| mp.org.pl/yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 | 185.11.100.204 | 302 Found | 292 B |
URL User Request GET HTTP/2mp.org.pl/yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectmp.org.pl Fingerprint57:DA:09:4B:84:35:ED:47:0C:F1:15:D5:2E:AE:2C:51:82:64:3A:AC ValiditySun, 18 Feb 2024 08:00:38 GMT - Sat, 18 May 2024 08:00:37 GMT
File typeHTML document, ASCII text Hash1d60a135cb1ffe93f7fef8ca9e0bd6f3 8601d7fd74ce8ee187b87a4d0a8564b0611f018d 420b188c7b5a366328af3374db282c21462be44599d1ee432c3b4d0e930e98d5
GET /yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 16 Apr 2024 13:12:30 GMT
server: Apache
location: http://mp.org.pl/yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:30 GMT
content-length: 292
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| mp.org.pl/yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 | 185.11.100.204 | 302 Found | 0 B |
URL User Request GET HTTP/2mp.org.pl/yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectmp.org.pl Fingerprint57:DA:09:4B:84:35:ED:47:0C:F1:15:D5:2E:AE:2C:51:82:64:3A:AC ValiditySun, 18 Feb 2024 08:00:38 GMT - Sat, 18 May 2024 08:00:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /yt-redirect.php?banurl=eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:31 GMT
content-length: 0
content-type: text/html
|
|
| www.paypalobjects.com/pl_PL/i/scr/pixel.gif | 192.229.221.25 | 200 OK | 43 B |
URL GET HTTP/2www.paypalobjects.com/pl_PL/i/scr/pixel.gif IP192.229.221.25:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerDigiCert Inc Subjectwww.paypal.com Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 16 Apr 2024 13:12:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Tue, 16 Apr 2024 14:12:31 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2
|
|
| bitly.ws/css/style.css | 185.11.100.204 | 200 OK | 2.8 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeassembler source, Unicode text, UTF-8 text, with CRLF line terminators Hasheeee0a4d84ff512093277dcc29852c8d 8cdc89abbf41ad34513b14144d235e215110a600 7b7fa3cffc3403b893b3d6816de290ad101c9f93ff2b06bd91151aed5cd78d35
GET /css/style.css HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Thu, 04 Apr 2024 03:49:30 GMT
etag: "2d16-6153d39fcf8a2-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2763
content-type: text/css
X-Firefox-Spdy: h2
|
|
| bitly.ws/js/adframe.js | 185.11.100.204 | 200 OK | 16 B |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeASCII text, with no line terminators Hash760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828
GET /js/adframe.js HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:31 GMT
content-type: application/javascript
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/stripe.png | 185.11.100.204 | 200 OK | 1.4 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 91 x 60, 8-bit colormap, non-interlaced Hash17aaa9dc48a895306b06de8ae9a8b104 f75e086497b3743ac83d85dc4ca456e8bb556e55 b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a
GET /gfx/stripe.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:31 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/adsterra2.png | 185.11.100.204 | 200 OK | 15 kB |
URL GET HTTP/2bitly.ws/gfx/adsterra2.png IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hash5d4aab7e8b7267e1876143c7bd308318 5e1827fa8442e7b1e06cfbdec4c52bdec22c9063 f9b415d80dc86d44446a312e855460fb4ac16207f5b2caa0620e69013598bde6
GET /gfx/adsterra2.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Sat, 30 Mar 2024 10:55:14 GMT
etag: "3ba2-614de974dba8f"
accept-ranges: bytes
content-length: 15266
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:31 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/bmac.png | 185.11.100.204 | 200 OK | 3.2 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 214 x 60, 8-bit colormap, non-interlaced Hash781860bb7eb619aa3b173144c6d29646 6ba3a103709f121cf9f5ab214610d0215dab93e9 54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657
GET /gfx/bmac.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:31 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/bitly-chart.png | 185.11.100.204 | 200 OK | 210 B |
URL GET HTTP/2bitly.ws/gfx/bitly-chart.png IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 200 x 200, 1-bit colormap, non-interlaced Hash0f7081ab57097da4c3f76c5a4fcf3174 1aa09d97610e3ad42e25577468864aacaa26eeee c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d
GET /gfx/bitly-chart.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "d2-561cab088ec59"
accept-ranges: bytes
content-length: 210
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:31 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/paypal.png | 185.11.100.204 | 200 OK | 5.5 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 200 x 150, 8-bit colormap, non-interlaced Hash164e7543a819062962815f4bd99b8419 0355f9dad012daa6adf4bae4e47e44d4b2c51888 675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea
GET /gfx/paypal.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:31 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/paypal.jpg | 185.11.100.204 | 200 OK | 8.7 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 380 x 130, 8-bit colormap, non-interlaced Hasheeb10183dfe4b9ec6bcfea9aa6fa07f6 b55d89bc1ead011821dd3371f2885996fe99785a 1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c
GET /gfx/paypal.jpg HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:31 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX | 142.250.74.168 | 200 OK | 87 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP142.250.74.168:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash3fda04877396a097a07e7b4011fd65e3 09d0bb74572d133d4ae2db5a3e54cf6f9c333203 e11c7671696e9fd3321998ef86eb416c760481f53b19d56cb688dda6139f0333
GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 13:12:31 GMT
expires: Tue, 16 Apr 2024 13:12:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86885
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| | 185.11.100.204 | 200 OK | 15 kB |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26631), with CRLF line terminators Hashd09b1bc9a7b85b37941d8d4acb81968b ab943558edafd697fe31332adf42b06a4b94e0fc 1f267a6d2708619a1e208081ca06c3842d71c77e2af73fe311751342d0c20370
GET /?banned=1 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:31 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:31 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2
|
|
| pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js | 192.243.59.20 | 200 OK | 16 kB |
URL GET HTTP/1.1pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, ASCII text, with very long lines (44198), with no line terminators Hash3859bc68d4053902fa373954c3cf4526 0f2d40ee8036e1f530a93b93e5f926ece7dce36e 8496d4cf78ff176141a560d8cd231d3823219d7bad51acdb7cf51d6aba81a42a
GET /33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js HTTP/1.1
Host: pl22826256.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b631d1b786577c0b8a487c0a0094a40d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js | 172.240.108.84 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP172.240.108.84:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31349), with no line terminators Hash78121f6c4b167383f7a0fdbca0779bb4 3d485a89f0b00733f7922855f4dc4264c7147a4b 5b604d66fe1062505287bdf92f9b1a90cd4c24693f45f70af7f6fb42df66b737
GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 804cddef136b11fdd4fbf3297c8a4fa7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash0bea14a24acf01e7602c416935848793 3493b99ca0da4d0c60f848069fa57e39b335a87a 229a97c14569254bf9fe6342e7cd4efd9e4f4b0ff89fb3c1e5c935976ab01062
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 16 Apr 2024 13:12:32 GMT
Last-Modified: Tue, 16 Apr 2024 12:12:50 GMT
Server: ECAcc (ska/F7A2)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Jxow5dxgVIay85fn32t6Kb4URzUrrZekoQNHPmwa_PyUIYlDKtsGcQ==
Age: 3583
|
|
| proftrafficcounter.com/stats | 3.123.64.179 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.123.64.179:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashe0f23bd9cb4b88ae63a92fc5a0501119 8cc744adc562994b019b13e1bf9f7af2fbc0b4c9 ee66c0dae6277429d708c22b69df8e1a2d7e10ef53a940c0e1e6d3f60cad8337
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:32 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=eb631561-4633-4d71-b86d-49c2c84c8f72:3:1; expires=Fri, 14 Apr 2034 13:12:32 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 3.123.64.179 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.123.64.179:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashc989e4735929217728c6836b4d161558 6349ecf672658ef857086365dc64596a9c478c5f dc20d3c0b1a93ceb17d47ee2a2828397d28cfb17b297e34cb222897d6b06c794
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:32 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; expires=Fri, 14 Apr 2034 13:12:32 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js | 172.240.108.84 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP172.240.108.84:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31349), with no line terminators Hashf3afebed6600738f53fa56d1b04f5e03 4b42270a7dd1d8f67b7caf6d9ea1d46e15855653 a9eceee800c555b01166e6492b2cfea531c5888d9283c50309b00be16c6467e4
GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3110597d7808b6641ac1009252456b84
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png | 142.0.204.220 | 200 OK | 90 kB |
URL GET HTTP/1.1landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png IP142.0.204.220:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectlandings-cdn.adsterratech.com Fingerprint71:9A:2B:CA:BF:A3:77:2A:CA:C2:19:7D:85:23:4A:2A:CB:E9:F3:E1 ValidityWed, 28 Feb 2024 06:50:41 GMT - Tue, 28 May 2024 06:50:40 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hasha28902cd41b26954be2c97eea41089a1 c69d00be80adbcba05b788d2dcf7967d0d15a65f 5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61
GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes
|
|
| fizzysquirtbikes.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js | 192.243.59.12 | 200 OK | 30 kB |
URL GET HTTP/1.1fizzysquirtbikes.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash1a91b8326e98f87947f398d0d1f0f437 8c51d35da805a57e1701e36246b8e48c8bdadddc f7eb1f03db5f7faeb2d179b4184472cc20adde5c409be49efeff8b94bd583318
GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2967-new=0; expires=Sun, 21 Apr 2024 04:12:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 26e3343d6f5e5474ed5738a32f4fbb98
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| continuousselfevidentinestimable.com/watch.9982248445.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 | 172.240.108.68 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/watch.9982248445.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.9982248445.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://continuousselfevidentinestimable.com/watch.9982248445.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=c2f6a72d8591b3ece589ab783e73162fa9531548fbea9ef5f0c6d6ffc6384c84bf1eac3b24ad53c213c70b784616ae465751be4bf1a8423ec2ff7770cc7ccf23d1e9716d2b8a074dc8c7ff7bef9dc3d97500d47014ca4162e293db2e5f7c&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1
Set-Cookie: u_pl=22829219; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk; expires=Tue, 16 Apr 2024 13:13:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da6e48023af0b607436f8171c554b2fb
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| continuousselfevidentinestimable.com/watch.1020138311504.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 | 172.240.108.68 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/watch.1020138311504.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1020138311504.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://continuousselfevidentinestimable.com/watch.1020138311504.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=0d80d6f96ec0e118db95fb40888837f15ac97bf05d08e90ee615d9115717f321273b3e54cd0e160f1379bab0d41163ec1c67397ad0eba3eb70b71fcb0f34e7f96185f61e4904f136886089d64c8928559cd579884446b20a2c962488c1e3&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1
Set-Cookie: u_pl=22735548; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; expires=Tue, 16 Apr 2024 13:13:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 419b1568913d7c34bc3622b5cbf21d3b
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 | 192.243.59.12 | 200 OK | 17 kB |
URL GET HTTP/1.1fizzysquirtbikes.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
Hash0b4fa0411b78b92ffe2772d6df77fb64 6c1ccc6cbacf736a49784c9f34ad55453f60ebfe 31420fad6bb37fe4e0b4c826492516c06098d84cb34b0cad5f2327ed62d726a3
GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: application/json
Content-Length: 17104
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
pdhtkv49=true; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
uncs49=1; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]; expires=Tue, 16 Apr 2024 13:12:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62880d06629570438e054724da6c355b
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| continuousselfevidentinestimable.com/pixel/purst?dl=0&th=0&sc=0&rs=2113&rd=2113&fd=599&bv=24.4.2204&tmpl=136 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/pixel/purst?dl=0&th=0&sc=0&rs=2113&rd=2113&fd=599&bv=24.4.2204&tmpl=136 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=2113&rd=2113&fd=599&bv=24.4.2204&tmpl=136 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| continuousselfevidentinestimable.com/watch.9982248445.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=c2f6a72d8591b3ece589ab783e73162fa9531548fbea9ef5f0c6d6ffc6384c84bf1eac3b24ad53c213c70b784616ae465751be4bf1a8423ec2ff7770cc7ccf23d1e9716d2b8a074dc8c7ff7bef9dc3d97500d47014ca4162e293db2e5f7c&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 | 172.240.108.68 | 200 OK | 2.1 kB |
URL GET HTTP/1.1continuousselfevidentinestimable.com/watch.9982248445.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=c2f6a72d8591b3ece589ab783e73162fa9531548fbea9ef5f0c6d6ffc6384c84bf1eac3b24ad53c213c70b784616ae465751be4bf1a8423ec2ff7770cc7ccf23d1e9716d2b8a074dc8c7ff7bef9dc3d97500d47014ca4162e293db2e5f7c&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
File typeJavaScript source, ASCII text, with very long lines (2629) Hashd974ec49d14ae5be920c05212cda4892 b961224db92c6583ce66f5d01dbfbf8b90d83ba6 5d477e35371cbcf848061729f4bde0f4f6a96a18b40819e0b8e6a54d154aafa7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.9982248445.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=c2f6a72d8591b3ece589ab783e73162fa9531548fbea9ef5f0c6d6ffc6384c84bf1eac3b24ad53c213c70b784616ae465751be4bf1a8423ec2ff7770cc7ccf23d1e9716d2b8a074dc8c7ff7bef9dc3d97500d47014ca4162e293db2e5f7c&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; expires=Tue, 23 Apr 2024 13:12:32 GMT; secure; SameSite=None
iprcc41392d932aea1771837ac2424674b80=3570421; expires=Tue, 16 Apr 2024 17:12:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
pdhtkv32=true; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
uncs32=1; expires=Wed, 17 Apr 2024 13:12:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f3111c3aff51783a1d192a572f46014
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAjLsCAoyKS7Z6ZnxkVWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENon%2BAi0wCiwTFzEUCmn%2FBg7B4lB4HRx90v%2FfqewXf%2B776dM9cEB%2BGnq%2B%2BI3e4EHS5WXOrL77vedeqGzw1w%2BqwHXwUNK5V1eCVTlBzX6q%2BFUd9uey7nut6rldd4yruyuFyCYJnRx2v1nFrDb%2FmNRsYqv%2F32jjQ1AEbXJBnwNm0cuJcBo8mSJNvV2Pdz2X28puJETSXCgN2eDftp7JIkSzKrnLQTQ%2Fn05D6bO0hZHowows5%2BHcw5FPiPHqIMD2ck0Q42J%2FxDAXiFCF7EsVgglhMwOkEkbwHzs4IEDHc2ESaPLghVUG3%2F0FpiU5J5fGf4MWUVH6%2FjDT5ZkXwYfWOFCbnMtUYdi34cALemyAzx8h3LoEXx4jyT8DZz2T58QbSZH9TCwnO7Gx3zifg3QlEPALVDkz5cQem68BkDhJ2Xo08z2u5LKJuuxNFddaKw4C5Hm11Peq5QRsmKumNkGcjRGKESO0iU7vo8xGU%2BQF6y0IzBzqfEufWLgbMoogJCk1QUIKCExQ5QTGwB0xoX9sHTGgTevPsz3PdjmXe26MHMu%2FFKQFVIyhm97IL8nSpj%2FPhiYd%2BfF71Wj7rBG3XbzSbzXrcdps%2Bpd0w9kIWNKhXh%2BYWXF%2BarbzDp6T93G%2FISs%2F6FiE9hhbHiPhVUOOBFhZ0y2InPcp5um2UqCUy5GDSIssryLedPXFBnp85dLXyAeLo9PqjpVez8a9LiJRFpiw%2B5icEPXF%2FfFsWZP%2B2LDT5bjPLecJ3aOnenZzm8RNfvR1vF1Kx9VU9%2BvL1qATK8ujdWOcbNGU87Wny9QpnLFZrUkUx%2BX5dvxeHN43eWjEqNdnGzTfW1pNMxVpzmU5A%2BdnmX4j4lFReeHb2LJ%2F66Q9wNYEyFok5JfMAl8eIsl3obMFeSwIlFjNhdgmFsWPlh4tDwQlEvOhpaKH%2F04eLeqxoeZtyu6fvo6cqoPk9pInFQFkMhAUVI2izNM4zdXr9x8%2FL%2BAKhqIxDoSr7oVDis1LkuzOly9%2BtKbnySwOan1db9bpLg07Ta7Vo3AobfrsbeIxSvxH4QUDryPW0e2X7tb8BAAD%2F%2FwEAAP%2F%2F1g%2FuDXoEAAA%3D | 192.243.59.12 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAjLsCAoyKS7Z6ZnxkVWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENon%2BAi0wCiwTFzEUCmn%2FBg7B4lB4HRx90v%2FfqewXf%2B776dM9cEB%2BGnq%2B%2BI3e4EHS5WXOrL77vedeqGzw1w%2BqwHXwUNK5V1eCVTlBzX6q%2BFUd9uey7nut6rldd4yruyuFyCYJnRx2v1nFrDb%2FmNRsYqv%2F32jjQ1AEbXJBnwNm0cuJcBo8mSJNvV2Pdz2X28puJETSXCgN2eDftp7JIkSzKrnLQTQ%2Fn05D6bO0hZHowows5%2BHcw5FPiPHqIMD2ck0Q42J%2FxDAXiFCF7EsVgglhMwOkEkbwHzs4IEDHc2ESaPLghVUG3%2F0FpiU5J5fGf4MWUVH6%2FjDT5ZkXwYfWOFCbnMtUYdi34cALemyAzx8h3LoEXx4jyT8DZz2T58QbSZH9TCwnO7Gx3zifg3QlEPALVDkz5cQem68BkDhJ2Xo08z2u5LKJuuxNFddaKw4C5Hm11Peq5QRsmKumNkGcjRGKESO0iU7vo8xGU%2BQF6y0IzBzqfEufWLgbMoogJCk1QUIKCExQ5QTGwB0xoX9sHTGgTevPsz3PdjmXe26MHMu%2FFKQFVIyhm97IL8nSpj%2FPhiYd%2BfF71Wj7rBG3XbzSbzXrcdps%2Bpd0w9kIWNKhXh%2BYWXF%2BarbzDp6T93G%2FISs%2F6FiE9hhbHiPhVUOOBFhZ0y2InPcp5um2UqCUy5GDSIssryLedPXFBnp85dLXyAeLo9PqjpVez8a9LiJRFpiw%2B5icEPXF%2FfFsWZP%2B2LDT5bjPLecJ3aOnenZzm8RNfvR1vF1Kx9VU9%2BvL1qATK8ujdWOcbNGU87Wny9QpnLFZrUkUx%2BX5dvxeHN43eWjEqNdnGzTfW1pNMxVpzmU5A%2BdnmX4j4lFReeHb2LJ%2F66Q9wNYEyFok5JfMAl8eIsl3obMFeSwIlFjNhdgmFsWPlh4tDwQlEvOhpaKH%2F04eLeqxoeZtyu6fvo6cqoPk9pInFQFkMhAUVI2izNM4zdXr9x8%2FL%2BAKhqIxDoSr7oVDis1LkuzOly9%2BtKbnySwOan1db9bpLg07Ta7Vo3AobfrsbeIxSvxH4QUDryPW0e2X7tb8BAAD%2F%2FwEAAP%2F%2F1g%2FuDXoEAAA%3D IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAjLsCAoyKS7Z6ZnxkVWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENon%2BAi0wCiwTFzEUCmn%2FBg7B4lB4HRx90v%2FfqewXf%2B776dM9cEB%2BGnq%2B%2BI3e4EHS5WXOrL77vedeqGzw1w%2BqwHXwUNK5V1eCVTlBzX6q%2BFUd9uey7nut6rldd4yruyuFyCYJnRx2v1nFrDb%2FmNRsYqv%2F32jjQ1AEbXJBnwNm0cuJcBo8mSJNvV2Pdz2X28puJETSXCgN2eDftp7JIkSzKrnLQTQ%2Fn05D6bO0hZHowows5%2BHcw5FPiPHqIMD2ck0Q42J%2FxDAXiFCF7EsVgglhMwOkEkbwHzs4IEDHc2ESaPLghVUG3%2F0FpiU5J5fGf4MWUVH6%2FjDT5ZkXwYfWOFCbnMtUYdi34cALemyAzx8h3LoEXx4jyT8DZz2T58QbSZH9TCwnO7Gx3zifg3QlEPALVDkz5cQem68BkDhJ2Xo08z2u5LKJuuxNFddaKw4C5Hm11Peq5QRsmKumNkGcjRGKESO0iU7vo8xGU%2BQF6y0IzBzqfEufWLgbMoogJCk1QUIKCExQ5QTGwB0xoX9sHTGgTevPsz3PdjmXe26MHMu%2FFKQFVIyhm97IL8nSpj%2FPhiYd%2BfF71Wj7rBG3XbzSbzXrcdps%2Bpd0w9kIWNKhXh%2BYWXF%2BarbzDp6T93G%2FISs%2F6FiE9hhbHiPhVUOOBFhZ0y2InPcp5um2UqCUy5GDSIssryLedPXFBnp85dLXyAeLo9PqjpVez8a9LiJRFpiw%2B5icEPXF%2FfFsWZP%2B2LDT5bjPLecJ3aOnenZzm8RNfvR1vF1Kx9VU9%2BvL1qATK8ujdWOcbNGU87Wny9QpnLFZrUkUx%2BX5dvxeHN43eWjEqNdnGzTfW1pNMxVpzmU5A%2BdnmX4j4lFReeHb2LJ%2F66Q9wNYEyFok5JfMAl8eIsl3obMFeSwIlFjNhdgmFsWPlh4tDwQlEvOhpaKH%2F04eLeqxoeZtyu6fvo6cqoPk9pInFQFkMhAUVI2izNM4zdXr9x8%2FL%2BAKhqIxDoSr7oVDis1LkuzOly9%2BtKbnySwOan1db9bpLg07Ta7Vo3AobfrsbeIxSvxH4QUDryPW0e2X7tb8BAAD%2F%2FwEAAP%2F%2F1g%2FuDXoEAAA%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fbdea5b2025ffbf51268b09930d651e6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXucUL34sXoRlWBAUZNLdM9Mz4yKrMUaCcbMfLn5cpLqrZ1JOdVdT1TU9ySm4IHucgxc9VZ5JNqhB9Ae4yCSwSFDMXCSg%2BQlehMWj9Dg4%2BkK9H%2FW8Bc%2F7PvXpnrkgPgw9X31H7nAh6HKz5lZffN%2FzrlU3eGqG1WE7%2BChoXKuqwSudoOa%2BVH0rjvpy2Xc91%2FVcr7rGVdyVw%2BUSBM%2BOOl6t49Yafs1rNjBU%2F6%2B1caCpAza4IM%2BAs2nlxLkMHk2QJt%2Buxrqfy%2BzlNxMjaC4VBuzwbtpPZZEiWaRd5aCbHs67IfXZ2kPI9GBGF3Lwb2PIp8R59BBhejgniXCwP%2BMZCsQpQvYkisEEsZiA0wkieQ%2BcnREgYrixiTR5cEOqgm7%2Fg9ISnZLK4z%2FBiymp%2FH4ZafLNiuDD6h0pTM5lqjHsWvDhBLw3QWaOke9cAi%2BOEeWfgLOfyfLjDaTJ%2FqYWEpzZ2eycT8C7E4h4BKodmPJwB6brwGQOEnZejTzPa7ksom67E0V11orDgLkebXU96rlBGyYq6Y2QZyNEYoRI7SJTu%2BjzEZT5AXrLQjMHOp8S59YuBsyiiAkKTVBQgoITFDlBMbAHTGhf2wdMaBN68%2BjPY92OZd7bowcy78UpAVUjKGb3sgvydLkf58MTD%2F34vOq1fNYJ2q7faDab9bjtNn1Ku2HshSxoUK8OzS24vjQbeYdPSfu535CVmvUtQnoMLY4R8augxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8P1PoauUu4uj0%2BqOlV7Pxr0uIlEWmLD7mJwQ9cX98WxZk%2F7YsNPluM8t5wndoqd6dnObxE1%2B9HW8XUrH1VT368vWoBMr06N1Y5xs0ZTztafL1CmcsVmtSRTH5fl2%2FF4c3jd5aMSo12cbNN9bWk0zFWnOZTkD52eZfiPiUVF54dvYtn%2FrpD3A1gTIWiTklcwOXx4iyXehswV5LAiUWPWHmoDB2rPxwcSk4gYgXNQ0t9H%2FqcJGPFS1fU2739H30VAU0v4c0sRgoi4GwoGIEbZbGeaZOr%2F%2F4eWlfIBSVcShUZT8USnw2W3LpPijdrSm58ksDmp9XW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1tHtl%2B7W%2FAQAA%2F%2F8BAAD%2F%2F4YrAvV6BAAA | 192.243.59.12 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXucUL34sXoRlWBAUZNLdM9Mz4yKrMUaCcbMfLn5cpLqrZ1JOdVdT1TU9ySm4IHucgxc9VZ5JNqhB9Ae4yCSwSFDMXCSg%2BQlehMWj9Dg4%2BkK9H%2FW8Bc%2F7PvXpnrkgPgw9X31H7nAh6HKz5lZffN%2FzrlU3eGqG1WE7%2BChoXKuqwSudoOa%2BVH0rjvpy2Xc91%2FVcr7rGVdyVw%2BUSBM%2BOOl6t49Yafs1rNjBU%2F6%2B1caCpAza4IM%2BAs2nlxLkMHk2QJt%2Buxrqfy%2BzlNxMjaC4VBuzwbtpPZZEiWaRd5aCbHs67IfXZ2kPI9GBGF3Lwb2PIp8R59BBhejgniXCwP%2BMZCsQpQvYkisEEsZiA0wkieQ%2BcnREgYrixiTR5cEOqgm7%2Fg9ISnZLK4z%2FBiymp%2FH4ZafLNiuDD6h0pTM5lqjHsWvDhBLw3QWaOke9cAi%2BOEeWfgLOfyfLjDaTJ%2FqYWEpzZ2eycT8C7E4h4BKodmPJwB6brwGQOEnZejTzPa7ksom67E0V11orDgLkebXU96rlBGyYq6Y2QZyNEYoRI7SJTu%2BjzEZT5AXrLQjMHOp8S59YuBsyiiAkKTVBQgoITFDlBMbAHTGhf2wdMaBN68%2BjPY92OZd7bowcy78UpAVUjKGb3sgvydLkf58MTD%2F34vOq1fNYJ2q7faDab9bjtNn1Ku2HshSxoUK8OzS24vjQbeYdPSfu535CVmvUtQnoMLY4R8augxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8P1PoauUu4uj0%2BqOlV7Pxr0uIlEWmLD7mJwQ9cX98WxZk%2F7YsNPluM8t5wndoqd6dnObxE1%2B9HW8XUrH1VT368vWoBMr06N1Y5xs0ZTztafL1CmcsVmtSRTH5fl2%2FF4c3jd5aMSo12cbNN9bWk0zFWnOZTkD52eZfiPiUVF54dvYtn%2FrpD3A1gTIWiTklcwOXx4iyXehswV5LAiUWPWHmoDB2rPxwcSk4gYgXNQ0t9H%2FqcJGPFS1fU2739H30VAU0v4c0sRgoi4GwoGIEbZbGeaZOr%2F%2F4eWlfIBSVcShUZT8USnw2W3LpPijdrSm58ksDmp9XW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1tHtl%2B7W%2FAQAA%2F%2F8BAAD%2F%2F4YrAvV6BAAA IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXucUL34sXoRlWBAUZNLdM9Mz4yKrMUaCcbMfLn5cpLqrZ1JOdVdT1TU9ySm4IHucgxc9VZ5JNqhB9Ae4yCSwSFDMXCSg%2BQlehMWj9Dg4%2BkK9H%2FW8Bc%2F7PvXpnrkgPgw9X31H7nAh6HKz5lZffN%2FzrlU3eGqG1WE7%2BChoXKuqwSudoOa%2BVH0rjvpy2Xc91%2FVcr7rGVdyVw%2BUSBM%2BOOl6t49Yafs1rNjBU%2F6%2B1caCpAza4IM%2BAs2nlxLkMHk2QJt%2Buxrqfy%2BzlNxMjaC4VBuzwbtpPZZEiWaRd5aCbHs67IfXZ2kPI9GBGF3Lwb2PIp8R59BBhejgniXCwP%2BMZCsQpQvYkisEEsZiA0wkieQ%2BcnREgYrixiTR5cEOqgm7%2Fg9ISnZLK4z%2FBiymp%2FH4ZafLNiuDD6h0pTM5lqjHsWvDhBLw3QWaOke9cAi%2BOEeWfgLOfyfLjDaTJ%2FqYWEpzZ2eycT8C7E4h4BKodmPJwB6brwGQOEnZejTzPa7ksom67E0V11orDgLkebXU96rlBGyYq6Y2QZyNEYoRI7SJTu%2BjzEZT5AXrLQjMHOp8S59YuBsyiiAkKTVBQgoITFDlBMbAHTGhf2wdMaBN68%2BjPY92OZd7bowcy78UpAVUjKGb3sgvydLkf58MTD%2F34vOq1fNYJ2q7faDab9bjtNn1Ku2HshSxoUK8OzS24vjQbeYdPSfu535CVmvUtQnoMLY4R8augxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8P1PoauUu4uj0%2BqOlV7Pxr0uIlEWmLD7mJwQ9cX98WxZk%2F7YsNPluM8t5wndoqd6dnObxE1%2B9HW8XUrH1VT368vWoBMr06N1Y5xs0ZTztafL1CmcsVmtSRTH5fl2%2FF4c3jd5aMSo12cbNN9bWk0zFWnOZTkD52eZfiPiUVF54dvYtn%2FrpD3A1gTIWiTklcwOXx4iyXehswV5LAiUWPWHmoDB2rPxwcSk4gYgXNQ0t9H%2FqcJGPFS1fU2739H30VAU0v4c0sRgoi4GwoGIEbZbGeaZOr%2F%2F4eWlfIBSVcShUZT8USnw2W3LpPijdrSm58ksDmp9XW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1tHtl%2B7W%2FAQAA%2F%2F8BAAD%2F%2F4YrAvV6BAAA HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5e621a03b7fc9a0b351b6d34554d4af0
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg | 45.133.44.10 | 200 OK | 24 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hashd71c872fb9f50bd9383abc0721d1d51e 1f69b40ef2f95798b4e0fd738d630ad4319cd739 6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08
GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg | 45.133.44.10 | 200 OK | 32 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3 Hash3528385dd0c31dbd2e5bfc4af7a6bec5 832c580ffd7711115d6c036ab4232f5bd88480a4 bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75
GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg | 45.133.44.10 | 200 OK | 28 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash1dcde64d47d24d151a1433ecf4403dd7 443d6704b5a294e000084d7a8ac823e526093928 d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376
GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg | 45.133.44.10 | 200 OK | 23 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash9a2dc4fe2ebb70df2dfb1566d22970b8 b85a5f4ef7bd68b834d03d8b9a552e2e546e8701 1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd
GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg | 45.133.44.10 | 200 OK | 25 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, baseline, precision 8, 320x50, components 3 Hashd465d02b90e928dfd9d9846e102a9dac 22f7333777bec813bd9a7b870913a2b79b6d2fe4 e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXue0gqAuXoRlWBBUZNLdM9Mz4yLRGLME42Z%2FuPjjItVdPZNyqruaqq7pyXgJLsge5%2BBFT5Vvkg1qWPQPcJFJYJGAmLlIQAP%2BDcLiUXo2GH1Q70d9r%2BB776svts0p8WHoyfJ7csSFoAvNmlt9%2BUPPu1pd46kZVoft4JOgcbWqBq93gpr7SvVaHPXlgu96ruu5XnWFq7grhwslCJ7td7xax601%2FJrXbGCo%2Fl9r40BTB2xwSp4DZ7PKoXMJPJoiTb5fjnU%2Fl9lr7yRG0FwqDNjenbSfyiJFcp52lYNuunfWDamPVx5CprtzupCDfxtDPiPOo4cI070zkggHO3OeoUCcImRPoxhMEYspOJ0iknfB2TEBIobr60iT%2B9elKujmE5SW6IxUHv8FXsxI5Y9LSJMHS4IPq7elMDmXqcawa8GHU%2FDeFJk5QD66AF4cIMo%2FB2e%2FkIXHa0iTnXUtJDiz89k5n4J3pxDxGFQ7MOXhDkzXgckcJOykGnme13JZRN12J4rqrBWHAXM92up61HODNkxU0hsjz8aIxBiR2kKmttDnYyjzE%2FSGhWYOdD4jzs0tDJhFERMUmqCgBAUnKHKCYmB3mdC%2BtveZ0Cb0zqJ%2FFut2IvPeNt2VeS9OCagaQzG7nZ2SZ8v9OB8feujHJ1Wv5bNO0Hb9RrPZrMdtt%2BlT2g1jL2RBg3p1aG7B9YX5yCM%2BI%2B0XfkdWata3COkBtDhAxK%2BAGg%2B0sKAbFqN0P%2BfpplGilsiQg0mLLK8g33S2xSl5ca7Q5V8biKOjxUcX38gmv11EpCwyZfEpPyToiXuTW7IgO7dkockP61nOEz6ipXq3c5rHT337brxZSMVWl%2FX4m7eiEijT%2Ffdjna%2FRlPG0p8l3S5yxWK1IFcXkx1X9QRzeMHpjyajUZGs33l5ZTTIVa81lOgXlx%2Bt%2FI%2BIzUnnp%2Bfm3fOb4VXA1hTIWiTkiZwYuDxBlW9DZ0WI%2B%2BvPag0ufQUsCJc57wqyCwtiJ8sPzS8EJRHxe09BC%2F6cOz%2FOJouVryu22voeeqoDmd5EmFgNlMRAWVIyhzcVJnqmjxZ%2B%2FKu1rhKIyCYWq7IRCiS9n5ErlTuk%2BKt3NJzvX%2FKTaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR65n3cubb%2F4DAAD%2F%2FwEAAP%2F%2FS3ZI%2FHoEAAA%3D | 192.243.59.12 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXue0gqAuXoRlWBBUZNLdM9Mz4yLRGLME42Z%2FuPjjItVdPZNyqruaqq7pyXgJLsge5%2BBFT5Vvkg1qWPQPcJFJYJGAmLlIQAP%2BDcLiUXo2GH1Q70d9r%2BB776svts0p8WHoyfJ7csSFoAvNmlt9%2BUPPu1pd46kZVoft4JOgcbWqBq93gpr7SvVaHPXlgu96ruu5XnWFq7grhwslCJ7td7xax601%2FJrXbGCo%2Fl9r40BTB2xwSp4DZ7PKoXMJPJoiTb5fjnU%2Fl9lr7yRG0FwqDNjenbSfyiJFcp52lYNuunfWDamPVx5CprtzupCDfxtDPiPOo4cI070zkggHO3OeoUCcImRPoxhMEYspOJ0iknfB2TEBIobr60iT%2B9elKujmE5SW6IxUHv8FXsxI5Y9LSJMHS4IPq7elMDmXqcawa8GHU%2FDeFJk5QD66AF4cIMo%2FB2e%2FkIXHa0iTnXUtJDiz89k5n4J3pxDxGFQ7MOXhDkzXgckcJOykGnme13JZRN12J4rqrBWHAXM92up61HODNkxU0hsjz8aIxBiR2kKmttDnYyjzE%2FSGhWYOdD4jzs0tDJhFERMUmqCgBAUnKHKCYmB3mdC%2BtveZ0Cb0zqJ%2FFut2IvPeNt2VeS9OCagaQzG7nZ2SZ8v9OB8feujHJ1Wv5bNO0Hb9RrPZrMdtt%2BlT2g1jL2RBg3p1aG7B9YX5yCM%2BI%2B0XfkdWata3COkBtDhAxK%2BAGg%2B0sKAbFqN0P%2BfpplGilsiQg0mLLK8g33S2xSl5ca7Q5V8biKOjxUcX38gmv11EpCwyZfEpPyToiXuTW7IgO7dkockP61nOEz6ipXq3c5rHT337brxZSMVWl%2FX4m7eiEijT%2Ffdjna%2FRlPG0p8l3S5yxWK1IFcXkx1X9QRzeMHpjyajUZGs33l5ZTTIVa81lOgXlx%2Bt%2FI%2BIzUnnp%2Bfm3fOb4VXA1hTIWiTkiZwYuDxBlW9DZ0WI%2B%2BvPag0ufQUsCJc57wqyCwtiJ8sPzS8EJRHxe09BC%2F6cOz%2FOJouVryu22voeeqoDmd5EmFgNlMRAWVIyhzcVJnqmjxZ%2B%2FKu1rhKIyCYWq7IRCiS9n5ErlTuk%2BKt3NJzvX%2FKTaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR65n3cubb%2F4DAAD%2F%2FwEAAP%2F%2FS3ZI%2FHoEAAA%3D IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXue0gqAuXoRlWBBUZNLdM9Mz4yLRGLME42Z%2FuPjjItVdPZNyqruaqq7pyXgJLsge5%2BBFT5Vvkg1qWPQPcJFJYJGAmLlIQAP%2BDcLiUXo2GH1Q70d9r%2BB776svts0p8WHoyfJ7csSFoAvNmlt9%2BUPPu1pd46kZVoft4JOgcbWqBq93gpr7SvVaHPXlgu96ruu5XnWFq7grhwslCJ7td7xax601%2FJrXbGCo%2Fl9r40BTB2xwSp4DZ7PKoXMJPJoiTb5fjnU%2Fl9lr7yRG0FwqDNjenbSfyiJFcp52lYNuunfWDamPVx5CprtzupCDfxtDPiPOo4cI070zkggHO3OeoUCcImRPoxhMEYspOJ0iknfB2TEBIobr60iT%2B9elKujmE5SW6IxUHv8FXsxI5Y9LSJMHS4IPq7elMDmXqcawa8GHU%2FDeFJk5QD66AF4cIMo%2FB2e%2FkIXHa0iTnXUtJDiz89k5n4J3pxDxGFQ7MOXhDkzXgckcJOykGnme13JZRN12J4rqrBWHAXM92up61HODNkxU0hsjz8aIxBiR2kKmttDnYyjzE%2FSGhWYOdD4jzs0tDJhFERMUmqCgBAUnKHKCYmB3mdC%2BtveZ0Cb0zqJ%2FFut2IvPeNt2VeS9OCagaQzG7nZ2SZ8v9OB8feujHJ1Wv5bNO0Hb9RrPZrMdtt%2BlT2g1jL2RBg3p1aG7B9YX5yCM%2BI%2B0XfkdWata3COkBtDhAxK%2BAGg%2B0sKAbFqN0P%2BfpplGilsiQg0mLLK8g33S2xSl5ca7Q5V8biKOjxUcX38gmv11EpCwyZfEpPyToiXuTW7IgO7dkockP61nOEz6ipXq3c5rHT337brxZSMVWl%2FX4m7eiEijT%2Ffdjna%2FRlPG0p8l3S5yxWK1IFcXkx1X9QRzeMHpjyajUZGs33l5ZTTIVa81lOgXlx%2Bt%2FI%2BIzUnnp%2Bfm3fOb4VXA1hTIWiTkiZwYuDxBlW9DZ0WI%2B%2BvPag0ufQUsCJc57wqyCwtiJ8sPzS8EJRHxe09BC%2F6cOz%2FOJouVryu22voeeqoDmd5EmFgNlMRAWVIyhzcVJnqmjxZ%2B%2FKu1rhKIyCYWq7IRCiS9n5ErlTuk%2BKt3NJzvX%2FKTaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR65n3cubb%2F4DAAD%2F%2FwEAAP%2F%2FS3ZI%2FHoEAAA%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 09820145f09cba255f40fd4601abcacf
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivXucULz4WL8IyLAgKMumed1xkNcZIMG724eLjIvXqSTnVXU1V9%2FQkp%2BCC7HEOXvTU%2BU2yQQ2if4CLTAKLBMXMRQKaP8GLsHiUHoOjH9T3qN9X8Pu%2BX326m52TOjJ6tvKO2VZa08VWza%2B%2B%2BH4QXKuuqzgbVofd9kft5rWqHbyy1K75L1XfkrxvFut%2B4PuBH1RXlZWhGS6WIFRyuBTUlvxas14LWk0M7f9rl3lw1IMYnJNnoMS0cuxdhuITxNG3K9L1U5O8%2FGaUaZoai4E4uBv3Y5PHiOZpaD2E8cFFN4w7XX0IE%2B%2FP6MIM%2Fm1kakq8Rw%2FB4oMLkmCDvRlPpiFjMPEk8sEEUk%2Bg6ATc3IMSpwTgAjc2EEcPbhib061%2FUFqiU1J5%2FCdUPiWV3y8jjr5Z1mpYvWN0lioTOwzDAmo4gepNkGRHSLcvQeVH4OknUOJnsvh4HXG0t%2BG0gRLFbHalJlDhBFqOQJ2HrDzKQxZ6yBIPkTir8iAIOr7g1O8ucd4QHcnawg9oJwxo4Le7yHhJb4Q0GYHrEbjdQWJ30Fcj2OwHuM0CTnhw6ZR4t3YwEAVySZA7gpwS5IogTwnyQbEvtKu74oHQLmPBRaxfxEYxNmlvl%2B6btCdjAmpHsKLYTc7J0%2BV%2BvA%2BPA%2FTlWTXo1MVSu%2BvXm61WqyG7fqtOachkwES7SYMGnCqg3KXZyNtqSrrP%2FYak1KxfgNEjOH0Erq6CZgFoXoBuFtiOD1MVb2VW1yLDFIQpkKQVpFverj4nz88Uulq5C8lPrj9aeDUZ%2F7oAbgsktsDH6pigp%2B%2BPb5uc7N02uSPfbSSpitQ2LdW7k9JUPvHV23IrN1asrbjRl6%2FzEijTw3elS9dpLFTcc%2BTrZSWEtKvGckm%2BX3PvSXYzc5vLmY2zZP3mG6trUWKlc8rEE1B1uvEXuJqSygvPzr7lUz%2F9AWUnsFmBKDshFwZljsCTHbhkzt4ZAqvnPSzxkGfF2NbZ%2FFIrAi3nNWUF3H9qNs%2FHlpavqSp23X30bAU0vYc4KjCwBQa6ANUjuGxhnCb25PqPn5f2BZiujJm2lT2mrf5stuTSfVC6W1Ny5ZcmnDqrNnzRYTKUHSabrWYouWCtFvN5yFlDdLscqZuGV7Ze%2BxsAAP%2F%2FAQAA%2F%2F8G%2F9cdegQAAA%3D%3D | 192.243.59.12 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivXucULz4WL8IyLAgKMumed1xkNcZIMG724eLjIvXqSTnVXU1V9%2FQkp%2BCC7HEOXvTU%2BU2yQQ2if4CLTAKLBMXMRQKaP8GLsHiUHoOjH9T3qN9X8Pu%2BX326m52TOjJ6tvKO2VZa08VWza%2B%2B%2BH4QXKuuqzgbVofd9kft5rWqHbyy1K75L1XfkrxvFut%2B4PuBH1RXlZWhGS6WIFRyuBTUlvxas14LWk0M7f9rl3lw1IMYnJNnoMS0cuxdhuITxNG3K9L1U5O8%2FGaUaZoai4E4uBv3Y5PHiOZpaD2E8cFFN4w7XX0IE%2B%2FP6MIM%2Fm1kakq8Rw%2FB4oMLkmCDvRlPpiFjMPEk8sEEUk%2Bg6ATc3IMSpwTgAjc2EEcPbhib061%2FUFqiU1J5%2FCdUPiWV3y8jjr5Z1mpYvWN0lioTOwzDAmo4gepNkGRHSLcvQeVH4OknUOJnsvh4HXG0t%2BG0gRLFbHalJlDhBFqOQJ2HrDzKQxZ6yBIPkTir8iAIOr7g1O8ucd4QHcnawg9oJwxo4Le7yHhJb4Q0GYHrEbjdQWJ30Fcj2OwHuM0CTnhw6ZR4t3YwEAVySZA7gpwS5IogTwnyQbEvtKu74oHQLmPBRaxfxEYxNmlvl%2B6btCdjAmpHsKLYTc7J0%2BV%2BvA%2BPA%2FTlWTXo1MVSu%2BvXm61WqyG7fqtOachkwES7SYMGnCqg3KXZyNtqSrrP%2FYak1KxfgNEjOH0Erq6CZgFoXoBuFtiOD1MVb2VW1yLDFIQpkKQVpFverj4nz88Uulq5C8lPrj9aeDUZ%2F7oAbgsktsDH6pigp%2B%2BPb5uc7N02uSPfbSSpitQ2LdW7k9JUPvHV23IrN1asrbjRl6%2FzEijTw3elS9dpLFTcc%2BTrZSWEtKvGckm%2BX3PvSXYzc5vLmY2zZP3mG6trUWKlc8rEE1B1uvEXuJqSygvPzr7lUz%2F9AWUnsFmBKDshFwZljsCTHbhkzt4ZAqvnPSzxkGfF2NbZ%2FFIrAi3nNWUF3H9qNs%2FHlpavqSp23X30bAU0vYc4KjCwBQa6ANUjuGxhnCb25PqPn5f2BZiujJm2lT2mrf5stuTSfVC6W1Ny5ZcmnDqrNnzRYTKUHSabrWYouWCtFvN5yFlDdLscqZuGV7Ze%2BxsAAP%2F%2FAQAA%2F%2F8G%2F9cdegQAAA%3D%3D IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivXucULz4WL8IyLAgKMumed1xkNcZIMG724eLjIvXqSTnVXU1V9%2FQkp%2BCC7HEOXvTU%2BU2yQQ2if4CLTAKLBMXMRQKaP8GLsHiUHoOjH9T3qN9X8Pu%2BX326m52TOjJ6tvKO2VZa08VWza%2B%2B%2BH4QXKuuqzgbVofd9kft5rWqHbyy1K75L1XfkrxvFut%2B4PuBH1RXlZWhGS6WIFRyuBTUlvxas14LWk0M7f9rl3lw1IMYnJNnoMS0cuxdhuITxNG3K9L1U5O8%2FGaUaZoai4E4uBv3Y5PHiOZpaD2E8cFFN4w7XX0IE%2B%2FP6MIM%2Fm1kakq8Rw%2FB4oMLkmCDvRlPpiFjMPEk8sEEUk%2Bg6ATc3IMSpwTgAjc2EEcPbhib061%2FUFqiU1J5%2FCdUPiWV3y8jjr5Z1mpYvWN0lioTOwzDAmo4gepNkGRHSLcvQeVH4OknUOJnsvh4HXG0t%2BG0gRLFbHalJlDhBFqOQJ2HrDzKQxZ6yBIPkTir8iAIOr7g1O8ucd4QHcnawg9oJwxo4Le7yHhJb4Q0GYHrEbjdQWJ30Fcj2OwHuM0CTnhw6ZR4t3YwEAVySZA7gpwS5IogTwnyQbEvtKu74oHQLmPBRaxfxEYxNmlvl%2B6btCdjAmpHsKLYTc7J0%2BV%2BvA%2BPA%2FTlWTXo1MVSu%2BvXm61WqyG7fqtOachkwES7SYMGnCqg3KXZyNtqSrrP%2FYak1KxfgNEjOH0Erq6CZgFoXoBuFtiOD1MVb2VW1yLDFIQpkKQVpFverj4nz88Uulq5C8lPrj9aeDUZ%2F7oAbgsktsDH6pigp%2B%2BPb5uc7N02uSPfbSSpitQ2LdW7k9JUPvHV23IrN1asrbjRl6%2FzEijTw3elS9dpLFTcc%2BTrZSWEtKvGckm%2BX3PvSXYzc5vLmY2zZP3mG6trUWKlc8rEE1B1uvEXuJqSygvPzr7lUz%2F9AWUnsFmBKDshFwZljsCTHbhkzt4ZAqvnPSzxkGfF2NbZ%2FFIrAi3nNWUF3H9qNs%2FHlpavqSp23X30bAU0vYc4KjCwBQa6ANUjuGxhnCb25PqPn5f2BZiujJm2lT2mrf5stuTSfVC6W1Ny5ZcmnDqrNnzRYTKUHSabrWYouWCtFvN5yFlDdLscqZuGV7Ze%2BxsAAP%2F%2FAQAA%2F%2F8G%2F9cdegQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b4c6cd04072d37b00df8ed6f09658208
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| continuousselfevidentinestimable.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 | 172.240.108.68 | 200 OK | 7.7 kB |
URL GET HTTP/1.1continuousselfevidentinestimable.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hash354417de95d37abe1c1bf9e26aa9399e b0c6f4f212042637978c0dc01519fc25c892ec16 a78dd4405a9cc1687728d6737f06b3425f0a0940dbd197025488fab7e53e41de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22735548,22725757; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; expires=Tue, 23 Apr 2024 13:12:33 GMT; secure; SameSite=None
uncs=2; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c50f2255bc4a6627c50dfb9afba88ddb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| continuousselfevidentinestimable.com/watch.1020138311504.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=0d80d6f96ec0e118db95fb40888837f15ac97bf05d08e90ee615d9115717f321273b3e54cd0e160f1379bab0d41163ec1c67397ad0eba3eb70b71fcb0f34e7f96185f61e4904f136886089d64c8928559cd579884446b20a2c962488c1e3&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 | 172.240.127.234 | 200 OK | 2.0 kB |
URL GET HTTP/1.1continuousselfevidentinestimable.com/watch.1020138311504.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=0d80d6f96ec0e118db95fb40888837f15ac97bf05d08e90ee615d9115717f321273b3e54cd0e160f1379bab0d41163ec1c67397ad0eba3eb70b71fcb0f34e7f96185f61e4904f136886089d64c8928559cd579884446b20a2c962488c1e3&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 IP172.240.127.234:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
File typeJavaScript source, ASCII text, with very long lines (2476) Hashc97631bb2be1c0680190c2ba562690f9 e33015e9f33aab6acc5f62349363d3e647b0dad5 34ed753cfda24400e16df25b43849480c437c8248bd21c737862f4941a6b1307
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1020138311504.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273212&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=0d80d6f96ec0e118db95fb40888837f15ac97bf05d08e90ee615d9115717f321273b3e54cd0e160f1379bab0d41163ec1c67397ad0eba3eb70b71fcb0f34e7f96185f61e4904f136886089d64c8928559cd579884446b20a2c962488c1e3&tz=0&uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; expires=Tue, 23 Apr 2024 13:12:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 17 Apr 2024 13:12:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 77c4e0601d68292cb54a22bad5f6a44a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/f4/5d/a9/f45da9217a040f710ab7e6eb63f725f9/1708072373.png | 45.133.44.10 | 200 OK | 55 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f4/5d/a9/f45da9217a040f710ab7e6eb63f725f9/1708072373.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hash1a32ad655fade33771fc11663348e89c 556c19aab477a000d35caf3172e0bf98a14d56af 51cad869f8092caf3c3cb629eec029a57c38a4917388475f6da5bed9221cecaa
GET /cti/f4/5d/a9/f45da9217a040f710ab7e6eb63f725f9/1708072373.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/png
content-length: 55084
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:33:01 GMT
etag: "65cf1dbd-d72c"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| continuousselfevidentinestimable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS32scVRS%2Bs82bICjFl6Is4kMFk8zMbmZ37UNprZFgbGpbUXyR%2B2uT696ZO9w7d2cTEIsV6ePqXzD7JU39UaR9FSyyKfhQELo%2BBTQv%2FgeKfZbZBqPnYc53vu8MfOfc88XEH5EYnh5eesfsKK3p8spS2Dz7QRSda66rzI%2Bao27yUdI%2B17TD13vJUvhq8y3JB2Y5DqMwjMKouaqs7JvRci1C5Xd70VIvXGrHS9FKGyP7%2F9r5BhwNIIZH5HkoMVt4GJyG4lNk6b1L0g0Kk7%2F2Zuo1LYzFUNx5LxtkpsyQnsC%2BDdDP7hx3w7jHqw9gsttzuzDDfxuZmpHg5wdg2Z1jk2DDvblPpiEzMPEMyuEUUk%2Bh6BTc3IQSjwnABS5vIEv3Lxtb0u2nKq3VGVl48hdUOSMLv59Gln5%2FUatR85rRvlAmcxj1K6jRFGpzitwfoNhpQJUH4MVnUOIXsvxkHVm6t%2BG0gRKHr8SUskR0osWVSPQW2zHji6zTjhe7SdijLdbuMibnC1JqCtWfQssvZyTZ%2BRvUnYJ3AbwK4PsBfB4gFYdNHkVRJxScht0e5y3RkSwRYUQ7%2FYhGYdKF5%2FUgYxT5GFyPwe3n%2B7nYKgbDvcJ6uecz7ibR10%2BpVjwn92uyFU8i5PYGBmoM63%2BC26rgRAOumJHg3U8xFBVKSVA6gpISlIqgLAjKYXVbaBe7al9o51l0nOPj3Kp2TbE5obdNsSkzAmrHsKKa5EfkuXrnwYcPP8FAHjZbLS57stfjEevXiMWi3aW9aEWwlSRuczhVQbkGqAuwo2ak%2B8JvyOs7GFRg9ABOH4Crl0H9i6BlBbpVYSe7W6hs21u9lBqmIEyFvFhAsR1M9BE5M3%2F1tY37kPzR%2BT9a8wC3FXJb4WP1kGBT39q9akqyd9WUjtzfyAuVqh1aX8S1ghby1Ldvy%2B3SWLF2yY2%2FucBroYZ3r0tXrNNMqGzTke8uKiGkXTWWS%2FLjmntfsivebV30NvP5%2BpU3VtfS3ErnlMmmoPVQf1pwNSPPnrk%2BP%2FazP1yBslNYXyH1j8hxQJkpeH4DLj%2Fx7wyB1Sc9LA9Q%2BmrXxuyE1IpAy5OasgruPzU7wbuW1n9TVU3cLWzaBmhxE1laYWgrDHUFqsdw%2FtRukdtH5389tsF0Y5dp29hj2uqv5muuP%2Ffg1GGz02qFNOmtRJ0OlR3Wjrv9JBKUxu0kThLaQuFm%2FZe2L%2FwDAAD%2F%2FwEAAP%2F%2FzCL3xMYEAAA%3D | 172.240.108.68 | 200 OK | 7 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS32scVRS%2Bs82bICjFl6Is4kMFk8zMbmZ37UNprZFgbGpbUXyR%2B2uT696ZO9w7d2cTEIsV6ePqXzD7JU39UaR9FSyyKfhQELo%2BBTQv%2FgeKfZbZBqPnYc53vu8MfOfc88XEH5EYnh5eesfsKK3p8spS2Dz7QRSda66rzI%2Bao27yUdI%2B17TD13vJUvhq8y3JB2Y5DqMwjMKouaqs7JvRci1C5Xd70VIvXGrHS9FKGyP7%2F9r5BhwNIIZH5HkoMVt4GJyG4lNk6b1L0g0Kk7%2F2Zuo1LYzFUNx5LxtkpsyQnsC%2BDdDP7hx3w7jHqw9gsttzuzDDfxuZmpHg5wdg2Z1jk2DDvblPpiEzMPEMyuEUUk%2Bh6BTc3IQSjwnABS5vIEv3Lxtb0u2nKq3VGVl48hdUOSMLv59Gln5%2FUatR85rRvlAmcxj1K6jRFGpzitwfoNhpQJUH4MVnUOIXsvxkHVm6t%2BG0gRKHr8SUskR0osWVSPQW2zHji6zTjhe7SdijLdbuMibnC1JqCtWfQssvZyTZ%2BRvUnYJ3AbwK4PsBfB4gFYdNHkVRJxScht0e5y3RkSwRYUQ7%2FYhGYdKF5%2FUgYxT5GFyPwe3n%2B7nYKgbDvcJ6uecz7ibR10%2BpVjwn92uyFU8i5PYGBmoM63%2BC26rgRAOumJHg3U8xFBVKSVA6gpISlIqgLAjKYXVbaBe7al9o51l0nOPj3Kp2TbE5obdNsSkzAmrHsKKa5EfkuXrnwYcPP8FAHjZbLS57stfjEevXiMWi3aW9aEWwlSRuczhVQbkGqAuwo2ak%2B8JvyOs7GFRg9ABOH4Crl0H9i6BlBbpVYSe7W6hs21u9lBqmIEyFvFhAsR1M9BE5M3%2F1tY37kPzR%2BT9a8wC3FXJb4WP1kGBT39q9akqyd9WUjtzfyAuVqh1aX8S1ghby1Ldvy%2B3SWLF2yY2%2FucBroYZ3r0tXrNNMqGzTke8uKiGkXTWWS%2FLjmntfsivebV30NvP5%2BpU3VtfS3ErnlMmmoPVQf1pwNSPPnrk%2BP%2FazP1yBslNYXyH1j8hxQJkpeH4DLj%2Fx7wyB1Sc9LA9Q%2BmrXxuyE1IpAy5OasgruPzU7wbuW1n9TVU3cLWzaBmhxE1laYWgrDHUFqsdw%2FtRukdtH5389tsF0Y5dp29hj2uqv5muuP%2Ffg1GGz02qFNOmtRJ0OlR3Wjrv9JBKUxu0kThLaQuFm%2FZe2L%2FwDAAD%2F%2FwEAAP%2F%2FzCL3xMYEAAA%3D IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RS32scVRS%2Bs82bICjFl6Is4kMFk8zMbmZ37UNprZFgbGpbUXyR%2B2uT696ZO9w7d2cTEIsV6ePqXzD7JU39UaR9FSyyKfhQELo%2BBTQv%2FgeKfZbZBqPnYc53vu8MfOfc88XEH5EYnh5eesfsKK3p8spS2Dz7QRSda66rzI%2Bao27yUdI%2B17TD13vJUvhq8y3JB2Y5DqMwjMKouaqs7JvRci1C5Xd70VIvXGrHS9FKGyP7%2F9r5BhwNIIZH5HkoMVt4GJyG4lNk6b1L0g0Kk7%2F2Zuo1LYzFUNx5LxtkpsyQnsC%2BDdDP7hx3w7jHqw9gsttzuzDDfxuZmpHg5wdg2Z1jk2DDvblPpiEzMPEMyuEUUk%2Bh6BTc3IQSjwnABS5vIEv3Lxtb0u2nKq3VGVl48hdUOSMLv59Gln5%2FUatR85rRvlAmcxj1K6jRFGpzitwfoNhpQJUH4MVnUOIXsvxkHVm6t%2BG0gRKHr8SUskR0osWVSPQW2zHji6zTjhe7SdijLdbuMibnC1JqCtWfQssvZyTZ%2BRvUnYJ3AbwK4PsBfB4gFYdNHkVRJxScht0e5y3RkSwRYUQ7%2FYhGYdKF5%2FUgYxT5GFyPwe3n%2B7nYKgbDvcJ6uecz7ibR10%2BpVjwn92uyFU8i5PYGBmoM63%2BC26rgRAOumJHg3U8xFBVKSVA6gpISlIqgLAjKYXVbaBe7al9o51l0nOPj3Kp2TbE5obdNsSkzAmrHsKKa5EfkuXrnwYcPP8FAHjZbLS57stfjEevXiMWi3aW9aEWwlSRuczhVQbkGqAuwo2ak%2B8JvyOs7GFRg9ABOH4Crl0H9i6BlBbpVYSe7W6hs21u9lBqmIEyFvFhAsR1M9BE5M3%2F1tY37kPzR%2BT9a8wC3FXJb4WP1kGBT39q9akqyd9WUjtzfyAuVqh1aX8S1ghby1Ldvy%2B3SWLF2yY2%2FucBroYZ3r0tXrNNMqGzTke8uKiGkXTWWS%2FLjmntfsivebV30NvP5%2BpU3VtfS3ErnlMmmoPVQf1pwNSPPnrk%2BP%2FazP1yBslNYXyH1j8hxQJkpeH4DLj%2Fx7wyB1Sc9LA9Q%2BmrXxuyE1IpAy5OasgruPzU7wbuW1n9TVU3cLWzaBmhxE1laYWgrDHUFqsdw%2FtRukdtH5389tsF0Y5dp29hj2uqv5muuP%2Ffg1GGz02qFNOmtRJ0OlR3Wjrv9JBKUxu0kThLaQuFm%2FZe2L%2FwDAAD%2F%2FwEAAP%2F%2FzCL3xMYEAAA%3D HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2dcee3a151da33f9c921c1c691ba16b8
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuu3p1TfpefungRlmFBUJBJd89Mz4yLrMYYCcbN%2FnHxz0Wqu3om5VR3NVVd05Ocgguyxzl40VPlmWSDGkQ%2FgItMAosExcxFAppv4ElYPEqPg6MvdL%2FvW89b8LzPU5%2FsmQviw9Dz1bflDheCLjdrbvWF9zzvenWDp2ZYHbaDD4PG9aoavNwJau6L1TfjqC%2BXfddzXc%2F1qmtcxV05XC5B8Oyo49U6bq3h17xmA0P1314bB5o6YIML8jQ4m1ZOnCvg0QRp8s1qrPu5zF56IzGC5lJhwA7vpf1UFimSRdlVDrrp4XwaUp%2BtPYJMD2Z0IQf%2FDIZ8SpzHjxCmh3OSCAf7M56hQJwiZP9DMZggFhNwOkEk74OzMwJEDDc3kSYPb0pV0O2%2FUVqiU1J58gd4MSWV364gTb5eEXxYvSuFyblMNYZdCz6cgPcmyMwx8p1L4MUxovxjcPYTWX6ygTTZ39RCgjM7253zCXh3AhGPQLUDU37cgek6MJmDhJ1XI8%2FzWi6LqNvuRFGdteIwYK5HW12Pem7QholKeiPk2QiRGCFSu8jULvp8BGW%2Bh96y0MyBzqfEub2LAbMoYoJCExSUoOAERU5QDOwBE9rX9iET2oTePPvzXLdjmff26IHMe3FKQNUIitm97II8VerjfHDioR%2BfV72WzzpB2%2FUbzWazHrfdpk9pN4y9kAUN6tWhuQXXl2Yr7%2FApaT%2F7K7LSs75FSI%2BhxTEifg3UeKCFBd2y2EmPcp5uGyVqiQw5mLTI8grybWdPXJDnZg5dq9xGHJ3eeLz0Sjb%2BZQmRssiUxUf8hKAnHozvyILs35GFJt9uZjlP%2BA4t3bub0zy%2B%2FOVb8XYhFVtf1aMvXotKoCyP3ol1vkFTxtOeJl%2BtcMZitSZVFJPv1vW7cXjL6K0Vo1KTbdx6fW09yVSsNZfpBJSfbf6JiE9J5flnZs%2Fy%2Fz%2F%2BDq4mUMYiMadkHuDyGFG2C50t2GtJoMRiJswuozB2rPxwcSg4gYgXPQ0t9L%2F6cFGPFS1vU2739AP0VAU0v480sRgoi4GwoGIEbZbGeaZOb%2FzwWRmfIxSVcShUZT8USnxainyv%2FL0%2Fk3tKrv7cgObn1Va97tKg0%2FRaLRq3wobf7gYeo9RvBH4Q0DpyPe1e3X71LwAAAP%2F%2FAQAA%2F%2F%2BJz3TGegQAAA%3D%3D | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuu3p1TfpefungRlmFBUJBJd89Mz4yLrMYYCcbN%2FnHxz0Wqu3om5VR3NVVd05Ocgguyxzl40VPlmWSDGkQ%2FgItMAosExcxFAppv4ElYPEqPg6MvdL%2FvW89b8LzPU5%2FsmQviw9Dz1bflDheCLjdrbvWF9zzvenWDp2ZYHbaDD4PG9aoavNwJau6L1TfjqC%2BXfddzXc%2F1qmtcxV05XC5B8Oyo49U6bq3h17xmA0P1314bB5o6YIML8jQ4m1ZOnCvg0QRp8s1qrPu5zF56IzGC5lJhwA7vpf1UFimSRdlVDrrp4XwaUp%2BtPYJMD2Z0IQf%2FDIZ8SpzHjxCmh3OSCAf7M56hQJwiZP9DMZggFhNwOkEk74OzMwJEDDc3kSYPb0pV0O2%2FUVqiU1J58gd4MSWV364gTb5eEXxYvSuFyblMNYZdCz6cgPcmyMwx8p1L4MUxovxjcPYTWX6ygTTZ39RCgjM7253zCXh3AhGPQLUDU37cgek6MJmDhJ1XI8%2FzWi6LqNvuRFGdteIwYK5HW12Pem7QholKeiPk2QiRGCFSu8jULvp8BGW%2Bh96y0MyBzqfEub2LAbMoYoJCExSUoOAERU5QDOwBE9rX9iET2oTePPvzXLdjmff26IHMe3FKQNUIitm97II8VerjfHDioR%2BfV72WzzpB2%2FUbzWazHrfdpk9pN4y9kAUN6tWhuQXXl2Yr7%2FApaT%2F7K7LSs75FSI%2BhxTEifg3UeKCFBd2y2EmPcp5uGyVqiQw5mLTI8grybWdPXJDnZg5dq9xGHJ3eeLz0Sjb%2BZQmRssiUxUf8hKAnHozvyILs35GFJt9uZjlP%2BA4t3bub0zy%2B%2FOVb8XYhFVtf1aMvXotKoCyP3ol1vkFTxtOeJl%2BtcMZitSZVFJPv1vW7cXjL6K0Vo1KTbdx6fW09yVSsNZfpBJSfbf6JiE9J5flnZs%2Fy%2Fz%2F%2BDq4mUMYiMadkHuDyGFG2C50t2GtJoMRiJswuozB2rPxwcSg4gYgXPQ0t9L%2F6cFGPFS1vU2739AP0VAU0v480sRgoi4GwoGIEbZbGeaZOb%2FzwWRmfIxSVcShUZT8USnxainyv%2FL0%2Fk3tKrv7cgObn1Va97tKg0%2FRaLRq3wobf7gYeo9RvBH4Q0DpyPe1e3X71LwAAAP%2F%2FAQAA%2F%2F%2BJz3TGegQAAA%3D%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuu3p1TfpefungRlmFBUJBJd89Mz4yLrMYYCcbN%2FnHxz0Wqu3om5VR3NVVd05Ocgguyxzl40VPlmWSDGkQ%2FgItMAosExcxFAppv4ElYPEqPg6MvdL%2FvW89b8LzPU5%2FsmQviw9Dz1bflDheCLjdrbvWF9zzvenWDp2ZYHbaDD4PG9aoavNwJau6L1TfjqC%2BXfddzXc%2F1qmtcxV05XC5B8Oyo49U6bq3h17xmA0P1314bB5o6YIML8jQ4m1ZOnCvg0QRp8s1qrPu5zF56IzGC5lJhwA7vpf1UFimSRdlVDrrp4XwaUp%2BtPYJMD2Z0IQf%2FDIZ8SpzHjxCmh3OSCAf7M56hQJwiZP9DMZggFhNwOkEk74OzMwJEDDc3kSYPb0pV0O2%2FUVqiU1J58gd4MSWV364gTb5eEXxYvSuFyblMNYZdCz6cgPcmyMwx8p1L4MUxovxjcPYTWX6ygTTZ39RCgjM7253zCXh3AhGPQLUDU37cgek6MJmDhJ1XI8%2FzWi6LqNvuRFGdteIwYK5HW12Pem7QholKeiPk2QiRGCFSu8jULvp8BGW%2Bh96y0MyBzqfEub2LAbMoYoJCExSUoOAERU5QDOwBE9rX9iET2oTePPvzXLdjmff26IHMe3FKQNUIitm97II8VerjfHDioR%2BfV72WzzpB2%2FUbzWazHrfdpk9pN4y9kAUN6tWhuQXXl2Yr7%2FApaT%2F7K7LSs75FSI%2BhxTEifg3UeKCFBd2y2EmPcp5uGyVqiQw5mLTI8grybWdPXJDnZg5dq9xGHJ3eeLz0Sjb%2BZQmRssiUxUf8hKAnHozvyILs35GFJt9uZjlP%2BA4t3bub0zy%2B%2FOVb8XYhFVtf1aMvXotKoCyP3ol1vkFTxtOeJl%2BtcMZitSZVFJPv1vW7cXjL6K0Vo1KTbdx6fW09yVSsNZfpBJSfbf6JiE9J5flnZs%2Fy%2Fz%2F%2BDq4mUMYiMadkHuDyGFG2C50t2GtJoMRiJswuozB2rPxwcSg4gYgXPQ0t9L%2F6cFGPFS1vU2739AP0VAU0v480sRgoi4GwoGIEbZbGeaZOb%2FzwWRmfIxSVcShUZT8USnxainyv%2FL0%2Fk3tKrv7cgObn1Va97tKg0%2FRaLRq3wobf7gYeo9RvBH4Q0DpyPe1e3X71LwAAAP%2F%2FAQAA%2F%2F%2BJz3TGegQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdc38d723cea9b686ff37033cb2f3556
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNfYqbnwMboShGRAUpFPV7zjIaIyRYJzMw8HHRu6rOte%2BVbe4t6qrk1VwQGbZCze6qnydTFCD6A9wkE5gkKCY3khA8xdcCINLqTbYeqDqnHO%2Fc%2BE733c%2F3c3OSR0ZPVt5x2wrreliq%2BZXX3w%2FCK5V11WcDavDbvujdvNa1Q5eWWrX%2FJeqb0neN4t1P%2FD9wA%2Bqq8rK0AwXSxAqOVwKakt%2BrVmvBa0mhvb%2Fvcs8OOpBDM7JM1BiWjn2LkPxCeLo2xXp%2BqlJXn4zyjRNjcVAHNyN%2B7HJY0TzMrQewvjgYhrGna4%2BhIn3Z3RhBv8OMjUl3qOHYPHBBUmwwd6MJ9OQMZh4EvlgAqknUHQCbu5BiVMCcIEbG4ijBzeMzenWPygt0SmpPP4TKp%2BSyu%2BXEUffLGs1rN4xOkuViR2GYQE1nED1JkiyI6Tbl6DyI%2FD0EyjxM1l8vI442ttw2kCJYra7UhOocAItR6DOQ1Z%2BykMWesgSD5E4q%2FIgCDq%2B4NTvLnHeEB3J2sIPaCcMaOC3u8h4SW%2BENBmB6xG43UFid9BXI9jsB7jNAk54cOmUeLd2MBAFckmQO4KcEuSKIE8J8kGxL7Sru%2BKB0C5jwUWuX%2BRGMTZpb5fum7QnYwJqR7Ci2E3OydOlPt6HxwH68qwadOpiqd31681Wq9WQXb9VpzRkMmCi3aRBA04VUO7SbOVtNSXd535DUnrWL8DoEZw%2BAldXQbMANC9ANwtsx4epircyq2uRYQrCFEjSCtItb1efk%2BdnDl2tfADJT64%2FWng1Gf%2B6AG4LJLbAx%2BqYoKfvj2%2BbnOzdNrkj320kqYrUNi3du5PSVD7x1dtyKzdWrK240Zev8xIoy8N3pUvXaSxU3HPk62UlhLSrxnJJvl9z70l2M3Oby5mNs2T95hura1FipXPKxBNQdbrxF7iaksoLz86e5VM%2F%2FQFlJ7BZgSg7IRcBZY7Akx24ZM7eGQKr5zMsuYQ8K8a2zuaHWhFoOe8pK%2BD%2B07N5Pba0vE1Vsevuo2croOk9xFGBgS0w0AWoHsFlC%2BM0sSfXf%2Fy8jC%2FAdGXMtK3sMW31Z6XId2dKl79bU3LllyacOqs2fNFhMpQdJputZii5YK0W83nIWUN0uxypm4ZXtl77GwAA%2F%2F8BAAD%2F%2F1bbO%2BV6BAAA | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNfYqbnwMboShGRAUpFPV7zjIaIyRYJzMw8HHRu6rOte%2BVbe4t6qrk1VwQGbZCze6qnydTFCD6A9wkE5gkKCY3khA8xdcCINLqTbYeqDqnHO%2Fc%2BE733c%2F3c3OSR0ZPVt5x2wrreliq%2BZXX3w%2FCK5V11WcDavDbvujdvNa1Q5eWWrX%2FJeqb0neN4t1P%2FD9wA%2Bqq8rK0AwXSxAqOVwKakt%2BrVmvBa0mhvb%2Fvcs8OOpBDM7JM1BiWjn2LkPxCeLo2xXp%2BqlJXn4zyjRNjcVAHNyN%2B7HJY0TzMrQewvjgYhrGna4%2BhIn3Z3RhBv8OMjUl3qOHYPHBBUmwwd6MJ9OQMZh4EvlgAqknUHQCbu5BiVMCcIEbG4ijBzeMzenWPygt0SmpPP4TKp%2BSyu%2BXEUffLGs1rN4xOkuViR2GYQE1nED1JkiyI6Tbl6DyI%2FD0EyjxM1l8vI442ttw2kCJYra7UhOocAItR6DOQ1Z%2BykMWesgSD5E4q%2FIgCDq%2B4NTvLnHeEB3J2sIPaCcMaOC3u8h4SW%2BENBmB6xG43UFid9BXI9jsB7jNAk54cOmUeLd2MBAFckmQO4KcEuSKIE8J8kGxL7Sru%2BKB0C5jwUWuX%2BRGMTZpb5fum7QnYwJqR7Ci2E3OydOlPt6HxwH68qwadOpiqd31681Wq9WQXb9VpzRkMmCi3aRBA04VUO7SbOVtNSXd535DUnrWL8DoEZw%2BAldXQbMANC9ANwtsx4epircyq2uRYQrCFEjSCtItb1efk%2BdnDl2tfADJT64%2FWng1Gf%2B6AG4LJLbAx%2BqYoKfvj2%2BbnOzdNrkj320kqYrUNi3du5PSVD7x1dtyKzdWrK240Zev8xIoy8N3pUvXaSxU3HPk62UlhLSrxnJJvl9z70l2M3Oby5mNs2T95hura1FipXPKxBNQdbrxF7iaksoLz86e5VM%2F%2FQFlJ7BZgSg7IRcBZY7Akx24ZM7eGQKr5zMsuYQ8K8a2zuaHWhFoOe8pK%2BD%2B07N5Pba0vE1Vsevuo2croOk9xFGBgS0w0AWoHsFlC%2BM0sSfXf%2Fy8jC%2FAdGXMtK3sMW31Z6XId2dKl79bU3LllyacOqs2fNFhMpQdJputZii5YK0W83nIWUN0uxypm4ZXtl77GwAA%2F%2F8BAAD%2F%2F1bbO%2BV6BAAA IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNfYqbnwMboShGRAUpFPV7zjIaIyRYJzMw8HHRu6rOte%2BVbe4t6qrk1VwQGbZCze6qnydTFCD6A9wkE5gkKCY3khA8xdcCINLqTbYeqDqnHO%2Fc%2BE733c%2F3c3OSR0ZPVt5x2wrreliq%2BZXX3w%2FCK5V11WcDavDbvujdvNa1Q5eWWrX%2FJeqb0neN4t1P%2FD9wA%2Bqq8rK0AwXSxAqOVwKakt%2BrVmvBa0mhvb%2Fvcs8OOpBDM7JM1BiWjn2LkPxCeLo2xXp%2BqlJXn4zyjRNjcVAHNyN%2B7HJY0TzMrQewvjgYhrGna4%2BhIn3Z3RhBv8OMjUl3qOHYPHBBUmwwd6MJ9OQMZh4EvlgAqknUHQCbu5BiVMCcIEbG4ijBzeMzenWPygt0SmpPP4TKp%2BSyu%2BXEUffLGs1rN4xOkuViR2GYQE1nED1JkiyI6Tbl6DyI%2FD0EyjxM1l8vI442ttw2kCJYra7UhOocAItR6DOQ1Z%2BykMWesgSD5E4q%2FIgCDq%2B4NTvLnHeEB3J2sIPaCcMaOC3u8h4SW%2BENBmB6xG43UFid9BXI9jsB7jNAk54cOmUeLd2MBAFckmQO4KcEuSKIE8J8kGxL7Sru%2BKB0C5jwUWuX%2BRGMTZpb5fum7QnYwJqR7Ci2E3OydOlPt6HxwH68qwadOpiqd31681Wq9WQXb9VpzRkMmCi3aRBA04VUO7SbOVtNSXd535DUnrWL8DoEZw%2BAldXQbMANC9ANwtsx4epircyq2uRYQrCFEjSCtItb1efk%2BdnDl2tfADJT64%2FWng1Gf%2B6AG4LJLbAx%2BqYoKfvj2%2BbnOzdNrkj320kqYrUNi3du5PSVD7x1dtyKzdWrK240Zev8xIoy8N3pUvXaSxU3HPk62UlhLSrxnJJvl9z70l2M3Oby5mNs2T95hura1FipXPKxBNQdbrxF7iaksoLz86e5VM%2F%2FQFlJ7BZgSg7IRcBZY7Akx24ZM7eGQKr5zMsuYQ8K8a2zuaHWhFoOe8pK%2BD%2B07N5Pba0vE1Vsevuo2croOk9xFGBgS0w0AWoHsFlC%2BM0sSfXf%2Fy8jC%2FAdGXMtK3sMW31Z6XId2dKl79bU3LllyacOqs2fNFhMpQdJputZii5YK0W83nIWUN0uxypm4ZXtl77GwAA%2F%2F8BAAD%2F%2F1bbO%2BV6BAAA HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ac7993fa625162753d79fa81d66309c
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NdOr%2FDY%2FdXAjDM2AoCCdqv6Og4zGGAnGyXw4%2BLGR91WdZ7%2BqV7xX1dXJKjggs%2ByFG11VTicT1CD6BzhIJzBIUExvJKD5D1wJg0upNth6oere%2B859cO4575Pd7JzUkdGzlbfNttKaLrZqfvWF94LgenVdxdmwOuy2P2w3r1ft4OWlds1%2Fsfqm5H2zWPcD3w%2F8oLqqrAzNcLEEoZLDpaC25Nea9VrQamJo%2F9u7zIOjHsTgnDwNJaaVY%2B8KFJ8gjr5Zka6fmuSlN6JM09RYDMTBvbgfmzxGNC9D6yGMDy6mYdzp6iOYeH9GF2bwzyBTU%2BI9fgQWH1yQBBvszXgyDRmDif8hH0wg9QSKTsDNfShxSgAucHMDcfTwprE53fobpSU6JZUnf0DlU1L57Qri6OtlrYbVu0ZnqTKxwzAsoIYTqN4ESXaEdPsSVH4Enn4MJX4ii0%2FWEUd7G04bKFHMdldqAhVOoOUI1HnIyk95yEIPWeIhEmdVHgRBxxec%2Bt0lzhuiI1lb%2BAHthAEN%2FHYXGS%2FpjZAmI3A9Arc7SOwO%2BmoEm30Pt1nACQ8unRLv9g4GokAuCXJHkFOCXBHkKUE%2BKPaFdnVXPBTaZSy4yPWL3CjGJu3t0n2T9mRMQO0IVhS7yTl5qtTH%2B%2BA4QF%2BeVYNOXSy1u3692Wq1GrLrt%2BqUhkwGTLSbNGjAqQLKXZqtvK2mpPvsr0hKz%2FoFGD2C00fg6hpoFoDmBehmge34MFXxVmZ1LTJMQZgCSVpBuuXt6nPy3Myha5XbkPzkxuOFV5LxLwvgtkBiC3ykjgl6%2BsH4jsnJ3h2TO%2FLtRpKqSG3T0r27KU3l5S%2Ffklu5sWJtxY2%2BeI2XQFkeviNduk5joeKeI18tKyGkXTWWS%2FLdmntXsluZ21zObJwl67deX12LEiudUyaegKrTjT%2FB1ZRUnn9m9iz%2F%2F%2BPvUHYCmxWIshNyEVDmCDzZgUvm7J0hsHo%2Bw5LLyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77gF6tgKa3kccFRjYAgNdgOoRXLYwThN7cuOHz8r4HExXxkzbyh7TVn9ainyv%2FL0%2Fk3tKrv7chFNn1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3XT8OrWq38BAAD%2F%2FwEAAP%2F%2FCRuhLnoEAAA%3D | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NdOr%2FDY%2FdXAjDM2AoCCdqv6Og4zGGAnGyXw4%2BLGR91WdZ7%2BqV7xX1dXJKjggs%2ByFG11VTicT1CD6BzhIJzBIUExvJKD5D1wJg0upNth6oere%2B859cO4575Pd7JzUkdGzlbfNttKaLrZqfvWF94LgenVdxdmwOuy2P2w3r1ft4OWlds1%2Fsfqm5H2zWPcD3w%2F8oLqqrAzNcLEEoZLDpaC25Nea9VrQamJo%2F9u7zIOjHsTgnDwNJaaVY%2B8KFJ8gjr5Zka6fmuSlN6JM09RYDMTBvbgfmzxGNC9D6yGMDy6mYdzp6iOYeH9GF2bwzyBTU%2BI9fgQWH1yQBBvszXgyDRmDif8hH0wg9QSKTsDNfShxSgAucHMDcfTwprE53fobpSU6JZUnf0DlU1L57Qri6OtlrYbVu0ZnqTKxwzAsoIYTqN4ESXaEdPsSVH4Enn4MJX4ii0%2FWEUd7G04bKFHMdldqAhVOoOUI1HnIyk95yEIPWeIhEmdVHgRBxxec%2Bt0lzhuiI1lb%2BAHthAEN%2FHYXGS%2FpjZAmI3A9Arc7SOwO%2BmoEm30Pt1nACQ8unRLv9g4GokAuCXJHkFOCXBHkKUE%2BKPaFdnVXPBTaZSy4yPWL3CjGJu3t0n2T9mRMQO0IVhS7yTl5qtTH%2B%2BA4QF%2BeVYNOXSy1u3692Wq1GrLrt%2BqUhkwGTLSbNGjAqQLKXZqtvK2mpPvsr0hKz%2FoFGD2C00fg6hpoFoDmBehmge34MFXxVmZ1LTJMQZgCSVpBuuXt6nPy3Myha5XbkPzkxuOFV5LxLwvgtkBiC3ykjgl6%2BsH4jsnJ3h2TO%2FLtRpKqSG3T0r27KU3l5S%2Ffklu5sWJtxY2%2BeI2XQFkeviNduk5joeKeI18tKyGkXTWWS%2FLdmntXsluZ21zObJwl67deX12LEiudUyaegKrTjT%2FB1ZRUnn9m9iz%2F%2F%2BPvUHYCmxWIshNyEVDmCDzZgUvm7J0hsHo%2Bw5LLyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77gF6tgKa3kccFRjYAgNdgOoRXLYwThN7cuOHz8r4HExXxkzbyh7TVn9ainyv%2FL0%2Fk3tKrv7chFNn1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3XT8OrWq38BAAD%2F%2FwEAAP%2F%2FCRuhLnoEAAA%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9NdOr%2FDY%2FdXAjDM2AoCCdqv6Og4zGGAnGyXw4%2BLGR91WdZ7%2BqV7xX1dXJKjggs%2ByFG11VTicT1CD6BzhIJzBIUExvJKD5D1wJg0upNth6oere%2B859cO4575Pd7JzUkdGzlbfNttKaLrZqfvWF94LgenVdxdmwOuy2P2w3r1ft4OWlds1%2Fsfqm5H2zWPcD3w%2F8oLqqrAzNcLEEoZLDpaC25Nea9VrQamJo%2F9u7zIOjHsTgnDwNJaaVY%2B8KFJ8gjr5Zka6fmuSlN6JM09RYDMTBvbgfmzxGNC9D6yGMDy6mYdzp6iOYeH9GF2bwzyBTU%2BI9fgQWH1yQBBvszXgyDRmDif8hH0wg9QSKTsDNfShxSgAucHMDcfTwprE53fobpSU6JZUnf0DlU1L57Qri6OtlrYbVu0ZnqTKxwzAsoIYTqN4ESXaEdPsSVH4Enn4MJX4ii0%2FWEUd7G04bKFHMdldqAhVOoOUI1HnIyk95yEIPWeIhEmdVHgRBxxec%2Bt0lzhuiI1lb%2BAHthAEN%2FHYXGS%2FpjZAmI3A9Arc7SOwO%2BmoEm30Pt1nACQ8unRLv9g4GokAuCXJHkFOCXBHkKUE%2BKPaFdnVXPBTaZSy4yPWL3CjGJu3t0n2T9mRMQO0IVhS7yTl5qtTH%2B%2BA4QF%2BeVYNOXSy1u3692Wq1GrLrt%2BqUhkwGTLSbNGjAqQLKXZqtvK2mpPvsr0hKz%2FoFGD2C00fg6hpoFoDmBehmge34MFXxVmZ1LTJMQZgCSVpBuuXt6nPy3Myha5XbkPzkxuOFV5LxLwvgtkBiC3ykjgl6%2BsH4jsnJ3h2TO%2FLtRpKqSG3T0r27KU3l5S%2Ffklu5sWJtxY2%2BeI2XQFkeviNduk5joeKeI18tKyGkXTWWS%2FLdmntXsluZ21zObJwl67deX12LEiudUyaegKrTjT%2FB1ZRUnn9m9iz%2F%2F%2BPvUHYCmxWIshNyEVDmCDzZgUvm7J0hsHo%2Bw5LLyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77gF6tgKa3kccFRjYAgNdgOoRXLYwThN7cuOHz8r4HExXxkzbyh7TVn9ainyv%2FL0%2Fk3tKrv7chFNn1YYvOkyGssNks9UMJRes1WI%2BDzlriG6XI3XT8OrWq38BAAD%2F%2FwEAAP%2F%2FCRuhLnoEAAA%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fef5ac07b031cd94dbda9315ae31a5c0
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXue0gqAuXoRlWBBUZNI933GR1TVmCcbNfrj4cZH66kk51V1NVff0ZLwEF2SPc%2FCip84zyQY1LPoDXGQSWCQgZi4S0IC%2FQVg8Ss8Goy%2FU%2B1HPW%2FC871NfbGUnpI6MHi%2B9Z0ZKa7rQqvnVlz8MgsvVVRVnw%2Bqw2%2F6k3bxctYPXF9s1%2F5XqNcn7ZqHuB74f%2BEF1WVkZmuFCCUIle4tBbdGvNeu1oNXE0P6%2FdpkHRz2IwQl5DkrMKgfeBSg%2BRRx9vyRdPzXJa%2B9EmaapsRiI3TtxPzZ5jOgsDa2HMN497YZxR8sPYeKdOV2Ywb%2BNTM2I9%2BghWLx7ShJssD3nyTRkDCaeRj6YQuopFJ2Cm7tQ4ogAXOD6GuLo%2FnVjc7rxBKUlOiOVx39B5TNS%2BeMC4ujBVa2G1dtGZ6kyscMwLKCGU6jeFEm2j3R0DirfB08%2FhxK%2FkIXHq4ij7TWnDZQo5rMrNYUKp9ByDOo8ZOVRHrLQQ5Z4iMRxlQdB0PEFp353kfOG6EjWFn5AO2FAA7%2FdRcZLemOkyRhcj8HtJhK7ib4aw2Y%2Fwa0XcMKDS2fEu7mJgSiQS4LcEeSUIFcEeUqQD4odoV3dFfeFdhkLTmP9NDaKiUl7W3THpD0ZE1A7hhXFVnJCni334318EKAvj6tBpy4W212%2F3my1Wg3Z9Vt1SkMmAybaTRo04FQB5c7NRx6pGem%2B8DuSUrN%2BAUb34fQ%2BuLoEmgWgeQG6XmAU76Uq3sisrkWGKQhTIEkrSDe8LX1CXpwrdPHXJiQ%2FvPLo%2FBvJ5Lfz4LZAYgt8qg4Ievre5JbJyfYtkzvyw1qSqkiNaKne7ZSm8qlv35UbubFiZcmNv3mLl0CZ7r0vXbpKY6HiniPfXVVCSLtsLJfkxxX3gWQ3Mrd%2BNbNxlqzeeHt5JUqsdE6ZeAqqjtb%2BBlczUnnp%2Bfm3fOboVSg7hc0KRNkhOTUosw%2BebMIlh1fS0Z%2FXHlz4DM4QWH3Ww5IK8qyY2Do7u9SKQMuzmrIC7j81O8snlpavqSq23D30bAU0vYs4KjCwBQa6ANVjuOz8JE3s4ZWfvyrtazBdmTBtK9tMW%2F3ljFyq3CndR6W7%2BWTnTh1XG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1M3Cixtv%2FgMAAP%2F%2FAQAA%2F%2F%2FLop0UegQAAA%3D%3D | 172.240.253.132 | 200 OK | 7 B |
URL GET HTTP/1.1fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXue0gqAuXoRlWBBUZNI933GR1TVmCcbNfrj4cZH66kk51V1NVff0ZLwEF2SPc%2FCip84zyQY1LPoDXGQSWCQgZi4S0IC%2FQVg8Ss8Goy%2FU%2B1HPW%2FC871NfbGUnpI6MHi%2B9Z0ZKa7rQqvnVlz8MgsvVVRVnw%2Bqw2%2F6k3bxctYPXF9s1%2F5XqNcn7ZqHuB74f%2BEF1WVkZmuFCCUIle4tBbdGvNeu1oNXE0P6%2FdpkHRz2IwQl5DkrMKgfeBSg%2BRRx9vyRdPzXJa%2B9EmaapsRiI3TtxPzZ5jOgsDa2HMN497YZxR8sPYeKdOV2Ywb%2BNTM2I9%2BghWLx7ShJssD3nyTRkDCaeRj6YQuopFJ2Cm7tQ4ogAXOD6GuLo%2FnVjc7rxBKUlOiOVx39B5TNS%2BeMC4ujBVa2G1dtGZ6kyscMwLKCGU6jeFEm2j3R0DirfB08%2FhxK%2FkIXHq4ij7TWnDZQo5rMrNYUKp9ByDOo8ZOVRHrLQQ5Z4iMRxlQdB0PEFp353kfOG6EjWFn5AO2FAA7%2FdRcZLemOkyRhcj8HtJhK7ib4aw2Y%2Fwa0XcMKDS2fEu7mJgSiQS4LcEeSUIFcEeUqQD4odoV3dFfeFdhkLTmP9NDaKiUl7W3THpD0ZE1A7hhXFVnJCni334318EKAvj6tBpy4W212%2F3my1Wg3Z9Vt1SkMmAybaTRo04FQB5c7NRx6pGem%2B8DuSUrN%2BAUb34fQ%2BuLoEmgWgeQG6XmAU76Uq3sisrkWGKQhTIEkrSDe8LX1CXpwrdPHXJiQ%2FvPLo%2FBvJ5Lfz4LZAYgt8qg4Ievre5JbJyfYtkzvyw1qSqkiNaKne7ZSm8qlv35UbubFiZcmNv3mLl0CZ7r0vXbpKY6HiniPfXVVCSLtsLJfkxxX3gWQ3Mrd%2BNbNxlqzeeHt5JUqsdE6ZeAqqjtb%2BBlczUnnp%2Bfm3fOboVSg7hc0KRNkhOTUosw%2BebMIlh1fS0Z%2FXHlz4DM4QWH3Ww5IK8qyY2Do7u9SKQMuzmrIC7j81O8snlpavqSq23D30bAU0vYs4KjCwBQa6ANVjuOz8JE3s4ZWfvyrtazBdmTBtK9tMW%2F3ljFyq3CndR6W7%2BWTnTh1XG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1M3Cixtv%2FgMAAP%2F%2FAQAA%2F%2F%2FLop0UegQAAA%3D%3D IP172.240.253.132:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectfizzysquirtbikes.com Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXue0gqAuXoRlWBBUZNI933GR1TVmCcbNfrj4cZH66kk51V1NVff0ZLwEF2SPc%2FCip84zyQY1LPoDXGQSWCQgZi4S0IC%2FQVg8Ss8Goy%2FU%2B1HPW%2FC871NfbGUnpI6MHi%2B9Z0ZKa7rQqvnVlz8MgsvVVRVnw%2Bqw2%2F6k3bxctYPXF9s1%2F5XqNcn7ZqHuB74f%2BEF1WVkZmuFCCUIle4tBbdGvNeu1oNXE0P6%2FdpkHRz2IwQl5DkrMKgfeBSg%2BRRx9vyRdPzXJa%2B9EmaapsRiI3TtxPzZ5jOgsDa2HMN497YZxR8sPYeKdOV2Ywb%2BNTM2I9%2BghWLx7ShJssD3nyTRkDCaeRj6YQuopFJ2Cm7tQ4ogAXOD6GuLo%2FnVjc7rxBKUlOiOVx39B5TNS%2BeMC4ujBVa2G1dtGZ6kyscMwLKCGU6jeFEm2j3R0DirfB08%2FhxK%2FkIXHq4ij7TWnDZQo5rMrNYUKp9ByDOo8ZOVRHrLQQ5Z4iMRxlQdB0PEFp353kfOG6EjWFn5AO2FAA7%2FdRcZLemOkyRhcj8HtJhK7ib4aw2Y%2Fwa0XcMKDS2fEu7mJgSiQS4LcEeSUIFcEeUqQD4odoV3dFfeFdhkLTmP9NDaKiUl7W3THpD0ZE1A7hhXFVnJCni334318EKAvj6tBpy4W212%2F3my1Wg3Z9Vt1SkMmAybaTRo04FQB5c7NRx6pGem%2B8DuSUrN%2BAUb34fQ%2BuLoEmgWgeQG6XmAU76Uq3sisrkWGKQhTIEkrSDe8LX1CXpwrdPHXJiQ%2FvPLo%2FBvJ5Lfz4LZAYgt8qg4Ievre5JbJyfYtkzvyw1qSqkiNaKne7ZSm8qlv35UbubFiZcmNv3mLl0CZ7r0vXbpKY6HiniPfXVVCSLtsLJfkxxX3gWQ3Mrd%2BNbNxlqzeeHt5JUqsdE6ZeAqqjtb%2BBlczUnnp%2Bfm3fOboVSg7hc0KRNkhOTUosw%2BebMIlh1fS0Z%2FXHlz4DM4QWH3Ww5IK8qyY2Do7u9SKQMuzmrIC7j81O8snlpavqSq23D30bAU0vYs4KjCwBQa6ANVjuOz8JE3s4ZWfvyrtazBdmTBtK9tMW%2F3ljFyq3CndR6W7%2BWTnTh1XG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1M3Cixtv%2FgMAAP%2F%2FAQAA%2F%2F%2FLop0UegQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229333,2229337,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b2a94b69b6a0612f25b01991d0455c4f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=91 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=91 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=91 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 188.114.97.1 | 200 OK | 591 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5357246
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QmRJfIH3OvpyeKSY0HWLKa%2FRQcdxXoiifN22tD7wfo%2FarOWOH2DfDEeHpXRGXQ3IJX1kBLToOHKj%2BBPknp2HxFKVrZRa39sT41bAdq3Ly%2BHxC4KWt%2FcYMeWrNwDYhiAP91cL%2BVFs0eFW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d78fdab5688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.10 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Thu, 18 Apr 2024 13:12:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=348 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=348 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=348 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=350 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=350 IP172.240.127.234:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=350 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hash0821ef86d66a5dcb965c76dc5894e88a 4ef1388022c2d657b926a8ff1a80a0dd9303e0b5 a092e55f0dd6e15c38c487c363d6084d5ec724c4509ea31727aa4d22326344b4
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 13:12:33 GMT
date: Tue, 16 Apr 2024 13:12:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| bitly.ws/gfx/favicon.png | 185.11.100.204 | 200 OK | 2.0 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced Hash549c8f6c3f6b1340852212e7c784d187 e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc 00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590
GET /gfx/favicon.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1713273152.1.0.1713273152.0.0.0; _ga=GA1.1.307923860.1713273152; dom3ic8zudi28v8lr6fgphwffqoz0j6c=2aab6d71-51d9-42bc-b742-8609a3b48bbe%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=fizzysquirtbikes.com; sb_main_33ce9e99c1bfce9eb2d48a915db5624c=1; sb_count_33ce9e99c1bfce9eb2d48a915db5624c=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=continuousselfevidentinestimable.com; pp_main_7866ead300fcf9e425beaf01fe308949=1; pp_idelay_7866ead300fcf9e425beaf01fe308949=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:33 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 188.114.97.1 | 200 OK | 4.9 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8OcZCdblZgDceNqrHxHj5lbepyORAVupxWygglJnAZ30v%2BdFsOgw7Vn6PRCs%2FljhYdZisqPyibYOYTVYqVt%2BF2tlfWJdOX4Dy5TioDLiDQemdgJMCN4sYfqSTC5Jmkvz40HHdYuL9VJM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d786cb75688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fundingchoicesmessages.google.com/f/AGSKWxUGKEyqcQCnA6v62G4Kx_CTK7mU-Lvx4L8qRIEMO3_K1xhI8_K7-q5DXONbzxVk-ijLdTAjN2KjuOI7oQQeW40EE1QANOwUNiiel6GrWS9X8iGTVav5EDC3i6Qc2ajn0JC1WqfOdg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjczMTU0LDEzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 | 216.58.211.14 | 200 OK | 59 kB |
URL GET HTTP/3fundingchoicesmessages.google.com/f/AGSKWxUGKEyqcQCnA6v62G4Kx_CTK7mU-Lvx4L8qRIEMO3_K1xhI8_K7-q5DXONbzxVk-ijLdTAjN2KjuOI7oQQeW40EE1QANOwUNiiel6GrWS9X8iGTVav5EDC3i6Qc2ajn0JC1WqfOdg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjczMTU0LDEzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 IP216.58.211.14:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typegzip compressed data, max compression Hashefb978ce7e56095fba5d8b8287c4609a 02fcfc9106ba90d5eb664bb46fa021fb5ab9b247 712ce741b1f57e0539451741c467e65d5174897c30e68131d8c84cd7379a811f
GET /f/AGSKWxUGKEyqcQCnA6v62G4Kx_CTK7mU-Lvx4L8qRIEMO3_K1xhI8_K7-q5DXONbzxVk-ijLdTAjN2KjuOI7oQQeW40EE1QANOwUNiiel6GrWS9X8iGTVav5EDC3i6Qc2ajn0JC1WqfOdg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjczMTU0LDEzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Apr 2024 13:12:34 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-XRpt-Xi-KBqtff_ShmCmJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjitDikmLw1JBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAWIhbo5Dn35uYBOY8W9nJgDXFiuG"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 188.114.97.1 | 200 OK | 341 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash0013fbb3bd9e7300fa1bc9f62501dcf0 447e4a8994979e2e158b9beff79b94e7d1b29508 4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LY3VZyTa3yT2eEAY3cfOV3nw6mjvBn7DszQQ%2FdBUWHO200N3vbCrPRYvHdQW961Sr0KPVb3deBfV%2FiY24UY%2FRpdOgoI1SXIoGahc8a6T6noX7x0E1FbVPq0vQmfYMIrXdNpaGA1hgv9j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d798e7d5688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 142.250.74.163 | 200 OK | 48 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP142.250.74.163:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 18482
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 | 142.250.74.163 | 200 OK | 128 kB |
URL GET HTTP/2fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 IP142.250.74.163:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 128352, version 1.0 Size128 kB (128352 bytes) Hash53436aca8627a49f4deaaa44dc9e3c05 0bc0c675480d94ec7e8609dda6227f88c5d08d2c 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
GET /s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:40:02 GMT
expires: Fri, 11 Apr 2025 02:40:02 GMT
cache-control: public, max-age=31536000
age: 469952
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 79 kB |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3 ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File typegzip compressed data, from Unix Hashaa5212c6645ea81f51c19935c86ad585 8a1d09bf8e48572f6925f091c721708c0768f9f6 e1d52b6243076745e8b0767887a17b47149fd7cd711cb8416308c467bea95d29
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 16 Apr 2024 14:12:33 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 | 216.58.211.14 | 200 OK | 82 kB |
URL GET HTTP/2fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 IP216.58.211.14:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typegzip compressed data, max compression Hash6a17c0c03b3c9d5bd6d21950eec1c152 6e97ef9c99b70d9b9acaf64b5ffac1a19ae32f1a f8e8c17f47091cda5878f4567e2c0387c809a1e1edc8195cf5e6e8ae22691642
GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Apr 2024 13:12:33 GMT
content-security-policy: script-src 'nonce-P3mTGQ6sfkxm3b0PPpgTGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw0ZBiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZALPH1JZMWEMc8n86aAsRO6TNYQ4DYp34GaxwQt948xzodiE8uOM96EYiT_p1nLQFiIR6Og59-bmATuHDt1VpmAADDMRc"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.163:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 8762
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 188.114.97.1 | 200 OK | 961 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash039a6734d79ed9aa51cf81c52479c5fe 9cf29c4ea1a3880681d50c7228374f8073b7778b a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TmsbkTmbAeQ8bJfvP%2BGUhkXUuHQujbUG9z1UjuVrlo17gd5QBMCfm3MntC6FiZe7CcVKwQf6oHbe3JVySOZ%2BOHet5hITyR7ywz0o39zmMj%2B2noogTdpZOgGtwmpcp45O7W6sHLs0kfAR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d787cbe5688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 | 192.243.61.227 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21959acea147c07fba8ccb1892a10bea
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 | 192.243.61.227 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=2aab6d71-51d9-42bc-b742-8609a3b48bbe&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 35cc7a5349c14f4999ae6774ac59638a
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=LLuIAz62bBuOvJxs_610vcOUcpD5T78v8SegksqNdfQMGcqM0GJCuImSeVI7vU3BHnAAySXs73lQBtj3djYRQqgm9mR5O20cyG0IdGXcvO90O3CTOuhHRSL0QMlP8jlg
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 16 Apr 2024 13:12:39 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 10
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| continuousselfevidentinestimable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR91ZmdICjBTVAacRHBmamq%2FjaLkBhHBsdMTCKKG3lfPfPsV%2FWK9%2Bp19QyIwYhk2foLqs9MJn4ESbaCQXoCLgJC2tWAzsZ%2FoJi1VGew9S7qnnvOLTj3vvvFxB%2BTGJ4eXXrH7Cqt6WprJayf%2FSCKztU3VOpH9VG3%2FVG7ea5uh6%2F32ivhq%2FW3JB%2BY1TiMwjAKo%2FqasrJvRquVCJXd7UUrvXClGa9ErSZG9v%2B18zU4GkAMj8nzUGK29DA4DcWnSJN7l6Qb5CZ77c3Ea5obi6G48146SE2RIlnAvg3QT%2B%2BcdMO4x2sPYNLbc7sww38bmZqR4OcHYOmdE5Ngw%2F25T6YhUzDxDIrhFFJPoegU3NyEEo8JwAUubyJNDi4bW9Cdpyqt1BlZevIXVDEjS7%2BfRpp8f1GrUf2a0T5XJnUY9Uuo0RRqa4rMHyLfrUEVh%2BD5Z1DiF7L6ZANpsr%2FptIESR6%2FElLK26ETLrUj0lpsx48us04yXu%2B2wRxus2WVMzhek1BSqP4WWX85Ie%2FdvUHcK3gXwKoDvB%2FBZgEQc1XkURZ1QcBp2e5w3REeytggj2ulHNArbXXheDTJGno3B9Rjcfn6Qie18MNzPrZf7PuVuEn39lGrEc%2FKgIhvxJEJmb2CgxrD%2BJ7jtEk7U4PIZCd79FENRopAEhSMoKEGhCIqcoBiWt4V2sSsPhHaeRSc5PsmNcs%2FkWxN62%2BRbMiWgdgwrykl2TJ6rdh58%2BPATDORRvdHgsid7PR6xfoVYLJpd2otagrXacZPDqRLK1UBdgF01I90XfkNW3cGgBKOHcPoQXL0M6l8ELUrQ7RK76d1cpTve6pXEMAVhSmT5EvKdYKKPyZn5q69v3ofkj87%2F0ZgHuC2R2RIfq4cEW%2FrW3lVTkP2rpnDk%2FmaWq0Tt0uoiruU0l6e%2BfVvuFMaK9Utu%2FM0FXgkVvHtdunyDpkKlW458d1EJIe2asVySH9fd%2B5Jd8W77orepzzauvLG2nmRWOqdMOgWthvrTgqsZefbM9fmxn%2F3hCpSdwvoSiX9ETgLKTMGzG3DZwr8zBFYvelgWoPDlno3ZgtSKQMtFTVkJ95%2BaLfCepdXfVJUTdwtbtgaa30SalBjaEkNdguoxnD%2B1l2f20flfT2wwXdtj2tb2mbb6q%2Fmaq889OHVUb4Siw2Rfdphstpp9yQVrtVjI%2B5w1RLfLkbtZ%2F6WdC%2F8AAAD%2F%2FwEAAP%2F%2FTPYiLMYEAAA%3D | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR91ZmdICjBTVAacRHBmamq%2FjaLkBhHBsdMTCKKG3lfPfPsV%2FWK9%2Bp19QyIwYhk2foLqs9MJn4ESbaCQXoCLgJC2tWAzsZ%2FoJi1VGew9S7qnnvOLTj3vvvFxB%2BTGJ4eXXrH7Cqt6WprJayf%2FSCKztU3VOpH9VG3%2FVG7ea5uh6%2F32ivhq%2FW3JB%2BY1TiMwjAKo%2FqasrJvRquVCJXd7UUrvXClGa9ErSZG9v%2B18zU4GkAMj8nzUGK29DA4DcWnSJN7l6Qb5CZ77c3Ea5obi6G48146SE2RIlnAvg3QT%2B%2BcdMO4x2sPYNLbc7sww38bmZqR4OcHYOmdE5Ngw%2F25T6YhUzDxDIrhFFJPoegU3NyEEo8JwAUubyJNDi4bW9Cdpyqt1BlZevIXVDEjS7%2BfRpp8f1GrUf2a0T5XJnUY9Uuo0RRqa4rMHyLfrUEVh%2BD5Z1DiF7L6ZANpsr%2FptIESR6%2FElLK26ETLrUj0lpsx48us04yXu%2B2wRxus2WVMzhek1BSqP4WWX85Ie%2FdvUHcK3gXwKoDvB%2FBZgEQc1XkURZ1QcBp2e5w3REeytggj2ulHNArbXXheDTJGno3B9Rjcfn6Qie18MNzPrZf7PuVuEn39lGrEc%2FKgIhvxJEJmb2CgxrD%2BJ7jtEk7U4PIZCd79FENRopAEhSMoKEGhCIqcoBiWt4V2sSsPhHaeRSc5PsmNcs%2FkWxN62%2BRbMiWgdgwrykl2TJ6rdh58%2BPATDORRvdHgsid7PR6xfoVYLJpd2otagrXacZPDqRLK1UBdgF01I90XfkNW3cGgBKOHcPoQXL0M6l8ELUrQ7RK76d1cpTve6pXEMAVhSmT5EvKdYKKPyZn5q69v3ofkj87%2F0ZgHuC2R2RIfq4cEW%2FrW3lVTkP2rpnDk%2FmaWq0Tt0uoiruU0l6e%2BfVvuFMaK9Utu%2FM0FXgkVvHtdunyDpkKlW458d1EJIe2asVySH9fd%2B5Jd8W77orepzzauvLG2nmRWOqdMOgWthvrTgqsZefbM9fmxn%2F3hCpSdwvoSiX9ETgLKTMGzG3DZwr8zBFYvelgWoPDlno3ZgtSKQMtFTVkJ95%2BaLfCepdXfVJUTdwtbtgaa30SalBjaEkNdguoxnD%2B1l2f20flfT2wwXdtj2tb2mbb6q%2Fmaq889OHVUb4Siw2Rfdphstpp9yQVrtVjI%2B5w1RLfLkbtZ%2F6WdC%2F8AAAD%2F%2FwEAAP%2F%2FTPYiLMYEAAA%3D IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRR91ZmdICjBTVAacRHBmamq%2FjaLkBhHBsdMTCKKG3lfPfPsV%2FWK9%2Bp19QyIwYhk2foLqs9MJn4ESbaCQXoCLgJC2tWAzsZ%2FoJi1VGew9S7qnnvOLTj3vvvFxB%2BTGJ4eXXrH7Cqt6WprJayf%2FSCKztU3VOpH9VG3%2FVG7ea5uh6%2F32ivhq%2FW3JB%2BY1TiMwjAKo%2FqasrJvRquVCJXd7UUrvXClGa9ErSZG9v%2B18zU4GkAMj8nzUGK29DA4DcWnSJN7l6Qb5CZ77c3Ea5obi6G48146SE2RIlnAvg3QT%2B%2BcdMO4x2sPYNLbc7sww38bmZqR4OcHYOmdE5Ngw%2F25T6YhUzDxDIrhFFJPoegU3NyEEo8JwAUubyJNDi4bW9Cdpyqt1BlZevIXVDEjS7%2BfRpp8f1GrUf2a0T5XJnUY9Uuo0RRqa4rMHyLfrUEVh%2BD5Z1DiF7L6ZANpsr%2FptIESR6%2FElLK26ETLrUj0lpsx48us04yXu%2B2wRxus2WVMzhek1BSqP4WWX85Ie%2FdvUHcK3gXwKoDvB%2FBZgEQc1XkURZ1QcBp2e5w3REeytggj2ulHNArbXXheDTJGno3B9Rjcfn6Qie18MNzPrZf7PuVuEn39lGrEc%2FKgIhvxJEJmb2CgxrD%2BJ7jtEk7U4PIZCd79FENRopAEhSMoKEGhCIqcoBiWt4V2sSsPhHaeRSc5PsmNcs%2FkWxN62%2BRbMiWgdgwrykl2TJ6rdh58%2BPATDORRvdHgsid7PR6xfoVYLJpd2otagrXacZPDqRLK1UBdgF01I90XfkNW3cGgBKOHcPoQXL0M6l8ELUrQ7RK76d1cpTve6pXEMAVhSmT5EvKdYKKPyZn5q69v3ofkj87%2F0ZgHuC2R2RIfq4cEW%2FrW3lVTkP2rpnDk%2FmaWq0Tt0uoiruU0l6e%2BfVvuFMaK9Utu%2FM0FXgkVvHtdunyDpkKlW458d1EJIe2asVySH9fd%2B5Jd8W77orepzzauvLG2nmRWOqdMOgWthvrTgqsZefbM9fmxn%2F3hCpSdwvoSiX9ETgLKTMGzG3DZwr8zBFYvelgWoPDlno3ZgtSKQMtFTVkJ95%2BaLfCepdXfVJUTdwtbtgaa30SalBjaEkNdguoxnD%2B1l2f20flfT2wwXdtj2tb2mbb6q%2Fmaq889OHVUb4Siw2Rfdphstpp9yQVrtVjI%2B5w1RLfLkbtZ%2F6WdC%2F8AAAD%2F%2FwEAAP%2F%2FTPYiLMYEAAA%3D HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:34 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f4172600896422e6d199bbfd85862987
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 188.114.97.1 | 200 OK | 84 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5357247
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtKj95VS334ke1q9w4Oq2jNsB97xwbWRdtdxLqaImP2ezYSMmyeyR9piIAqFJUiHmHtCeXVy9L42diN4oXGLzoVgeTWWZj5b6Gl%2FFj%2BnhYsduvajsmar%2BMWOuDbeUD%2BWOCFbGoSc9CTV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d790db85688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fundingchoicesmessages.google.com/el/AGSKWxXo31tE6KsXqcplXoUfrK6rkdSGY6gsj9Gp18bEQGV4Z14dBHRQYyFd9UgvHRdte0PyfEI__FqQ9pwMj8hpPXsCb5s3gIIEDw_CDHdUOo6xu8Ky_ShvniZyBI9gMMoKTmi5JB5qlA== | 216.58.211.14 | 204 No Content | 0 B |
URL POST HTTP/3fundingchoicesmessages.google.com/el/AGSKWxXo31tE6KsXqcplXoUfrK6rkdSGY6gsj9Gp18bEQGV4Z14dBHRQYyFd9UgvHRdte0PyfEI__FqQ9pwMj8hpPXsCb5s3gIIEDw_CDHdUOo6xu8Ky_ShvniZyBI9gMMoKTmi5JB5qlA== IP216.58.211.14:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /el/AGSKWxXo31tE6KsXqcplXoUfrK6rkdSGY6gsj9Gp18bEQGV4Z14dBHRQYyFd9UgvHRdte0PyfEI__FqQ9pwMj8hpPXsCb5s3gIIEDw_CDHdUOo6xu8Ky_ShvniZyBI9gMMoKTmi5JB5qlA== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 92
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://bitly.ws
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Apr 2024 13:12:34 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-AkllTzchy9vvQpeATt7vSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII1pBiqGV4xtQKxE7pM1hDgFiIh-PQp58b2ARubF25hAkAzS4M6w"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| continuousselfevidentinestimable.com/pixel/sbs?c=1 | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/pixel/sbs?c=1 IP172.240.127.234:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js | 192.243.59.13 | 200 OK | 27 kB |
URL GET HTTP/1.1pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6bf2b0943a0a8ae14b4e66a8eace2179
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.97.1 | 200 OK | 86 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44 ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:32 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c5574a715c6ec58514bb1456570671f5
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 16 Apr 2024 13:12:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BfRld3Y0fcsx6xCV6Ms55PW4s7QXwHQSC5n0pOO1O%2F6HBqZNXMZFxGt5y3XUKK3CalagM9m%2B2jum3wNeTwlhKU3xypgXxZIZTuUH9EW6vHaSvdsyoUoX8ELHJItHM3wy62TQYuK2ggP1Ibgm7yvp4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d735d1a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap | 142.250.74.106 | 200 OK | 108 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap IP142.250.74.106:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (1572) Size108 kB (108405 bytes) Hashf648e858d3db23f14dffd3e114fa334b 5029f33973cf801797b38cc7343df4e0b1387432 4d16c44ea05f40637b08e0442cc11638ad73895ce4901590b42463d5a48df54c
GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 13:12:34 GMT
date: Tue, 16 Apr 2024 13:12:34 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=294 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=294 IP172.240.108.68:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectcontinuousselfevidentinestimable.com Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=294 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22735548,22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=2aab6d71-51d9-42bc-b742-8609a3b48bbe:3:1; iprcc41392d932aea1771837ac2424674b80=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.97.1 | 200 OK | 86 kB |
URL GET HTTP/3downstairsnegotiatebarren.com/sfp.js IP188.114.97.1:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44 ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 13:12:33 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 18d71c7df87de50b6d9c55684ba36251
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 16 Apr 2024 13:12:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qQEcfllJ7kTksvGttOLoptFPOq7fr9Tepqk4vVZQ4pw2HjhXfU0f04tj5vyqIwhPo2JCHalo2jaQeQxBiQYq0NjweDZlhTnhqybqMXgCQuJUWIMRANqJLLPrWtHUoW6NEXSLGgGBj8JZ1nXhMQBzIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546d750accb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.163:443
Requested byhttps://bitly.ws/?banned=1 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:37:01 GMT
expires: Fri, 11 Apr 2025 02:37:01 GMT
cache-control: public, max-age=31536000
age: 470133
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|