Report - mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2

Report Overview

Submitted URL
mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2
IP
185.11.100.204
ASN
#29522 Cyber_Folks S.A.
Submitted
2024-04-16 13:12:37
Access
public
Website Title
(1) New Message!
Final URL
bitly.ws/?banned=1
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-04-14	474 B	63 kB	45.133.44.4
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-04-15	1.8 kB	249 kB	216.58.211.14
bitly.ws	365777	2018-01-01	2018-04-13	2024-03-26	4.3 kB	47 kB	185.11.100.204
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-16	415 B	88 kB	142.250.74.168
fizzysquirtbikes.com	unknown	unknown	No data	No data	16 kB	56 kB	172.240.108.68
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-04-15	3.2 kB	293 kB	45.133.44.10
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-04-16	338 B	942 B	143.204.53.97
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-15	1.8 kB	1.5 kB	52.29.148.107
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-04-07	2.2 kB	52 kB	188.114.97.1
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-15	1.5 kB	846 B	192.243.61.225
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-15	405 B	87 kB	188.114.96.1
www.paypalobjects.com	1467	2005-05-12	2012-05-30	2024-04-15	431 B	703 B	192.229.221.25
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-04-06	870 B	25 kB	192.243.59.20
pl22826256.profitablegatecpm.com	unknown	2024-02-05	2024-03-19	2024-03-19	444 B	17 kB	172.240.108.84
landings-cdn.adsterratech.com	unknown	2015-03-02	2022-07-07	2024-03-24	460 B	91 kB	142.0.204.220
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-16	2.1 kB	212 kB	142.250.74.163
mp.org.pl	unknown	2013-07-08	2013-09-07	2024-04-09	1.5 kB	16 kB	185.11.100.204
pl22826180.profitablegatecpm.com	unknown	unknown	No data	No data	442 B	11 kB	192.243.61.227
continuousselfevidentinestimable.com	unknown	unknown	No data	No data	20 kB	24 kB	192.243.61.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-16	1.3 kB	56 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed
2024-04-16	medium	unseenreport.com	Sinkholed
2024-04-16	medium	unseenreport.com	Sinkholed
2024-04-16	medium	continuousselfevidentinestimable.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	unknown	196 B	2024-04-16	2024-04-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:44 Last Seen2024-04-28 20:24:07 Times Seen5 Hash 9d1e7befddc07d8f8470fe8baeb8e5f4 4b2476acac084b9d5ca1161c4fec54689bd71273 4e1942df509e84b6c09608fab2b70199d500981449f7e4ac6ee68d637f9de91a Loading...

	bitly.ws/sandbox%20eval%20code	128 B	2023-05-06	2024-04-29
Pretty URL bitly.ws/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-29 19:58:34 Times Seen21276 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX	243 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:44 Last Seen2024-04-16 15:12:46 Times Seen2 Hash 4c00d055c686da5f56423c8bddd055e0 d494124029fb7b57d6d955f3afd15d1e5746669e a276da5ad5870722834424422e28b9312f479f6ccb8155baaaa41dcb0343cf89 Loading...

	www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js	31 kB	2024-04-16	2024-04-16
Pretty URL www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:44 Last Seen2024-04-16 15:13:06 Times Seen4 Hash f3afebed6600738f53fa56d1b04f5e03 4b42270a7dd1d8f67b7caf6d9ea1d46e15855653 a9eceee800c555b01166e6492b2cfea531c5888d9283c50309b00be16c6467e4 Loading...

	bitly.ws/?banned=1	158 B	2023-12-29	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-04-29 10:14:07 Times Seen21 Hash e2171717aacde6f9cef85e4e87f10e62 43ba3696cdc3c063250c6a1355b58c2e5ddeb388 0b92cbfe6dce4f0f76ed2d385a9009f91ba7d37faecdca9fa7735095cc166ac0 Loading...

	www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js	31 kB	2024-04-16	2024-04-16
Pretty URL www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:13:06 Times Seen4 Hash 78121f6c4b167383f7a0fdbca0779bb4 3d485a89f0b00733f7922855f4dc4264c7147a4b 5b604d66fe1062505287bdf92f9b1a90cd4c24693f45f70af7f6fb42df66b737 Loading...

	bitly.ws/?banned=1	162 B	2023-12-29	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-04-29 10:14:07 Times Seen21 Hash 56462d0b896d498b410c38451babc53b ac4fabda549e9c2299c8871c724e7c20fe98267f 68b133d98713866d41cc2a4b2e8a779041106fd7be66bd34844bf825028f4f0f Loading...

	unknown	145 B	2024-04-16	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-29 10:14:07 Times Seen7 Hash daf8d2c9b90ad6cec0ebb9349b91a45c 0642a4a6468012dd728122226d2eb14adf1116eb 249557d780ab8f0d4d5d3c5fc2c39cf39b060ed6687d822937669fc6b738f25e Loading...

	unknown	3.3 kB	2024-04-16	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:12:45 Times Seen1 Hash 52d01b9444ca663c4dbf84c36fdd553e c81c82a0dfb5212152460e26d926f51681fc97d4 26e21b23dfb165114211a2c6c09efc60e934fcd5f4b9d863086f0a4b8337c508 Loading...

	bitly.ws/?banned=1	429 B	2023-03-07	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02:48 Last Seen2024-04-29 22:06:45 Times Seen1447 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	unknown	564 B	2024-04-16	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:12:45 Times Seen1 Hash 2913f3175467f5e64de1518041d269e9 446067584673f671fe7cbd17a40540bcbd272114 be73cea8ef873d3e0dde484bab324d00eee800852e4eae7882550d98ac6e9a65 Loading...

	unknown	196 B	2024-03-26	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:31 Last Seen2024-04-29 10:14:07 Times Seen9 Hash 8613f227c34a344219873f805fd1f3d0 9e9db017a412162287aa13af94fd24141452fb4c 64c2845767e6b7cdd73807f7fbfc5f6ef1bb7f9ed3e07a067b6a0defbc6435d2 Loading...

	bitly.ws/js/adframe.js	16 B	2023-03-07	2024-04-29
Pretty URL bitly.ws/js/adframe.js IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:41 Last Seen2024-04-29 10:14:08 Times Seen351 Hash 760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828 Loading...

	bitly.ws/?banned=1	25 B	2023-03-08	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-04-29 10:14:07 Times Seen96 Hash 1427fb2f549ac96d4f0e885993d3b40f 6a355726d3939081aa39ce7eb406a55d45181f24 0fbaf8209057a6df7d107a22189b5892bc1edc1f73b1f5428a8977e66e3f95e4 Loading...

	bitly.ws/?banned=1	139 B	2023-03-08	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-04-29 10:14:07 Times Seen93 Hash 823be5a9c0f24749f43b86566f77a14b bf5f7bd2719df6c9e0f947ab6aedda322f4146e7 b8a0d1db414563caff84583ba167c841e703ad08f909b38f852e6c3e29212749 Loading...

	bitly.ws/?banned=1	288 B	2024-03-26	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-29 10:14:07 Times Seen11 Hash 144182c3ec7831d18e2c274c89447882 bad8ff287f93bfbb5fcc4460e4cb0513f57bfe29 cd479d93f5a86092e83334d5798624273bd64dc22669c535d13975fb9f4c8f08 Loading...

	cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js	90 kB	2023-03-07	2024-04-29
Pretty URL cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-04-29 18:19:28 Times Seen3781 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-04-29
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-04-29 19:58:34 Times Seen21139 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.ecJHoxJ_X8w.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzNmwUsCENOAcdpBYq51breoEeWpg/m=web_iab_tcf_v2_wall_executable	378 kB	2024-04-16	2024-04-16
Pretty URL bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.ecJHoxJ_X8w.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzNmwUsCENOAcdpBYq51breoEeWpg/m=web_iab_tcf_v2_wall_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:12:45 Times Seen1 Hash c0b90bfd1e65026796bea4f628e2e539 02a98114a9a6aed3683f359f01f057ca55545320 4da3d7f52661b9c65cdec0e8b6ce5b5e2ce35f0c903cce9b53db8bbc5fba1020 Loading...

	unknown	145 B	2024-03-26	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-29 10:14:07 Times Seen11 Hash f21e79189dbf24bcfc96766c51c39b95 c3ca59be0bfb49b8dae005a1682a16ab256c7560 7a3f523acb8306f5748e772f8ce97105abf172ca8f0c904f33f6987e3e5e3198 Loading...

	pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js	27 kB	2024-04-16	2024-04-16
Pretty URL pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:13:05 Times Seen3 Hash d10bb6b2f5ea6646123519790186f6ef eccf93dcf4bb0ddf7f096c7bdf9a2d69211c726e 4ea6b3b8d3c18f4ff430ded624032d64af55f756e819c033847ea10fd5358cd9 Loading...

	pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js	44 kB	2024-04-16	2024-04-16
Pretty URL pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:13:06 Times Seen4 Hash 3859bc68d4053902fa373954c3cf4526 0f2d40ee8036e1f530a93b93e5f926ece7dce36e 8496d4cf78ff176141a560d8cd231d3823219d7bad51acdb7cf51d6aba81a42a Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-04-29
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-04-29 20:24:03 Times Seen1285 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	fizzysquirtbikes.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js	83 kB	2024-04-16	2024-04-16
Pretty URL fizzysquirtbikes.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:12:46 Times Seen2 Hash 2466f2e60f556aa2be52139519c85cf4 14bb3e663c85b6f7a193a2dc9f6f352cd94cf46d 3cac668c571b3bc215fd50f79b3ae7ba9b6ad4487dd92c86a64798fccf78ce62 Loading...

	unknown	3.3 kB	2024-04-16	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:12:45 Times Seen1 Hash d87c9a73c8427800e9ba7b92f9f96568 9f55a9574253b02436c3ac694a65c804c7a1495f 84be37a75a0aeb0e4dd3c67e6c454bd43592a635f8b88842726c7186006473ef Loading...

	bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.ecJHoxJ_X8w.es5.O/am=wA/d=1/rs=AJlcJMxNo3Q5UuOpQ8W3V2Sm4yUfAS3obw/m=kernel_loader,loader_js_executable	184 kB	2024-04-16	2024-04-16
Pretty URL bitly.ws/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.ecJHoxJ_X8w.es5.O/am=wA/d=1/rs=AJlcJMxNo3Q5UuOpQ8W3V2Sm4yUfAS3obw/m=kernel_loader,loader_js_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-04-16 15:12:46 Times Seen2 Hash 8eb48b2c6fa090ef91aaf4f384f17622 1a5d72f167796c9d18574a2c162dfbd389175581 aaf64858d92a9d06539c4ccf8aef87e9bc1ed47412c6f7c153394f5aef129b38 Loading...

	bitly.ws/?banned=1	287 B	2024-04-16	2024-04-29
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-29 10:14:07 Times Seen7 Hash c476dfcc7ccffbc3b926b30bd70864e8 4ff18fad8515676c7479993924ce1c8a1879d752 611dbbba80df17837ab416c027716f42b87c22097db100d6d542ad9bcf9fa246 Loading...

	bitly.ws/?banned=1	502 B	2024-04-16	2024-04-16
Pretty URL bitly.ws/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-16 15:12:46 Times Seen1 Hash d7a8f0d756775475f8c235ec3eb17f16 607266f985cad11e5a6b073753f836313e4ab40d 59a50409ef6008bdbf56ffaaee6a26074010d2ccd34e9adc260b0f6c5da119e0 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b785822bfe70f09ccebdc758533fd2c8	2.1 kB	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-16 15:12:46 Times Seen1 Hash b785822bfe70f09ccebdc758533fd2c8 474a7405df73288c07794a4ac20aab845a281468 33905cde8d936c075d0316017752c45726ed69cc3ea1168bfd9c745464ae5dc2 Loading...

	#2 Eval - ae94377297240c5a8faa9a8e8b9b3f0e	2.1 kB	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-16 15:12:46 Times Seen1 Hash ae94377297240c5a8faa9a8e8b9b3f0e a1c07acc695b6b80553698e0f3f8edbd67b95ba4 ed0338f7c2411ae1f3257828f239b30abb626021b0ad02953c8d4bf40672c582 Loading...

		Size	First Seen	Last Seen
	#1 Write - 7162f4f4a6377b3d138be45535f1a62d	117 B	2024-04-16	2024-04-29
Pretty Observations First Seen2024-04-16 15:12:46 Last Seen2024-04-29 10:14:08 Times Seen7 Hash 7162f4f4a6377b3d138be45535f1a62d aab5d1c55fd1cd149f081f3de2d407db3a798516 50ff35d6b03598970774c8d6102eea07cdec9fccd625c594a26b0df5e8d83a09 Loading...

	#2 Write - 04c29f6703f2211413850b120776a8a2	117 B	2024-03-26	2024-04-29
Pretty Observations First Seen2024-03-26 01:45:32 Last Seen2024-04-29 10:14:08 Times Seen11 Hash 04c29f6703f2211413850b120776a8a2 6dd9403c30602b5ae12d2d04a63c2f416a7e41f1 4abede4ad4c2b996ff0b13f8289a58b996c0914d3ec1491877da44fc3cc3e573 Loading...

HTTP Transactions (72)

URL IP Response Size

mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2

185.11.100.204

300 B

URL
mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2
IP
185.11.100.204:0
ASN
#29522 Cyber_Folks S.A.

File type
HTML document, ASCII text
Size
300 B (300 bytes)
Hash
f3f132b4bf40ab2c0820b6357fed55d8
f153668fce917f927410129e16630ce787faaaa0
fc7d9705d2b78c27d54bef384575a3cea81f9880eb488a9c41524a9044fd9ede

HTTP Headers

GET /yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
location: http://mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:10 GMT
content-length: 300
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2

185.11.100.204

0 B

URL
mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2
IP
185.11.100.204:0
ASN
#29522 Cyber_Folks S.A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:10 GMT
content-length: 0
content-type: text/html

bitly.ws/js/adframe.js

185.11.100.204

16 B

URL
bitly.ws/js/adframe.js
IP
185.11.100.204:0
ASN
#29522 Cyber_Folks S.A.

File type
ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
760222d2e529d3e84eb01378cfc46e2e
f789f3c0007640b5549fca2710cf3da500b95e86
0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828

HTTP Headers

GET /js/adframe.js HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:10 GMT
content-type: application/javascript
X-Firefox-Spdy: h2

bitly.ws/css/style.css

185.11.100.204

200 OK

2.8 kB

URL GET HTTP/2
bitly.ws/css/style.css
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
assembler source, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.8 kB (2763 bytes)
Hash
eeee0a4d84ff512093277dcc29852c8d
8cdc89abbf41ad34513b14144d235e215110a600
7b7fa3cffc3403b893b3d6816de290ad101c9f93ff2b06bd91151aed5cd78d35

HTTP Headers

GET /css/style.css HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Thu, 04 Apr 2024 03:49:30 GMT
etag: "2d16-6153d39fcf8a2-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:10 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2763
content-type: text/css
X-Firefox-Spdy: h2

bitly.ws/gfx/bmac.png

185.11.100.204

200 OK

3.2 kB

URL GET HTTP/2
bitly.ws/gfx/bmac.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 214 x 60, 8-bit colormap, non-interlaced
Size
3.2 kB (3206 bytes)
Hash
781860bb7eb619aa3b173144c6d29646
6ba3a103709f121cf9f5ab214610d0215dab93e9
54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657

HTTP Headers

GET /gfx/bmac.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:10 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/bitly-chart.png

185.11.100.204

200 OK

210 B

URL GET HTTP/2
bitly.ws/gfx/bitly-chart.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 200, 1-bit colormap, non-interlaced
Size
210 B (210 bytes)
Hash
0f7081ab57097da4c3f76c5a4fcf3174
1aa09d97610e3ad42e25577468864aacaa26eeee
c28530634cdfc14bb5c068fc74a7071f9e27fc97f9aa03a1258f5b33f9c8ab6d

HTTP Headers

GET /gfx/bitly-chart.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "d2-561cab088ec59"
accept-ranges: bytes
content-length: 210
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:10 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/gfx/stripe.png

185.11.100.204

200 OK

1.4 kB

URL GET HTTP/2
bitly.ws/gfx/stripe.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 91 x 60, 8-bit colormap, non-interlaced
Size
1.4 kB (1359 bytes)
Hash
17aaa9dc48a895306b06de8ae9a8b104
f75e086497b3743ac83d85dc4ca456e8bb556e55
b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a

HTTP Headers

GET /gfx/stripe.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:10 GMT
content-type: image/png
X-Firefox-Spdy: h2

bitly.ws/?banned=1

185.11.100.204

20 kB

URL
bitly.ws/?banned=1
IP
185.11.100.204:0
ASN
#29522 Cyber_Folks S.A.

File type
gzip compressed data, from Unix
Size
20 kB (20413 bytes)
Hash
9ae411cd860e45718922bbab7cf792e4
d14b162cca5753c6055e961e8957ee0e86ac7466
26d860cea848bc002d319ef3cba90ffcb4400ef47e1d2cb58092ca4dcc1f1c08

HTTP Headers

GET /?banned=1 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:10 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2

www.paypalobjects.com/pl_PL/i/scr/pixel.gif

192.229.221.25

43 B

URL
www.paypalobjects.com/pl_PL/i/scr/pixel.gif
IP
192.229.221.25:0
ASN
#15133 EDGECAST

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 16 Apr 2024 13:12:10 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Tue, 16 Apr 2024 14:12:10 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2

bitly.ws/gfx/paypal.jpg

185.11.100.204

200 OK

8.7 kB

URL GET HTTP/2
bitly.ws/gfx/paypal.jpg
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 380 x 130, 8-bit colormap, non-interlaced
Size
8.7 kB (8708 bytes)
Hash
eeb10183dfe4b9ec6bcfea9aa6fa07f6
b55d89bc1ead011821dd3371f2885996fe99785a
1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c

HTTP Headers

GET /gfx/paypal.jpg HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:10 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2

bitly.ws/gfx/paypal.png

185.11.100.204

200 OK

5.5 kB

URL GET HTTP/2
bitly.ws/gfx/paypal.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 200 x 150, 8-bit colormap, non-interlaced
Size
5.5 kB (5516 bytes)
Hash
164e7543a819062962815f4bd99b8419
0355f9dad012daa6adf4bae4e47e44d4b2c51888
675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea

HTTP Headers

GET /gfx/paypal.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:10 GMT
content-type: image/png
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX

142.250.74.168

200 OK

87 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
87 kB (86949 bytes)
Hash
4c00d055c686da5f56423c8bddd055e0
d494124029fb7b57d6d955f3afd15d1e5746669e
a276da5ad5870722834424422e28b9312f479f6ccb8155baaaa41dcb0343cf89

HTTP Headers

GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 13:12:11 GMT
expires: Tue, 16 Apr 2024 13:12:11 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86949
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js

192.243.59.20

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31349), with no line terminators
Size
12 kB (11860 bytes)
Hash
78121f6c4b167383f7a0fdbca0779bb4
3d485a89f0b00733f7922855f4dc4264c7147a4b
5b604d66fe1062505287bdf92f9b1a90cd4c24693f45f70af7f6fb42df66b737

HTTP Headers

GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 667b39ab53343ebbca7bb47dad2dc7b7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js

192.243.61.227

9.8 kB

URL
pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26624), with no line terminators
Size
9.8 kB (9826 bytes)
Hash
d10bb6b2f5ea6646123519790186f6ef
eccf93dcf4bb0ddf7f096c7bdf9a2d69211c726e
4ea6b3b8d3c18f4ff430ded624032d64af55f756e819c033847ea10fd5358cd9

HTTP Headers

GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 15bef080628a20d87b6b2462bafc6e11
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js

192.243.59.20

12 kB

URL
www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31349), with no line terminators
Size
12 kB (11858 bytes)
Hash
f3afebed6600738f53fa56d1b04f5e03
4b42270a7dd1d8f67b7caf6d9ea1d46e15855653
a9eceee800c555b01166e6492b2cfea531c5888d9283c50309b00be16c6467e4

HTTP Headers

GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dfc2b80676422d826a62f939ae3e6c24
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0bea14a24acf01e7602c416935848793
3493b99ca0da4d0c60f848069fa57e39b335a87a
229a97c14569254bf9fe6342e7cd4efd9e4f4b0ff89fb3c1e5c935976ab01062

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 16 Apr 2024 13:12:11 GMT
Last-Modified: Tue, 16 Apr 2024 12:22:42 GMT
Server: ECAcc (ska/F6AF)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _9udEH9DlvLuqCvIxdx-67k9kxevrf7k9ZRcTYM7Xg3sGOry90oNiQ==
Age: 2970

pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js

172.240.108.84

200 OK

16 kB

URL GET HTTP/1.1
pl22826256.profitablegatecpm.com/33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (44198), with no line terminators
Size
16 kB (15876 bytes)
Hash
3859bc68d4053902fa373954c3cf4526
0f2d40ee8036e1f530a93b93e5f926ece7dce36e
8496d4cf78ff176141a560d8cd231d3823219d7bad51acdb7cf51d6aba81a42a

HTTP Headers

GET /33/ce/9e/33ce9e99c1bfce9eb2d48a915db5624c.js HTTP/1.1
Host: pl22826256.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d5566105209f6e0cdb65bd79b594fd9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

52.29.148.107

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.148.107:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
894955abbd73dbea05359b12f38a3365
488028a4eb03edb9f77835207dee4c0237f24677
ca0d14f939980e822c65b0b489806535fc8c93df84f6dfd05fe04450a976c9dc

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; expires=Fri, 14 Apr 2034 13:12:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.148.107

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.148.107:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
55fff66e8f0445f23d146406e1286b49
09571583a9bba465a86e9e38a29287d5469e8c41
4a00cfc99674400237e9299116aa62bdb4f86a218524e82f61237f1137c55f9d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=53d7c6a0-a1a7-4347-95f0-ed5616155674:1:1; expires=Fri, 14 Apr 2034 13:12:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.148.107

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.148.107:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
e07f101df54f76fbff458b38f4e0df19
85de3af92fd31fbea06546397876c56897df20c8
f6c8b1da6dd18946ae58adb7fbb3bb828c8e8576b490fcf5529c2fec0672a137

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=be7acabe-01b7-43cf-89b4-e153b8822724:2:1; expires=Fri, 14 Apr 2034 13:12:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.148.107

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.148.107:443
ASN
#16509 AMAZON-02

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
e07f101df54f76fbff458b38f4e0df19
85de3af92fd31fbea06546397876c56897df20c8
f6c8b1da6dd18946ae58adb7fbb3bb828c8e8576b490fcf5529c2fec0672a137

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: uid_id2=be7acabe-01b7-43cf-89b4-e153b8822724:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bitly.ws
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png

142.0.204.220

90 kB

URL
landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png
IP
142.0.204.220:0
ASN
#7979 SERVERS-COM

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
90 kB (90409 bytes)
Hash
a28902cd41b26954be2c97eea41089a1
c69d00be80adbcba05b788d2dcf7967d0d15a65f
5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61

HTTP Headers

GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes

fizzysquirtbikes.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js

172.240.108.68

31 kB

URL
fizzysquirtbikes.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js
IP
172.240.108.68:0
ASN
#7979 SERVERS-COM

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30998 bytes)
Hash
2466f2e60f556aa2be52139519c85cf4
14bb3e663c85b6f7a193a2dc9f6f352cd94cf46d
3cac668c571b3bc215fd50f79b3ae7ba9b6ad4487dd92c86a64798fccf78ce62

HTTP Headers

GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2967-new=1; expires=Sun, 21 Apr 2024 04:12:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d69a5083ca964a797f502eae5886ab6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

continuousselfevidentinestimable.com/watch.1541983062.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/watch.1541983062.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1541983062.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://continuousselfevidentinestimable.com/watch.1541983062.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=29ceaa3f8b008b89955ebf35bd2ba9a8a61f3f7eebc83f015e36cdd063f17dfb4d170bb4e82c99cd28e19778653d41b9b6a25147f9c58aec0e232b77031c5ffc3e64946cb619cdde78ea6f52eb1ad91a94f23f5b656fdb7e0a93c787840764&tz=0&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1
Set-Cookie: u_pl=22829219; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk; expires=Tue, 16 Apr 2024 13:13:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f17d7e913d0e9712c0d8159075ea8f00
Strict-Transport-Security: max-age=0; includeSubdomains

continuousselfevidentinestimable.com/watch.1591474515439.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1

192.243.61.227

0 B

URL
continuousselfevidentinestimable.com/watch.1591474515439.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1591474515439.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Location: https://continuousselfevidentinestimable.com/watch.1591474515439.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=3a6a24b7d99949870c5da57016902ab8ceb4b0b950e6e87afb1fc6d0c745c071b2eb5663197bc9c236fba582258d81557b13a3b9b9ba2409ab7c49b5f11d05e9522fd40fc1932ac64847400818106623080e66ef8090255a25af28773f2dee&tz=0&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1
Set-Cookie: u_pl=22735548; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; expires=Tue, 16 Apr 2024 13:13:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41081c9c7b87225f44dde751f4322a41
Strict-Transport-Security: max-age=0; includeSubdomains

fizzysquirtbikes.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4

172.240.108.68

200 OK

17 kB

URL GET HTTP/1.1
fizzysquirtbikes.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
JSON text data
Size
17 kB (17128 bytes)
Hash
9071f0ce51d713dc25284942fc7a867c
e42205faecd15fe0215ea17bb143444a91dd05cd
8ab4f58e5163c33475da096305c2bd06ea82dc23fde2a4a4b700e2efeb195062

HTTP Headers

GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:11 GMT
Content-Type: application/json
Content-Length: 17128
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
pdhtkv49=true; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
uncs49=1; expires=Wed, 17 Apr 2024 13:12:11 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]; expires=Tue, 16 Apr 2024 13:12:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 53d616857f1d2a7e009042253c36cf06
Strict-Transport-Security: max-age=0; includeSubdomains

continuousselfevidentinestimable.com/watch.1541983062.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=29ceaa3f8b008b89955ebf35bd2ba9a8a61f3f7eebc83f015e36cdd063f17dfb4d170bb4e82c99cd28e19778653d41b9b6a25147f9c58aec0e232b77031c5ffc3e64946cb619cdde78ea6f52eb1ad91a94f23f5b656fdb7e0a93c787840764&tz=0&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
continuousselfevidentinestimable.com/watch.1541983062.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=29ceaa3f8b008b89955ebf35bd2ba9a8a61f3f7eebc83f015e36cdd063f17dfb4d170bb4e82c99cd28e19778653d41b9b6a25147f9c58aec0e232b77031c5ffc3e64946cb619cdde78ea6f52eb1ad91a94f23f5b656fdb7e0a93c787840764&tz=0&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type
JavaScript source, ASCII text, with very long lines (2641)
Size
2.1 kB (2103 bytes)
Hash
10cb361edf1ad7a97591626571ec9e11
df3bbec582410a290eb19d3e8ecc6494b96a8b17
41fe7505d187da517115dc76e4f20bb2721fda47051ca4fb214ebad73c8c91cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1541983062.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=29ceaa3f8b008b89955ebf35bd2ba9a8a61f3f7eebc83f015e36cdd063f17dfb4d170bb4e82c99cd28e19778653d41b9b6a25147f9c58aec0e232b77031c5ffc3e64946cb619cdde78ea6f52eb1ad91a94f23f5b656fdb7e0a93c787840764&tz=0&uuid=53d7c6a0-a1a7-4347-95f0-ed5616155674%3A1%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.ZPJJ4fJ18Z3i1mt4s5io96nzFLBfj2cTIbhZtigLSdk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=53d7c6a0-a1a7-4347-95f0-ed5616155674:1:1; expires=Tue, 23 Apr 2024 13:12:12 GMT; secure; SameSite=None
iprc2d6e605be25fedaa7eabdabafff861e4=3570421; expires=Tue, 16 Apr 2024 17:12:12 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
pdhtkv32=true; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uncs32=1; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1186289d3fc1893ec36437a360c55a4a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAjLsCAoyqS7Z6ZnxkUWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENon%2BAi0wCiwTFzEUCmv%2FAk7B4lB4HRx90v%2B%2FV9wq%2B9776dM9cEB%2BGnq%2B%2BI3e4EHS5WXOrL77vedeqGzw1w%2BqwHXwUNK5V1eDVTlBzX6q%2BFUd9uey7nut6rldd4yruyuFySYJnRx2v1nFrDb%2FmNRsYqv%2FX2jjQ1AEbXJBnwNm0cuJcBo8mSJNvV2Pdz2X2ypuJETSXCgN2eDftp7JIkSxgVznopofzbkh9tvYQMj2YyYUc%2FNsY8ilxHj1EmB7ORSIc7M90hgJxipA9iWIwQSwm4HSCSN4DZ2cEiBhubCJNHtyQqqDb%2F7C0ZKek8vhP8GJKKr9fRpp8syL4sHpHCpNzmWoMuxZ8OAHvTZCZY%2BQ7l8CLY0T5J%2BDsZ7L8eANpsr%2BphQRndjY75xPw7gQiHoFqB6b8uAPTdWAyBwk7r0ae57VcFlG33YmiOmvFYcBcj7a6HvXcoA0TlfJGyLMRIjFCpHaRqV30%2BQjK%2FAC9ZaGZA51PiXNrFwNmUcQEhSYoKEHBCYqcoBjYAya0r%2B0DJrQJvXn257luxzLv7dEDmffilICqERSze9kFebrcj%2FPhiYd%2BfF71Wj7rBG3XbzSbzXrcdps%2Bpd0w9kIWNKhXh%2BYWXF%2BajbzDp6T93G%2FISs%2F6FiE9hhbHiPhVUOOBFhZ0y2InPcp5um2UqCUy5GDSIssryLedPXFBnp85dLVyC3F0ev3R0mvZ%2BNclRMoiUxYf8xOCnrg%2Fvi0Lsn9bFpp8t5nlPOE7tHTvTk7z%2BImv3o63C6nY%2Bqoeffl6VBIlPHo31vkGTRlPe5p8vcIZi9WaVFFMvl%2FX78XhTaO3VoxKTbZx84219SRTsdZcphNQfrb5FyI%2BJZUXnp09y6d%2B%2BgNcTaCMRWJOyTzA5TGibBc6W6jXkkCJRU%2BYOSiMHSs%2FXBwKTiDiRU1DC%2F2fOlzgsaLlbcrtnr6PnqqA5veQJhYDZTEQFlSMoM3SOM%2FU6fUfPy%2FjC4SiMg6FquyHQonPZksuf3en5MovjRJ9AM3Pq6163aVBp%2Bm1WjRuhQ2%2F3Q08RqnfCPwgoHXketq9sv3y3wAAAP%2F%2FAQAA%2F%2F%2BQW%2BW8egQAAA%3D%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAjLsCAoyqS7Z6ZnxkUWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENon%2BAi0wCiwTFzEUCmv%2FAk7B4lB4HRx90v%2B%2FV9wq%2B9776dM9cEB%2BGnq%2B%2BI3e4EHS5WXOrL77vedeqGzw1w%2BqwHXwUNK5V1eDVTlBzX6q%2BFUd9uey7nut6rldd4yruyuFySYJnRx2v1nFrDb%2FmNRsYqv%2FX2jjQ1AEbXJBnwNm0cuJcBo8mSJNvV2Pdz2X2ypuJETSXCgN2eDftp7JIkSxgVznopofzbkh9tvYQMj2YyYUc%2FNsY8ilxHj1EmB7ORSIc7M90hgJxipA9iWIwQSwm4HSCSN4DZ2cEiBhubCJNHtyQqqDb%2F7C0ZKek8vhP8GJKKr9fRpp8syL4sHpHCpNzmWoMuxZ8OAHvTZCZY%2BQ7l8CLY0T5J%2BDsZ7L8eANpsr%2BphQRndjY75xPw7gQiHoFqB6b8uAPTdWAyBwk7r0ae57VcFlG33YmiOmvFYcBcj7a6HvXcoA0TlfJGyLMRIjFCpHaRqV30%2BQjK%2FAC9ZaGZA51PiXNrFwNmUcQEhSYoKEHBCYqcoBjYAya0r%2B0DJrQJvXn257luxzLv7dEDmffilICqERSze9kFebrcj%2FPhiYd%2BfF71Wj7rBG3XbzSbzXrcdps%2Bpd0w9kIWNKhXh%2BYWXF%2BajbzDp6T93G%2FISs%2F6FiE9hhbHiPhVUOOBFhZ0y2InPcp5um2UqCUy5GDSIssryLedPXFBnp85dLVyC3F0ev3R0mvZ%2BNclRMoiUxYf8xOCnrg%2Fvi0Lsn9bFpp8t5nlPOE7tHTvTk7z%2BImv3o63C6nY%2Bqoeffl6VBIlPHo31vkGTRlPe5p8vcIZi9WaVFFMvl%2FX78XhTaO3VoxKTbZx84219SRTsdZcphNQfrb5FyI%2BJZUXnp09y6d%2B%2BgNcTaCMRWJOyTzA5TGibBc6W6jXkkCJRU%2BYOSiMHSs%2FXBwKTiDiRU1DC%2F2fOlzgsaLlbcrtnr6PnqqA5veQJhYDZTEQFlSMoM3SOM%2FU6fUfPy%2FjC4SiMg6FquyHQonPZksuf3en5MovjRJ9AM3Pq6163aVBp%2Bm1WjRuhQ2%2F3Q08RqnfCPwgoHXketq9sv3y3wAAAP%2F%2FAQAA%2F%2F%2BQW%2BW8egQAAA%3D%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAjLsCAoyqS7Z6ZnxkUWY4wE42Z%2FuPjjItVdPZNyqruaqq7pSU7BBdnjHLzoqfJNskENon%2BAi0wCiwTFzEUCmv%2FAk7B4lB4HRx90v%2B%2FV9wq%2B9776dM9cEB%2BGnq%2B%2BI3e4EHS5WXOrL77vedeqGzw1w%2BqwHXwUNK5V1eDVTlBzX6q%2BFUd9uey7nut6rldd4yruyuFySYJnRx2v1nFrDb%2FmNRsYqv%2FX2jjQ1AEbXJBnwNm0cuJcBo8mSJNvV2Pdz2X2ypuJETSXCgN2eDftp7JIkSxgVznopofzbkh9tvYQMj2YyYUc%2FNsY8ilxHj1EmB7ORSIc7M90hgJxipA9iWIwQSwm4HSCSN4DZ2cEiBhubCJNHtyQqqDb%2F7C0ZKek8vhP8GJKKr9fRpp8syL4sHpHCpNzmWoMuxZ8OAHvTZCZY%2BQ7l8CLY0T5J%2BDsZ7L8eANpsr%2BphQRndjY75xPw7gQiHoFqB6b8uAPTdWAyBwk7r0ae57VcFlG33YmiOmvFYcBcj7a6HvXcoA0TlfJGyLMRIjFCpHaRqV30%2BQjK%2FAC9ZaGZA51PiXNrFwNmUcQEhSYoKEHBCYqcoBjYAya0r%2B0DJrQJvXn257luxzLv7dEDmffilICqERSze9kFebrcj%2FPhiYd%2BfF71Wj7rBG3XbzSbzXrcdps%2Bpd0w9kIWNKhXh%2BYWXF%2BajbzDp6T93G%2FISs%2F6FiE9hhbHiPhVUOOBFhZ0y2InPcp5um2UqCUy5GDSIssryLedPXFBnp85dLVyC3F0ev3R0mvZ%2BNclRMoiUxYf8xOCnrg%2Fvi0Lsn9bFpp8t5nlPOE7tHTvTk7z%2BImv3o63C6nY%2Bqoeffl6VBIlPHo31vkGTRlPe5p8vcIZi9WaVFFMvl%2FX78XhTaO3VoxKTbZx84219SRTsdZcphNQfrb5FyI%2BJZUXnp09y6d%2B%2BgNcTaCMRWJOyTzA5TGibBc6W6jXkkCJRU%2BYOSiMHSs%2FXBwKTiDiRU1DC%2F2fOlzgsaLlbcrtnr6PnqqA5veQJhYDZTEQFlSMoM3SOM%2FU6fUfPy%2FjC4SiMg6FquyHQonPZksuf3en5MovjRJ9AM3Pq6163aVBp%2Bm1WjRuhQ2%2F3Q08RqnfCPwgoHXketq9sv3y3wAAAP%2F%2FAQAA%2F%2F%2BQW%2BW8egQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f34e299b2b5ad883b51d3a94b8eab569
Strict-Transport-Security: max-age=0; includeSubdomains

fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXue0XvyxeBGWYUFQlEl3z0zPjIsEY8wSjJv94eKPi1R39UzKqe5qqrqmJ%2BMluCB7nIMXPVW%2BSTaoYdE%2FwEUmgUWCYuYiAQ34D3gRFo%2FSYzD6oHjfq%2B8VfO999em2OSU%2BDD1ZfluOuBB0oVlzqy%2B%2B53lXq2s8NcPqsB18GDSuVtXg1U5Qc1%2BqXoujvlzwXc91PderrnAVd%2BVwoSTBs%2F2OV%2Bu4tYZf85oNDNX%2Fa20caOqADU7JM%2BBsVjl0LoFHU6TJN8ux7ucye%2BXNxAiaS4UB27uT9lNZpEjOYVc56KZ7Z92Q%2BnjlIWS6O5cLOfi3MeQz4jx6iDDdOxOJcLAz1xkKxClC9iSKwRSxmILTKSJ5F5wdEyBiuL6ONLl%2FXaqCbv7D0pKdkcrjP8GLGan8dglp8mBJ8GH1thQm5zLVGHYt%2BHAK3psiMwfIRxfAiwNE%2BSfg7Cey8HgNabKzroUEZ3Y%2BO%2BdT8O4UIh6DagemPNyB6TowmYOEnVQjz%2FNaLouo2%2B5EUZ214jBgrkdbXY96btCGiUp5Y%2BTZGJEYI1JbyNQW%2BnwMZb6H3rDQzIHOZ8S5uYUBsyhigkITFJSg4ARFTlAM7C4T2tf2PhPahN5Z9s9y3U5k3tumuzLvxSkBVWMoZrezU%2FJ0uR%2Fng0MP%2Ffik6rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbi%2BMB95xGek%2FdyvyErP%2BhYhPYAWB4j4FVDjgRYWdMNilO7nPN00StQSGXIwaZHlFeSbzrY4Jc%2FPHbpSuYM4Olp8dPG1bPLLRUTKIlMWH%2FFDgp64N7klC7JzSxaafLue5TzhI1q6dzunefzEV2%2FFm4VUbHVZj798PSqJEu6%2FE%2Bt8jaaMpz1Nvl7ijMVqRaooJt%2Bt6nfj8IbRG0tGpSZbu%2FHGymqSqVhrLtMpKD9e%2FwsRn5HKC8%2FOv%2BVTP%2F4BrqZQxiIxR%2BQswOUBomwLOjtazEe%2FX3tw6WNoSaDEeU%2BYXUBh7ET54fml4AQiPq9paKH%2FU4fneKJo%2BZpyu63voacqoPldpInFQFkMhAUVY2hzcZJn6mjxh8%2FL%2BAKhqExCoSo7oVDis3LJN%2BebnpHLPzdK9D40P6m26nWXBp2m12rRuBU2%2FHY38BilfiPwg4DWketZ9%2FLmy38DAAD%2F%2FwEAAP%2F%2Fgyq1anoEAAA%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXue0XvyxeBGWYUFQlEl3z0zPjIsEY8wSjJv94eKPi1R39UzKqe5qqrqmJ%2BMluCB7nIMXPVW%2BSTaoYdE%2FwEUmgUWCYuYiAQ34D3gRFo%2FSYzD6oHjfq%2B8VfO999em2OSU%2BDD1ZfluOuBB0oVlzqy%2B%2B53lXq2s8NcPqsB18GDSuVtXg1U5Qc1%2BqXoujvlzwXc91PderrnAVd%2BVwoSTBs%2F2OV%2Bu4tYZf85oNDNX%2Fa20caOqADU7JM%2BBsVjl0LoFHU6TJN8ux7ucye%2BXNxAiaS4UB27uT9lNZpEjOYVc56KZ7Z92Q%2BnjlIWS6O5cLOfi3MeQz4jx6iDDdOxOJcLAz1xkKxClC9iSKwRSxmILTKSJ5F5wdEyBiuL6ONLl%2FXaqCbv7D0pKdkcrjP8GLGan8dglp8mBJ8GH1thQm5zLVGHYt%2BHAK3psiMwfIRxfAiwNE%2BSfg7Cey8HgNabKzroUEZ3Y%2BO%2BdT8O4UIh6DagemPNyB6TowmYOEnVQjz%2FNaLouo2%2B5EUZ214jBgrkdbXY96btCGiUp5Y%2BTZGJEYI1JbyNQW%2BnwMZb6H3rDQzIHOZ8S5uYUBsyhigkITFJSg4ARFTlAM7C4T2tf2PhPahN5Z9s9y3U5k3tumuzLvxSkBVWMoZrezU%2FJ0uR%2Fng0MP%2Ffik6rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbi%2BMB95xGek%2FdyvyErP%2BhYhPYAWB4j4FVDjgRYWdMNilO7nPN00StQSGXIwaZHlFeSbzrY4Jc%2FPHbpSuYM4Olp8dPG1bPLLRUTKIlMWH%2FFDgp64N7klC7JzSxaafLue5TzhI1q6dzunefzEV2%2FFm4VUbHVZj798PSqJEu6%2FE%2Bt8jaaMpz1Nvl7ijMVqRaooJt%2Bt6nfj8IbRG0tGpSZbu%2FHGymqSqVhrLtMpKD9e%2FwsRn5HKC8%2FOv%2BVTP%2F4BrqZQxiIxR%2BQswOUBomwLOjtazEe%2FX3tw6WNoSaDEeU%2BYXUBh7ET54fml4AQiPq9paKH%2FU4fneKJo%2BZpyu63voacqoPldpInFQFkMhAUVY2hzcZJn6mjxh8%2FL%2BAKhqExCoSo7oVDis3LJN%2BebnpHLPzdK9D40P6m26nWXBp2m12rRuBU2%2FHY38BilfiPwg4DWketZ9%2FLmy38DAAD%2F%2FwEAAP%2F%2Fgyq1anoEAAA%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXue0XvyxeBGWYUFQlEl3z0zPjIsEY8wSjJv94eKPi1R39UzKqe5qqrqmJ%2BMluCB7nIMXPVW%2BSTaoYdE%2FwEUmgUWCYuYiAQ34D3gRFo%2FSYzD6oHjfq%2B8VfO999em2OSU%2BDD1ZfluOuBB0oVlzqy%2B%2B53lXq2s8NcPqsB18GDSuVtXg1U5Qc1%2BqXoujvlzwXc91PderrnAVd%2BVwoSTBs%2F2OV%2Bu4tYZf85oNDNX%2Fa20caOqADU7JM%2BBsVjl0LoFHU6TJN8ux7ucye%2BXNxAiaS4UB27uT9lNZpEjOYVc56KZ7Z92Q%2BnjlIWS6O5cLOfi3MeQz4jx6iDDdOxOJcLAz1xkKxClC9iSKwRSxmILTKSJ5F5wdEyBiuL6ONLl%2FXaqCbv7D0pKdkcrjP8GLGan8dglp8mBJ8GH1thQm5zLVGHYt%2BHAK3psiMwfIRxfAiwNE%2BSfg7Cey8HgNabKzroUEZ3Y%2BO%2BdT8O4UIh6DagemPNyB6TowmYOEnVQjz%2FNaLouo2%2B5EUZ214jBgrkdbXY96btCGiUp5Y%2BTZGJEYI1JbyNQW%2BnwMZb6H3rDQzIHOZ8S5uYUBsyhigkITFJSg4ARFTlAM7C4T2tf2PhPahN5Z9s9y3U5k3tumuzLvxSkBVWMoZrezU%2FJ0uR%2Fng0MP%2Ffik6rV81gnart9oNpv1uO02fUq7YeyFLGhQrw7NLbi%2BMB95xGek%2FdyvyErP%2BhYhPYAWB4j4FVDjgRYWdMNilO7nPN00StQSGXIwaZHlFeSbzrY4Jc%2FPHbpSuYM4Olp8dPG1bPLLRUTKIlMWH%2FFDgp64N7klC7JzSxaafLue5TzhI1q6dzunefzEV2%2FFm4VUbHVZj798PSqJEu6%2FE%2Bt8jaaMpz1Nvl7ijMVqRaooJt%2Bt6nfj8IbRG0tGpSZbu%2FHGymqSqVhrLtMpKD9e%2FwsRn5HKC8%2FOv%2BVTP%2F4BrqZQxiIxR%2BQswOUBomwLOjtazEe%2FX3tw6WNoSaDEeU%2BYXUBh7ET54fml4AQiPq9paKH%2FU4fneKJo%2BZpyu63voacqoPldpInFQFkMhAUVY2hzcZJn6mjxh8%2FL%2BAKhqExCoSo7oVDis3LJN%2BebnpHLPzdK9D40P6m26nWXBp2m12rRuBU2%2FHY38BilfiPwg4DWketZ9%2FLmy38DAAD%2F%2FwEAAP%2F%2Fgyq1anoEAAA%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e3b02b91ab25ee93791c60fe8b273d9
Strict-Transport-Security: max-age=0; includeSubdomains

continuousselfevidentinestimable.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=be7acabe-01b7-43cf-89b4-e153b8822724%3A2%3A1

192.243.61.227

200 OK

7.6 kB

URL GET HTTP/1.1
continuousselfevidentinestimable.com/sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=be7acabe-01b7-43cf-89b4-e153b8822724%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type
JSON text data
Size
7.6 kB (7609 bytes)
Hash
0d3ee5f030b07894adb1928db51e6707
2956de707e3930df6ab55abeb7d41ef39d7b5eca
a7d8f5e50ddf95dd0dddf511752b82ee2fa8260350293f472814b51fb87037b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=33ce9e99c1bfce9eb2d48a915db5624c&uuid=be7acabe-01b7-43cf-89b4-e153b8822724%3A2%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725757; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uid_id2=be7acabe-01b7-43cf-89b4-e153b8822724:2:1; expires=Tue, 23 Apr 2024 13:12:12 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6dc7b451c7212ec3a14f1454a7af4ddb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg

45.133.44.10

200 OK

23 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
23 kB (22757 bytes)
Hash
9a2dc4fe2ebb70df2dfb1566d22970b8
b85a5f4ef7bd68b834d03d8b9a552e2e546e8701
1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd

HTTP Headers

GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p1TBEFdvAjLsCD4i0l3z0zPjIssxhgJxs3%2BcPHHRaq7eiblVHc1VV3Tk5yCC7LHOXjRU%2BWbZIMaRP8AF5kEFgmImYsENP%2BEsHiUHgdHH3S%2F79X3Cr73vvp8z1wQH4aer74nd7gQdLlZc6svfeh516sbPDXD6rAdfBI0rlfV4PVOUHNfrr4TR3257Lue63quV13jKu7K4XJJgmdHHa%2FWcWsNv%2BY1Gxiq%2F9faONDUARtckGfB2bRy4lwBjyZIk%2B9XY93PZfba24kRNJcKA3Z4L%2B2nskiRLGBXOeimh%2FNuSH229ggyPZjJhRz82xjyKXEeP0KYHs5FIhzsz3SGAnGKkD2FYjBBLCbgdIJI3gdnZwSIGG5uIk0e3pSqoNv%2FsLRkp6Ty5E%2FwYkoqf1xBmny3IviwelcKk3OZagy7Fnw4Ae9NkJlj5DuXwItjRPln4OwXsvxkA2myv6mFBGd2NjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV8kbIsxEiMUKkdpGpXfT5CMr8BL1loZkDnU%2BJc3sXA2ZRxASFJigoQcEJipygGNgDJrSv7UMmtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5ptyP8%2FGJh358XvVaPusEbddvNJvNetx2mz6l3TD2QhY0qFeH5hZcX5qNvMOnpP3878hKz%2FoWIT2GFseI%2BDVQ44EWFnTLYic9ynm6bZSoJTLkYNIiyyvIt509cUFemDl09dcG4uj0xuOlN7Lxb0uIlEWmLD7lJwQ98WB8RxZk%2F44sNPlhM8t5wndo6d7dnObx5W%2FejbcLqdj6qh59%2FWZUEiU8ej%2FW%2BQZNGU97mny7whmL1ZpUUUx%2BXNcfxOEto7dWjEpNtnHrrbX1JFOx1lymE1B%2BtvkXIj4llRefmz3Lp89eAVcTKGORmFMyD3B5jCjbhc4W6rUkUGLRE2aXURg7Vn64OBScQMSLmoYW%2Bj91uMBjRcvblNs9%2FQA9VQHN7yNNLAbKYiAsqBhBm6VxnqnTGz9%2FWcZXCEVlHApV2Q%2BFEl9MybXK7fJ3b7buEn0Ezc%2BrrXrdpUGn6bVaNG6FDb%2FdDTxGqd8I%2FCCgdeR62r26%2FerfAAAA%2F%2F8BAAD%2F%2F9cgUCd6BAAA

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p1TBEFdvAjLsCD4i0l3z0zPjIssxhgJxs3%2BcPHHRaq7eiblVHc1VV3Tk5yCC7LHOXjRU%2BWbZIMaRP8AF5kEFgmImYsENP%2BEsHiUHgdHH3S%2F79X3Cr73vvp8z1wQH4aer74nd7gQdLlZc6svfeh516sbPDXD6rAdfBI0rlfV4PVOUHNfrr4TR3257Lue63quV13jKu7K4XJJgmdHHa%2FWcWsNv%2BY1Gxiq%2F9faONDUARtckGfB2bRy4lwBjyZIk%2B9XY93PZfba24kRNJcKA3Z4L%2B2nskiRLGBXOeimh%2FNuSH229ggyPZjJhRz82xjyKXEeP0KYHs5FIhzsz3SGAnGKkD2FYjBBLCbgdIJI3gdnZwSIGG5uIk0e3pSqoNv%2FsLRkp6Ty5E%2FwYkoqf1xBmny3IviwelcKk3OZagy7Fnw4Ae9NkJlj5DuXwItjRPln4OwXsvxkA2myv6mFBGd2NjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV8kbIsxEiMUKkdpGpXfT5CMr8BL1loZkDnU%2BJc3sXA2ZRxASFJigoQcEJipygGNgDJrSv7UMmtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5ptyP8%2FGJh358XvVaPusEbddvNJvNetx2mz6l3TD2QhY0qFeH5hZcX5qNvMOnpP3878hKz%2FoWIT2GFseI%2BDVQ44EWFnTLYic9ynm6bZSoJTLkYNIiyyvIt509cUFemDl09dcG4uj0xuOlN7Lxb0uIlEWmLD7lJwQ98WB8RxZk%2F44sNPlhM8t5wndo6d7dnObx5W%2FejbcLqdj6qh59%2FWZUEiU8ej%2FW%2BQZNGU97mny7whmL1ZpUUUx%2BXNcfxOEto7dWjEpNtnHrrbX1JFOx1lymE1B%2BtvkXIj4llRefmz3Lp89eAVcTKGORmFMyD3B5jCjbhc4W6rUkUGLRE2aXURg7Vn64OBScQMSLmoYW%2Bj91uMBjRcvblNs9%2FQA9VQHN7yNNLAbKYiAsqBhBm6VxnqnTGz9%2FWcZXCEVlHApV2Q%2BFEl9MybXK7fJ3b7buEn0Ezc%2BrrXrdpUGn6bVaNG6FDb%2FdDTxGqd8I%2FCCgdeR62r26%2FerfAAAA%2F%2F8BAAD%2F%2F9cgUCd6BAAA
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p1TBEFdvAjLsCD4i0l3z0zPjIssxhgJxs3%2BcPHHRaq7eiblVHc1VV3Tk5yCC7LHOXjRU%2BWbZIMaRP8AF5kEFgmImYsENP%2BEsHiUHgdHH3S%2F79X3Cr73vvp8z1wQH4aer74nd7gQdLlZc6svfeh516sbPDXD6rAdfBI0rlfV4PVOUHNfrr4TR3257Lue63quV13jKu7K4XJJgmdHHa%2FWcWsNv%2BY1Gxiq%2F9faONDUARtckGfB2bRy4lwBjyZIk%2B9XY93PZfba24kRNJcKA3Z4L%2B2nskiRLGBXOeimh%2FNuSH229ggyPZjJhRz82xjyKXEeP0KYHs5FIhzsz3SGAnGKkD2FYjBBLCbgdIJI3gdnZwSIGG5uIk0e3pSqoNv%2FsLRkp6Ty5E%2FwYkoqf1xBmny3IviwelcKk3OZagy7Fnw4Ae9NkJlj5DuXwItjRPln4OwXsvxkA2myv6mFBGd2NjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV8kbIsxEiMUKkdpGpXfT5CMr8BL1loZkDnU%2BJc3sXA2ZRxASFJigoQcEJipygGNgDJrSv7UMmtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5ptyP8%2FGJh358XvVaPusEbddvNJvNetx2mz6l3TD2QhY0qFeH5hZcX5qNvMOnpP3878hKz%2FoWIT2GFseI%2BDVQ44EWFnTLYic9ynm6bZSoJTLkYNIiyyvIt509cUFemDl09dcG4uj0xuOlN7Lxb0uIlEWmLD7lJwQ98WB8RxZk%2F44sNPlhM8t5wndo6d7dnObx5W%2FejbcLqdj6qh59%2FWZUEiU8ej%2FW%2BQZNGU97mny7whmL1ZpUUUx%2BXNcfxOEto7dWjEpNtnHrrbX1JFOx1lymE1B%2BtvkXIj4llRefmz3Lp89eAVcTKGORmFMyD3B5jCjbhc4W6rUkUGLRE2aXURg7Vn64OBScQMSLmoYW%2Bj91uMBjRcvblNs9%2FQA9VQHN7yNNLAbKYiAsqBhBm6VxnqnTGz9%2FWcZXCEVlHApV2Q%2BFEl9MybXK7fJ3b7buEn0Ezc%2BrrXrdpUGn6bVaNG6FDb%2FdDTxGqd8I%2FCCgdeR62r26%2FerfAAAA%2F%2F8BAAD%2F%2F9cgUCd6BAAA HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 852505df297f62df7fecbe7e3e8f7662
Strict-Transport-Security: max-age=0; includeSubdomains

fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2Bc8rv4sXgRlmFBUJRJd89Mz4yLLMYYCcbNfrj4cZHqrp5JOdVdTVXX9CSn4ILscQ5e9FR5JtmgBtE%2FwEUmgUWCYuYiAc2%2F4EFYPErPDo6%2B0P2%2Bbz1vwfM%2BT326Zy6ID0PPV9%2BRO1wIutysudUX3%2Fe8a9UNnpphddgOPgoa16pq8GonqLkvVd%2BKo75c9l3PdT3Xq65xFXflcLkEwbOjjlfruLWGX%2FOaDQzVf3ttHGjqgA0uyDPgbFo5cS6DRxOkyberse7nMnvlzcQImkuFATu8m%2FZTWaRIFmVXOeimh%2FNpSH229hAyPZjRhRz8MxjyKXEePUSYHs5JIhzsz3iGAnGKkP0fxWCCWEzA6QSRvAfOzggQMdzYRJo8uCFVQbefoLREp6Ty%2BE%2FwYkoqv19GmnyzIviwekcKk3OZagy7Fnw4Ae9NkJlj5DuXwItjRPkn4Oxnsvx4A2myv6mFBGd2tjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMr8AL1loZkDnU%2BJc2sXA2ZRxASFJigoQcEJipygGNgDJrSv7QMmtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5utTH%2BfDEQz8%2Br3otn3WCtus3ms1mPW67TZ%2FSbhh7IQsa1KtDcwuuL81W3uFT0n7uN2SlZ32LkB5Di2NE%2FCqo8UALC7plsZMe5TzdNkrUEhlyMGmR5RXk286euCDPzxy6WvkAcXR6%2FdHSa9n41yVEyiJTFh%2FzE4KeuD%2B%2BLQuyf1sWmny3meU84Tu0dO9OTvP4f1%2B9HW8XUrH1VT368vWoBMry6N1Y5xs0ZTztafL1CmcsVmtSRTH5fl2%2FF4c3jd5aMSo12cbNN9bWk0zFWnOZTkD52eZfiPiUVF54dvYsn%2FrpD3A1gTIWiTkl8wCXx4iyXehswV5LAiUWM2FWQWHsWPnh4lBwAhEvehpa6H%2F14aIeK1reptzu6fvoqQpofg9pYjFQFgNhQcUI2iyN80ydXv%2Fx8zK%2BQCgq41Coyn4olPisFPlW%2Bbs7JVd%2BaTzRXPPzaqted2nQaXqtFo1bYcNvdwOPUeo3Aj8IaB25nnavbL%2F8NwAAAP%2F%2FAQAA%2F%2F9WzNAzegQAAA%3D%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2Bc8rv4sXgRlmFBUJRJd89Mz4yLLMYYCcbNfrj4cZHqrp5JOdVdTVXX9CSn4ILscQ5e9FR5JtmgBtE%2FwEUmgUWCYuYiAc2%2F4EFYPErPDo6%2B0P2%2Bbz1vwfM%2BT326Zy6ID0PPV9%2BRO1wIutysudUX3%2Fe8a9UNnpphddgOPgoa16pq8GonqLkvVd%2BKo75c9l3PdT3Xq65xFXflcLkEwbOjjlfruLWGX%2FOaDQzVf3ttHGjqgA0uyDPgbFo5cS6DRxOkyberse7nMnvlzcQImkuFATu8m%2FZTWaRIFmVXOeimh%2FNpSH229hAyPZjRhRz8MxjyKXEePUSYHs5JIhzsz3iGAnGKkP0fxWCCWEzA6QSRvAfOzggQMdzYRJo8uCFVQbefoLREp6Ty%2BE%2FwYkoqv19GmnyzIviwekcKk3OZagy7Fnw4Ae9NkJlj5DuXwItjRPkn4Oxnsvx4A2myv6mFBGd2tjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMr8AL1loZkDnU%2BJc2sXA2ZRxASFJigoQcEJipygGNgDJrSv7QMmtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5utTH%2BfDEQz8%2Br3otn3WCtus3ms1mPW67TZ%2FSbhh7IQsa1KtDcwuuL81W3uFT0n7uN2SlZ32LkB5Di2NE%2FCqo8UALC7plsZMe5TzdNkrUEhlyMGmR5RXk286euCDPzxy6WvkAcXR6%2FdHSa9n41yVEyiJTFh%2FzE4KeuD%2B%2BLQuyf1sWmny3meU84Tu0dO9OTvP4f1%2B9HW8XUrH1VT368vWoBMry6N1Y5xs0ZTztafL1CmcsVmtSRTH5fl2%2FF4c3jd5aMSo12cbNN9bWk0zFWnOZTkD52eZfiPiUVF54dvYsn%2FrpD3A1gTIWiTkl8wCXx4iyXehswV5LAiUWM2FWQWHsWPnh4lBwAhEvehpa6H%2F14aIeK1reptzu6fvoqQpofg9pYjFQFgNhQcUI2iyN80ydXv%2Fx8zK%2BQCgq41Coyn4olPisFPlW%2Bbs7JVd%2BaTzRXPPzaqted2nQaXqtFo1bYcNvdwOPUeo3Aj8IaB25nnavbL%2F8NwAAAP%2F%2FAQAA%2F%2F9WzNAzegQAAA%3D%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2Bc8rv4sXgRlmFBUJRJd89Mz4yLLMYYCcbNfrj4cZHqrp5JOdVdTVXX9CSn4ILscQ5e9FR5JtmgBtE%2FwEUmgUWCYuYiAc2%2F4EFYPErPDo6%2B0P2%2Bbz1vwfM%2BT326Zy6ID0PPV9%2BRO1wIutysudUX3%2Fe8a9UNnpphddgOPgoa16pq8GonqLkvVd%2BKo75c9l3PdT3Xq65xFXflcLkEwbOjjlfruLWGX%2FOaDQzVf3ttHGjqgA0uyDPgbFo5cS6DRxOkyberse7nMnvlzcQImkuFATu8m%2FZTWaRIFmVXOeimh%2FNpSH229hAyPZjRhRz8MxjyKXEePUSYHs5JIhzsz3iGAnGKkP0fxWCCWEzA6QSRvAfOzggQMdzYRJo8uCFVQbefoLREp6Ty%2BE%2FwYkoqv19GmnyzIviwekcKk3OZagy7Fnw4Ae9NkJlj5DuXwItjRPkn4Oxnsvx4A2myv6mFBGd2tjvnE%2FDuBCIegWoHpvy4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMr8AL1loZkDnU%2BJc2sXA2ZRxASFJigoQcEJipygGNgDJrSv7QMmtAm9efbnuW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5utTH%2BfDEQz8%2Br3otn3WCtus3ms1mPW67TZ%2FSbhh7IQsa1KtDcwuuL81W3uFT0n7uN2SlZ32LkB5Di2NE%2FCqo8UALC7plsZMe5TzdNkrUEhlyMGmR5RXk286euCDPzxy6WvkAcXR6%2FdHSa9n41yVEyiJTFh%2FzE4KeuD%2B%2BLQuyf1sWmny3meU84Tu0dO9OTvP4f1%2B9HW8XUrH1VT368vWoBMry6N1Y5xs0ZTztafL1CmcsVmtSRTH5fl2%2FF4c3jd5aMSo12cbNN9bWk0zFWnOZTkD52eZfiPiUVF54dvYsn%2FrpD3A1gTIWiTkl8wCXx4iyXehswV5LAiUWM2FWQWHsWPnh4lBwAhEvehpa6H%2F14aIeK1reptzu6fvoqQpofg9pYjFQFgNhQcUI2iyN80ydXv%2Fx8zK%2BQCgq41Coyn4olPisFPlW%2Bbs7JVd%2BaTzRXPPzaqted2nQaXqtFo1bYcNvdwOPUeo3Aj8IaB25nnavbL%2F8NwAAAP%2F%2FAQAA%2F%2F9WzNAzegQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e1083e9799ff6ab5d96d901f03f6f5b0
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg

45.133.44.10

24 kB

URL
cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
24 kB (24518 bytes)
Hash
d71c872fb9f50bd9383abc0721d1d51e
1f69b40ef2f95798b4e0fd738d630ad4319cd739
6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08

HTTP Headers

GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg

45.133.44.10

200 OK

28 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
28 kB (27832 bytes)
Hash
1dcde64d47d24d151a1433ecf4403dd7
443d6704b5a294e000084d7a8ac823e526093928
d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376

HTTP Headers

GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg

45.133.44.10

200 OK

32 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3
Size
32 kB (32471 bytes)
Hash
3528385dd0c31dbd2e5bfc4af7a6bec5
832c580ffd7711115d6c036ab4232f5bd88480a4
bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75

HTTP Headers

GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

continuousselfevidentinestimable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuuns3tBz9QFi%2BLMoiHFTaT7p7%2F7mFxjZFg3Cy7K4oXqX8zKae6q6nqnp4EhOCC7HHwE3SeSTaoQXavgotMAh4Cwo6ngObiN1DYs%2FQ4OPoe6n3eet6C532f%2BvIguyQhMnqx%2FoHZU1rTtWbNr17%2FOAhuVrdUnI2qo07r01bjZtUO3%2Bq2av6b1fckH5i10A98P%2FCD6oaysmdGayUJlZx0g1rXrzXCWtBsYGT%2FW7vMg6MexPCSvAwlZitn3lUoPkUcPVmXbpCa5Ma7UaZpaiyG4vjDeBCbPEa0hD3roRcfL7ph3PONZzDx0VwuzPCfRqZmxPvpGVh8vBAJNjyc62QaMgYT%2F0M%2BnELqKRSdgpuHUOI5AbjAnW3E0eM7xuZ092%2BWluyMrLz4EyqfkZXfriKOvrut1ah63%2BgsVSZ2GPUKqNEUqj9Fkp0i3atA5afg6RdQ4mey9mILcXS47bSBEhdvMNmmnDK56gesvdqo895qp8saqzJo1lmnE4btsDFfkFJTqN4UWo5BXQWZ85ApD1nPQ5Z4iMRFlQdB0PYFp36ny3ldtCVrCT%2Bg7V5AA7%2FVQcbLGcZIkzG4HoPbfSR2HwM1hs1%2BhNsp4IQHlxIMRYFcEuSOIKcEuSLIU4J8WBwJ7UJXPBbaZSxY5HCR68XEpP0DemTSvowJqB3DiuIguSQvlQv0Pjn7HAN5Ua3XuezKbpcHrFciFopGh3aDpmDNVtjgcKqAchVQ52FPzUjnlV%2BRlKYOCjB6CqdPwdXroNmroHkBulNgLz5JVbybWV2LDFMQpkCSriDd9Q70Jbk2t3Bz%2BwkkP7%2F1e30e4LZAYgt8ps4I%2BvrR5J7JyeE9kzvydDtJVaT2aGnv%2FZSm8so378vd3Fixue7GX7%2FNS6KEJw%2BkS7doLFTcd%2BTb20oIaTeM5ZL8sOk%2Bkuxu5nZuZzbOkq2772xsRomVzikTT0HLof6w4GpG%2Fn%2FtwfznXv9%2BG8pOYbMCUXZOFgFlpuDJPlyy1O8MgdXLHpZ4yLNiYkO2vNSKQMtlTVkB96%2BaLfHE0vI1VcWBe4S%2BrYCmDxFHBYa2wFAXoHoMl12ZpIk9v%2FXLQgbTlQnTtnLItNVfzddcHk%2Fh1EW1Xa%2F7tNVtBu02lW3WCDu9ViAoDRutsNWidaRu1ntt98ZfAAAA%2F%2F8BAAD%2F%2F%2FPAcziTBAAA

192.243.61.227

7 B

URL
continuousselfevidentinestimable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuuns3tBz9QFi%2BLMoiHFTaT7p7%2F7mFxjZFg3Cy7K4oXqX8zKae6q6nqnp4EhOCC7HHwE3SeSTaoQXavgotMAh4Cwo6ngObiN1DYs%2FQ4OPoe6n3eet6C532f%2BvIguyQhMnqx%2FoHZU1rTtWbNr17%2FOAhuVrdUnI2qo07r01bjZtUO3%2Bq2av6b1fckH5i10A98P%2FCD6oaysmdGayUJlZx0g1rXrzXCWtBsYGT%2FW7vMg6MexPCSvAwlZitn3lUoPkUcPVmXbpCa5Ma7UaZpaiyG4vjDeBCbPEa0hD3roRcfL7ph3PONZzDx0VwuzPCfRqZmxPvpGVh8vBAJNjyc62QaMgYT%2F0M%2BnELqKRSdgpuHUOI5AbjAnW3E0eM7xuZ092%2BWluyMrLz4EyqfkZXfriKOvrut1ah63%2BgsVSZ2GPUKqNEUqj9Fkp0i3atA5afg6RdQ4mey9mILcXS47bSBEhdvMNmmnDK56gesvdqo895qp8saqzJo1lmnE4btsDFfkFJTqN4UWo5BXQWZ85ApD1nPQ5Z4iMRFlQdB0PYFp36ny3ldtCVrCT%2Bg7V5AA7%2FVQcbLGcZIkzG4HoPbfSR2HwM1hs1%2BhNsp4IQHlxIMRYFcEuSOIKcEuSLIU4J8WBwJ7UJXPBbaZSxY5HCR68XEpP0DemTSvowJqB3DiuIguSQvlQv0Pjn7HAN5Ua3XuezKbpcHrFciFopGh3aDpmDNVtjgcKqAchVQ52FPzUjnlV%2BRlKYOCjB6CqdPwdXroNmroHkBulNgLz5JVbybWV2LDFMQpkCSriDd9Q70Jbk2t3Bz%2BwkkP7%2F1e30e4LZAYgt8ps4I%2BvrR5J7JyeE9kzvydDtJVaT2aGnv%2FZSm8so378vd3Fixue7GX7%2FNS6KEJw%2BkS7doLFTcd%2BTb20oIaTeM5ZL8sOk%2Bkuxu5nZuZzbOkq2772xsRomVzikTT0HLof6w4GpG%2Fn%2FtwfznXv9%2BG8pOYbMCUXZOFgFlpuDJPlyy1O8MgdXLHpZ4yLNiYkO2vNSKQMtlTVkB96%2BaLfHE0vI1VcWBe4S%2BrYCmDxFHBYa2wFAXoHoMl12ZpIk9v%2FXLQgbTlQnTtnLItNVfzddcHk%2Fh1EW1Xa%2F7tNVtBu02lW3WCDu9ViAoDRutsNWidaRu1ntt98ZfAAAA%2F%2F8BAAD%2F%2F%2FPAcziTBAAA
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuuns3tBz9QFi%2BLMoiHFTaT7p7%2F7mFxjZFg3Cy7K4oXqX8zKae6q6nqnp4EhOCC7HHwE3SeSTaoQXavgotMAh4Cwo6ngObiN1DYs%2FQ4OPoe6n3eet6C532f%2BvIguyQhMnqx%2FoHZU1rTtWbNr17%2FOAhuVrdUnI2qo07r01bjZtUO3%2Bq2av6b1fckH5i10A98P%2FCD6oaysmdGayUJlZx0g1rXrzXCWtBsYGT%2FW7vMg6MexPCSvAwlZitn3lUoPkUcPVmXbpCa5Ma7UaZpaiyG4vjDeBCbPEa0hD3roRcfL7ph3PONZzDx0VwuzPCfRqZmxPvpGVh8vBAJNjyc62QaMgYT%2F0M%2BnELqKRSdgpuHUOI5AbjAnW3E0eM7xuZ092%2BWluyMrLz4EyqfkZXfriKOvrut1ah63%2BgsVSZ2GPUKqNEUqj9Fkp0i3atA5afg6RdQ4mey9mILcXS47bSBEhdvMNmmnDK56gesvdqo895qp8saqzJo1lmnE4btsDFfkFJTqN4UWo5BXQWZ85ApD1nPQ5Z4iMRFlQdB0PYFp36ny3ldtCVrCT%2Bg7V5AA7%2FVQcbLGcZIkzG4HoPbfSR2HwM1hs1%2BhNsp4IQHlxIMRYFcEuSOIKcEuSLIU4J8WBwJ7UJXPBbaZSxY5HCR68XEpP0DemTSvowJqB3DiuIguSQvlQv0Pjn7HAN5Ua3XuezKbpcHrFciFopGh3aDpmDNVtjgcKqAchVQ52FPzUjnlV%2BRlKYOCjB6CqdPwdXroNmroHkBulNgLz5JVbybWV2LDFMQpkCSriDd9Q70Jbk2t3Bz%2BwkkP7%2F1e30e4LZAYgt8ps4I%2BvrR5J7JyeE9kzvydDtJVaT2aGnv%2FZSm8so378vd3Fixue7GX7%2FNS6KEJw%2BkS7doLFTcd%2BTb20oIaTeM5ZL8sOk%2Bkuxu5nZuZzbOkq2772xsRomVzikTT0HLof6w4GpG%2Fn%2FtwfznXv9%2BG8pOYbMCUXZOFgFlpuDJPlyy1O8MgdXLHpZ4yLNiYkO2vNSKQMtlTVkB96%2BaLfHE0vI1VcWBe4S%2BrYCmDxFHBYa2wFAXoHoMl12ZpIk9v%2FXLQgbTlQnTtnLItNVfzddcHk%2Fh1EW1Xa%2F7tNVtBu02lW3WCDu9ViAoDRutsNWidaRu1ntt98ZfAAAA%2F%2F8BAAD%2F%2F%2FPAcziTBAAA HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=be7acabe-01b7-43cf-89b4-e153b8822724:2:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7464bd14d4f8f3b1c079d695883a1664
Strict-Transport-Security: max-age=0; includeSubdomains

continuousselfevidentinestimable.com/pixel/purst?dl=0&th=0&sc=0&rs=1966&rd=1966&fd=560&bv=24.4.3467&tmpl=136

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/pixel/purst?dl=0&th=0&sc=0&rs=1966&rd=1966&fd=560&bv=24.4.3467&tmpl=136
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1966&rd=1966&fd=560&bv=24.4.3467&tmpl=136 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

continuousselfevidentinestimable.com/watch.1591474515439.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=3a6a24b7d99949870c5da57016902ab8ceb4b0b950e6e87afb1fc6d0c745c071b2eb5663197bc9c236fba582258d81557b13a3b9b9ba2409ab7c49b5f11d05e9522fd40fc1932ac64847400818106623080e66ef8090255a25af28773f2dee&tz=0&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
continuousselfevidentinestimable.com/watch.1591474515439.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=3a6a24b7d99949870c5da57016902ab8ceb4b0b950e6e87afb1fc6d0c745c071b2eb5663197bc9c236fba582258d81557b13a3b9b9ba2409ab7c49b5f11d05e9522fd40fc1932ac64847400818106623080e66ef8090255a25af28773f2dee&tz=0&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type
JavaScript source, ASCII text, with very long lines (2632)
Size
2.1 kB (2101 bytes)
Hash
bdfca1fed6ce429138ecf8bde7151074
eef0e5175d5d9ef09ffe59d81d3a2863775f6068
d19f16c6c09d3f653db530ef096811098e33c988d4590128e680caa42f212534

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1591474515439.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22bitly%22%2C%22url%22%2C%22shortener%22%5D&pst=1713273191&refer=https%3A%2F%2Fbitly.ws%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=3a6a24b7d99949870c5da57016902ab8ceb4b0b950e6e87afb1fc6d0c745c071b2eb5663197bc9c236fba582258d81557b13a3b9b9ba2409ab7c49b5f11d05e9522fd40fc1932ac64847400818106623080e66ef8090255a25af28773f2dee&tz=0&uuid=0ec8dd2c-b216-48a3-a4af-511aed11ec78%3A3%3A1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
Referer: https://bitly.ws/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bitly.ws
Access-Control-Allow-Origin: https://bitly.ws
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; expires=Tue, 23 Apr 2024 13:12:12 GMT; secure; SameSite=None
iprcf212593b2426fb1745fc7607e77dfd81=3569806; expires=Tue, 16 Apr 2024 17:12:12 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uncs=1; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 17 Apr 2024 13:12:12 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28d294088c6aacb54dc0d7caf09a8c06
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXue0XvxYvAjLsCAoyqR7vuMii2vMEoyb%2FXDx4yL11ZNyqruaqu7pyXgJLsge5%2BBFT51nkg1qWPQHuMgksEhQzFwkoAH%2FgBdh8Sg9BqMvFO%2Fz1vMWPO%2F71Kdb2QmpI6PHS2%2BbkdKaLrRqfvXF94LgcnVVxdmwOuy2P2w3L1ft4NXFds1%2FqXpN8r5ZqPuB7wd%2BUF1WVoZmuFCSUMneYlBb9GvNei1oNTG0%2F69d5sFRD2JwQp6BErPKgXcBik8RR98sSddPTfLKm1GmaWosBmL3TtyPTR4jOoOh9RDGu6fdMO5o%2BSFMvDOXCzP4t5GpGfEePQSLd09Fgg225zqZhozBxJPIB1NIPYWiU3BzF0ocEYALXF9DHN2%2FbmxON%2F5hacnOSOXxn1D5jFR%2Bu4A4enBVq2H1ttFZqkzsMAwLqOEUqjdFku0jHZ2DyvfB00%2BgxE9k4fEq4mh7zWkDJYr57EpNocIptByDOg9ZeZSHLPSQJR4icVzlQRB0fMGp313kvCE6krWFH9BOGNDAb3eR8VLeGGkyBtdjcLuJxG6ir8aw2fdw6wWc8ODSGfFubmIgCuSSIHcEOSXIFUGeEuSDYkdoV3fFfaFdxoLTXD%2FNjWJi0t4W3TFpT8YE1I5hRbGVnJCny%2F14HxwE6MvjatCpi8V21683W61WQ3b9Vp3SkMmAiXaTBg04VUC5c%2FORR2pGus%2F9iqT0rF%2BA0X04vQ%2BuLoFmAWhegK4XGMV7qYo3MqtrkWEKwhRI0grSDW9Ln5Dn5w5dqtyB5IdXHp1%2FLZn8ch7cFkhsgY%2FUAUFP35vcMjnZvmVyR75dS1IVqREt3bud0lQ%2B8dVbciM3VqwsufGXr%2FOSKOHeO9KlqzQWKu458vVVJYS0y8ZySb5bce9KdiNz61czG2fJ6o03lleixErnlImnoOpo7S9wNSOVF56df8unfvwDyk5hswJRdkhOA8rsgyebcMnhlXT0%2B7UHFz6GMwRWn%2FWw5BzyrJjYOju71IpAy7OasgLuPzU7wxNLy9dUFVvuHnq2ApreRRwVGNgCA12A6jFcdn6SJvbwyg%2Bfl%2FEFmK5MmLaVbaat%2Fqxc8s35pmfk4s%2FNEr0Pp46rDV90mAxlh8lmqxlKLlirxXwectYQ3S5H6mbhxY2X%2FwYAAP%2F%2FAQAA%2F%2F8D%2FmCCegQAAA%3D%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXue0XvxYvAjLsCAoyqR7vuMii2vMEoyb%2FXDx4yL11ZNyqruaqu7pyXgJLsge5%2BBFT51nkg1qWPQHuMgksEhQzFwkoAH%2FgBdh8Sg9BqMvFO%2Fz1vMWPO%2F71Kdb2QmpI6PHS2%2BbkdKaLrRqfvXF94LgcnVVxdmwOuy2P2w3L1ft4NXFds1%2FqXpN8r5ZqPuB7wd%2BUF1WVoZmuFCSUMneYlBb9GvNei1oNTG0%2F69d5sFRD2JwQp6BErPKgXcBik8RR98sSddPTfLKm1GmaWosBmL3TtyPTR4jOoOh9RDGu6fdMO5o%2BSFMvDOXCzP4t5GpGfEePQSLd09Fgg225zqZhozBxJPIB1NIPYWiU3BzF0ocEYALXF9DHN2%2FbmxON%2F5hacnOSOXxn1D5jFR%2Bu4A4enBVq2H1ttFZqkzsMAwLqOEUqjdFku0jHZ2DyvfB00%2BgxE9k4fEq4mh7zWkDJYr57EpNocIptByDOg9ZeZSHLPSQJR4icVzlQRB0fMGp313kvCE6krWFH9BOGNDAb3eR8VLeGGkyBtdjcLuJxG6ir8aw2fdw6wWc8ODSGfFubmIgCuSSIHcEOSXIFUGeEuSDYkdoV3fFfaFdxoLTXD%2FNjWJi0t4W3TFpT8YE1I5hRbGVnJCny%2F14HxwE6MvjatCpi8V21683W61WQ3b9Vp3SkMmAiXaTBg04VUC5c%2FORR2pGus%2F9iqT0rF%2BA0X04vQ%2BuLoFmAWhegK4XGMV7qYo3MqtrkWEKwhRI0grSDW9Ln5Dn5w5dqtyB5IdXHp1%2FLZn8ch7cFkhsgY%2FUAUFP35vcMjnZvmVyR75dS1IVqREt3bud0lQ%2B8dVbciM3VqwsufGXr%2FOSKOHeO9KlqzQWKu458vVVJYS0y8ZySb5bce9KdiNz61czG2fJ6o03lleixErnlImnoOpo7S9wNSOVF56df8unfvwDyk5hswJRdkhOA8rsgyebcMnhlXT0%2B7UHFz6GMwRWn%2FWw5BzyrJjYOju71IpAy7OasgLuPzU7wxNLy9dUFVvuHnq2ApreRRwVGNgCA12A6jFcdn6SJvbwyg%2Bfl%2FEFmK5MmLaVbaat%2Fqxc8s35pmfk4s%2FNEr0Pp46rDV90mAxlh8lmqxlKLlirxXwectYQ3S5H6mbhxY2X%2FwYAAP%2F%2FAQAA%2F%2F8D%2FmCCegQAAA%3D%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWskRRiuXue0XvxYvAjLsCAoyqR7vuMii2vMEoyb%2FXDx4yL11ZNyqruaqu7pyXgJLsge5%2BBFT51nkg1qWPQHuMgksEhQzFwkoAH%2FgBdh8Sg9BqMvFO%2Fz1vMWPO%2F71Kdb2QmpI6PHS2%2BbkdKaLrRqfvXF94LgcnVVxdmwOuy2P2w3L1ft4NXFds1%2FqXpN8r5ZqPuB7wd%2BUF1WVoZmuFCSUMneYlBb9GvNei1oNTG0%2F69d5sFRD2JwQp6BErPKgXcBik8RR98sSddPTfLKm1GmaWosBmL3TtyPTR4jOoOh9RDGu6fdMO5o%2BSFMvDOXCzP4t5GpGfEePQSLd09Fgg225zqZhozBxJPIB1NIPYWiU3BzF0ocEYALXF9DHN2%2FbmxON%2F5hacnOSOXxn1D5jFR%2Bu4A4enBVq2H1ttFZqkzsMAwLqOEUqjdFku0jHZ2DyvfB00%2BgxE9k4fEq4mh7zWkDJYr57EpNocIptByDOg9ZeZSHLPSQJR4icVzlQRB0fMGp313kvCE6krWFH9BOGNDAb3eR8VLeGGkyBtdjcLuJxG6ir8aw2fdw6wWc8ODSGfFubmIgCuSSIHcEOSXIFUGeEuSDYkdoV3fFfaFdxoLTXD%2FNjWJi0t4W3TFpT8YE1I5hRbGVnJCny%2F14HxwE6MvjatCpi8V21683W61WQ3b9Vp3SkMmAiXaTBg04VUC5c%2FORR2pGus%2F9iqT0rF%2BA0X04vQ%2BuLoFmAWhegK4XGMV7qYo3MqtrkWEKwhRI0grSDW9Ln5Dn5w5dqtyB5IdXHp1%2FLZn8ch7cFkhsgY%2FUAUFP35vcMjnZvmVyR75dS1IVqREt3bud0lQ%2B8dVbciM3VqwsufGXr%2FOSKOHeO9KlqzQWKu458vVVJYS0y8ZySb5bce9KdiNz61czG2fJ6o03lleixErnlImnoOpo7S9wNSOVF56df8unfvwDyk5hswJRdkhOA8rsgyebcMnhlXT0%2B7UHFz6GMwRWn%2FWw5BzyrJjYOju71IpAy7OasgLuPzU7wxNLy9dUFVvuHnq2ApreRRwVGNgCA12A6jFcdn6SJvbwyg%2Bfl%2FEFmK5MmLaVbaat%2Fqxc8s35pmfk4s%2FNEr0Pp46rDV90mAxlh8lmqxlKLlirxXwectYQ3S5H6mbhxY2X%2FwYAAP%2F%2FAQAA%2F%2F8D%2FmCCegQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b5920347258ff39af7c4877d8b4488b
Strict-Transport-Security: max-age=0; includeSubdomains

fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNdOrCII6uBGGZkDwRaeq33GQwRgjwTiZh4OPjdxXda59q25xb1VXJ6vggMyyF250Vfk6maAG0R%2FgIJ3AIAExvZGA5k8Ig0upNth6oOp8537nwnfOdz%2Ffzc5JHRk9W3nPbCut6WKr5ldf%2BjAIrlfXVZwNq8Nu%2B5N283rVDl5fatf8l6vvSN43i3U%2F8P3AD6qrysrQDBdLEio5XApqS36tWa8FrSaG9v%2B1yzw46kEMzsmzUGJaOfauQPEJ4uj7Fen6qUleezvKNE2NxUAc3Iv7scljRHMYWg9hfHDRDeNOVx%2FBxPszuTCDfxuZmhLv8SOw%2BOBCJNhgb6aTacgYTDyFfDCB1BMoOgE396HEKQG4wM0NxNHDm8bmdOsflpbslFSe%2FAmVT0nljyuIo%2B%2BWtRpW7xqdpcrEDsOwgBpOoHoTJNkR0u1LUPkRePoZlPiFLD5ZRxztbThtoEQxm12pCVQ4gZYjUOchKz%2FlIQs9ZImHSJxVeRAEHV9w6neXOG%2BIjmRt4Qe0EwY08NtdZLyUN0KajMD1CNzuILE76KsRbPYT3GYBJzy4dEq82zsYiAK5JMgdQU4JckWQpwT5oNgX2tVd8VBol7HgItcvcqMYm7S3S%2FdN2pMxAbUjWFHsJufkmXI%2F3sfHAfryrBp06mKp3fXrzVar1ZBdv1WnNGQyYKLdpEEDThVQ7tJs5G01Jd3nf0dSetYvwOgRnD4CV9dAswA0L0A3C2zHh6mKtzKra5FhCsIUSNIK0i1vV5%2BTF2YOXf21CclPbjxeeCMZ%2F7YAbgsktsCn6pigpx%2BM75ic7N0xuSM%2FbCSpitQ2Ld27m9JUXv7mXbmVGyvWVtzo6zd5SZTw8H3p0nUaCxX3HPl2WQkh7aqxXJIf19wHkt3K3OZyZuMsWb%2F11upalFjpnDLxBFSdbvwFrqak8uJzs2f59OkrUHYCmxWIshNyEVDmCDzZgUvm6p0hsHrew5LLyLNibOtsfqgVgZbzmrIC7j81m%2BOxpeVtqopd9wA9WwFN7yOOCgxsgYEuQPUILlsYp4k9ufHzl2V8BaYrY6ZtZY9pq7%2BYkmuV2%2BXv3mzdJfoITp1VG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1E3Dq1uv%2Fg0AAP%2F%2FAQAA%2F%2F9X9IXPegQAAA%3D%3D

172.240.108.84

7 B

URL
fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNdOrCII6uBGGZkDwRaeq33GQwRgjwTiZh4OPjdxXda59q25xb1VXJ6vggMyyF250Vfk6maAG0R%2FgIJ3AIAExvZGA5k8Ig0upNth6oOp8537nwnfOdz%2Ffzc5JHRk9W3nPbCut6WKr5ldf%2BjAIrlfXVZwNq8Nu%2B5N283rVDl5fatf8l6vvSN43i3U%2F8P3AD6qrysrQDBdLEio5XApqS36tWa8FrSaG9v%2B1yzw46kEMzsmzUGJaOfauQPEJ4uj7Fen6qUleezvKNE2NxUAc3Iv7scljRHMYWg9hfHDRDeNOVx%2FBxPszuTCDfxuZmhLv8SOw%2BOBCJNhgb6aTacgYTDyFfDCB1BMoOgE396HEKQG4wM0NxNHDm8bmdOsflpbslFSe%2FAmVT0nljyuIo%2B%2BWtRpW7xqdpcrEDsOwgBpOoHoTJNkR0u1LUPkRePoZlPiFLD5ZRxztbThtoEQxm12pCVQ4gZYjUOchKz%2FlIQs9ZImHSJxVeRAEHV9w6neXOG%2BIjmRt4Qe0EwY08NtdZLyUN0KajMD1CNzuILE76KsRbPYT3GYBJzy4dEq82zsYiAK5JMgdQU4JckWQpwT5oNgX2tVd8VBol7HgItcvcqMYm7S3S%2FdN2pMxAbUjWFHsJufkmXI%2F3sfHAfryrBp06mKp3fXrzVar1ZBdv1WnNGQyYKLdpEEDThVQ7tJs5G01Jd3nf0dSetYvwOgRnD4CV9dAswA0L0A3C2zHh6mKtzKra5FhCsIUSNIK0i1vV5%2BTF2YOXf21CclPbjxeeCMZ%2F7YAbgsktsCn6pigpx%2BM75ic7N0xuSM%2FbCSpitQ2Ld27m9JUXv7mXbmVGyvWVtzo6zd5SZTw8H3p0nUaCxX3HPl2WQkh7aqxXJIf19wHkt3K3OZyZuMsWb%2F11upalFjpnDLxBFSdbvwFrqak8uJzs2f59OkrUHYCmxWIshNyEVDmCDzZgUvm6p0hsHrew5LLyLNibOtsfqgVgZbzmrIC7j81m%2BOxpeVtqopd9wA9WwFN7yOOCgxsgYEuQPUILlsYp4k9ufHzl2V8BaYrY6ZtZY9pq7%2BYkmuV2%2BXv3mzdJfoITp1VG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1E3Dq1uv%2Fg0AAP%2F%2FAQAA%2F%2F9X9IXPegQAAA%3D%3D
IP
172.240.108.84:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNdOrCII6uBGGZkDwRaeq33GQwRgjwTiZh4OPjdxXda59q25xb1VXJ6vggMyyF250Vfk6maAG0R%2FgIJ3AIAExvZGA5k8Ig0upNth6oOp8537nwnfOdz%2Ffzc5JHRk9W3nPbCut6WKr5ldf%2BjAIrlfXVZwNq8Nu%2B5N283rVDl5fatf8l6vvSN43i3U%2F8P3AD6qrysrQDBdLEio5XApqS36tWa8FrSaG9v%2B1yzw46kEMzsmzUGJaOfauQPEJ4uj7Fen6qUleezvKNE2NxUAc3Iv7scljRHMYWg9hfHDRDeNOVx%2FBxPszuTCDfxuZmhLv8SOw%2BOBCJNhgb6aTacgYTDyFfDCB1BMoOgE396HEKQG4wM0NxNHDm8bmdOsflpbslFSe%2FAmVT0nljyuIo%2B%2BWtRpW7xqdpcrEDsOwgBpOoHoTJNkR0u1LUPkRePoZlPiFLD5ZRxztbThtoEQxm12pCVQ4gZYjUOchKz%2FlIQs9ZImHSJxVeRAEHV9w6neXOG%2BIjmRt4Qe0EwY08NtdZLyUN0KajMD1CNzuILE76KsRbPYT3GYBJzy4dEq82zsYiAK5JMgdQU4JckWQpwT5oNgX2tVd8VBol7HgItcvcqMYm7S3S%2FdN2pMxAbUjWFHsJufkmXI%2F3sfHAfryrBp06mKp3fXrzVar1ZBdv1WnNGQyYKLdpEEDThVQ7tJs5G01Jd3nf0dSetYvwOgRnD4CV9dAswA0L0A3C2zHh6mKtzKra5FhCsIUSNIK0i1vV5%2BTF2YOXf21CclPbjxeeCMZ%2F7YAbgsktsCn6pigpx%2BM75ic7N0xuSM%2FbCSpitQ2Ld27m9JUXv7mXbmVGyvWVtzo6zd5SZTw8H3p0nUaCxX3HPl2WQkh7aqxXJIf19wHkt3K3OZyZuMsWb%2F11upalFjpnDLxBFSdbvwFrqak8uJzs2f59OkrUHYCmxWIshNyEVDmCDzZgUvm6p0hsHrew5LLyLNibOtsfqgVgZbzmrIC7j81m%2BOxpeVtqopd9wA9WwFN7yOOCgxsgYEuQPUILlsYp4k9ufHzl2V8BaYrY6ZtZY9pq7%2BYkmuV2%2BXv3mzdJfoITp1VG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1E3Dq1uv%2Fg0AAP%2F%2FAQAA%2F%2F9X9IXPegQAAA%3D%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef7e9b4c49f823dc40314d7d7fb928ce
Strict-Transport-Security: max-age=0; includeSubdomains

fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNfYqbnwMboShGRAUpVPV7zjIYIyRYJzMw8HHRu6rOte%2BVbe4t6qrk1VwQGbZCze6qnydTFCD6A9wkE5gkKCY3khA8w9cCYNLqTbYeqDqfOd%2B58J3znc%2F3c3OSR0ZPVt5x2wrreliq%2BZXX3w%2FCK5V11WcDavDbvujdvNa1Q5eXWrX%2FJeqb0neN4t1P%2FD9wA%2Bqq8rK0AwXSxIqOVwKakt%2BrVmvBa0mhvb%2Ftcs8OOpBDM7JM1BiWjn2LkPxCeLo2xXp%2BqlJXnkzyjRNjcVAHNyN%2B7HJY0RzGFoPYXxw0Q3jTlcfwsT7M7kwg38bmZoS79FDsPjgQiTYYG%2Bmk2nIGEw8iXwwgdQTKDoBN%2FegxCkBuMCNDcTRgxvG5nTrH5aW7JRUHv8JlU9J5ffLiKNvlrUaVu8YnaXKxA7DsIAaTqB6EyTZEdLtS1D5EXj6CZT4mSw%2BXkcc7W04baBEMZtdqQlUOIGWI1DnISs%2F5SELPWSJh0icVXkQBB1fcOp3lzhviI5kbeEHtBMGNPDbXWS8lDdCmozA9Qjc7iCxO%2BirEWz2A9xmASc8uHRKvFs7GIgCuSTIHUFOCXJFkKcE%2BaDYF9rVXfFAaJex4CLXL3KjGJu0t0v3TdqTMQG1I1hR7Cbn5OlyP96HxwH68qwadOpiqd31681Wq9WQXb9VpzRkMmCi3aRBA04VUO7SbORtNSXd535DUnrWL8DoEZw%2BAldXQbMANC9ANwtsx4epircyq2uRYQrCFEjSCtItb1efk%2BdnDl2t3ILkJ9cfLbyWjH9dALcFElvgY3VM0NP3x7dNTvZum9yR7zaSVEVqm5bu3UlpKp%2F46m25lRsr1lbc6MvXeUmU8PBd6dJ1GgsV9xz5elkJIe2qsVyS79fce5LdzNzmcmbjLFm%2F%2BcbqWpRY6Zwy8QRUnW78Ba6mpPLCs7Nn%2BdRPf0DZCWxWIMpOyEVAmSPwZAcumat3hsDqeQ9LPORZMbZ1Nj%2FUikDLeU1ZAfefms3x2NLyNlXFrruPnq2ApvcQRwUGtsBAF6B6BJctjNPEnlz%2F8fMyvgDTlTHTtrLHtNWfzZZc%2Fu5OyZVfmiX6AE6dVRu%2B6DAZyg6TzVYzlFywVov5POSsIbpdjtRNwytbL%2F8NAAD%2F%2FwEAAP%2F%2FEI8wVHoEAAA%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNfYqbnwMboShGRAUpVPV7zjIYIyRYJzMw8HHRu6rOte%2BVbe4t6qrk1VwQGbZCze6qnydTFCD6A9wkE5gkKCY3khA8w9cCYNLqTbYeqDqfOd%2B58J3znc%2F3c3OSR0ZPVt5x2wrreliq%2BZXX3w%2FCK5V11WcDavDbvujdvNa1Q5eXWrX%2FJeqb0neN4t1P%2FD9wA%2Bqq8rK0AwXSxIqOVwKakt%2BrVmvBa0mhvb%2Ftcs8OOpBDM7JM1BiWjn2LkPxCeLo2xXp%2BqlJXnkzyjRNjcVAHNyN%2B7HJY0RzGFoPYXxw0Q3jTlcfwsT7M7kwg38bmZoS79FDsPjgQiTYYG%2Bmk2nIGEw8iXwwgdQTKDoBN%2FegxCkBuMCNDcTRgxvG5nTrH5aW7JRUHv8JlU9J5ffLiKNvlrUaVu8YnaXKxA7DsIAaTqB6EyTZEdLtS1D5EXj6CZT4mSw%2BXkcc7W04baBEMZtdqQlUOIGWI1DnISs%2F5SELPWSJh0icVXkQBB1fcOp3lzhviI5kbeEHtBMGNPDbXWS8lDdCmozA9Qjc7iCxO%2BirEWz2A9xmASc8uHRKvFs7GIgCuSTIHUFOCXJFkKcE%2BaDYF9rVXfFAaJex4CLXL3KjGJu0t0v3TdqTMQG1I1hR7Cbn5OlyP96HxwH68qwadOpiqd31681Wq9WQXb9VpzRkMmCi3aRBA04VUO7SbORtNSXd535DUnrWL8DoEZw%2BAldXQbMANC9ANwtsx4epircyq2uRYQrCFEjSCtItb1efk%2BdnDl2t3ILkJ9cfLbyWjH9dALcFElvgY3VM0NP3x7dNTvZum9yR7zaSVEVqm5bu3UlpKp%2F46m25lRsr1lbc6MvXeUmU8PBd6dJ1GgsV9xz5elkJIe2qsVyS79fce5LdzNzmcmbjLFm%2F%2BcbqWpRY6Zwy8QRUnW78Ba6mpPLCs7Nn%2BdRPf0DZCWxWIMpOyEVAmSPwZAcumat3hsDqeQ9LPORZMbZ1Nj%2FUikDLeU1ZAfefms3x2NLyNlXFrruPnq2ApvcQRwUGtsBAF6B6BJctjNPEnlz%2F8fMyvgDTlTHTtrLHtNWfzZZc%2Fu5OyZVfmiX6AE6dVRu%2B6DAZyg6TzVYzlFywVov5POSsIbpdjtRNwytbL%2F8NAAD%2F%2FwEAAP%2F%2FEI8wVHoEAAA%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS2skVRS%2BNfYqbnwMboShGRAUpVPV7zjIYIyRYJzMw8HHRu6rOte%2BVbe4t6qrk1VwQGbZCze6qnydTFCD6A9wkE5gkKCY3khA8w9cCYNLqTbYeqDqfOd%2B58J3znc%2F3c3OSR0ZPVt5x2wrreliq%2BZXX3w%2FCK5V11WcDavDbvujdvNa1Q5eXWrX%2FJeqb0neN4t1P%2FD9wA%2Bqq8rK0AwXSxIqOVwKakt%2BrVmvBa0mhvb%2Ftcs8OOpBDM7JM1BiWjn2LkPxCeLo2xXp%2BqlJXnkzyjRNjcVAHNyN%2B7HJY0RzGFoPYXxw0Q3jTlcfwsT7M7kwg38bmZoS79FDsPjgQiTYYG%2Bmk2nIGEw8iXwwgdQTKDoBN%2FegxCkBuMCNDcTRgxvG5nTrH5aW7JRUHv8JlU9J5ffLiKNvlrUaVu8YnaXKxA7DsIAaTqB6EyTZEdLtS1D5EXj6CZT4mSw%2BXkcc7W04baBEMZtdqQlUOIGWI1DnISs%2F5SELPWSJh0icVXkQBB1fcOp3lzhviI5kbeEHtBMGNPDbXWS8lDdCmozA9Qjc7iCxO%2BirEWz2A9xmASc8uHRKvFs7GIgCuSTIHUFOCXJFkKcE%2BaDYF9rVXfFAaJex4CLXL3KjGJu0t0v3TdqTMQG1I1hR7Cbn5OlyP96HxwH68qwadOpiqd31681Wq9WQXb9VpzRkMmCi3aRBA04VUO7SbORtNSXd535DUnrWL8DoEZw%2BAldXQbMANC9ANwtsx4epircyq2uRYQrCFEjSCtItb1efk%2BdnDl2t3ILkJ9cfLbyWjH9dALcFElvgY3VM0NP3x7dNTvZum9yR7zaSVEVqm5bu3UlpKp%2F46m25lRsr1lbc6MvXeUmU8PBd6dJ1GgsV9xz5elkJIe2qsVyS79fce5LdzNzmcmbjLFm%2F%2BcbqWpRY6Zwy8QRUnW78Ba6mpPLCs7Nn%2BdRPf0DZCWxWIMpOyEVAmSPwZAcumat3hsDqeQ9LPORZMbZ1Nj%2FUikDLeU1ZAfefms3x2NLyNlXFrruPnq2ApvcQRwUGtsBAF6B6BJctjNPEnlz%2F8fMyvgDTlTHTtrLHtNWfzZZc%2Fu5OyZVfmiX6AE6dVRu%2B6DAZyg6TzVYzlFywVov5POSsIbpdjtRNwytbL%2F8NAAD%2F%2FwEAAP%2F%2FEI8wVHoEAAA%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 897f340f98a56e2f9ae64de1e6efa64f
Strict-Transport-Security: max-age=0; includeSubdomains

continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=118

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=118
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F2f%2F33%2F17%2F2f3317da28d2a6ed09610d2d267aa136%2F1648542458.html&l=2977&fd=118 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=be7acabe-01b7-43cf-89b4-e153b8822724:2:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2sk1Re%2BNb9e5bfxMbgRhmZAUJROVb%2FjIIMxRoJxMg8HHxu5r%2Bpc%2B1bd4t6qrk5WwQGZZS%2Fc6KrydTJBDaJ%2FgIN0AoMExfRGApp%2FwYUwuJTqCbYeqDrn3O9c%2BM733U93s3NSR0bPVt4x20prutiq%2BdUX3w%2BCa9V1FWfD6rDb%2FqjdvFa1g1eX2jX%2FpepbkvfNYt0PfD%2Fwg%2BqqsjI0w8UShEoOl4Lakl9r1mtBq4mh%2FW%2FvMg%2BOehCDc%2FIMlJhWjr3LUHyCOPp2Rbp%2BapJX3owyTVNjMRAHd%2BN%2BbPIY0bwMrYcwPriYhnGnqw9h4v0ZXZjBP4NMTYn36CFYfHBBEmywN%2BPJNGQMJv6PfDCB1BMoOgE396DEKQG4wI0NxNGDG8bmdOsJSkt0SiqP%2F4TKp6Ty%2B2XE0TfLWg2rd4zOUmVih2FYQA0nUL0JkuwI6fYlqPwIPP0ESvxMFh%2BvI472Npw2UKKY7a7UBCqcQMsRqPOQlZ%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsBbrOAEx5cOiXerR0MRIFcEuSOIKcEuSLIU4J8UOwL7equeCC0y1hwkesXuVGMTdrbpfsm7cmYgNoRrCh2k3PydKmP9%2BFxgL48qwadulhqd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWUuzRbeVtNSfe535CUnvULMHoEp4%2FA1VXQLADNC9DNAtvxYarirczqWmSYgjAFkrSCdMvb1efk%2BZlDVysfQPKT648WXkvGvy6A2wKJLfCxOibo6fvj2yYne7dN7sh3G0mqIrVNS%2FfupDSV%2F%2FvqbbmVGyvWVtzoy9d5CZTl4bvSpes0FiruOfL1shJC2lVjuSTfr7n3JLuZuc3lzMZZsn7zjdW1KLHSOWXiCag63fgLXE1J5YVnZ8%2FyqZ%2F%2BgLIT2KxAlJ2Qi4AyR%2BDJDlwyZ%2B8MgdXzGZZUkGfF2NbZ%2FFArAi3nPWUF3L96Nq%2FHlpa3qSp23X30bAU0vYc4KjCwBQa6ANUjuGxhnCb25PqPn5fxBZiujJm2lT2mrf6sFPlW%2Bbs7JVd%2BaT7R3KmzasMXHSZD2WGy2WqGkgvWajGfh5w1RLfLkbppeGXr5b8BAAD%2F%2FwEAAP%2F%2F1hgF23oEAAA%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
fizzysquirtbikes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2sk1Re%2BNb9e5bfxMbgRhmZAUJROVb%2FjIIMxRoJxMg8HHxu5r%2Bpc%2B1bd4t6qrk5WwQGZZS%2Fc6KrydTJBDaJ%2FgIN0AoMExfRGApp%2FwYUwuJTqCbYeqDrn3O9c%2BM733U93s3NSR0bPVt4x20prutiq%2BdUX3w%2BCa9V1FWfD6rDb%2FqjdvFa1g1eX2jX%2FpepbkvfNYt0PfD%2Fwg%2BqqsjI0w8UShEoOl4Lakl9r1mtBq4mh%2FW%2FvMg%2BOehCDc%2FIMlJhWjr3LUHyCOPp2Rbp%2BapJX3owyTVNjMRAHd%2BN%2BbPIY0bwMrYcwPriYhnGnqw9h4v0ZXZjBP4NMTYn36CFYfHBBEmywN%2BPJNGQMJv6PfDCB1BMoOgE396DEKQG4wI0NxNGDG8bmdOsJSkt0SiqP%2F4TKp6Ty%2B2XE0TfLWg2rd4zOUmVih2FYQA0nUL0JkuwI6fYlqPwIPP0ESvxMFh%2BvI472Npw2UKKY7a7UBCqcQMsRqPOQlZ%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsBbrOAEx5cOiXerR0MRIFcEuSOIKcEuSLIU4J8UOwL7equeCC0y1hwkesXuVGMTdrbpfsm7cmYgNoRrCh2k3PydKmP9%2BFxgL48qwadulhqd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWUuzRbeVtNSfe535CUnvULMHoEp4%2FA1VXQLADNC9DNAtvxYarirczqWmSYgjAFkrSCdMvb1efk%2BZlDVysfQPKT648WXkvGvy6A2wKJLfCxOibo6fvj2yYne7dN7sh3G0mqIrVNS%2FfupDSV%2F%2FvqbbmVGyvWVtzoy9d5CZTl4bvSpes0FiruOfL1shJC2lVjuSTfr7n3JLuZuc3lzMZZsn7zjdW1KLHSOWXiCag63fgLXE1J5YVnZ8%2FyqZ%2F%2BgLIT2KxAlJ2Qi4AyR%2BDJDlwyZ%2B8MgdXzGZZUkGfF2NbZ%2FFArAi3nPWUF3L96Nq%2FHlpa3qSp23X30bAU0vYc4KjCwBQa6ANUjuGxhnCb25PqPn5fxBZiujJm2lT2mrf6sFPlW%2Bbs7JVd%2BaT7R3KmzasMXHSZD2WGy2WqGkgvWajGfh5w1RLfLkbppeGXr5b8BAAD%2F%2FwEAAP%2F%2F1hgF23oEAAA%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectfizzysquirtbikes.com
Fingerprint55:F1:79:63:BE:D7:DF:F7:E9:B5:BE:26:15:C6:F5:F8:29:5E:52:BD
ValidityMon, 15 Apr 2024 08:39:03 GMT - Sun, 14 Jul 2024 08:39:02 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy2sk1Re%2BNb9e5bfxMbgRhmZAUJROVb%2FjIIMxRoJxMg8HHxu5r%2Bpc%2B1bd4t6qrk5WwQGZZS%2Fc6KrydTJBDaJ%2FgIN0AoMExfRGApp%2FwYUwuJTqCbYeqDrn3O9c%2BM733U93s3NSR0bPVt4x20prutiq%2BdUX3w%2BCa9V1FWfD6rDb%2FqjdvFa1g1eX2jX%2FpepbkvfNYt0PfD%2Fwg%2BqqsjI0w8UShEoOl4Lakl9r1mtBq4mh%2FW%2FvMg%2BOehCDc%2FIMlJhWjr3LUHyCOPp2Rbp%2BapJX3owyTVNjMRAHd%2BN%2BbPIY0bwMrYcwPriYhnGnqw9h4v0ZXZjBP4NMTYn36CFYfHBBEmywN%2BPJNGQMJv6PfDCB1BMoOgE396DEKQG4wI0NxNGDG8bmdOsJSkt0SiqP%2F4TKp6Ty%2B2XE0TfLWg2rd4zOUmVih2FYQA0nUL0JkuwI6fYlqPwIPP0ESvxMFh%2BvI472Npw2UKKY7a7UBCqcQMsRqPOQlZ%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsBbrOAEx5cOiXerR0MRIFcEuSOIKcEuSLIU4J8UOwL7equeCC0y1hwkesXuVGMTdrbpfsm7cmYgNoRrCh2k3PydKmP9%2BFxgL48qwadulhqd%2F16s9VqNWTXb9UpDZkMmGg3adCAUwWUuzRbeVtNSfe535CUnvULMHoEp4%2FA1VXQLADNC9DNAtvxYarirczqWmSYgjAFkrSCdMvb1efk%2BZlDVysfQPKT648WXkvGvy6A2wKJLfCxOibo6fvj2yYne7dN7sh3G0mqIrVNS%2FfupDSV%2F%2FvqbbmVGyvWVtzoy9d5CZTl4bvSpes0FiruOfL1shJC2lVjuSTfr7n3JLuZuc3lzMZZsn7zjdW1KLHSOWXiCag63fgLXE1J5YVnZ8%2FyqZ%2F%2BgLIT2KxAlJ2Qi4AyR%2BDJDlwyZ%2B8MgdXzGZZUkGfF2NbZ%2FFArAi3nPWUF3L96Nq%2FHlpa3qSp23X30bAU0vYc4KjCwBQa6ANUjuGxhnCb25PqPn5fxBZiujJm2lT2mrf6sFPlW%2Bbs7JVd%2BaT7R3KmzasMXHSZD2WGy2WqGkgvWajGfh5w1RLfLkbppeGXr5b8BAAD%2F%2FwEAAP%2F%2F1hgF23oEAAA%3D HTTP/1.1
Host: fizzysquirtbikes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229329,2229333,2019380,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 82689096dec996515392315cd32c6a15
Strict-Transport-Security: max-age=0; includeSubdomains

bitly.ws/gfx/favicon.png

185.11.100.204

200 OK

2.0 kB

URL GET HTTP/2
bitly.ws/gfx/favicon.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectbitly.ws
FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55
ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced
Size
2.0 kB (1973 bytes)
Hash
549c8f6c3f6b1340852212e7c784d187
e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc
00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590

HTTP Headers

GET /gfx/favicon.png HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1713273131.1.0.1713273131.0.0.0; _ga=GA1.1.744718230.1713273131; dom3ic8zudi28v8lr6fgphwffqoz0j6c=be7acabe-01b7-43cf-89b4-e153b8822724%3A2%3A1; sb_main_33ce9e99c1bfce9eb2d48a915db5624c=1; sb_count_33ce9e99c1bfce9eb2d48a915db5624c=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=fizzysquirtbikes.com; pbpr0tpuw4isk85t8yg3jb2lj5vqf=continuousselfevidentinestimable.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Wed, 16 Apr 2025 13:12:12 GMT
content-type: image/png
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png

188.114.97.1

200 OK

6.0 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/img/close.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/chat/mob/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 21 Feb 2022 08:25:06 GMT
etag: "62134c62-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5353136
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PpLGnaxM1lmMfdWh8IW65bB8RCw9UDbJSEGteOB3G6BpVXQtrpiccZv5P3JiXjo3pvN4yBY2rsF9PA9Mjl3Vzt9ok0mpN%2FyZzmbsZ1Y1oiTSQGV2qPzzpTtrU9djUjlKt2D0wO9SCvkm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546cf6894e56b5-OSL
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png

45.133.44.10

200 OK

14 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
14 kB (14496 bytes)
Hash
962ac416cce3fad636d4904386c8d3d4
811166fceb971353dc6a9ea3a153367f20b47592
ec6c8e1c030499a846897265d0c1f66dedc6ece17c1ea6006b700faf37e73555

HTTP Headers

GET /si/52/3a/8c/523a8ce104cfc3373cd17ab1c0e5131b/1701651901.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/png
content-length: 14496
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:05:10 GMT
etag: "656d25c6-38a0"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=62

192.243.61.227

0 B

URL
continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=62
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fstyle.css&l=4617&fd=62 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; iprcf212593b2426fb1745fc7607e77dfd81=3569806; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js

188.114.97.1

200 OK

32 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/jquery.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
32 kB (31963 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/chat/mob/ssp/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:09 GMT
etag: W/"62134c65-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4083788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEN4rE16p9kDfKLPeKWd15AVAg4hSBToBfWqGZmfgL%2B%2FeFHMkmb4B%2BhXJse%2FUwdcJFaa7IMTa4R96nEESi3oDhDAj9F6EzvdTB2VhFQ3qTIfvRfwTa9hg3GbtptJUxIxnSjzjsK3nOHt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546cf6996756b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html

45.133.44.4

63 kB

URL
cdn.barscreative1.com/sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html
IP
45.133.44.4:0
ASN
#39572 DataWeb Global Group B.V.

File type
gzip compressed data, from Unix
Size
63 kB (62700 bytes)
Hash
ab85756115ce043ef7bac06c1e1ffab1
c023d3ec4ec1e6cf50814a7faa4fddd11a128ad8
ad0f7e4cd42ac58deba00ddcdccef53976e74d1375faa3d818d6be0fa64f949d

HTTP Headers

GET /sb/au/2f/33/17/2f3317da28d2a6ed09610d2d267aa136/1648542458.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:42 GMT
etag: W/"6242c2fe-ba1"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 16 Apr 2024 14:12:12 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css

188.114.97.1

200 OK

5.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/animate.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
5.3 kB (5332 bytes)
Hash
fc638645a938f69e69360c75335ffd1a
143132fb8361c3ad0acf88cb70bf0b07c0ecc2d4
7ef76aab275d0221c68602d18f81b4285b280756f0f71d535ed8b5b889bc2f90

HTTP Headers

GET /sb/chat/mob/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 9782
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qz7dTc2g74QHgjMsTkXJG9u%2B1YAu9jIjlBjnB65DaBYemxt%2Be%2FmGg%2BF%2Br4vTtSrSn5GKDB5KOQQVJLbvJ7n94bX%2Ful4KBWc9ra8Z3ikbibfNdbFf%2BkHG1JJZ3hCHucS7SmOKxnc9uoNa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546cf5afa9b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.10

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Thu, 18 Apr 2024 13:12:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.74

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1189 bytes)
Hash
34751f46ef42cd84b1388f891bb6d119
dadd5896194d49c12ddc1842eff042364daa818b
6004d5184f346f505ace5a011399d0a7ca9b32699758a609a59d1297fcd174a5

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 13:12:12 GMT
date: Tue, 16 Apr 2024 13:12:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=133

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=133
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fjs%2Fscript.js&l=382&fd=133 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; iprcf212593b2426fb1745fc7607e77dfd81=3569806; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:37:01 GMT
expires: Fri, 11 Apr 2025 02:37:01 GMT
cache-control: public, max-age=31536000
age: 470111
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

continuousselfevidentinestimable.com/pixel/sbs?c=1

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/pixel/sbs?c=1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; iprcf212593b2426fb1745fc7607e77dfd81=3569806; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

continuousselfevidentinestimable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuuns3tBz9QFi%2BLMoiHFTaT7vk%2F7mFxjZFg3Cy7K4oXqX89Kae6q6nqnp4EhOCC7HHwE3SeSTaoQXavgotMAh4Cwo6ngObiN1DYs%2FQ4OPoe6n3eet6C532f%2BvIguyR1ZPRi%2FQOzp7Sma62aX73%2BcRDcrG6pOBtVR932p%2B3mzaodvtVr1%2Fw3q%2B9JPjBrdT%2Fw%2FcAPqhvKytCM1koSKjnpBbWeX2vWa0GriZH9b%2B0yD456EMNL8jKUmK2ceVeh%2BBRx9GRdukFqkhvvRpmmqbEYiuMP40Fs8hjREobWQxgfL7ph3PONZzDx0VwuzPCfRqZmxPvpGVh8vBAJNjyc62QaMgYT%2F0M%2BnELqKRSdgpuHUOI5AbjAnW3E0eM7xuZ092%2BWluyMrLz4EyqfkZXfriKOvrut1ah63%2BgsVSZ2GIUF1GgK1Z8iyU6R7lWg8lPw9Aso8TNZe7GFODrcdtpAiYs3mOxQTplc9QPWWW02eLja7bHmqgxaDdbt1uudenO%2BIKWmUOEUWo5BXQWZ85ApD1noIUs8ROKiyoMg6PiCU7%2Fb47whOpK1hR%2FQThjQwG93kfFyhjHSZAyux%2BB2H4ndx0CNYbMf4XYKOOHBpQRDUSCXBLkjyClBrgjylCAfFkdCu7orHgvtMhYscn2RG8XEpP0DemTSvowJqB3DiuIguSQvlQv0Pjn7HAN5UW00uOzJXo8HLCwRq4tml%2FaClmCtdr3J4VQB5SqgzsOempHuK78iKU0dFGD0FE6fgqvXQbNXQfMCdKfAXnySqng3s7oWGaYgTIEkXUG66x3oS3JtbuHm9hNIfn7r98Y8wG2BxBb4TJ0R9PWjyT2Tk8N7Jnfk6XaSqkjt0dLe%2BylN5ZVv3pe7ubFic92Nv36bl0QJTx5Il27RWKi478i3t5UQ0m4YyyX5YdN9JNndzO3czmycJVt339nYjBIrnVMmnoKWQ%2F1hwdWM%2FP%2Fag%2FnPvf79NpSdwmYFouycLALKTMGTfbhkqd8ZAquXPSzxkGfFxNbZ8lIrAi2XNWUF3L9qtsQTS8vXVBUH7hH6tgKaPkQcFRjaAkNdgOoxXHZlkib2%2FNYvCxlMVyZM28oh01Z%2FNV9zeTyFUxfVhi86TIayw2Sz1QwlF6zVYj4POWuIbpcjdbPwtd0bfwEAAP%2F%2FAQAA%2F%2F9zFKbQkwQAAA%3D%3D

192.243.61.227

200 OK

7 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuuns3tBz9QFi%2BLMoiHFTaT7vk%2F7mFxjZFg3Cy7K4oXqX89Kae6q6nqnp4EhOCC7HHwE3SeSTaoQXavgotMAh4Cwo6ngObiN1DYs%2FQ4OPoe6n3eet6C532f%2BvIguyR1ZPRi%2FQOzp7Sma62aX73%2BcRDcrG6pOBtVR932p%2B3mzaodvtVr1%2Fw3q%2B9JPjBrdT%2Fw%2FcAPqhvKytCM1koSKjnpBbWeX2vWa0GriZH9b%2B0yD456EMNL8jKUmK2ceVeh%2BBRx9GRdukFqkhvvRpmmqbEYiuMP40Fs8hjREobWQxgfL7ph3PONZzDx0VwuzPCfRqZmxPvpGVh8vBAJNjyc62QaMgYT%2F0M%2BnELqKRSdgpuHUOI5AbjAnW3E0eM7xuZ092%2BWluyMrLz4EyqfkZXfriKOvrut1ah63%2BgsVSZ2GIUF1GgK1Z8iyU6R7lWg8lPw9Aso8TNZe7GFODrcdtpAiYs3mOxQTplc9QPWWW02eLja7bHmqgxaDdbt1uudenO%2BIKWmUOEUWo5BXQWZ85ApD1noIUs8ROKiyoMg6PiCU7%2Fb47whOpK1hR%2FQThjQwG93kfFyhjHSZAyux%2BB2H4ndx0CNYbMf4XYKOOHBpQRDUSCXBLkjyClBrgjylCAfFkdCu7orHgvtMhYscn2RG8XEpP0DemTSvowJqB3DiuIguSQvlQv0Pjn7HAN5UW00uOzJXo8HLCwRq4tml%2FaClmCtdr3J4VQB5SqgzsOempHuK78iKU0dFGD0FE6fgqvXQbNXQfMCdKfAXnySqng3s7oWGaYgTIEkXUG66x3oS3JtbuHm9hNIfn7r98Y8wG2BxBb4TJ0R9PWjyT2Tk8N7Jnfk6XaSqkjt0dLe%2BylN5ZVv3pe7ubFic92Nv36bl0QJTx5Il27RWKi478i3t5UQ0m4YyyX5YdN9JNndzO3czmycJVt339nYjBIrnVMmnoKWQ%2F1hwdWM%2FP%2Fag%2FnPvf79NpSdwmYFouycLALKTMGTfbhkqd8ZAquXPSzxkGfFxNbZ8lIrAi2XNWUF3L9qtsQTS8vXVBUH7hH6tgKaPkQcFRjaAkNdgOoxXHZlkib2%2FNYvCxlMVyZM28oh01Z%2FNV9zeTyFUxfVhi86TIayw2Sz1QwlF6zVYj4POWuIbpcjdbPwtd0bfwEAAP%2F%2FAQAA%2F%2F9zFKbQkwQAAA%3D%3D
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuuns3tBz9QFi%2BLMoiHFTaT7vk%2F7mFxjZFg3Cy7K4oXqX89Kae6q6nqnp4EhOCC7HHwE3SeSTaoQXavgotMAh4Cwo6ngObiN1DYs%2FQ4OPoe6n3eet6C532f%2BvIguyR1ZPRi%2FQOzp7Sma62aX73%2BcRDcrG6pOBtVR932p%2B3mzaodvtVr1%2Fw3q%2B9JPjBrdT%2Fw%2FcAPqhvKytCM1koSKjnpBbWeX2vWa0GriZH9b%2B0yD456EMNL8jKUmK2ceVeh%2BBRx9GRdukFqkhvvRpmmqbEYiuMP40Fs8hjREobWQxgfL7ph3PONZzDx0VwuzPCfRqZmxPvpGVh8vBAJNjyc62QaMgYT%2F0M%2BnELqKRSdgpuHUOI5AbjAnW3E0eM7xuZ092%2BWluyMrLz4EyqfkZXfriKOvrut1ah63%2BgsVSZ2GIUF1GgK1Z8iyU6R7lWg8lPw9Aso8TNZe7GFODrcdtpAiYs3mOxQTplc9QPWWW02eLja7bHmqgxaDdbt1uudenO%2BIKWmUOEUWo5BXQWZ85ApD1noIUs8ROKiyoMg6PiCU7%2Fb47whOpK1hR%2FQThjQwG93kfFyhjHSZAyux%2BB2H4ndx0CNYbMf4XYKOOHBpQRDUSCXBLkjyClBrgjylCAfFkdCu7orHgvtMhYscn2RG8XEpP0DemTSvowJqB3DiuIguSQvlQv0Pjn7HAN5UW00uOzJXo8HLCwRq4tml%2FaClmCtdr3J4VQB5SqgzsOempHuK78iKU0dFGD0FE6fgqvXQbNXQfMCdKfAXnySqng3s7oWGaYgTIEkXUG66x3oS3JtbuHm9hNIfn7r98Y8wG2BxBb4TJ0R9PWjyT2Tk8N7Jnfk6XaSqkjt0dLe%2BylN5ZVv3pe7ubFic92Nv36bl0QJTx5Il27RWKi478i3t5UQ0m4YyyX5YdN9JNndzO3czmycJVt339nYjBIrnVMmnoKWQ%2F1hwdWM%2FP%2Fag%2FnPvf79NpSdwmYFouycLALKTMGTfbhkqd8ZAquXPSzxkGfFxNbZ8lIrAi2XNWUF3L9qtsQTS8vXVBUH7hH6tgKaPkQcFRjaAkNdgOoxXHZlkib2%2FNYvCxlMVyZM28oh01Z%2FNV9zeTyFUxfVhi86TIayw2Sz1QwlF6zVYj4POWuIbpcjdbPwtd0bfwEAAP%2F%2FAQAA%2F%2F9zFKbQkwQAAA%3D%3D HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; iprcf212593b2426fb1745fc7607e77dfd81=3569806; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91451ad0ad70ee367df2722c49c566ef
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 8741
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/f/AGSKWxXVjcGFfeWIqAnxtj2flr1dclWay0foX_cX2qRW_FLDVLecXitbgnmaNGP1zcYZKHOSpd9Aw2Qr-aWpAjYo8H8NSEWrKQvf3Sm1Yx8RreejVz6DevES4E4D5bv_AKI1bUB55XP4Uw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjczMTMyLDc4MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0

216.58.211.14

200 OK

60 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/f/AGSKWxXVjcGFfeWIqAnxtj2flr1dclWay0foX_cX2qRW_FLDVLecXitbgnmaNGP1zcYZKHOSpd9Aw2Qr-aWpAjYo8H8NSEWrKQvf3Sm1Yx8RreejVz6DevES4E4D5bv_AKI1bUB55XP4Uw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjczMTMyLDc4MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type
gzip compressed data, max compression
Size
60 kB (59756 bytes)
Hash
e866495e92512c80d55f0ce86e389796
b3d0be9305d4b352fd4939d2577687e8266342e3
0715a9b4296603c9bb2e916ac9cd44458899df21d7f2324ab1b462e53bb414ad

HTTP Headers

GET /f/AGSKWxXVjcGFfeWIqAnxtj2flr1dclWay0foX_cX2qRW_FLDVLecXitbgnmaNGP1zcYZKHOSpd9Aw2Qr-aWpAjYo8H8NSEWrKQvf3Sm1Yx8RreejVz6DevES4E4D5bv_AKI1bUB55XP4Uw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjczMTMyLDc4MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9iaXRseS53cy8iLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Apr 2024 13:12:12 GMT
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'nonce-LOKM2xDG5P-8WzDDdHlM4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmLw1JBiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZALPH1JZMWEMc8n86aAsRO6TNYQ4DYp34GaxwQt948xzodiE8uOM96EYiT_51nLQViIR6ONZ9-bmATuPFx_SFmAAIjMQY"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 18461
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.74

54 kB

URL
fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
54 kB (53803 bytes)
Hash
3bdd4fbdb93b4b7cbadcf2ba7d351fbf
2d00729f8b567ef117eba8531deec4d6752d0a57
6a2eb030769985939aa0e8bc8ba40edccc6aa1d9471a3ef51b5ccd3567454b4d

HTTP Headers

GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 13:12:13 GMT
date: Tue, 16 Apr 2024 13:12:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

142.250.74.163

200 OK

128 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 02:40:02 GMT
expires: Fri, 11 Apr 2025 02:40:02 GMT
cache-control: public, max-age=31536000
age: 469931
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/el/AGSKWxWeLx-acqWKNTTlb_T_MOlaKtXmCdzaV9G7gsW5BHqAAbbNPZ0cQkPbRPR6eCc8-wEwA1lKZgGt28bE2TGw3xD41hk-ntljvlhDMEq4zzLwGTKmkLZsbxVAYZecKz5d-ruY2w0cWA==

216.58.211.14

0 B

URL
fundingchoicesmessages.google.com/el/AGSKWxWeLx-acqWKNTTlb_T_MOlaKtXmCdzaV9G7gsW5BHqAAbbNPZ0cQkPbRPR6eCc8-wEwA1lKZgGt28bE2TGw3xD41hk-ntljvlhDMEq4zzLwGTKmkLZsbxVAYZecKz5d-ruY2w0cWA==
IP
216.58.211.14:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxWeLx-acqWKNTTlb_T_MOlaKtXmCdzaV9G7gsW5BHqAAbbNPZ0cQkPbRPR6eCc8-wEwA1lKZgGt28bE2TGw3xD41hk-ntljvlhDMEq4zzLwGTKmkLZsbxVAYZecKz5d-ruY2w0cWA== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 92
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://bitly.ws
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Apr 2024 13:12:13 GMT
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-ldL989zfIEfG4S3yRGNX2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII0JBiqGV4xtQKxE7pM1hDgFiIm2Ptp58b2AQa5t-oAAC9kgxl"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

unseenreport.com/pxf.gif?uuid=be7acabe-01b7-43cf-89b4-e153b8822724&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.61.225

1 B

URL
unseenreport.com/pxf.gif?uuid=be7acabe-01b7-43cf-89b4-e153b8822724&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=be7acabe-01b7-43cf-89b4-e153b8822724&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=33ce9e99c1bfce9eb2d48a915db5624c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dff97ee1d97186f6ab1251928192c098
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=be7acabe-01b7-43cf-89b4-e153b8822724&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=be7acabe-01b7-43cf-89b4-e153b8822724&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=be7acabe-01b7-43cf-89b4-e153b8822724&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23251ecdec9f5cefd8aeca45294392fc
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:11 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ac2b9d582dab6d255b153234a36b16c2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 16 Apr 2024 13:12:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dZNkqiCKkniqkgZi3a3gia6i4Qa%2BBKqte%2BD2ie%2BsSW0CmAq5AxchXgPtIj7IHEcSW0RHpScK1dO%2FTLnXiJyPJjFl8S11QuwNKP7fX18ePddfSVioeRH0ymKKk6LVMOoiuLmkddvrgWxaa1m5afjIsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546cf08d1056c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css

188.114.97.1

200 OK

4.6 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/chat/mob/ssp/1/css/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (4886), with no line terminators
Size
4.6 kB (4617 bytes)
Hash
1230b98f01a549572edcd2bf3bdcb4ad
ac87a2a752ffb8b5167566183fddd531d7971be9
9a2954fc66ebbb9adf18c2ea4403d2a0a5dedf2928f9905e1fc656f5dc1b208d

HTTP Headers

GET /sb/chat/mob/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 08:25:04 GMT
etag: W/"62134c60-1209"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 9782
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGPlCCmCKoqD76M4SQYw6kHsq2HcKwHjv5SOBG9344kBr1LwIGNJc7IXE6U3WzkmbIKKoKhP2abYGLUX5JJ0ktPY0P7GYyqSAFF2wPkX0YfBULIGzrtExNh6gfdf1tBwGelFpV4kudC7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546cf5afaeb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2

185.11.100.204

302 Moved Temporarily

14 kB

URL User Request GET HTTP/1.1
mp.org.pl/yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2
IP
185.11.100.204:80
ASN
#29522 Cyber_Folks S.A.

File type

Size
14 kB (14364 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /yt-redirect.php?banurl=https://eldestsink.com/0/0/0/8ec4a12f7972343e6f64251b656bdebc/wwws/3003/bbe2 HTTP/1.1
Host: mp.org.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
date: Tue, 16 Apr 2024 13:12:10 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://bitly.ws?banned=1
cache-control: max-age=0
expires: Tue, 16 Apr 2024 13:12:10 GMT
content-length: 0
content-type: text/html

cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js

188.114.97.1

200 OK

382 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/chat/mob/ssp/1/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (411), with no line terminators
Size
382 B (382 bytes)
Hash
9ffae600059bf4e6adb35ebb274ae385
6130e466c04551baa2a5d650e6bd5a87daba73a7
a7d15e051fb3d3c31494683306bb7752478354894825b110d26d333cbeaaeb39

HTTP Headers

GET /sb/chat/mob/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitly.ws
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 13:12:12 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 08:25:08 GMT
etag: W/"62134c64-17e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 9782
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JMpZ5K4mPGSIkH5SM%2BosNI8tsaaXRgxdhgR4n3T5JzyMl%2FjqrneuzkBpjb5QUR1F18MjdjdI5x2XSQeZr%2FNXCnGILmHnfoxUAlKAt7EO6gJpl4YaUC0WVX%2FmMeQ5DnD5sqjnXij4ePvP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87546cf7ab0d56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1

216.58.211.14

200 OK

184 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D
ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT

File type
JavaScript source, ASCII text, with very long lines (2607)
Size
184 kB (184215 bytes)
Hash
8eb48b2c6fa090ef91aaf4f384f17622
1a5d72f167796c9d18574a2c162dfbd389175581
aaf64858d92a9d06539c4ccf8aef87e9bc1ed47412c6f7c153394f5aef129b38

HTTP Headers

GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 16 Apr 2024 13:12:12 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'nonce-0cv8KaKxYpnrgcvYzv1hJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw1ZBiOHnrNtNFID7vdIfpOhDXMjxjagViA43nTBZALPH1JZMWEMc8n86aAsRO6TNYQ4DYp34GaxwQt948xzodiE8uOM96EYiT_51nLQViIR6ONZ9-bmATeLF_xTwmAABtMLY"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=64

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
continuousselfevidentinestimable.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=64
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bitly.ws/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcontinuousselfevidentinestimable.com
Fingerprint1F:F4:36:85:7F:D7:60:BF:21:DA:52:FF:00:60:97:80:4B:6D:0D:3A
ValidityMon, 15 Apr 2024 12:20:33 GMT - Sun, 14 Jul 2024 12:20:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fchat%2Fmob%2Fssp%2F1%2Fcss%2Fanimate.css&l=79313&fd=64 HTTP/1.1
Host: continuousselfevidentinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bitly.ws/
Cookie: u_pl=22725757; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iaXRseS53cy8_YmFubmVkPTEiLCJhciI6W119fQ.Q5oEoAi0jHIRal5wmiio7A2AWY1CJDu_yEmfZqrhrOs; uid_id2=0ec8dd2c-b216-48a3-a4af-511aed11ec78:3:1; iprc2d6e605be25fedaa7eabdabafff861e4=3570421; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; pdhtkv29=true; uncs29=1; iprcf212593b2426fb1745fc7607e77dfd81=3569806; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 16 Apr 2024 13:12:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash