Report - t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1675129067-yJFIKX&srcTrafficSource=Redirect&srcCampaign=0_Redirect

Report Overview

Visited public
2023-12-05 08:09:35
Tags
URL
t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1675129067-yJFIKX&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&type=Cloak
Finishing URL
gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2#
IP / ASN
172.67.129.176
#13335 CLOUDFLARENET
Title
Track and follow

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rs.y1h1.com	unknown	2016-11-15	2020-07-11 11:20:38	2023-11-26 05:13:13	3.0 kB	48 kB	172.67.129.176
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-05 06:14:20	1.5 kB	37 kB	216.58.211.3
translate.google.com	1156	1997-09-15	2012-05-30 03:30:32	2023-12-04 05:10:19	426 B	91 kB	216.58.211.14
t.y1h1.com	unknown	2016-11-15	2022-06-02 20:06:40	2023-11-22 13:52:22	2.1 kB	3.7 kB	172.67.129.176
gifts9102.goggle.vip	unknown	unknown	No data	No data	5.9 kB	641 kB	104.21.57.73
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-05 06:24:59	399 B	86 kB	142.250.74.168
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-05 08:08:22	3.1 kB	419 kB	142.250.74.99
translate.googleapis.com	1005	2005-01-25	2012-05-31 09:21:21	2023-12-04 14:42:31	1.7 kB	84 kB	142.250.74.74
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04 07:37:42	2023-12-04 09:43:34	506 B	2.3 kB	142.250.74.74
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	2.5 kB	99 kB	142.250.74.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed
2023-12-05	medium	goggle.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	gifts9102.goggle.vip/sweeps/ww/iphone2/jquery-3.0.0.min.js	ScriptElement	86 kB	2023-03-07	2025-05-08
Pretty URL gifts9102.goggle.vip/sweeps/ww/iphone2/jquery-3.0.0.min.js IP 104.21.57.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-08 18:22 Times Seen9973 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

	rs.y1h1.com/common.js	ScriptElement	17 kB	2023-03-07	2024-09-20
Pretty URL rs.y1h1.com/common.js IP 172.67.129.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2024-09-20 20:16 Times Seen883 Hash e82a7475219924f096429f180b359bfb 914006151a4b38056a5ab70a51abfb389bc7b7eb ecfa449cbb48255f0ece7b436e2015299b9e6adceb9f4df863a9ce36eab71278 Loading...

	rs.y1h1.com/copy.js	ScriptElement	3.8 kB	2023-03-07	2024-10-04
Pretty URL rs.y1h1.com/copy.js IP 172.67.129.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2024-10-04 10:58 Times Seen885 Hash e8b6c2f6a93914adfb6c0ee4e3dfe046 9d261977b498029390d716a9b28290463b9256f5 29daea46fd37a5f226b28e122dbfe919646b40a1aeeb5f3318a12d375bb11b2b Loading...

	rs.y1h1.com/backbutton.js	ScriptElement	4.8 kB	2023-03-07	2024-09-20
Pretty URL rs.y1h1.com/backbutton.js IP 172.67.129.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2024-09-20 20:16 Times Seen883 Hash 8918c66d03736c047f765824b6f599f0 97ba02df4c93fd5edff7182e09d867398d5dd7d6 41e9f9514444fbf97421e59d1fe250d2999da2f96657379a41b681a2a000b824 Loading...

	rs.y1h1.com/trans.js	ScriptElement	282 B	2023-03-07	2024-10-04
Pretty URL rs.y1h1.com/trans.js IP 172.67.129.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2024-10-04 10:58 Times Seen871 Hash 823b65b6a0c5875866d8bb0cfbf57c1d 36348c6e35a67f5b64ea824454fcf49c00d4001a 20e31ce62f6843a9580c83dcae8a317da240f88607b572b87ac5886df130b17b Loading...

	gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2#	ScriptElement	2.7 kB	2023-03-08	2024-09-20
Pretty URL gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 01:27 Last Seen2024-09-20 20:16 Times Seen193 Hash ee740ba03f7e18e9cb5480bad823b549 04cda1c289b0222e846ba0681acad7e1af308371 121614e3a45c46d5d06ff5b7b0947d32e3409be66347b6cd6426a51bda7dbe15 Loading...

	rs.y1h1.com/load.js	ScriptElement	7.1 kB	2023-03-07	2024-10-04
Pretty URL rs.y1h1.com/load.js IP 172.67.129.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11 Last Seen2024-10-04 10:58 Times Seen885 Hash e2494b9cd7f26ba05e504ab12aacdb89 d3224387f27e022d556f4ecd6b3aac9485bd1362 eda9e1ca8b96059ca3ed3cdd8f1e6822a8ef23604293b1cb914117caa5371d94 Loading...

	www.google.com/recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y	ScriptElement	884 B	2023-11-19	2024-08-20
Pretty URL www.google.com/recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 06:21 Last Seen2024-08-20 18:50 Times Seen31 Hash 36e0cd29a77ae88caaa781385a97a0e5 e4d471517d6e08958d4a2f832800aaa15a9b15e7 4d78d5171a3d155f0aff360d08bb8dfabaccd59b2efab3bb6b438578e2ebae79 Loading...

	www.googletagmanager.com/gtag/js?id=G-37GE99Q100	ScriptElement	246 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-37GE99Q100 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 09:09 Last Seen2023-12-05 09:09 Times Seen1 Hash dec8355f49e0ff6858a8fef3bf754a01 0d7ac683d91910663f5b91438239904c0adfc549 4a7667c781aadb2085ffe5a23859ba841ee1048f93775e31be0c019151341f7c Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq9pmT7tJkFFvUkid-e-0Wpomm2EQ/m=el_main	ScriptElement	233 kB	2023-12-04	2023-12-08
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq9pmT7tJkFFvUkid-e-0Wpomm2EQ/m=el_main IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 22:08 Last Seen2023-12-08 02:08 Times Seen133 Hash 45498924419212780ef341b346f83f38 407175bd46e2ac2ccd073473131c06da6c8cc9a5 1cb3f0ad4f6b1cc587a2e0d16f7c71a298a67fd445dd9ed2ca370cb831ecc02e Loading...

	www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js	ScriptElement	476 kB	2023-11-14	2024-08-20
Pretty URL www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 09:02 Last Seen2024-08-20 19:39 Times Seen12206 Hash 23b9dd721490a4062ba8d01454ef6ba9 efdbb7331585411f7d397dacbf51fd3e95f3031d 4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh	ScriptElement	69 B	2023-03-07	2025-05-09
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:34 Times Seen116130 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2#	ScriptElement	2.8 kB	2023-03-08	2024-09-20
Pretty URL gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 01:27 Last Seen2024-09-20 20:16 Times Seen192 Hash b96cd991cf73c7ceac32e3953aa65dc5 1fa9399259bec6fa16c172f42cfb13f1eae13659 59d0654f3db745f372d7c59179c0a614d1580daca7497fbc05261ac8bf6eb751 Loading...

	gifts9102.goggle.vip/_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/am=AAM/d=1/rs=AN8SPfqTarZ7CfwZuRZ6kojPhk2UtLhMeg/m=el_conf	ScriptElement	90 kB	2024-08-20	2024-08-20
Pretty URL gifts9102.goggle.vip/_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/am=AAM/d=1/rs=AN8SPfqTarZ7CfwZuRZ6kojPhk2UtLhMeg/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:43 Last Seen2024-08-20 16:43 Times Seen2 Hash 49395f40ea6bb45b2c5d97450ae1f6a1 31ec25e9ac8bb0dd46e875e795b3b578025aa0b0 7beff70ccfe1c6ebb7729c170196d95657284b5c9bcff0cc70c30ad1694605d7 Loading...

	rs.y1h1.com/checkbot.js	ScriptElement	8.2 kB	2023-03-07	2024-09-20
Pretty URL rs.y1h1.com/checkbot.js IP 172.67.129.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2024-09-20 20:16 Times Seen883 Hash ce0c2c4ee0cb0c547667698772dc25b1 7fdc7c61cf11d289c270ebe3c23032667d010e53 b2b11e955ad96caa642a0b963217b7a9e81c66ca8bcf0fe15b8ef0ea0d565d31 Loading...

	gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2#	ScriptElement	19 B	2023-03-07	2024-09-20
Pretty URL gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07 Last Seen2024-09-20 20:16 Times Seen206 Hash 1d12f2533e48099e1c99d70f424ba5a6 3ea9c3e4751bccb351a6b10e8a53fdd04c3fe5ad 34a4f435431f9632ea83d3fb48e95a5bf0714226b97d57dea5bed318727c5f7a Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh	ScriptElement	52 kB	2024-08-20	2024-08-20
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:43 Last Seen2024-08-20 16:43 Times Seen1 Hash f510526382c4508c18ca0ab311b3a45a 3128a802052f88488015510af37c701af26329fd f38f8b9d1607c465dea66adcfc9c05fd4fd032f356c3284dc93b05522465e23f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0ed63005683340aabf1bdf6f7ffc83c1	17 kB	2023-11-08 10:40	2024-08-20 20:25
Pretty Observations First Seen2023-11-08 10:40 Last Seen2024-08-20 20:25 Times Seen1238 Hash 0ed63005683340aabf1bdf6f7ffc83c1 0c372adb3c8f9d6da67341b489ac417b3ccfaf7e 326a8f09ca2e33ccf42925b0258a783af0e190bb16df13fa561a4982671cc949 Loading...

	#2 Eval - e22fdced26355ede2af45f18008911a3	22 B	2023-11-08 10:40	2024-08-20 20:25
Pretty Observations First Seen2023-11-08 10:40 Last Seen2024-08-20 20:25 Times Seen1242 Hash e22fdced26355ede2af45f18008911a3 5dc35e2a30e6146aa7a72f4e371c0d8fc82cc737 5e2c137aeb69e2f9c5f56c52cd808b150ddefa0dff93bb25cd5f96bb8edfc26f Loading...

	#3 Eval - 53a56ee15c08c24648b6e646738be5b8	64 B	2023-11-08 10:40	2024-08-20 20:25
Pretty Observations First Seen2023-11-08 10:40 Last Seen2024-08-20 20:25 Times Seen1243 Hash 53a56ee15c08c24648b6e646738be5b8 e9cff955cdd5dbe224034d89d0eb079e96548f1d 66e9659afb70860b64f79b0587c20418cfd5375e74917c13f1f62502854c371a Loading...

	#4 Eval - 5243f9bd754842f823c2b00065186a4b	18 kB	2024-08-20 16:43	2024-08-20 16:43
Pretty Observations First Seen2024-08-20 16:43 Last Seen2024-08-20 16:43 Times Seen1 Hash 5243f9bd754842f823c2b00065186a4b 13b871e062eb69de24ed37192a38b92c2b460bc1 2ebe8e13789b1df4a9ac51fd3c90499255bad94a337db2c89735f825449b8c0a Loading...

	#5 Eval - 405108b4c85529b7aa5cec53ea50b146	22 B	2023-11-08 10:40	2024-08-20 20:25
Pretty Observations First Seen2023-11-08 10:40 Last Seen2024-08-20 20:25 Times Seen1243 Hash 405108b4c85529b7aa5cec53ea50b146 9264c7f0e31d78c2191e0c7f7f1e35c9d90bd820 588364febc98e9d07bb20cbcb309eb4cc244ae7944c11645d54cbdfd25cf1b4e Loading...

HTTP Transactions (41)

URL IP Response Size

t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1675129067-yJFIKX&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&type=Cloak

172.67.129.176

427 B

URL
t.y1h1.com/visit/61e55f98081ec20007c7f606?exid=1675129067-yJFIKX&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&type=Cloak
IP
172.67.129.176:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text, with very long lines (427), with no line terminators
Size
427 B (427 bytes)
Hash
f920d1d2e2c83f65e245ecc67fa7c89a
10c86b2266a724ced5363ab42a4f0d03cf0ea08f
abf0e8fc9c666c127a806848f9902956293ad850972e8ac951ac1c9b8f30f8c1

HTTP Headers

GET /visit/61e55f98081ec20007c7f606?exid=1675129067-yJFIKX&srcTrafficSource=Redirect&srcCampaign=0_Redirect_Auto&type=Cloak HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:16 GMT
content-length: 427
refresh: 0;URL=https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
set-cookie: vid=1701763756-ywskhu; Path=/; Domain=y1h1.com; Max-Age=604800; Expires=Tue, 12 Dec 2023 08:09:16 GMT; Secure; HttpOnly; SameSite=None
lv_61e55f98081ec20007c7f606=1701763756-ywskhu; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Tue, 05 Dec 2023 09:09:16 GMT; Secure; HttpOnly; SameSite=None
vn_61e55f98081ec20007c7f606=1; Path=/; Domain=y1h1.com; Max-Age=3600; Expires=Tue, 05 Dec 2023 09:09:16 GMT; Secure; HttpOnly; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U6Tio4rV%2FCUDwGEVOQ65k6lQ%2Fp5mbCI%2FJ9P%2Br5lReaarZ0Gwcs6PGmXdHkGe70%2BBCdaRJeaRQ%2Fbo3TsPlY3TQzry0p0SYzNuWkV%2FtBsr%2B9KsWALXBSf91P1MiKLb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace539a607127-OSL
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/prize.png

104.21.57.73

200 OK

62 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/prize.png
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
PNG image data, 288 x 341, 8-bit/color RGBA, non-interlaced\012- data
Size
62 kB (62287 bytes)
Hash
1dad0c78de2afa43dd8ab7fb8d6f5396
a6aa4dbdd6f06ab20b1c3c6b85465bc08a2781b4
6156f507c16088c5bb9529d6a43e8ffe12fdb346c76cbc378eef8dfd6127606a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/prize.png HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/png
content-length: 62287
last-modified: Fri, 17 Sep 2021 10:50:42 GMT
etag: "61447302-f34f"
expires: Thu, 04 Jan 2024 08:09:17 GMT
cache-control: max-age=2592000
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Qkcnb1WyF0l39VLa%2Bo7jhfVRUli5LYOA%2B4nI13x20wGzXnfJBuZNpL3zYtRDfASTyDXgsVfkMuM9wksHCRqvI714JT1PvdGRsLi%2FG0iNGtavhoQi%2Fr%2FTiRjdNRZT95EqRuns2QZTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace58f9cbb509-OSL
X-Firefox-Spdy: h2

rs.y1h1.com/recaptcha.css

172.67.129.176

200 OK

28 B

URL GET HTTP/2
rs.y1h1.com/recaptcha.css
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
28 B (28 bytes)
Hash
8f48e083a831bd16da0aada175478aaa
df342632e700b5453c189d3129a1e7c5a27598c6
ec8e585ab06e164d11e99adcf9b18d3074de0ece7c922fc6cc99d86fad4d9ea7

HTTP Headers

GET /recaptcha.css HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: text/css
content-length: 28
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=31
etag: "5dc0edfb-1f"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Tue, 05 Nov 2019 03:35:23 GMT
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7s03HtsCliEHIyxVO0GH43WJhwKpZL9X%2FBqFcsvX8%2FVoWMnnTEqr01NPTqEG5sN4rqRDrGCkBt1HzSZQ5xTpz8cS%2B59vD6UZMqPXAA76tmBbrEdXMtahrQ7oZ9%2FwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace597ed456ab-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-37GE99Q100

142.250.74.168

200 OK

86 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-37GE99Q100
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (3034)
Size
86 kB (85529 bytes)
Hash
dec8355f49e0ff6858a8fef3bf754a01
0d7ac683d91910663f5b91438239904c0adfc549
4a7667c781aadb2085ffe5a23859ba841ee1048f93775e31be0c019151341f7c

HTTP Headers

GET /gtag/js?id=G-37GE99Q100 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 08:09:17 GMT
expires: Tue, 05 Dec 2023 08:09:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85529
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t.y1h1.com/update?eventSub3=view&event3=1

172.67.129.176

200 OK

2 B

URL GET HTTP/2
t.y1h1.com/update?eventSub3=view&event3=1
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

GET /update?eventSub3=view&event3=1 HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gifts9102.goggle.vip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: text/plain;charset=UTF-8
content-length: 2
access-control-allow-origin: https://gifts9102.goggle.vip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iaSbklxoBimEMXvdtUQF%2Fhe8s4S3aD%2BmdrVORfEaoEItUWEA0L%2FnBJMkVAP9Jj4JpgE%2F%2FQgc5AV%2FVYzv9dOTwImsMzbk8FcAcr65Hzf5eK6Me9Fshy09wSGpCZsm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace5b685956ab-OSL
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/UPS_logo.svg

104.21.57.73

200 OK

192 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/UPS_logo.svg
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
192 kB (191831 bytes)
Hash
a8195f0b21dbe72ee35bd9038e178ff7
ba6a2611acf9bed6d6714f440f53d3ffa7594f9b
b6f911ba8158fafaac0e01b5c737957f9a334697c5fd7d935a68795e9d9e1c00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/UPS_logo.svg HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 Sep 2021 03:06:06 GMT
etag: W/"6136d71e-870"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjNgSQFxT5tWQgD1S7LVKUbE3n7Y3oIUbkJX%2BUFxNz6hFQWeDdsGU6mYMDrAlhhvYpMQ25IJJ%2BddIXyxJPZabT%2BFt5gLUr8aPepGAb6fTr4Ng30lcmubDGPVOX9fkJwisv5SBeIfUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace58f9c9b509-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AAM/d=0/rs=AN8SPfo47ZI4Pt9KwV-0738jND9vOwmjgQ/m=el_main_css

142.250.74.99

200 OK

4.0 kB

URL GET HTTP/3
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AAM/d=0/rs=AN8SPfo47ZI4Pt9KwV-0738jND9vOwmjgQ/m=el_main_css
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AAM/d=0/rs=AN8SPfo47ZI4Pt9KwV-0738jND9vOwmjgQ/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:43:08 GMT
expires: Wed, 04 Dec 2024 07:43:08 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 1569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

142.250.74.99

200 OK

25 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:03:11 GMT
expires: Wed, 04 Dec 2024 07:03:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/css
vary: Accept-Encoding
age: 3966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq9pmT7tJkFFvUkid-e-0Wpomm2EQ/m=el_main

142.250.74.74

200 OK

82 kB

URL GET HTTP/2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq9pmT7tJkFFvUkid-e-0Wpomm2EQ/m=el_main
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2193)
Size
82 kB (81976 bytes)
Hash
45498924419212780ef341b346f83f38
407175bd46e2ac2ccd073473131c06da6c8cc9a5
1cb3f0ad4f6b1cc587a2e0d16f7c71a298a67fd445dd9ed2ca370cb831ecc02e

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.F6iRVDW95aA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq9pmT7tJkFFvUkid-e-0Wpomm2EQ/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 81976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 18:17:45 GMT
expires: Tue, 03 Dec 2024 18:17:45 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 02 Dec 2023 00:18:31 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 49892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js

142.250.74.99

200 OK

191 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (563)
Size
191 kB (190682 bytes)
Hash
23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7

HTTP Headers

GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 08:08:11 GMT
expires: Wed, 04 Dec 2024 08:08:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 66
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AAM/d=0/rs=AN8SPfo47ZI4Pt9KwV-0738jND9vOwmjgQ/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 12:32:04 GMT
expires: Tue, 03 Dec 2024 12:32:04 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 70634
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

216.58.211.3

200 OK

3.3 kB

URL GET HTTP/2
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6225), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 23:23:19 GMT
expires: Fri, 29 Nov 2024 23:23:19 GMT
cache-control: public, max-age=31536000
age: 377159
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

142.250.74.74

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 05 Dec 2023 08:09:18 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=XP5vcq_lJijYdQLd06rNd_hjUvVYLg3pchKBxszaDaDBc6TU8C2J2m1YgBYrEEE6CIRjFOWI48jxuTwq0DDJ4hxuWdYl5LUhcdggorGkFZFbtCGg64jfzKJmsJOlkLyHDDKVsZmCUF1A-UhLqbRlhm9b_zz25PM9f6MA5UR_sKQ; expires=Wed, 05-Jun-2024 08:09:18 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
CONSENT=PENDING+627; expires=Thu, 04-Dec-2025 08:09:18 GMT; path=/; domain=.googleapis.com; Secure
expires: Tue, 05 Dec 2023 08:09:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.211.3

200 OK

15 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:31:13 GMT
expires: Wed, 04 Dec 2024 07:31:13 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 2285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.211.3

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 03:26:41 GMT
expires: Wed, 04 Dec 2024 03:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 16957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js

142.250.74.99

200 OK

191 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (563)
Size
191 kB (190682 bytes)
Hash
23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7

HTTP Headers

GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 08:08:11 GMT
expires: Wed, 04 Dec 2024 08:08:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 67
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.99

200 OK

2.2 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:42:11 GMT
expires: Mon, 11 Dec 2023 23:42:11 GMT
cache-control: public, max-age=604800
age: 30427
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.74

200 OK

0 B

URL OPTIONS HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Origin: https://gifts9102.goggle.vip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://gifts9102.goggle.vip
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
content-type: text/plain; charset=UTF-8
date: Tue, 05 Dec 2023 08:09:28 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+262; expires=Thu, 04-Dec-2025 08:09:28 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Dec 2023 08:09:28 GMT
cache-control: private

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.74

200 OK

131 B

URL OPTIONS HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Encoding: gzip
Content-Type: application/binary
Content-Length: 301
Origin: https://gifts9102.goggle.vip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://gifts9102.goggle.vip
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Tue, 05 Dec 2023 08:09:28 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+341; expires=Thu, 04-Dec-2025 08:09:28 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Dec 2023 08:09:28 GMT

www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh

142.250.74.132

200 OK

61 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52043)
Size
61 kB (60589 bytes)
Hash
3e9a218ebda20c336676ff31c6600859
1a048edaddffcb551812d5e04deb811b8bcf1fb7
de2332d78886e8f989dc72ad4c5183afd60a060beca7993478d8c6f1bac64a56

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 08:09:17 GMT
content-security-policy: script-src 'nonce-Z4w5fJG2Url2xGNUQPMuIg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

gifts9102.goggle.vip/sweeps/ww/iphone2/foot-icon03.svg

104.21.57.73

200 OK

3.9 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/foot-icon03.svg
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3992), with no line terminators
Size
3.9 kB (3866 bytes)
Hash
3bcce4d47f9671c8867d2564ead73ad4
4fb13e8445499a02b7c4a4bb89d7fcb6637fa7ca
58364f7c6cbfea1c403f4fcc58602c89d544e55a17c65c0f6f145d6a2a1aa58b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/foot-icon03.svg HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 Sep 2021 03:06:04 GMT
etag: W/"6136d71c-f1a"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWdmYmFArO5v8pay%2BFZ5uXHBuGZDBedKIkxAr%2FBRnYy40PAzsYo%2BKDCG%2BRMSM1l5cLgNQN7qzou%2BDvAql4VFpcZO4nKOPgzm1o%2B5HNPwWrk1w9otnKy%2BzSc0%2BOnq%2Fc6Mx5pEtDrVIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace58f9cfb509-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/trans.js

172.67.129.176

200 OK

282 B

URL GET HTTP/2
rs.y1h1.com/trans.js
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
282 B (282 bytes)
Hash
13692cee8fa907e4403534562fe4acad
54af8724f76d6e5516973bb0d5da1ba5e13c6dee
c4a377bf2d0085af95e405ccadda341b324dd834bf5b8dea4dea75d0e666f95b

HTTP Headers

GET /trans.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=337
etag: W/"60837b56-151"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Sat, 24 Apr 2021 01:58:46 GMT
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p09NZSawB8HOECGqesT44ZYoyem8EzibPiG3MIonAG%2BJikdV1frDl%2Fv4a4WhbkWhx9lLP4U%2FILO0M7Gq2Kkd6OUwSi%2FqaYA6jTP5oaHKWXTwxlO3hfJyfwGC7%2F%2Bm3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace5a5f8956ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y

142.250.74.132

200 OK

884 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
ASCII text, with very long lines (884), with no line terminators
Size
884 B (884 bytes)
Hash
36e0cd29a77ae88caaa781385a97a0e5
e4d471517d6e08958d4a2f832800aaa15a9b15e7
4d78d5171a3d155f0aff360d08bb8dfabaccd59b2efab3bb6b438578e2ebae79

HTTP Headers

GET /recaptcha/api.js?render=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 05 Dec 2023 08:09:17 GMT
date: Tue, 05 Dec 2023 08:09:17 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/icon-box.svg

104.21.57.73

200 OK

1.2 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/icon-box.svg
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1218), with no line terminators
Size
1.2 kB (1182 bytes)
Hash
121cb854c623650d98db67a03f96f83e
bc51b54af6da1a6771d5b4fe8301626382fd6142
f8566c540be0123b03103f117aa6e05b451a3d27968eb896ef23eea2179712c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/icon-box.svg HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 Sep 2021 03:06:04 GMT
etag: W/"6136d71c-49e"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofUax2NIXuqhdQQp%2BoGGPe%2Bdi0BZiX0LU4ppM%2FrsXhodF84FT6lQCxaCqaxc1poQV5LQANL4TOjPwR21cSBmvrFDkx6l2NdoQfBFqhxSW504r0VW9UjoGpg3Bz%2F1ChwTVyRsS3ka7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace58f9cab509-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/copy.js

172.67.129.176

200 OK

3.8 kB

URL GET HTTP/2
rs.y1h1.com/copy.js
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3752), with no line terminators
Size
3.8 kB (3752 bytes)
Hash
e8b6c2f6a93914adfb6c0ee4e3dfe046
9d261977b498029390d716a9b28290463b9256f5
29daea46fd37a5f226b28e122dbfe919646b40a1aeeb5f3318a12d375bb11b2b

HTTP Headers

GET /copy.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6308a3c6-ea8"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Fri, 26 Aug 2022 10:43:18 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GzzOXM5OPH707jKmkCFBRcCtrHdZ%2Bl7ICNAiqy1w4kdi28Ij6Qjd%2FC1Ldy6xJSfn8vo6bCiKuJL9HT2mR6JC8k7PbPX9IYlfXpmj7q%2BFaS4ZXPwZR%2FaopjahZse9LQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace597ecb56ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/trans.css

172.67.129.176

200 OK

286 B

URL GET HTTP/2
rs.y1h1.com/trans.css
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
286 B (286 bytes)
Hash
5fdc97e7bb931fcb50ca74d494783b8d
270701559f936aa963b492c0bb28468512fadfd9
c250897d281e4b8243f74e64681478e80c2def1b1448dd84863e12d39ea86e43

HTTP Headers

GET /trans.css HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: text/css
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=398
etag: W/"63e622b9-18e"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Fri, 10 Feb 2023 10:55:53 GMT
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arBG5A9SMZDWnMHnWU8ytnNetbjmnRjdWH1yJWcM5U%2B6jmuHKl1Ww0Gz46Dl63gxoyqAKKmNs3ieMcu9JpRgP76mA5T%2B8EqzdijNoDIderPLBr4QgCGtaOtsgG5%2BtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace5a5f8856ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/webworker.js?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed

142.250.74.132

200 OK

102 B

URL GET HTTP/3
www.google.com/recaptcha/api2/webworker.js?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
b581f6e6ac7eb4d572233bdd384918f8
12a90cd14cfea2286982801538560f638670eaff
b62f36160407c81030404ab242125afd42fa0da6626ef11e5f406dda12acf144

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 05 Dec 2023 08:09:18 GMT
date: Tue, 05 Dec 2023 08:09:18 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2

104.21.57.73

200 OK

13 kB

URL User Request GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type

Size
13 kB (13363 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2 HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1C56nh9ntd2m95%2F5aUcZeQxv1uYUZ0wLJ%2BQpfo3KPMfmpfFrD7DRIgEMTE%2FpOwg4z6u9Wk0r3P1fwNAhsRsilcx9EH5sM9%2BvKpNlLQdXDaHTl6UeNLkWdSBPRRnmwe9xyUJAxk%2BYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace56f85cb509-OSL
content-encoding: br
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/foot-icon01.svg

104.21.57.73

200 OK

8.0 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/foot-icon01.svg
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (8185), with no line terminators
Size
8.0 kB (7997 bytes)
Hash
9a4319a40173ad0487d994ec4aa12e3d
d072bf49f03b4f7b8632018cc73155911062c30b
56bf4ab6e6b0474ae11a91d0b4299b8498360d89d84a525b8487d677f190c6c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/foot-icon01.svg HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 Sep 2021 03:06:06 GMT
etag: W/"6136d71e-1f3d"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fUEXJL8ucSZ2c1oZUTrAyT5Gnl2VvLJ9RoRp8A%2BvSp2tP5loCbt97ORIJK1A98DeUitaIKhXgpfeEgK7upntpA%2Fms6zSRIfgXDR%2B61ys%2FrG4HbpQdLFNmG9vh4CicRzHF1phVE1Q0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace58f9cdb509-OSL
content-encoding: br
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/styles.css

104.21.57.73

200 OK

35 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/styles.css
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type

Size
35 kB (34627 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/styles.css HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: text/css
last-modified: Tue, 07 Sep 2021 03:06:06 GMT
vary: Accept-Encoding
etag: W/"6136d71e-8743"
expires: Tue, 05 Dec 2023 20:09:16 GMT
cache-control: max-age=43200
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CsXbFzmI1PMUusd3ny4oR5rF%2F2gPlLoorzU08x66%2FOY6zplSYDLgt0a1jgBBoP81OrIcrMxUTIBN96wOcx3ilzeZwvJ%2FuO3KYqE8prTDU%2FdpuPnZjr9F1bdBhMG9kabFghBkdqkRYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace58d9b6b509-OSL
content-encoding: br
X-Firefox-Spdy: h2

gifts9102.goggle.vip/favicon.ico

104.21.57.73

200 OK

68 kB

URL GET HTTP/2
gifts9102.goggle.vip/favicon.ico
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel\012- data
Size
68 kB (67646 bytes)
Hash
5d314e000175f9fec4ab4325ef438be9
4d48298cec69fc284570437dba43e5f14fe99be5
a3e831628af5a26e9a51d53636e42db46d8d2e7c59e7d2845c988baf1ccd18e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/x-icon
last-modified: Mon, 10 Jan 2022 06:10:46 GMT
etag: W/"61dbcde6-1083e"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnVkKDBFMN8fIxtUgUAVkfMfau2yftcR2n%2B8wOZzWOX3wPpkX1V163R6XbvLR67HflwY17Kvn5EFcQDbA1n8LjzNnwZyM%2BK6w2wZfdchNOTCE%2FI5ehEIlh4Xcuybf40RaZSuWJ7KUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace5bcbf3b509-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/load.js

172.67.129.176

200 OK

7.1 kB

URL GET HTTP/2
rs.y1h1.com/load.js
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7056), with no line terminators
Size
7.1 kB (7056 bytes)
Hash
e2494b9cd7f26ba05e504ab12aacdb89
d3224387f27e022d556f4ecd6b3aac9485bd1362
eda9e1ca8b96059ca3ed3cdd8f1e6822a8ef23604293b1cb914117caa5371d94

HTTP Headers

GET /load.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6311dce6-1b90"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Fri, 02 Sep 2022 10:37:26 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ms4ppS2Qy%2F8mLhhlis%2FW6dcYOFgaHUqzCNTGuHw1w2knqJeMwSYGJTxNJvyGhTJMOuP52lyvck3gH8PkLuxB28Py2%2BNrLcv7UKq0b%2BCxdNXObVjcY2NSC6xsr7%2BpnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace598ed856ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

216.58.211.14

200 OK

90 kB

URL GET HTTP/2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (2462)
Size
90 kB (90230 bytes)
Hash
49395f40ea6bb45b2c5d97450ae1f6a1
31ec25e9ac8bb0dd46e875e795b3b578025aa0b0
7beff70ccfe1c6ebb7729c170196d95657284b5c9bcff0cc70c30ad1694605d7

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 05 Dec 2023 08:09:17 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+030; expires=Thu, 04-Dec-2025 08:09:17 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/reload?k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y

142.250.74.132

200 OK

35 kB

URL POST HTTP/3
www.google.com/recaptcha/api2/reload?k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (35337)
Size
35 kB (35342 bytes)
Hash
f5d825c13c82fc485210648fb69ac93f
b77966ec93b78c224b04184a7eefd06de6ea08a6
5e20dd92a5f702ee8ec15395a38edb197abe2428cd58518ffb1a988b8dd7c378

HTTP Headers

POST /recaptcha/api2/reload?k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 7161
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXQ7EUAAAAAEY-1sgLx4eGQQDwXNdzlKssae-Y&co=aHR0cHM6Ly9naWZ0czkxMDIuZ29nZ2xlLnZpcDo0NDM.&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=7eg5aivkr6oh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Tue, 05 Dec 2023 08:09:18 GMT
expires: Tue, 05 Dec 2023 08:09:18 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ALb3HLe5t9eTY84E-EUMr1_gT_2anJbUhnwxalfoj6U2nXZu4bMH80Nm61dwJ5gCDeu0LHEzDtmvhUVXNElYUfI;Path=/recaptcha;Expires=Sun, 02-Jun-2024 08:09:18 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

gifts9102.goggle.vip/sweeps/ww/iphone2/icons.svg

104.21.57.73

200 OK

6.8 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/icons.svg
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6876), with no line terminators
Size
6.8 kB (6812 bytes)
Hash
67208c0213181b4dcf8a6f0e21ce0280
1d379876020582a3ea3f95cbfc6e34adf2ebd69d
81fc580f03c7c90e1ff03fbfbc27e5457609afe664dfa84d8f9402fd8c67d2f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/icons.svg HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 Sep 2021 11:10:36 GMT
etag: W/"613748ac-1a9c"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRs5AuBbheD3M1aNI5Sa0iiUqNa2kUme9R1aq4VqP1afkRHZZV9BfTol2oloejHQUObyllaxTPPlh8km1diV6dWD19Z1kUkqic62wO%2BkkrklQaqJhqkC0%2FWyh1McRrAs7wdjWSuUtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830ace5b3b80b509-OSL
content-encoding: br
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/bootstrap.min.css

104.21.57.73

200 OK

156 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/bootstrap.min.css
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
156 kB (155758 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/bootstrap.min.css HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: text/css
last-modified: Tue, 07 Sep 2021 03:06:06 GMT
vary: Accept-Encoding
etag: W/"6136d71e-2606e"
expires: Tue, 05 Dec 2023 20:09:16 GMT
cache-control: max-age=43200
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ojNbKEEN0O9683tMYiJjLaUSB1l4U3UsPu0Kpzmc03uO3HaUMI06y5fAd96xfViz8z6l0oyYqF%2Ffqt8xah8coKybOFF4dTpp9UUcHCwSgLXFHuPnGuc8qyWTla4F3yPGc5sdfJuuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace58d9afb509-OSL
content-encoding: br
X-Firefox-Spdy: h2

t.y1h1.com/recaptcha/verify?token=03AFcWeA7LC74L0Y8k71oQOhJpQhtQb_ZYCWEcUMakv4dlOM5ZUsi1bdBMpZnVu1Lx-NjvWnWHQk-4jhLTf_2qvvGFjIkyxYLLCXFVmuP2tWURb3Zzja0fWDMuVabwuvSZHc89jwEfAjkexl5KSJI2b54Pgjb7hqqTOiN3NlrHaLOadvrzfyocZV2Z6MXGHr-zDXL_vC5E07unF4MnLj3lY-byY-B6RJLoofyf_jFuOJLieQZDxebGIzKpIDmOXfoWaJXOujL3aCA8H9ft2KbGM6T-F3YwiU9nVZuVyLs1Xuc5eWVXtMIRUU8kceJzCbiOQQXnLcTnOfeG9uF3b0srAoebig-5ONxomm_o2kZUuBcvfp2Sl2KKUrLENEa_T6tNGUZVs_qWyVa8QjHFew3CvatGVviJ-PYpzSsoJhmX7_vYtXmtkCHsUnoiGfOHIHqW4QkIsm5vo5DKqXmgUjHIKRbqNpvY9R1EzIH8ZDnYIBSe2v3-nxKaSmvWuoh0Ahz92faR_MonkO74Y_h4R6AuPwQrMHXygQeHcJTfoMq2S8jnPHvYuCXPJpw&vid=1701763756-ywskhu&eventSubField=eventSub9&eventField=event9&botScore=0.5

172.67.129.176

200 OK

141 B

URL GET HTTP/2
t.y1h1.com/recaptcha/verify?token=03AFcWeA7LC74L0Y8k71oQOhJpQhtQb_ZYCWEcUMakv4dlOM5ZUsi1bdBMpZnVu1Lx-NjvWnWHQk-4jhLTf_2qvvGFjIkyxYLLCXFVmuP2tWURb3Zzja0fWDMuVabwuvSZHc89jwEfAjkexl5KSJI2b54Pgjb7hqqTOiN3NlrHaLOadvrzfyocZV2Z6MXGHr-zDXL_vC5E07unF4MnLj3lY-byY-B6RJLoofyf_jFuOJLieQZDxebGIzKpIDmOXfoWaJXOujL3aCA8H9ft2KbGM6T-F3YwiU9nVZuVyLs1Xuc5eWVXtMIRUU8kceJzCbiOQQXnLcTnOfeG9uF3b0srAoebig-5ONxomm_o2kZUuBcvfp2Sl2KKUrLENEa_T6tNGUZVs_qWyVa8QjHFew3CvatGVviJ-PYpzSsoJhmX7_vYtXmtkCHsUnoiGfOHIHqW4QkIsm5vo5DKqXmgUjHIKRbqNpvY9R1EzIH8ZDnYIBSe2v3-nxKaSmvWuoh0Ahz92faR_MonkO74Y_h4R6AuPwQrMHXygQeHcJTfoMq2S8jnPHvYuCXPJpw&vid=1701763756-ywskhu&eventSubField=eventSub9&eventField=event9&botScore=0.5
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
141 B (141 bytes)
Hash
a7a1e4eb52226312b1eb21207f2b9347
571a01f0515dddc9d4cb3aaf12627c81598a81ba
04902bf2c50d2def69e2c6ac8cce24a89bb5fd4f9ea66d70640dd3081f9751ac

HTTP Headers

GET /recaptcha/verify?token=03AFcWeA7LC74L0Y8k71oQOhJpQhtQb_ZYCWEcUMakv4dlOM5ZUsi1bdBMpZnVu1Lx-NjvWnWHQk-4jhLTf_2qvvGFjIkyxYLLCXFVmuP2tWURb3Zzja0fWDMuVabwuvSZHc89jwEfAjkexl5KSJI2b54Pgjb7hqqTOiN3NlrHaLOadvrzfyocZV2Z6MXGHr-zDXL_vC5E07unF4MnLj3lY-byY-B6RJLoofyf_jFuOJLieQZDxebGIzKpIDmOXfoWaJXOujL3aCA8H9ft2KbGM6T-F3YwiU9nVZuVyLs1Xuc5eWVXtMIRUU8kceJzCbiOQQXnLcTnOfeG9uF3b0srAoebig-5ONxomm_o2kZUuBcvfp2Sl2KKUrLENEa_T6tNGUZVs_qWyVa8QjHFew3CvatGVviJ-PYpzSsoJhmX7_vYtXmtkCHsUnoiGfOHIHqW4QkIsm5vo5DKqXmgUjHIKRbqNpvY9R1EzIH8ZDnYIBSe2v3-nxKaSmvWuoh0Ahz92faR_MonkO74Y_h4R6AuPwQrMHXygQeHcJTfoMq2S8jnPHvYuCXPJpw&vid=1701763756-ywskhu&eventSubField=eventSub9&eventField=event9&botScore=0.5 HTTP/1.1
Host: t.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gifts9102.goggle.vip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:19 GMT
content-type: text/plain;charset=UTF-8
access-control-allow-origin: https://gifts9102.goggle.vip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKTdni%2FsJPSJNw8gc%2Bku0FWPK9ajtFndBgOXdOWGFdfl4CTE1swzkGI6xH3k12Z1SHX7igZY%2B%2FmqUShLXDMLgNegki9AZtcU62Y37%2BL6EL%2BUYGUD1YUS1ynfFRHo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace65895e56ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/common.js

172.67.129.176

200 OK

17 kB

URL GET HTTP/2
rs.y1h1.com/common.js
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
C source, ASCII text, with very long lines (17150), with no line terminators
Size
17 kB (17150 bytes)
Hash
e82a7475219924f096429f180b359bfb
914006151a4b38056a5ab70a51abfb389bc7b7eb
ecfa449cbb48255f0ece7b436e2015299b9e6adceb9f4df863a9ce36eab71278

HTTP Headers

GET /common.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6214ae9e-42fe"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Tue, 22 Feb 2022 09:36:30 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hIcP5CG0U7kpzLuL%2BUjYv8Y3XbZZHThr%2BljKsrG6mC3RByMGzo%2BMBBh0nS6nHHD8NDiDY77ec5V2jLoitnDOrkAy%2BHaM59ZTnJ3B021cAulGPItXvnj3ksCd8GWm7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace597ec656ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/backbutton.js

172.67.129.176

200 OK

4.8 kB

URL GET HTTP/2
rs.y1h1.com/backbutton.js
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4821), with no line terminators
Size
4.8 kB (4816 bytes)
Hash
cc74e717b3fb50c15e5e4b50faf55bc9
36fdd2a173f70f53d7f5f4b82d6c89accf6c2bc3
49da637a24a8a355014704c23fa18387f0bd339368153a5e64c90a062b03b795

HTTP Headers

GET /backbutton.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
etag: W/"61d46677-12d0"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Tue, 04 Jan 2022 15:23:35 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzIX9UXFyaFFOxW2%2BpEOmAym8A%2Bq53ksqSfaahTzwcTmPhgfE5tCfFr%2BzzXgcSGiNSKUpERzaIkG%2FbBtYYUHeLklnlGfgvf79uloH9sq%2FnLCHkIc6h9edexE5L8bcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace597eca56ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

gifts9102.goggle.vip/sweeps/ww/iphone2/jquery-3.0.0.min.js

104.21.57.73

200 OK

86 kB

URL GET HTTP/2
gifts9102.goggle.vip/sweeps/ww/iphone2/jquery-3.0.0.min.js
IP
104.21.57.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjectgoggle.vip
FingerprintB5:2F:C1:CE:2E:08:98:4B:A4:18:83:F8:62:7B:8A:6F:ED:9C:DF:B1
ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 16 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32034)
Size
86 kB (86341 bytes)
Hash
d0212568ce69457081dacf84e327fa5c
d6702a1af0378b2342f6a0692e77c169f580aed7
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweeps/ww/iphone2/jquery-3.0.0.min.js HTTP/1.1
Host: gifts9102.goggle.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
last-modified: Tue, 07 Sep 2021 03:06:06 GMT
vary: Accept-Encoding
etag: W/"6136d71e-15145"
expires: Tue, 05 Dec 2023 20:09:16 GMT
cache-control: max-age=43200
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kU62WVUpiqyk%2FrQg7dUFKfese0cSC%2B%2FYpB2WWeC6I9rSj2CCwCCicSO5pEsPcfXF8oQtVIaiFV0MaFrkO4wOGoZwBzX%2Fuq1ri5PNB6j8kXWjXZK5O7C8Lb4lMMhD32AMG1RaUV%2FPPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace58c9adb509-OSL
content-encoding: br
X-Firefox-Spdy: h2

rs.y1h1.com/checkbot.js

172.67.129.176

200 OK

8.2 kB

URL GET HTTP/2
rs.y1h1.com/checkbot.js
IP
172.67.129.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gifts9102.goggle.vip/sweeps/ww/iphone2/index_en-us.php?vid=1701763756-ywskhu&utm_medium=%7Bsub1%7D&utm_source=Redirect&utm_campaign=0_AutoSmartlink&utm_content=Smartlink_Sweeps_dddwb01_RandomPub&isp=Blix+Group+AS&city=Oslo&br=0&sp=1&trans=1&iw=False&checked=0&ipp=0&lpkey=173401e9769643b756&ck=2
Certificate
IssuerCloudflare, Inc.
Subjecty1h1.com
FingerprintCF:8A:ED:DF:BB:57:09:E6:84:5E:C8:B0:2F:BE:C2:A8:51:32:58:F8
ValiditySun, 02 Apr 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8175), with no line terminators
Size
8.2 kB (8175 bytes)
Hash
ce0c2c4ee0cb0c547667698772dc25b1
7fdc7c61cf11d289c270ebe3c23032667d010e53
b2b11e955ad96caa642a0b963217b7a9e81c66ca8bcf0fe15b8ef0ea0d565d31

HTTP Headers

GET /checkbot.js HTTP/1.1
Host: rs.y1h1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 08:09:17 GMT
content-type: application/javascript
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
cache-control: max-age=43200
cf-bgj: minify
etag: W/"6222c2ff-1fef"
expires: Tue, 05 Dec 2023 20:09:17 GMT
last-modified: Sat, 05 Mar 2022 01:55:11 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p0taZ5abejHIg08eCb4X%2BVn25GPPp71v%2FSsxuhF7w4pMiHr1lTeBoBklvUmGTDUY7zfgBGv74Rr%2F08TqzAdRkEG5JhKu%2FkSoO%2Bnv2srUArG8P%2BnkUSOPit7L1rZKUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830ace598ed556ab-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by