Report - www.oneclicktwofucks.com/3871690444472350?uclick=ftibe2du8n&uclickhash=ftibe2du8n-ftibe2du8n-myvc-0-q5xrbl-fvqq6o-fvqqbl-44686b/3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350/

Report Overview

Visited public
2023-12-01 21:51:08
Tags
URL
www.oneclicktwofucks.com/3871690444472350?uclick=ftibe2du8n&uclickhash=ftibe2du8n-ftibe2du8n-myvc-0-q5xrbl-fvqq6o-fvqqbl-44686b/3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350/
Finishing URL
www.oneclicktwofucks.com/3871690444472350/
IP / ASN
54.230.111.75
#16509 AMAZON-02
Title
Instabang

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.oneclicktwofucks.com	unknown	2023-03-31	2023-06-06 15:25:21	2023-11-17 14:05:45	2.9 kB	1.1 MB	54.230.111.7
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-01 08:06:52	465 B	85 kB	151.101.130.137
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-01 05:29:09	1.1 kB	48 kB	216.58.207.227
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-01 06:26:25	441 B	46 kB	142.250.74.168
notix.io	14765	2020-08-20	2020-08-20 15:14:00	2023-12-01 08:07:18	943 B	146 kB	139.45.240.92
tsyndicate.com	13042	2017-03-08	2017-03-16 10:04:54	2023-12-01 08:01:27	490 B	617 B	78.46.97.249
cachecdn.cdnhost2000xl.com	814088	2010-08-05	2012-09-28 10:51:01	2023-11-22 22:44:43	487 B	2.0 kB	64.210.135.114
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-01 08:02:13	482 B	3.7 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	notix.io/ent/current/enot.min.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.js	ScriptElement	289 kB	2023-03-07	2025-05-11
Pretty URL code.jquery.com/jquery-3.6.0.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-11 07:50 Times Seen3577 Hash 2849239b95f5a9a2aea3f6ed9420bb88 af32f706407ab08f800c5e697cce92466e735847 1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239 Loading...

	www.oneclicktwofucks.com/3871690444472350/	ScriptElement	273 B	2023-10-19	2024-08-21
Pretty URL www.oneclicktwofucks.com/3871690444472350/ IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-19 02:50 Last Seen2024-08-21 04:10 Times Seen15 Hash d443510807ac9406c99e2cb2a5552791 06f3d2780645ddb83238846461dd58234bf644ff 8eef020b2cef3aaa310c6eb1eef7a0c79e96ebbd0434f2c6dbb15e53e209d22c Loading...

	www.oneclicktwofucks.com/3871690444472350/	ScriptElement	438 B	2023-10-19	2024-08-21
Pretty URL www.oneclicktwofucks.com/3871690444472350/ IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-19 02:50 Last Seen2024-08-21 04:10 Times Seen21 Hash 372f737ec69a0a457538f8f6844c696b 0e3cd3b0eb732bd49e74251f80ab65fd177d0713 089765b429db0c6bbebd7e503920e393a501aa8bc89cd358fdceb65f3a5e22df Loading...

	www.oneclicktwofucks.com/3871690444472350/	ScriptElement	782 B	2023-10-19	2024-08-21
Pretty URL www.oneclicktwofucks.com/3871690444472350/ IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-19 02:50 Last Seen2024-08-21 04:10 Times Seen19 Hash 9ed1f13bec807661cf18e3a96c5bc358 2d6c0a65aba3fad2744ca46ce227850b1b21ffbe 51d7a3fb39400f4282f42f6f2b98fe790fbda3fc72f6e57b5563bffbc08df33c Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PKBDJ82	ScriptElement	118 kB	2023-12-01	2023-12-01
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PKBDJ82 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 22:51 Last Seen2023-12-01 22:51 Times Seen1 Hash 117f4a3793c4348ea6cda0328c33a854 e0b7cae0bd01cb92c981d3ac3564d5b5f3c603d7 dd3ae4aee32bbe16c1fb5c2c6882d945ee68dc711a49c09db2a9a3d3be43f649 Loading...

	notix.io/ent/current/enot.min.js	ScriptElement	145 kB	2023-11-29	2023-12-08
Pretty URL notix.io/ent/current/enot.min.js IP 139.45.240.92 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-29 11:39 Last Seen2023-12-08 03:48 Times Seen193 Hash 5ec57c87dbac3f07e59e5d74ae3421e4 70121f1541a1961d7b87544001d612f18ad04243 e1d529afcbb911c99bb039ba39c7fb6716275b97650ae816a90fc03f256542bb Loading...

HTTP Transactions (14)

URL IP Response Size

www.oneclicktwofucks.com/3871690444472350?uclick=ftibe2du8n&uclickhash=ftibe2du8n-ftibe2du8n-myvc-0-q5xrbl-fvqq6o-fvqqbl-44686b/3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350/

54.230.111.7

302 Found

313 B

URL User Request GET HTTP/2
www.oneclicktwofucks.com/3871690444472350?uclick=ftibe2du8n&uclickhash=ftibe2du8n-ftibe2du8n-myvc-0-q5xrbl-fvqq6o-fvqqbl-44686b/3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350/
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectoneclicktwofucks.com
FingerprintD4:10:94:89:B4:01:4A:91:54:09:3A:A2:36:3E:CF:17:DE:F2:B6:D5
ValiditySat, 01 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
313 B (313 bytes)
Hash
be350e02ab102013e63f4d8cec48cfed
423476ef08f57a6c75b9f2dd26231f1186b9300b
5654083e49f9c287a947dc89572430ec08eaa65c0b5cbc20a7a6dae27897fe1f

HTTP Headers

GET /3871690444472350?uclick=ftibe2du8n&uclickhash=ftibe2du8n-ftibe2du8n-myvc-0-q5xrbl-fvqq6o-fvqqbl-44686b/3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350//3871690444472350/ HTTP/1.1
Host: www.oneclicktwofucks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 313
x-amz-error-code: Found
x-amz-error-message: Resource Found
location: /3871690444472350/
date: Thu, 30 Nov 2023 01:15:13 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a-7n5_SXdkCm5UQWxYvYNPXs0sTMwcCDzOP8og0-Uz8ZhvXQr1PYxQ==
age: 160535
X-Firefox-Spdy: h2

www.oneclicktwofucks.com/3871690444472350/smalligits1686125802897-1686837616955-1690444482389.jpg

54.230.111.7

200 OK

775 kB

URL GET HTTP/2
www.oneclicktwofucks.com/3871690444472350/smalligits1686125802897-1686837616955-1690444482389.jpg
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerAmazon
Subjectoneclicktwofucks.com
FingerprintD4:10:94:89:B4:01:4A:91:54:09:3A:A2:36:3E:CF:17:DE:F2:B6:D5
ValiditySat, 01 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1280x1138, components 3\012- data
Size
775 kB (774832 bytes)
Hash
00e4d773da84083b1fabb183a95292f3
d2854ffcba5748a6a85d6f13ae196a62d234249e
0405039a7ae0b7d275ed90d539a08bc440b94904014a6ddbbd06cc3f24206a75

HTTP Headers

GET /3871690444472350/smalligits1686125802897-1686837616955-1690444482389.jpg HTTP/1.1
Host: www.oneclicktwofucks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/3871690444472350/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpg
content-length: 774832
date: Thu, 30 Nov 2023 03:34:32 GMT
last-modified: Thu, 27 Jul 2023 07:54:43 GMT
etag: "00e4d773da84083b1fabb183a95292f3"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KuVMGuQzF2XJtZ8bz2VoLnEBKd9auIUCAmvHBo40Qtb_EpxW-qkzuQ==
age: 152178
X-Firefox-Spdy: h2

www.oneclicktwofucks.com/3871690444472350/flamey1685637278474-1690444482391.png

54.230.111.7

200 OK

53 kB

URL GET HTTP/2
www.oneclicktwofucks.com/3871690444472350/flamey1685637278474-1690444482391.png
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerAmazon
Subjectoneclicktwofucks.com
FingerprintD4:10:94:89:B4:01:4A:91:54:09:3A:A2:36:3E:CF:17:DE:F2:B6:D5
ValiditySat, 01 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
PNG image data, 572 x 526, 8-bit/color RGBA, non-interlaced\012- data
Size
53 kB (52607 bytes)
Hash
6f6ae9d6482c902cb6e3a727f2525360
d5c878cc576f94d762215979226f517f113a43fb
f0fb4c43271acd6fe0b25f7543a11d349f633988ae0fd20d6250a1caab83bb4e

HTTP Headers

GET /3871690444472350/flamey1685637278474-1690444482391.png HTTP/1.1
Host: www.oneclicktwofucks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/3871690444472350/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 52607
date: Thu, 30 Nov 2023 03:34:32 GMT
last-modified: Thu, 27 Jul 2023 07:54:43 GMT
etag: "6f6ae9d6482c902cb6e3a727f2525360"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7FldVyTecIId9RDBJ0Wg41s0yXti3mwGnDf0hquXm43gESHVgPt-6g==
age: 152179
X-Firefox-Spdy: h2

www.oneclicktwofucks.com/3871690444472350/search.gif

54.230.111.7

200 OK

280 kB

URL GET HTTP/2
www.oneclicktwofucks.com/3871690444472350/search.gif
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerAmazon
Subjectoneclicktwofucks.com
FingerprintD4:10:94:89:B4:01:4A:91:54:09:3A:A2:36:3E:CF:17:DE:F2:B6:D5
ValiditySat, 01 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
GIF image data, version 89a, 193 x 192\012- data
Size
280 kB (279956 bytes)
Hash
f282e31cfc0ed61f5e58977d378b27e0
3a2d91fbcfaf6f12644275ce8c1b950b55f736d2
0793afa167cbc0a6c44e6c5f855cd96c2ba0e736dedfa172990bcee3fa1c9cb9

HTTP Headers

GET /3871690444472350/search.gif HTTP/1.1
Host: www.oneclicktwofucks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/3871690444472350/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 279956
date: Thu, 30 Nov 2023 03:34:34 GMT
last-modified: Thu, 27 Jul 2023 07:54:44 GMT
etag: "f282e31cfc0ed61f5e58977d378b27e0"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xfhwLDBWTwh0RexryS1b-m0a3baV9M33o1FPWnU4k376naEcYEiyUg==
age: 152176
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.js

151.101.130.137

200 OK

85 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
85 kB (84714 bytes)
Hash
2849239b95f5a9a2aea3f6ed9420bb88
af32f706407ab08f800c5e697cce92466e735847
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

HTTP Headers

GET /jquery-3.6.0.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.oneclicktwofucks.com
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-46744"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 01 Dec 2023 21:50:50 GMT
age: 6666834
x-served-by: cache-lga21935-LGA, cache-bma1630-BMA
x-cache: HIT, HIT
x-cache-hits: 117, 29145
x-timer: S1701467450.138444,VS0,VE0
vary: Accept-Encoding
content-length: 84714
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.oneclicktwofucks.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:00:51 GMT
expires: Fri, 29 Nov 2024 04:00:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 150599
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

216.58.207.227

200 OK

23 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.oneclicktwofucks.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 12:50:30 GMT
expires: Fri, 29 Nov 2024 12:50:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
age: 118820
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PKBDJ82

142.250.74.168

200 OK

46 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PKBDJ82
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
46 kB (45615 bytes)
Hash
117f4a3793c4348ea6cda0328c33a854
e0b7cae0bd01cb92c981d3ac3564d5b5f3c603d7
dd3ae4aee32bbe16c1fb5c2c6882d945ee68dc711a49c09db2a9a3d3be43f649

HTTP Headers

GET /gtm.js?id=GTM-PKBDJ82 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 21:50:50 GMT
expires: Fri, 01 Dec 2023 21:50:50 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45615
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

notix.io/settings?appId=1004ff5d762d01458b38c1d4dcfb359&ver=0.15.19

139.45.240.92

200 OK

318 B

URL GET HTTP/2
notix.io/settings?appId=1004ff5d762d01458b38c1d4dcfb359&ver=0.15.19
IP
139.45.240.92:443
ASN
#9002 RETN Limited

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

File type
JSON data\012- , ASCII text, with very long lines (318), with no line terminators
Size
318 B (318 bytes)
Hash
82b0c0f76512e60ea030da09ee18febf
2c4b11e5713c2f7e6a3da2ef87a1c0c78c3da195
a8ca49249ca90a131bba14405671cb243da2849145a3d8074b0b5c232c2b57d1

HTTP Headers

GET /settings?appId=1004ff5d762d01458b38c1d4dcfb359&ver=0.15.19 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.oneclicktwofucks.com/
Origin: https://www.oneclicktwofucks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 21:50:50 GMT
content-type: application/json; charset=utf-8
content-length: 318
access-control-allow-origin: https://www.oneclicktwofucks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

tsyndicate.com/api/v1/retargeting/set/31274e87-1118-4d7c-bc72-9007731936c3

78.46.97.249

200 OK

43 B

URL GET HTTP/2
tsyndicate.com/api/v1/retargeting/set/31274e87-1118-4d7c-bc72-9007731936c3
IP
78.46.97.249:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerLet's Encrypt
Subjecttsyndicate.com
FingerprintF2:3C:80:FB:F4:C8:BF:02:DD:BF:23:DD:27:74:AB:0B:89:F6:13:5E
ValiditySun, 12 Nov 2023 09:06:58 GMT - Sat, 10 Feb 2024 09:06:57 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ba036c43037cfe89320d1ef7b64cd43f
88c72d3e26047eb1e45e5564a76427734f120efe
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb

HTTP Headers

GET /api/v1/retargeting/set/31274e87-1118-4d7c-bc72-9007731936c3 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 21:50:50 GMT
content-type: image/gif
content-length: 43
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 9109068046872da9
set-cookie: ts_rt_31274e87-1118-4d7c-bc72-9007731936c3=AAMC; expires=Sat, 30 Nov 2024 21:50:50 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

cachecdn.cdnhost2000xl.com/images/whitelabels/instabang.com/favicon.ico

64.210.135.114

200 OK

1.7 kB

URL GET HTTP/2
cachecdn.cdnhost2000xl.com/images/whitelabels/instabang.com/favicon.ico
IP
64.210.135.114:443
ASN
#30361 SWIFTWILL2

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerSectigo Limited
Subject*.cdnhost2000xl.com
FingerprintB8:BD:F2:46:87:69:19:71:B7:A2:41:11:3D:10:03:D5:5B:E0:83:93
ValidityMon, 30 Jan 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1668 bytes)
Hash
d7be5b1d22d692311fb81a63215132ae
e9da143eff15920af8928021853a8095d664d12f
6a9094655fc790e3adb5b22a09de429ea8e1d0ee7608c08e3e43c802623a1cef

HTTP Headers

GET /images/whitelabels/instabang.com/favicon.ico HTTP/1.1
Host: cachecdn.cdnhost2000xl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 21:50:50 GMT
content-type: image/x-icon
content-length: 1668
last-modified: Fri, 25 Mar 2022 19:22:27 GMT
etag: "623e1673-684"
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=86401
accept-ranges: bytes
x-cdn-diag: ams5-7846-1-50507-h-0-0---;6139-24-1736----0-0-1
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700&display=swap

142.250.74.106

200 OK

3.1 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (3137), with no line terminators
Size
3.1 kB (3065 bytes)
Hash
b634b65563ca8227cff839c27304ed4a
1a233d3cf36dfd9ef1d431d59034df2e6c139e90
45467496984a3d64a6edfc770c6ee780adbe7ff267fd7437cbd27d741b83418d

HTTP Headers

GET /css2?family=Lato:wght@100;300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 21:50:50 GMT
date: Fri, 01 Dec 2023 21:50:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.oneclicktwofucks.com/3871690444472350/

54.230.111.7

200 OK

16 kB

URL User Request GET HTTP/2
www.oneclicktwofucks.com/3871690444472350/
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectoneclicktwofucks.com
FingerprintD4:10:94:89:B4:01:4A:91:54:09:3A:A2:36:3E:CF:17:DE:F2:B6:D5
ValiditySat, 01 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text
Size
16 kB (16346 bytes)
Hash
26fd1b63c71c0ecbedfbdd73052ebb4a
89b51160ea9bdc9d076df976e7207a77a60e4ee7
a22865461875358b87fc8c032e4ad694de06621dd0254cf837127cd62222c2ac

HTTP Headers

GET /3871690444472350/ HTTP/1.1
Host: www.oneclicktwofucks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
date: Thu, 30 Nov 2023 01:15:27 GMT
last-modified: Thu, 27 Jul 2023 07:54:44 GMT
etag: W/"26fd1b63c71c0ecbedfbdd73052ebb4a"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z_QWMcGcETPUcWhB9FN9KGo-SBW2kUm_SkxYjd7SAGVeOctMfeAJoQ==
age: 160523
X-Firefox-Spdy: h2

notix.io/ent/current/enot.min.js

139.45.240.92

200 OK

145 kB

URL GET HTTP/2
notix.io/ent/current/enot.min.js
IP
139.45.240.92:443
ASN
#9002 RETN Limited

Requested by
https://www.oneclicktwofucks.com/3871690444472350/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (144887 bytes)
Hash
5ec57c87dbac3f07e59e5d74ae3421e4
70121f1541a1961d7b87544001d612f18ad04243
e1d529afcbb911c99bb039ba39c7fb6716275b97650ae816a90fc03f256542bb

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oneclicktwofucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 21:50:50 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 09:39:49 GMT
etag: W/"65685865-235f7"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size