Report - pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead

Report Overview

Visited public
2025-05-06 19:12:51
Tags
URL
pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead
Finishing URL
arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
IP / ASN
172.67.176.182
#13335 CLOUDFLARENET
Title
Press Allow

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
arrowhurt.xyz	91802	unknown	No data	No data	1.5 kB	24 kB	104.21.80.1
api-un.unative.com	297644	unknown	No data	No data	1.1 kB	1.5 kB	162.55.0.219
tr-un.unative.com	86814	unknown	No data	No data	1.2 kB	1.0 kB	162.55.0.220
sdk.unative.com	468198	unknown	No data	No data	846 B	201 kB	185.76.9.27
pstopp.com	unknown	unknown	No data	No data	2.5 kB	8.7 kB	0.0.0.0
trcpo.com	unknown	unknown	No data	No data	1.2 kB	10 kB	162.55.127.182

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-06	medium	pstopp.com	Sinkholed
2025-05-06	medium	trcpo.com	Sinkholed
2025-05-06	medium	arrowhurt.xyz	Sinkholed
2025-05-06	medium	arrowhurt.xyz	Sinkholed
2025-05-06	medium	pstopp.com	Sinkholed
2025-05-06	medium	arrowhurt.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead	ScriptElement	5.1 kB	2025-05-06	2025-05-06
Pretty URL pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead IP 104.21.35.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-06 19:13 Last Seen2025-05-06 19:13 Times Seen1 Hash 4bba76a052c851fadb949dd7ef7870a7 83d2a5f04c53c374b979501c446ff4816a3c839c 3a7fd7031bbe4701b4d94cd256dce2482413104fec7848e421e8bb0acff77e76 Loading...

	arrowhurt.xyz/js/pop-sdk.js	ScriptElement	4.9 kB	2023-03-07	2025-05-13
Pretty URL arrowhurt.xyz/js/pop-sdk.js IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen727 Hash 7a3b88db9f1e69e84da82f3ecf466391 aab94e786ce955f7918fd7d2ad1a9f8171dae983 68fc8807e968efa891db5b096b21d7cc998884bdf7cf5e8adfa127fdaf325990 Loading...

	arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee	ScriptElement	194 B	2023-03-07	2025-05-13
Pretty URL arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen728 Hash 3b5180c6b40a05834adcf70f79126ff7 56e95ceaeb30721ac37b03d146e6dbe61e8ceef2 0d37e64b6af711e8dd4220494fc6f815ec195deb0c6b6eff8069c375d33b57c2 Loading...

	arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee	ScriptElement	287 B	2023-03-07	2025-05-13
Pretty URL arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen728 Hash c934abd066517412e5d532beacebc859 1cc6cce5f531d681cfe5324c359fd2c1ee8cb7d9 7b07990e30e037893895c1ff79790f4bab49744e5afc0ba01f6fa5450edea4ec Loading...

	sdk.unative.com/UNativeSDK.js	ScriptElement	17 kB	2023-03-07	2025-05-13
Pretty URL sdk.unative.com/UNativeSDK.js IP 185.76.9.27 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen779 Hash 647c17795b88ec6b0432e10ebebbce67 ae012902de61b37343ed3288b65e07a4f94edb31 12f3ffc2bef3ae11d82ec74d1c21eaf9d7ee389d320b85d8fb00b666a6eefa2c Loading...

	sdk.unative.com/UNativePageSDKES6.js?v=150706	ScriptElement	183 kB	2023-05-07	2025-05-13
Pretty URL sdk.unative.com/UNativePageSDKES6.js?v=150706 IP 185.76.9.27 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-07 17:04 Last Seen2025-05-13 18:05 Times Seen779 Hash b3332c141ef65c70ffcb6c233261d49e 64340ed0e6f5ed9cefd865ab49b93b5b16e9dc53 2d97792c95b1c337e75917308f9da48c3497c1896cc3039106bf343b2f14d3b8 Loading...

HTTP Transactions (12)

URL IP Response Size

sdk.unative.com/UNativePageSDKES6.js?v=150706

185.76.9.27

200 OK

183 kB

URL GET
sdk.unative.com/UNativePageSDKES6.js?v=150706
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subject1058678020.rsc.cdn77.org
Fingerprint84:DC:F0:8F:29:81:15:83:57:FF:C0:E4:0B:E0:D0:F8:41:3B:63:A0
ValiditySun, 09 Mar 2025 12:49:09 GMT - Sat, 07 Jun 2025 12:49:08 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Size
183 kB (182707 bytes)
Hash
b3332c141ef65c70ffcb6c233261d49e
64340ed0e6f5ed9cefd865ab49b93b5b16e9dc53
2d97792c95b1c337e75917308f9da48c3497c1896cc3039106bf343b2f14d3b8

HTTP Headers

GET /UNativePageSDKES6.js?v=150706 HTTP/1.1
Host: sdk.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 19:12:19 GMT
content-type: application/x-javascript
last-modified: Thu, 27 Apr 2023 15:05:30 GMT
etag: W/"2c9b3-5fa52affcd6e3"
vary: Accept-Encoding
x-77-nzt: EwwBuUwJGwH3HccFAAwBuUwKDAH39tsDAAwBJRPCLgG3DqEIAA
x-77-nzt-ray: fdb5412393d31282135f1a68bbbb8234
x-77-cache: HIT
x-77-age: 378653
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

pstopp.com/favicon.ico

0.0.0.0

0 B

URL GET
pstopp.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead
Certificate
IssuerGoogle Trust Services
Subjectpstopp.com
FingerprintED:7F:56:13:FF:3A:11:A4:12:AC:F0:67:42:F7:69:6A:32:BD:72:98
ValidityFri, 14 Mar 2025 09:31:09 GMT - Thu, 12 Jun 2025 10:29:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pstopp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead

162.55.127.182

302

10 kB

URL User Request GET
trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead
IP
162.55.127.182:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecttrcpo.com
FingerprintD0:15:FF:D4:2E:76:82:BE:8B:20:F5:C6:D0:ED:99:21:AE:C9:6E:ED
ValiditySat, 08 Mar 2025 08:07:08 GMT - Fri, 06 Jun 2025 08:07:07 GMT

File type

Size
10 kB (10019 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead HTTP/1.1
Host: trcpo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
location: https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-length: 0
date: Tue, 06 May 2025 19:12:19 GMT

arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee

104.21.80.1

200 OK

10 kB

URL User Request GET
arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectarrowhurt.xyz
Fingerprint4B:74:AC:FE:16:49:69:0D:52:38:C2:61:F2:9F:E6:85:FD:2F:4C:87
ValidityWed, 30 Apr 2025 03:20:53 GMT - Tue, 29 Jul 2025 04:18:19 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5305)
Size
10 kB (10019 bytes)
Hash
0cf8f3558db55a5f4187958734c2622d
b056e03455c3c5cdcbba0770e8ef40a1f1fb9576
b23bab9d1ba59a16db8660cd2ab16d6c97300a87baad8e773d6d893000fec461

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: arrowhurt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 19:12:19 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=taM1gj%2FMOuHKFfDOtb8h2z8W5hh4Myjktlybh18%2FKkytaOGpGIqlZRFi03fHCGjxOKFonkO%2FsSMlFemCrxWfCPtk%2BW4GVW3dCSTo6MqGX%2BA3dL47fKFFxmbwo%2FlNNTr6"}]}
last-modified: Mon, 05 Dec 2022 19:58:48 GMT
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93bac9d909d4fe9b-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

arrowhurt.xyz/js/pop-sdk.js

104.21.80.1

200 OK

4.9 kB

URL GET
arrowhurt.xyz/js/pop-sdk.js
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerGoogle Trust Services
Subjectarrowhurt.xyz
Fingerprint4B:74:AC:FE:16:49:69:0D:52:38:C2:61:F2:9F:E6:85:FD:2F:4C:87
ValidityWed, 30 Apr 2025 03:20:53 GMT - Tue, 29 Jul 2025 04:18:19 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
4.9 kB (4899 bytes)
Hash
7a3b88db9f1e69e84da82f3ecf466391
aab94e786ce955f7918fd7d2ad1a9f8171dae983
68fc8807e968efa891db5b096b21d7cc998884bdf7cf5e8adfa127fdaf325990

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/pop-sdk.js HTTP/1.1
Host: arrowhurt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 19:12:19 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QAHR6GpCMxIgv4lMlKUt85f8HGc90BhphPz6hG%2FPy9s5pazht1KIhHaKU9zxWkl2XcrvhyfAQ2yeiqGZavYC6UmwpfEXp5uhSxx8yXzArwORYT%2FZjQEtz9eBPcSYH%2Ftx"}],"group":"cf-nel","max_age":604800}
etag: W/"4899-1670270328000"
last-modified: Mon, 05 Dec 2022 19:58:48 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1246
content-encoding: br
cf-ray: 93bac9da3bb3d8d0-AMS
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22423&min_rtt=22080&rtt_var=8967&sent=11&recv=6&lost=0&retrans=0&sent_bytes=3719&recv_bytes=1113&delivery_rate=21372&cwnd=12000&unsent_bytes=0&cid=7fc24ee98058e2f2&ts=127&x=16"

api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.219

200

18 B

URL OPTIONS
api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
FingerprintDB:4F:14:CD:96:E1:B9:A8:E4:8D:00:6E:92:00:B8:CA:FF:BA:ED:68
ValidityThu, 01 May 2025 10:59:04 GMT - Wed, 30 Jul 2025 10:59:03 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
cc7fd95a87ea3721ce1853bf3c4dd75e
7f687f7881adf0fc407378d375a61b8f198c0912
0f06a4c8d34690d4e42c81f232a5bdfe9fcbde8a54b5ccd0609a313e90da0879

HTTP Headers

OPTIONS /p/w/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: api-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,sdk-version
Referer: https://arrowhurt.xyz/
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
allow: HEAD,GET,OPTIONS
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
access-control-allow-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
content-type: text/plain;charset=UTF-8
content-length: 18
date: Tue, 06 May 2025 19:12:20 GMT

tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.220

200

0 B

URL GET
tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.220:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
FingerprintDB:4F:14:CD:96:E1:B9:A8:E4:8D:00:6E:92:00:B8:CA:FF:BA:ED:68
ValidityThu, 01 May 2025 10:59:04 GMT - Wed, 30 Jul 2025 10:59:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: tr-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://arrowhurt.xyz/
content-type: application/json;charset=UTF-8
sdk-version: unative/web/150706
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-length: 0
date: Tue, 06 May 2025 19:12:20 GMT

api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.219

200

429 B

URL GET
api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
FingerprintDB:4F:14:CD:96:E1:B9:A8:E4:8D:00:6E:92:00:B8:CA:FF:BA:ED:68
ValidityThu, 01 May 2025 10:59:04 GMT - Wed, 30 Jul 2025 10:59:03 GMT

File type
JSON text data
Size
429 B (429 bytes)
Hash
aa5bf976f2cec3161a2fd92593ff63cc
d064b8b81676a9893437b890c927433415a1fe4e
22b9c3b2a424da9ba78986be4baca36b4334241398812cabc44b71af5d1dd7c1

HTTP Headers

GET /p/w/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: api-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://arrowhurt.xyz/
content-type: application/json;charset=UTF-8
sdk-version: unative/web/150706
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-type: application/json;charset=UTF-8
content-length: 429
date: Tue, 06 May 2025 19:12:20 GMT

pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead

104.21.35.146

200 OK

8.0 kB

URL User Request GET
pstopp.com/r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead
IP
104.21.35.146:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpstopp.com
FingerprintED:7F:56:13:FF:3A:11:A4:12:AC:F0:67:42:F7:69:6A:32:BD:72:98
ValidityFri, 14 Mar 2025 09:31:09 GMT - Thu, 12 Jun 2025 10:29:24 GMT

File type
HTML document, ASCII text, with very long lines (817)
Size
8.0 kB (8043 bytes)
Hash
0a1631e8e6a0e4fcbe6fa8f6179bab87
f81c183856f4b42b6cbfd0ca4a56410132bc8fba
ffdf67ff7e91e4e8ec20ca14f8b946f0f0ec8b6c1ccdd3fe65f9be4dc4905f90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /r2/index.php?p=2&tid=03091c0f-0bc4-40cb-94ae-e8d686ce7f7e&u=https://trcpo.com/track/click/zHGUmCObKv7fffy0p_P02a47QmpA8jc_ss7NuU8zIUt9i3Yx60rrcOL0UHY9OAelcifhQ7wd0kc8pqKBMIX2Nvhy8cfbtUNeFz_S02ehcUu7Rb9vr3nqzISnuyJAtjL_vPoodIVjt-UpjRlaBNVmpryjsvU8Ydhp9eo_tGMxnL6czAcZ4GLlP7jtkFDjo6QKfNGUQTAYz6hARWNXIQgq_-chrAaJoSxEC1ByAqdsvaIpQlJre4U1G2D48T-VB59vjSHabme4lYWDOOcC-J_P0W7I18iUB1rUL8er78LM6ucvVT0aUIYXxFt6z_itoDTNWCEktv-09l-70iEmltw0ulRCM4CEe7k2YVv4pqBB-bRO9dsEmjfs4PXuPKqVzgIYpTGzzKcS6m6skl5tMIwP8L9lRlNLQfA84IB09wJpMi006WUtjr58_IZZ0iWJikI6i5PeVWFBzjtgXokEvO0ngYoqFqMi72VhH3Mk9KfUlp6zs_H4bVjgW6INl1IHdDBRWELzCcEPXgLnkMo3ogdBVKhUrjxVImBkYxX6YPniMCdV6wT_4R3XcS-0f1Q4j6kP8RfQsBLO99jlL93s?ur=https://eu.vilitram.com/nty/postback/click?key=v2-1746558678548-4-8452-1433229-c91c9b8e-f2e4-7217-54cf-102a4de5cead HTTP/1.1
Host: pstopp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 19:12:18 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
x-powered-by: PHP/7.4.16
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=b%2FEc3mGbq4meDdlQVzUZ17CbP023qru2jek6mDW7TVTZRhnrgAb1SYd7UCVBrQx26%2FsgxJOa%2BV35fWKBAEh3z2EomferNIMaDUT3yzGwimsj%2FTbnjLDLTcWyw%2FUU"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: _tfc=802a593711a8db63f30dbc163b338c3f; SameSite=Strict
cf-ray: 93bac9d4b813feb1-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sdk.unative.com/UNativeSDK.js

185.76.9.27

200 OK

17 kB

URL GET
sdk.unative.com/UNativeSDK.js
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subject1058678020.rsc.cdn77.org
Fingerprint84:DC:F0:8F:29:81:15:83:57:FF:C0:E4:0B:E0:D0:F8:41:3B:63:A0
ValiditySun, 09 Mar 2025 12:49:09 GMT - Sat, 07 Jun 2025 12:49:08 GMT

File type
JavaScript source, ASCII text, with very long lines (17396), with no line terminators
Size
17 kB (17396 bytes)
Hash
647c17795b88ec6b0432e10ebebbce67
ae012902de61b37343ed3288b65e07a4f94edb31
12f3ffc2bef3ae11d82ec74d1c21eaf9d7ee389d320b85d8fb00b666a6eefa2c

HTTP Headers

GET /UNativeSDK.js HTTP/1.1
Host: sdk.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 19:12:19 GMT
content-type: application/x-javascript
last-modified: Thu, 27 Apr 2023 15:05:30 GMT
etag: W/"43f4-5fa52affcd6e3"
vary: Accept-Encoding
x-77-nzt: EwwBuUwJGwH3ej4IAAwBuUwKEwH36gEAAAwBJRPCNAG3RZcPAA
x-77-nzt-ray: fdb5412393d31282135f1a68c703da30
x-77-cache: HIT
x-77-age: 540282
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

arrowhurt.xyz/favicon.ico

104.21.80.1

200 OK

6.9 kB

URL GET
arrowhurt.xyz/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerGoogle Trust Services
Subjectarrowhurt.xyz
Fingerprint4B:74:AC:FE:16:49:69:0D:52:38:C2:61:F2:9F:E6:85:FD:2F:4C:87
ValidityWed, 30 Apr 2025 03:20:53 GMT - Tue, 29 Jul 2025 04:18:19 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced, 32 bits/pixel
Size
6.9 kB (6881 bytes)
Hash
b58051f458d0cd0fbf58ff901356a6d6
2184af1e9211161e0c4ce7711da6350f049ad8eb
782316ae0ab742418ed75306b7ee0985230e28e27bc5cc88a5e3d4af648729ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arrowhurt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 19:12:19 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJXR6E3qYI%2Bm6ZqgRxXagYGHDN2FsKE87abcn1%2F10DzbncAbM6iyuM3HYCVohPhquKPmLGqTIdKPFMcW2pmViDHqXo8aKMWtQki2w3jSq3COjP6pDKcSSvTvYXM3dr8K"}],"group":"cf-nel","max_age":604800}
etag: W/"6881-1670270328000"
last-modified: Mon, 05 Dec 2022 19:58:48 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4558
content-encoding: br
cf-ray: 93bac9db8c33d8d0-AMS
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24335&min_rtt=22080&rtt_var=10548&sent=15&recv=9&lost=0&retrans=0&sent_bytes=5652&recv_bytes=1515&delivery_rate=50775&cwnd=12000&unsent_bytes=0&cid=7fc24ee98058e2f2&ts=339&x=16"

tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.220

200

18 B

URL OPTIONS
tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.220:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
FingerprintDB:4F:14:CD:96:E1:B9:A8:E4:8D:00:6E:92:00:B8:CA:FF:BA:ED:68
ValidityThu, 01 May 2025 10:59:04 GMT - Wed, 30 Jul 2025 10:59:03 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
cc7fd95a87ea3721ce1853bf3c4dd75e
7f687f7881adf0fc407378d375a61b8f198c0912
0f06a4c8d34690d4e42c81f232a5bdfe9fcbde8a54b5ccd0609a313e90da0879

HTTP Headers

OPTIONS /track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: tr-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,sdk-version
Referer: https://arrowhurt.xyz/
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
allow: HEAD,GET,OPTIONS
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
access-control-allow-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
content-type: text/plain;charset=UTF-8
content-length: 18
date: Tue, 06 May 2025 19:12:20 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size