Report - ok-xxx.zproxy.org/video/368716

Report Overview

Visited public
2025-04-05 01:57:08
Tags
Submit Tags
URL
ok-xxx.zproxy.org/video/368716
Finishing URL
xrated-pro.zproxy.org/static/images/hd.png
IP / ASN
188.165.25.76
#16276 OVH SAS
Title
Порно видео — spreee. Лучшее домашнее и частное секс видео. Русское и любительское.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
7e84947a87.a07ccac956.com	unknown	unknown	No data	No data	1.9 kB	889 kB	45.133.44.53
ok-xxx.zproxy.org	unknown	unknown	No data	No data	498 B	518 B	188.165.25.76
nereserv.com	40015	2020-12-21	2020-12-21	2025-04-02	615 B	322 B	168.119.25.102
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2025-04-01	544 B	1.2 kB	104.21.30.242
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-02	441 B	338 kB	142.250.74.168
vast.yomeno.xyz	44241	2019-09-18	2019-12-12	2025-03-29	1.1 kB	691 B	91.216.220.24
s.pemsrv.com	unknown	2023-08-01	2023-08-04	2025-03-30	372 B	251 B	95.211.229.245
xrated-pro.zproxy.org	unknown	unknown	No data	No data	9.3 kB	698 kB	188.165.25.76
a.pemsrv.com	unknown	2023-08-01	2023-08-05	2025-04-04	340 B	103 kB	95.173.205.14
awpya.com	unknown	2022-04-21	2022-04-21	2025-03-31	532 B	311 B	168.119.25.102
js.wpshsdk.com	12130	2021-06-04	2021-06-04	2025-03-29	429 B	34 kB	45.133.44.52
138124e964.eda4dc1ffe.com	unknown	unknown	No data	No data	851 B	345 B	45.133.44.52
js.capndr.com	316718	2021-08-30	2021-08-30	2025-04-01	421 B	399 B	45.133.44.53
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2025-04-01	1.1 kB	832 B	157.90.84.242
js.canstrm.com	110952	2021-08-30	2021-08-30	2025-03-31	439 B	19 kB	45.133.44.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-05 01:57:04	medium	91.216.220.24	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
2025-04-05 01:57:04	medium	91.216.220.24	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-05	medium	a07ccac956.com	Sinkholed
2025-04-05	medium	a07ccac956.com	Sinkholed
2025-04-05	medium	a07ccac956.com	Sinkholed
2025-04-05	medium	a07ccac956.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	a.pemsrv.com/popunder1000.js	ScriptElement	103 kB	2025-03-14	2025-04-19
Pretty URL a.pemsrv.com/popunder1000.js IP 95.173.205.14 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 08:27 Last Seen2025-04-19 19:59 Times Seen62 Hash 2e9b4e21c677c200ab4ad54e4770b505 a65a4f0f5e289ef839efec73a26b4379264b35e7 56251dcea6e2aff72008feaaddf47e34880b027f21164e6a77f3d5e715ea0427 Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	1.2 kB	2023-10-15	2025-07-10
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-15 10:51 Last Seen2025-07-10 16:50 Times Seen20 Hash 13f028523a2a8c607ae51bd5887a348b fe1f4022b1bd05bd867600898cf75fec26b46b32 1c4a150170e4b0fb7cd25e7789831213f8f2d2327babcf93cb48820d434f2a66 Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	46 B	2023-03-09	2025-06-25
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:12 Last Seen2025-06-25 18:41 Times Seen4 Hash b46c918411b1af54e1656242a018db65 0b2e355bbf24dc8d3dcf4eabe0f89d9c308c7c1b 9902509289b11b39c254222ce37eb685d0732ca50513f105cb58ffdfffc0b173 Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	153 B	2024-07-21	2025-07-13
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-21 20:48 Last Seen2025-07-13 23:07 Times Seen17 Hash 091d4efa73e38a49d2fff15189dbaa93 9d1f20d1f8427a4ad5b4283a2aec740827cc7db2 92da7e7d69d7893893b7d5b2e94b686da73b2916bccc255fb7f52a1c83e0bda7 Loading...

	js.capndr.com/advertising.js	ScriptElement	0 B	0001-01-01	2025-07-19
Pretty URL js.capndr.com/advertising.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-19 05:14 Times Seen5460611 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	7e84947a87.a07ccac956.com/4ea026622d6d6f6ca513a4bb29d1be6b.js	ScriptElement	199 kB	2025-04-02	2025-04-08
Pretty URL 7e84947a87.a07ccac956.com/4ea026622d6d6f6ca513a4bb29d1be6b.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-02 19:43 Last Seen2025-04-08 08:47 Times Seen36 Hash 36bfea3dac6fb1b9d475b95ec79869c8 4275c9756a67700ea05b3091adaac6b2910caaba d4a4102147177398609e04616be178e579cf1460e80f8e79f755662bc7ef130a Loading...

	7e84947a87.a07ccac956.com/2fa5292345ffe4035403cbaf049801ad.js	ScriptElement	562 kB	2025-03-10	2025-04-20
Pretty URL 7e84947a87.a07ccac956.com/2fa5292345ffe4035403cbaf049801ad.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-10 22:11 Last Seen2025-04-20 22:24 Times Seen347 Hash d8d8941c6f90411a61551c317ec00c21 1d8eb0b7dfff1b3c6dfecb96f858fc04c02cb456 14ffad4a95ab3e41ef6fe479cca4c09a20c8be3e53ddca1629fabab0d82069d9 Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	7.8 kB	2024-07-09	2025-07-13
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-09 00:00 Last Seen2025-07-13 23:07 Times Seen18 Hash dd0cafbb7ffd32ecd7c356c418832a2e d4b79df6cd70cce490f75cd0ea9ef0abc46dcaaa d7c163a32160b2afe929e2146601cb405c4a1d6df5a37f395e15ce1ddb98e96c Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	6.4 kB	2023-03-09	2025-07-10
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:12 Last Seen2025-07-10 16:50 Times Seen20 Hash ba0e1883f5f4411839903776770a4849 b6663bec21ba53114d3774ec5ed1c57cbfac04c3 56e57bf5ed2ff6200e23cfbce4935b3b74856de45b3857bd230e70c966c8481f Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	294 B	2023-03-09	2025-07-10
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:12 Last Seen2025-07-10 16:50 Times Seen24 Hash 7502b0b2d0a880d82b81d0dcaffde176 ecfebd73f9ee2fef917aa33d02a01c9eff3935e4 aa2400c92ea3770ea615972b816ccbdaecce58eb8314462e33f64a746bfc6e6f Loading...

	storage.multstorage.com/log/count.html	ScriptElement	693 B	2025-03-03	2025-07-19
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 17:07 Last Seen2025-07-19 05:12 Times Seen5215 Hash 16e1f9022fa537a6a2ec170949397376 341d27b7ac1bb5f22f032ab4c14f7589e452bea9 440204bc5125e5ffb0fa553c188a3640f1d0f6779bd0a11076133b1d20f1926b Loading...

	js.canstrm.com/in-stream-ad-admanager/build.js	ScriptElement	19 kB	2025-04-02	2025-04-09
Pretty URL js.canstrm.com/in-stream-ad-admanager/build.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-02 16:31 Last Seen2025-04-09 11:34 Times Seen275 Hash d9235169ce5971a765c496c2d358ebaf e98ed5cdd82ad9f6c048403822a35ba434621d9f b755d0a96fd297cc976e8622149effbfb1a2e2432a809a05e7c26acc1f72153e Loading...

	js.wpshsdk.com/npc/sdk/push.m.js?v=1	ScriptElement	34 kB	2025-03-29	2025-04-25
Pretty URL js.wpshsdk.com/npc/sdk/push.m.js?v=1 IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-29 03:21 Last Seen2025-04-25 02:32 Times Seen133 Hash c5a99d87c1e0bed3dd48108a2795ae0c 0ab1cee454de8e0ad55d919f04ef0efa5d8465db 4ba8d7d2bbfd9efa0b8ff2931f3e6dd7dfdce68d7b8ff015e15b52f55e81e742 Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	408 B	2023-03-09	2025-07-10
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:12 Last Seen2025-07-10 16:50 Times Seen20 Hash fc1bc7d88bd4aaa546601de18f947554 723eb2ab56b98c953a5a710041ac03681b4f26cf 631a501936e504872bff50fa748ff9b2e5e8bd05ec877db90a6e7e12a64fe5b7 Loading...

	xrated-pro.zproxy.org/static/images/hd.png	ScriptElement	1.7 kB	2024-10-20	2025-07-05
Pretty URL xrated-pro.zproxy.org/static/images/hd.png IP 188.165.25.76 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-20 19:28 Last Seen2025-07-05 14:03 Times Seen8 Hash a2d23dc8448899dc6b1943a99d187e97 f861a91dfa6c13b6bf7617274a81a9f6f50457d2 9c3312bc81d205b8a5f3da85161963a9d8d1938e5c75a2dea58d8475b3f982e4 Loading...

	www.googletagmanager.com/gtag/js?id=G-NCGEYMENH7	ScriptElement	337 kB	2025-04-05	2025-04-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-NCGEYMENH7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-05 01:57 Last Seen2025-04-05 01:57 Times Seen1 Hash d557d13e4994f81d7716e12401a06893 5cb1646feb591c19df78cfa14747a19c5a7ee900 ae3d49a2aa351311aa84fe727fcbed17e05823073667f7f3d0b4196e8be5e411 Loading...

	7e84947a87.a07ccac956.com/40eee7de550a18f957da7024c68207e9.js	ScriptElement	122 kB	2025-03-26	2025-04-14
Pretty URL 7e84947a87.a07ccac956.com/40eee7de550a18f957da7024c68207e9.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 13:52 Last Seen2025-04-14 09:30 Times Seen163 Hash 4831072a03da7d3bc2aa1f042fb34ba6 8760eb634f09c6c42da2dc95bda2788869b840fe ba2984e4b52c4e6bfcd0f51a9c6d155b3a83c1a73a2b0e70252ff9561e962873 Loading...

HTTP Transactions (41)

URL IP Response Size

GET xrated-pro.zproxy.org/static/images/phone.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/phone.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/phone.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/img/tpd-b-24px.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/img/tpd-b-24px.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/img/tpd-b-24px.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/js/build.js?v=2

188.165.25.76

200 OK

0 B

URL GET
xrated-pro.zproxy.org/static/js/build.js?v=2
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/js/build.js?v=2 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:56:56 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 05 May 2025 01:56:56 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

GET xrated-pro.zproxy.org/static/images/spinner2.png

188.165.25.76

200 OK

43 kB

URL GET
xrated-pro.zproxy.org/static/images/spinner2.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
43 kB (43287 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/spinner2.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Cookie: proxy-permission-asked=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 04 Jun 2025 01:57:00 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

GET xrated-pro.zproxy.org/static/images/favicon.png?v=3

188.165.25.76

200 OK

202 kB

URL GET
xrated-pro.zproxy.org/static/images/favicon.png?v=3
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
202 kB (201470 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/favicon.png?v=3 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Cookie: proxy-permission-asked=true; _ga_NCGEYMENH7=GS1.1.1743818220.1.0.1743818220.0.0.0; _ga=GA1.1.539125133.1743818221
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 04 Jun 2025 01:57:03 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

GET xrated-pro.zproxy.org/static/images/logo.png?c=1

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/logo.png?c=1
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/logo.png?c=1 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/images/placeholder-spinning.gif

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/placeholder-spinning.gif
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/placeholder-spinning.gif HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/images/correct.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/correct.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/correct.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/js/build.js?v=2

188.165.25.76

200 OK

0 B

URL GET
xrated-pro.zproxy.org/static/js/build.js?v=2
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/js/build.js?v=2 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Cookie: proxy-permission-asked=true; _ga_NCGEYMENH7=GS1.1.1743818220.1.0.1743818220.0.0.0; _ga=GA1.1.539125133.1743818221
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 05 May 2025 01:57:02 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

GET storage.multstorage.com/log/count.html

104.21.30.242

200 OK

882 B

URL GET
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerGoogle Trust Services
Subjectmultstorage.com
Fingerprint06:BD:0F:48:57:1C:35:BE:41:B7:96:34:65:D2:77:57:83:82:8E:3B
ValidityThu, 06 Mar 2025 05:15:49 GMT - Wed, 04 Jun 2025 06:14:13 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:03 GMT
content-type: text/html
server: cloudflare
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-request-id: faf965a4c45d6a7d8ef7971694f9fd3a
content-encoding: br
cf-ray: 92b56eb99c86b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 138124e964.eda4dc1ffe.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM2MTY5MDA1NjE0NjkyNjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzOC4xIiwidGFnX2lkIjozMjY1MCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjkyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.52

200 OK

0 B

URL GET
138124e964.eda4dc1ffe.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM2MTY5MDA1NjE0NjkyNjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzOC4xIiwidGFnX2lkIjozMjY1MCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjkyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subject138124e964.eda4dc1ffe.com
Fingerprint13:D9:6E:0E:59:D0:10:F8:E5:86:F3:2E:BD:17:9D:99:C2:1C:BA:CA
ValidityWed, 02 Apr 2025 02:47:58 GMT - Tue, 01 Jul 2025 02:47:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM2MTY5MDA1NjE0NjkyNjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzOC4xIiwidGFnX2lkIjozMjY1MCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjkyLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: 138124e964.eda4dc1ffe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:03 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
x-cdn-host-id: ah1747
X-Firefox-Spdy: h2

GET 7e84947a87.a07ccac956.com/2fa5292345ffe4035403cbaf049801ad.js

45.133.44.53

200 OK

562 kB

URL GET
7e84947a87.a07ccac956.com/2fa5292345ffe4035403cbaf049801ad.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subject7e84947a87.a07ccac956.com
Fingerprint4E:07:60:56:76:5B:40:00:6C:25:15:65:EC:0C:A0:EA:9D:9E:D9:E3
ValidityWed, 02 Apr 2025 02:14:59 GMT - Tue, 01 Jul 2025 02:14:58 GMT

File type

Size
562 kB (561781 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2fa5292345ffe4035403cbaf049801ad.js HTTP/1.1
Host: 7e84947a87.a07ccac956.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:04 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 02 Apr 2025 11:48:32 GMT
etag: W/"67ed2410-89275"
content-encoding: gzip
expires: Sat, 05 Apr 2025 02:02:04 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET ok-xxx.zproxy.org/video/368716

188.165.25.76

307 Temporary Redirect

150 B

URL User Request GET
ok-xxx.zproxy.org/video/368716
IP
188.165.25.76:443
ASN
#16276 OVH SAS

Certificate
IssuerCentralNic Luxembourg Sàrl
Subject*.zproxy.org
FingerprintAE:28:FC:0A:F9:BF:40:A4:B1:80:D9:7F:28:E4:9D:45:64:61:11:CC
ValidityThu, 30 May 2024 00:00:00 GMT - Fri, 30 May 2025 23:59:59 GMT

File type

Size
150 B (150 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /video/368716 HTTP/1.1
Host: ok-xxx.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 05 Apr 2025 01:56:44 GMT
content-length: 0
location: https://xrated-pro.zproxy.org/static/images/hd.png
cache-control: no-cache, no-store, must-revalidate
cause: Netty Pool is full
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-NCGEYMENH7

142.250.74.168

200 OK

337 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-NCGEYMENH7
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type
JavaScript source, ASCII text, with very long lines (7994)
Size
337 kB (337390 bytes)
Hash
d557d13e4994f81d7716e12401a06893
5cb1646feb591c19df78cfa14747a19c5a7ee900
ae3d49a2aa351311aa84fe727fcbed17e05823073667f7f3d0b4196e8be5e411

HTTP Headers

GET /gtag/js?id=G-NCGEYMENH7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 05 Apr 2025 01:56:54 GMT
expires: Sat, 05 Apr 2025 01:56:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 116131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET js.capndr.com/advertising.js

45.133.44.53

200 OK

0 B

URL GET
js.capndr.com/advertising.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint69:A3:EF:3A:55:06:33:24:0F:49:AC:7B:55:A3:E0:33:78:00:62:28
ValiditySat, 15 Feb 2025 02:31:57 GMT - Fri, 16 May 2025 02:31:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Sat, 05 Apr 2025 02:02:02 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

OPTIONS fp.metricswpsh.com/fp?tag_id=32650

157.90.84.242

204 No Content

0 B

URL OPTIONS
fp.metricswpsh.com/fp?tag_id=32650
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint89:25:D9:78:8E:C3:9B:1B:59:0A:AF:77:8C:CB:AD:E0:0F:A9:D8:3F
ValidityMon, 03 Feb 2025 10:20:32 GMT - Sun, 04 May 2025 10:20:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=32650 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://xrated-pro.zproxy.org/
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 05 Apr 2025 01:57:03 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://xrated-pro.zproxy.org
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET 7e84947a87.a07ccac956.com/4ea026622d6d6f6ca513a4bb29d1be6b.js

45.133.44.53

200 OK

199 kB

URL GET
7e84947a87.a07ccac956.com/4ea026622d6d6f6ca513a4bb29d1be6b.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subject7e84947a87.a07ccac956.com
Fingerprint4E:07:60:56:76:5B:40:00:6C:25:15:65:EC:0C:A0:EA:9D:9E:D9:E3
ValidityWed, 02 Apr 2025 02:14:59 GMT - Tue, 01 Jul 2025 02:14:58 GMT

File type

Size
199 kB (199067 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4ea026622d6d6f6ca513a4bb29d1be6b.js HTTP/1.1
Host: 7e84947a87.a07ccac956.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 02 Apr 2025 11:48:42 GMT
etag: W/"67ed241a-3099b"
content-encoding: gzip
expires: Sat, 05 Apr 2025 02:02:03 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

OPTIONS vast.yomeno.xyz/prepare

91.216.220.24

204 No Content

0 B

URL OPTIONS
vast.yomeno.xyz/prepare
IP
91.216.220.24:443
ASN
#3232 ModernColo LP

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectvast.yomeno.xyz
Fingerprint4E:C7:8E:DD:84:FC:20:E3:2E:50:3A:15:11:50:0E:AE:72:8D:F1:B0
ValidityTue, 04 Feb 2025 03:19:10 GMT - Mon, 05 May 2025 03:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /prepare HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://xrated-pro.zproxy.org/
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 05 Apr 2025 01:57:04 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xrated-pro.zproxy.org
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-type: text/plain; charset=utf-8
content-length: 0
X-Firefox-Spdy: h2

POST vast.yomeno.xyz/prepare

91.216.220.24

204 No Content

0 B

URL POST
vast.yomeno.xyz/prepare
IP
91.216.220.24:443
ASN
#3232 ModernColo LP

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectvast.yomeno.xyz
Fingerprint4E:C7:8E:DD:84:FC:20:E3:2E:50:3A:15:11:50:0E:AE:72:8D:F1:B0
ValidityTue, 04 Feb 2025 03:19:10 GMT - Mon, 05 May 2025 03:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /prepare HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2403
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 05 Apr 2025 01:57:04 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xrated-pro.zproxy.org
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2

GET xrated-pro.zproxy.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:54 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET 7e84947a87.a07ccac956.com/40eee7de550a18f957da7024c68207e9.js

45.133.44.53

200 OK

122 kB

URL GET
7e84947a87.a07ccac956.com/40eee7de550a18f957da7024c68207e9.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subject7e84947a87.a07ccac956.com
Fingerprint4E:07:60:56:76:5B:40:00:6C:25:15:65:EC:0C:A0:EA:9D:9E:D9:E3
ValidityWed, 02 Apr 2025 02:14:59 GMT - Tue, 01 Jul 2025 02:14:58 GMT

File type

Size
122 kB (122382 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /40eee7de550a18f957da7024c68207e9.js HTTP/1.1
Host: 7e84947a87.a07ccac956.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:02 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 26 Mar 2025 13:33:42 GMT
etag: W/"67e40236-1de0e"
content-encoding: gzip
expires: Sat, 05 Apr 2025 02:02:02 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET a.pemsrv.com/popunder1000.js

95.173.205.14

200 OK

103 kB

URL GET
a.pemsrv.com/popunder1000.js
IP
95.173.205.14:80
ASN
#60068 Datacamp Limited

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
103 kB (102883 bytes)
Hash
2e9b4e21c677c200ab4ad54e4770b505
a65a4f0f5e289ef839efec73a26b4379264b35e7
56251dcea6e2aff72008feaaddf47e34880b027f21164e6a77f3d5e715ea0427

HTTP Headers

GET /popunder1000.js HTTP/1.1
Host: a.pemsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
etag: W/"a65a4f0f5e289ef839efec73a26"
Expires: Fri, 04 Apr 2025 16:44:39 GMT
Cache-Control: max-age=10800
X-Robots-Tag: noindex, follow
Access-Control-Allow-Origin: *
X-77-NZT: EwwBX63NDQH33wIAAAwBuUwKCQH3DgAAAAwBisclxAG3WQIAAA
X-77-NZT-Ray: 2a494a158c329ca1108ef0675ee3d839
X-77-Cache: HIT
X-77-Age: 735
Vary: Accept-Encoding
Content-Encoding: gzip
Server: CDN77-Turbo
X-77-POP: osloNO

GET xrated-pro.zproxy.org/static/images/hd.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/hd.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/hd.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Cookie: proxy-permission-asked=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

POST fp.metricswpsh.com/fp?tag_id=32650

157.90.84.242

200 OK

60 B

URL POST
fp.metricswpsh.com/fp?tag_id=32650
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint89:25:D9:78:8E:C3:9B:1B:59:0A:AF:77:8C:CB:AD:E0:0F:A9:D8:3F
ValidityMon, 03 Feb 2025 10:20:32 GMT - Sun, 04 May 2025 10:20:31 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
60 B (60 bytes)
Hash
c43d487520bda8d6f92013f5493a7a45
4621a8a6d5749fb1f8d5fda36181b06944988277
9919efebaedf2e0ab0b536fa1367221a00172de195c90a4c1e4f221ac299138a

HTTP Headers

POST /fp?tag_id=32650 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1980
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 05 Apr 2025 01:57:03 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://xrated-pro.zproxy.org
Set-Cookie: id=2342981021972518971; Expires=Sun, 05 Apr 2026 01:57:03 GMT; Secure; SameSite=None
Vary: Origin

GET xrated-pro.zproxy.org/static/images/usa-flag.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/usa-flag.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/usa-flag.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/images/spinner.png

188.165.25.76

200 OK

43 kB

URL GET
xrated-pro.zproxy.org/static/images/spinner.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
43 kB (43301 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/spinner.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 04 Jun 2025 01:57:01 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

OPTIONS awpya.com/in/multy

168.119.25.102

204 No Content

0 B

URL OPTIONS
awpya.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectinpage.infrapu.sh
Fingerprint53:32:5A:78:97:D4:AD:CF:41:C6:08:3E:D5:02:8C:C6:22:50:E8:35
ValidityTue, 01 Apr 2025 08:22:50 GMT - Mon, 30 Jun 2025 08:22:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: awpya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://xrated-pro.zproxy.org/
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 05 Apr 2025 01:57:04 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

GET xrated-pro.zproxy.org/static/bootstrap/css/bootstrap.min.css?v=3

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/bootstrap/css/bootstrap.min.css?v=3
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/bootstrap/css/bootstrap.min.css?v=3 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:54 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/images/hd.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/hd.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/hd.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET js.wpshsdk.com/npc/sdk/push.m.js?v=1

45.133.44.52

200 OK

34 kB

URL GET
js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint31:0C:3E:2A:0A:4F:A4:0D:7C:1F:E9:D7:99:66:51:47:76:C9:F2:F2
ValiditySat, 15 Mar 2025 07:33:07 GMT - Fri, 13 Jun 2025 07:33:06 GMT

File type

Size
34 kB (33607 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:04 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 04 Apr 2025 12:50:15 GMT
etag: W/"67efd587-8347"
content-encoding: gzip
expires: Sat, 05 Apr 2025 02:02:04 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET js.canstrm.com/in-stream-ad-admanager/build.js

45.133.44.53

200 OK

19 kB

URL GET
js.canstrm.com/in-stream-ad-admanager/build.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectjs.canstrm.com
Fingerprint4B:D8:FD:B4:9D:C0:28:40:81:91:96:6F:0E:DE:73:39:ED:0F:BC:AE
ValidityFri, 14 Mar 2025 08:34:48 GMT - Thu, 12 Jun 2025 08:34:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18568), with no line terminators
Size
19 kB (18568 bytes)
Hash
d9235169ce5971a765c496c2d358ebaf
e98ed5cdd82ad9f6c048403822a35ba434621d9f
b755d0a96fd297cc976e8622149effbfb1a2e2432a809a05e7c26acc1f72153e

HTTP Headers

GET /in-stream-ad-admanager/build.js HTTP/1.1
Host: js.canstrm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:04 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 02 Apr 2025 13:53:23 GMT
etag: W/"67ed4153-4888"
content-encoding: gzip
expires: Sat, 05 Apr 2025 02:02:04 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET nereserv.com/in/dip?site=native-push&wl=1&event_id=bc6cf2b5-0fc0-4da0-acb2-d44a3bbed72c&subid=61583572&sid=3138252199&spot_id=21805&created_at=2025-04-05&timezone=0&ver=8.222.4&is_native=1

168.119.25.102

200 OK

0 B

URL GET
nereserv.com/in/dip?site=native-push&wl=1&event_id=bc6cf2b5-0fc0-4da0-acb2-d44a3bbed72c&subid=61583572&sid=3138252199&spot_id=21805&created_at=2025-04-05&timezone=0&ver=8.222.4&is_native=1
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subjectinpage.infrapu.sh
Fingerprint53:32:5A:78:97:D4:AD:CF:41:C6:08:3E:D5:02:8C:C6:22:50:E8:35
ValidityTue, 01 Apr 2025 08:22:50 GMT - Mon, 30 Jun 2025 08:22:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=bc6cf2b5-0fc0-4da0-acb2-d44a3bbed72c&subid=61583572&sid=3138252199&spot_id=21805&created_at=2025-04-05&timezone=0&ver=8.222.4&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Apr 2025 01:57:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

GET xrated-pro.zproxy.org/static/images/hd.png

188.165.25.76

502 Bad Gateway

150 B

URL User Request GET
xrated-pro.zproxy.org/static/images/hd.png
IP
188.165.25.76:443
ASN
#16276 OVH SAS

Certificate
IssuerCentralNic Luxembourg Sàrl
Subject*.zproxy.org
FingerprintAE:28:FC:0A:F9:BF:40:A4:B1:80:D9:7F:28:E4:9D:45:64:61:11:CC
ValidityThu, 30 May 2024 00:00:00 GMT - Fri, 30 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with no line terminators
Size
150 B (150 bytes)
Hash
ac2adb03f2156e7f1a665b2e248037ad
e6d9a15f941f130d7d69935ef39cd4945d82a125
0b08ca138fdac7961f53e966b6e1954ed2f4ea0efac5bedcfbc48aa82af719fd

HTTP Headers

GET /static/images/hd.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 502 Bad Gateway
server: nginx
date: Sat, 05 Apr 2025 01:56:49 GMT
content-type: text/html
content-length: 150
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET xrated-pro.zproxy.org/static/images/spinner2.png

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/images/spinner2.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/spinner2.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.165.25.76

200 OK

1.4 kB

URL GET
xrated-pro.zproxy.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type
HTML document, ASCII text, with very long lines (1400), with no line terminators
Size
1.4 kB (1363 bytes)
Hash
9d0a620d192a1d29561b6c0cab564e26
51e7ecb64b5f8e723b1ecf9b0f29bb0e49493eaa
dd8899c9ebb331869c09571c163178d0b6907b8bdaba82d85e158197158ec271

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Cookie: proxy-permission-asked=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Mon, 05 May 2025 01:57:00 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

GET s.pemsrv.com/venor.php

95.211.229.245

200 OK

1 B

URL GET
s.pemsrv.com/venor.php
IP
95.211.229.245:80
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

HTTP Headers

GET /venor.php HTTP/1.1
Host: s.pemsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

GET xrated-pro.zproxy.org/static/images/hd.png

188.165.25.76

200 OK

200 kB

URL User Request GET
xrated-pro.zproxy.org/static/images/hd.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

File type

Size
200 kB (200212 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/hd.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:56:54 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 04 Jun 2025 01:56:54 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

GET xrated-pro.zproxy.org/static/css/main.css?50

188.165.25.76

502 Bad Gateway

0 B

URL GET
xrated-pro.zproxy.org/static/css/main.css?50
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/css/main.css?50 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Sat, 05 Apr 2025 01:56:59 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET 7e84947a87.a07ccac956.com/93a7909121bac5c268f1c2cb79ddd185/32650?version_name=c&domain=xrated-pro.zproxy.org

45.133.44.53

200 OK

3.9 kB

URL GET
7e84947a87.a07ccac956.com/93a7909121bac5c268f1c2cb79ddd185/32650?version_name=c&domain=xrated-pro.zproxy.org
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png
Certificate
IssuerLet's Encrypt
Subject7e84947a87.a07ccac956.com
Fingerprint4E:07:60:56:76:5B:40:00:6C:25:15:65:EC:0C:A0:EA:9D:9E:D9:E3
ValidityWed, 02 Apr 2025 02:14:59 GMT - Tue, 01 Jul 2025 02:14:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4433), with no line terminators
Size
3.9 kB (3943 bytes)
Hash
103449b9087e4af0e6232d63a1fb6993
24dbcc53ae0f0cb756f2dd88e485fe4677fcdaa4
6752b64c56a050e3885fab2ff7396ad7b3f6de60916846cab93cf8acc6375f62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /93a7909121bac5c268f1c2cb79ddd185/32650?version_name=c&domain=xrated-pro.zproxy.org HTTP/1.1
Host: 7e84947a87.a07ccac956.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xrated-pro.zproxy.org
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 01:57:02 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 05 Apr 2025 02:02:02 GMT
x-cdn-host-id: ah1742
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET xrated-pro.zproxy.org/static/css/videojs-contrib-ads.css?1

188.165.25.76

503 Service Unavailable

0 B

URL GET
xrated-pro.zproxy.org/static/css/videojs-contrib-ads.css?1
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/css/videojs-contrib-ads.css?1 HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Sat, 05 Apr 2025 01:56:54 GMT
Content-Length: 0
Connection: keep-alive
Retry-After: 10
Cause: Netty Pool is full
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

GET xrated-pro.zproxy.org/static/images/phone.png

188.165.25.76

200 OK

201 kB

URL GET
xrated-pro.zproxy.org/static/images/phone.png
IP
188.165.25.76:80
ASN
#16276 OVH SAS

Requested by
http://xrated-pro.zproxy.org/static/images/hd.png

File type

Size
201 kB (201402 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/images/phone.png HTTP/1.1
Host: xrated-pro.zproxy.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xrated-pro.zproxy.org/static/images/hd.png
Cookie: proxy-permission-asked=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Apr 2025 01:57:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 04 Jun 2025 01:57:02 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML