvUGqQ8MG0%2FL9uqXz5Fpa%2Bz%2Br2KUN1VuJhM57aAjAQHYRh5UB341avTSLPTHfWJoPgIyXBLXnTH3tagwv9tAPM0lq5MU2zMaIlYJc%2B%2Bswg5O2lOaL3ZINVDs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd151ad3f56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/js/script.js

188.114.97.1

200 OK

3.7 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
Unicode text, UTF-8 text
Size
3.7 kB (3748 bytes)
Hash
d943b190d575fbacd2190a6c68ac5414
612abd865a7368e2af9f36be39ea79d3fac0bd15
78dfd0ad0dde93524dbca9e6e500bac9027b762e1d8d0b94574b75a654704ff8

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:08 GMT
content-type: application/javascript
last-modified: Tue, 20 Feb 2024 10:37:31 GMT
etag: W/"65d480eb-24fa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u8fIEdLF5a75y98Tm7Zo0esOVesdL6SLnv9Fo5PA27T2t5LdwR2xRuMKHu9hA46Yu0iqw7FrY97rMOePH1qbf0NNqQIKfI6ULaxgh4xLrfjUiuxAkIOnQX6QUI5Sqmxy27X8rmWHTjQ4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd151ad3d56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 15e2838a9c42c92770e2c5383eafedcc
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 07 May 2024 08:25:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fii3Np8ymKO2OaJNDPGjIAk6txEjR%2BbwSjsQgHhAi9R5jRALAhcRgBelodKtQTS1A%2BvNSZnAV0ZOzSBwde5DDOmE7tYmyVNGdGo1ctLw4mxoVRIXX3K3SObWmfCoA6jEuoY1UQPMrGQERPNsexzobw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd146681756c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=394

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=394
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=394 HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css?family=Raleway

142.250.74.138

200 OK

1.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1799), with no line terminators
Size
1.8 kB (1759 bytes)
Hash
38953f560ac3f240b93b7bd703ee769d
544b2cf5bbadf6f799f8b12a5488d19c5671c0d1
bbf757fd59d8f9c134295d9a2fb1493d30a398ee99b6a234bb1b679ca41ddf6d

HTTP Headers

GET /css?family=Raleway HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 08:25:05 GMT
date: Tue, 07 May 2024 08:25:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 596316
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

104.18.10.207

200 OK

141 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (65324)
Size
141 kB (140936 bytes)
Hash
04aca1f4cd3ec3c05a75a879f3be75a3
675fcf28f9fbf37139d3b2c0b676f96f601a4203
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

HTTP Headers

GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:05 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 03/18/2024 12:28:12
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: a8f0c1724a70af806d4817ec6524199c
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87ffd1416e8b0afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

disclosestockingsprestigious.com/pixel/sbs?c=1

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/pixel/sbs?c=1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=368

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=368
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=368 HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=672

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
disclosestockingsprestigious.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=672
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://patpexels.web.app/
Certificate
IssuerLet's Encrypt
Subjectdisclosestockingsprestigious.com
Fingerprint20:72:8C:30:EF:A7:E9:42:F4:69:4D:6F:83:5A:F6:44:B2:14:1F:F6
ValidityMon, 29 Apr 2024 13:01:45 GMT - Sun, 28 Jul 2024 13:01:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=672 HTTP/1.1
Host: disclosestockingsprestigious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Cookie: u_pl=15464788; uid_id2=8e09568e-5fbe-401e-b0f9-5d70b03bdce9:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec9c3455fd6a937763dcb96e5be1a4920f=[5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 07 May 2024 08:25:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css

188.114.97.1

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78693 bytes)
Hash
49a38187f94418e173e4bcc50c96dc4b
b64e899d0c6bbb13e6f63e191b77b3eb5e5a6293
92db03d6a48c8756e15b1b2ffb9d1ea5aae5e2d9a706b630f93f73e3debbb3b0

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://patpexels.web.app
DNT: 1
Connection: keep-alive
Referer: https://patpexels.web.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 08:25:08 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wrYXgNYFXRxCnbaL5ppta53jOnnLp9eCgZaFRtDl4HkPfkoCyu2GnOAe7ZJqk4Zs7chXEGuY0Kg4JozCgqTRKC41%2BrUxb%2F8XbEtF9Xf04LcJ%2BfvNoRrJwKxrT36CqIW4qS24P85lujKe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffd151ad3756aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.138

200 OK

7.0 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://patpexels.web.app/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 08:25:08 GMT
date: Tue, 07 May 2024 08:25:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (33)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by