Report - totalsporttek.zip

Report Overview

Visited public
2025-04-13 01:42:47
Tags
URL
totalsporttek.zip
Finishing URL
ww38.totalsporttek.zip/
IP / ASN
103.224.182.241
#133618 Trellian Pty. Limited
Title
totalsporttek.zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
obseu.seaskydvd.com	unknown	2022-08-01	2024-11-01	2025-04-08	10 kB	5.6 kB	3.248.162.96
www.google.com	7	1997-09-15	2015-05-10	2025-04-09	369 B	145 kB	142.250.74.132
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25	2025-04-09	3.9 kB	163 kB	216.58.207.238
totalsporttek.zip	unknown	2025-02-12	2025-04-11	2025-04-11	486 B	18 kB	103.224.182.241
euob.seaskydvd.com	unknown	2022-08-01	2024-11-01	2025-04-08	454 B	112 kB	54.240.174.69
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2025-04-09	416 B	12 kB	18.165.121.185
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2025-04-09	1.0 kB	2.2 kB	142.250.178.33
ww38.totalsporttek.zip	unknown	2025-02-12	2025-04-11	2025-04-11	2.3 kB	20 kB	13.248.148.254

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-13 01:42:26	low	Client IP	13.248.148.254	ET INFO HTTP Request to a *.zip Domain
2025-04-13 01:42:27	low	Client IP	13.248.148.254	ET INFO HTTP Request to a *.zip Domain
2025-04-13 01:42:27	low	Client IP	13.248.148.254	ET INFO HTTP Request to a *.zip Domain
2025-04-13 01:42:27	low	Client IP	13.248.148.254	ET INFO HTTP Request to a *.zip Domain
2025-04-13 01:42:28	low	Client IP	13.248.148.254	ET INFO HTTP Request to a *.zip Domain
2025-04-13 01:42:29	low	3.248.162.96	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	ww38.totalsporttek.zip/	Eval	4 B	2023-03-07	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-22 04:30 Times Seen94089 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	ScriptElement	144 kB	2025-04-10	2025-04-18
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-10 12:08 Last Seen2025-04-18 14:30 Times Seen1238 Hash 03d974afacc5f4bfb1273d826ada6f1e daa33b60051f661bfc922031e040b595c4a12b0e b889b98409f9223d09655bb1cda7bf9bb41c83ac4f4a64fec07c12a6479f3a19 Loading...

	ww38.totalsporttek.zip/	ScriptElement	968 B	2023-03-08	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:24 Last Seen2025-05-22 04:30 Times Seen76714 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	ww38.totalsporttek.zip/	ScriptElement	9.0 kB	2025-04-13	2025-04-13
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-13 01:42 Last Seen2025-04-13 01:42 Times Seen1 Hash d5d5547086cff43002f6113bb85c3a09 23a708645e4b29975c0bd0f47bdd4113cd09a7fc dd502dbaa22aff6be8260f70bc199c479523f2046524de01366aaa0133bfbe32 Loading...

	ww38.totalsporttek.zip/	ScriptElement	673 B	2025-04-13	2025-04-13
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-13 01:42 Last Seen2025-04-13 01:42 Times Seen1 Hash c425a93c8ab58b12ead5155f376d4f37 0128f9344c9cfbe148a88bdc27616965a2485a8f 1e17361f707136cbc1ec2d1ef0878f4f90613ae4a1504a929e4cf2496f934a50 Loading...

	ww38.totalsporttek.zip/	ScriptElement	40 B	2025-02-04	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-04 20:34 Last Seen2025-05-22 04:30 Times Seen40126 Hash 65c8369b3607f59089ddd9f23b11f98c 5a305680d67d825d8186fe1a52cb65e530301204 e2508bc8b6eda959a5e887150cd18744f2aacb6eb98042b690f26443fc5b6d15 Loading...

	euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js	ScriptElement	111 kB	2025-04-01	2025-04-14
Pretty URL euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js IP 54.240.174.69 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-01 13:15 Last Seen2025-04-14 11:14 Times Seen3549 Hash f7b4ab1bebbca49be5bb7203095d0cb5 7a2f171f01f5239e5569976623b0b21fc106c636 558beae89b8830d8e7a0b09d6d901447cce591552e91c3fde0a2f682eddabe92 Loading...

	ww38.totalsporttek.zip/	ScriptElement	483 B	2024-01-04	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 10:26 Last Seen2025-05-22 04:30 Times Seen73339 Hash 18f2edc58d8a7b9e6b82454e8658c157 e5dfdd0fa61b3a5ef68dab382a0ba93e9e7b67fb 2d9b07a0704d92dda4deae88bc582aeb659923c8d44d0e7362e13cb28d88d250 Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F	ScriptElement	841 B	2025-04-13	2025-04-13
Pretty URL syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F IP 216.58.207.238 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-13 01:42 Last Seen2025-04-13 01:42 Times Seen1 Hash 2c5e156488b6fdf644d9e3e914daa7f7 a389297ed6db9537d0737eee25678790c4e49935 1edf8656130ba02ecb1ef554c830595c3015d8f56902e32432d44d582ac592d0 Loading...

	ww38.totalsporttek.zip/	Eval	62 B	2023-03-07	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-22 04:30 Times Seen86527 Hash 889ca9e2c79a3ce7aaadbcdfd0ce4ef5 b05c2c051bae71f80cb8c289e5a42d4f96d323fa 6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8 Loading...

	ww38.totalsporttek.zip/	ScriptElement	50 B	2024-01-04	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 10:26 Last Seen2025-05-22 04:30 Times Seen73229 Hash 1b334e0123cf0cb113092022fb726782 45abb42a6680499daa10d83d2859329de1843de2 42591f96b9a41a7e2e5ecd0240dd7fecdcf03ef8454b57c68f08697474a4b579 Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	144 kB	2025-04-10	2025-04-18
Pretty URL syndicatedsearch.goog/adsense/domains/caf.js IP 216.58.207.238 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-10 12:08 Last Seen2025-04-18 14:30 Times Seen644 Hash ce459a192bdba6229f23b42801d0b8e0 0c8f11b60144756280d00c34346fac6cc2b366ca c78c9b051fc276a0bad68848dbc2b0b90733ca6cf886ce7caf03bd274a9653c8 Loading...

	ww38.totalsporttek.zip/	Eval	25 B	2023-03-07	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-22 04:30 Times Seen86499 Hash 6559111e4eae643ce013ce0821e91a02 fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400 Loading...

	obseu.seaskydvd.com/ct?id=80705&url=http%3A%2F%2Fww38.totalsporttek.zip%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=f3110a3498672995a77c4c33062d9574294b66e7&tsf=0&tsfmi=&tsfu=&cb=1744508549049&hl=2&op=0&ag=2881387774&rand=830810860171608250216816718060920221159067900055282286217811151090270802110020412861291&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDU1NjldLFsiYWJuY2giLDM3XSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstOCwiLSJdLFstNywiLSJdLFstMzQsIi0iXSxbLTM3LCItIl0sWy00MSwiLSJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTYyLCI1OCJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yOSwiLSJdLFstMzMsIi0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFstNjUsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8fHw0OHwtfC0iXSxbLTcwLCItIl0sWy0zOCwiaSwtMSwtMSwxMTU0LDAsOSwwLDEsMCwxMDEsLTEsMCwsMjIyNCwyOTY1LDI5NjQiXSxbLTQwLCIzNyJdLFstNDYsIjAiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6NDkyLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTAsIi0iXSxbLTE1LCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01OCwiLSJdLFstNjcsIi0iXSxbLTEzLCItIl0sWy0xNiwiMCJdLFstMzEsImZhbHNlIl0sWy00OSwiLSJdLFstNTIsIi0iXSxbLTU5LCItIl0sWy03MiwiRXhVPSJdLFstMiwiMTAsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTIzLCIrIl0sWy0zMiwiMCJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstMjQsIltdIl0sWy0yNiwiLSJdLFstNjgsIi0iXSxbLTQsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy05LCItIl0sWy0xMiwiXCIxXCIiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yNywiLSJdLFstMzAsIltcInZcIiwwXSJdLFstNTUsIjAiXSxbLTYzLCItIl0sWy02NCwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFsiYm5jaCIsMTc0OV0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy0zNSwiWzE3NDQ1MDg1NDkwMjgsMF0iXSxbLTUxLCItIl0sWy01LCItIl0sWy0xNywiNDgiXSxbLTI4LCJlbi1VUyxlbiJdLFstNDIsIjg4MzM5OTAxNiJdLFstNTAsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCIsXCJfMlwiLFwiMzgyMzQ0MzQyN1wiXSxcInNcIjoxfSJdLFstNjYsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMCJdLFstNDgsIltcIi1cIixcIi1cIixcIi1cIl0iXSxbLTUzLCIwMDEiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFNseFlTbEpBWFU5ZEYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhMQ0FzTkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hTbHhZU2xKQVhVOWRGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TENnc0pGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBwY1dFcFNRRjFQWFJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjEsIi0iXSxbImRkYiIsIjAsMTAsMCw0LDEsMTUsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwzLDAsMCwwLDYsMCwxLDEsMCwwLDEsMSw2LDc0LDAsNTYsMSwyLDAsMCwwLDIsMCwwLDAsMCwyNCwwLDAsMSwxLDAsMCwwLDAsMCwwLDEsMSwxLDAiXSxbImNiIiwiMSwwLDAsMCwwLDAsMCwwLDEsNywzNCwxLDU2MiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMjMsMCwwLDAsMCwwLDEsMCwxLDAsMCwwLDAsMSwwLDAsMCwxLDAsMywxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMywwLDAsMSw1Il1d&dep=0&pre=0&sdd=&cri=1gfw1rhgtP&pto=4069&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744508549.owMkrpHKZYPhbNAK&suid=1.1744508549.VmDLlMhtTduKyHGj&tuid=1.1744508549.DsAM1ZXQCM66bCAz&fbc=-&gtm=-&it=11%2C1809%2C211&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D	ScriptElement	3.4 kB	2025-04-13	2025-04-13
Pretty URL obseu.seaskydvd.com/ct?id=80705&url=http%3A%2F%2Fww38.totalsporttek.zip%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=f3110a3498672995a77c4c33062d9574294b66e7&tsf=0&tsfmi=&tsfu=&cb=1744508549049&hl=2&op=0&ag=2881387774&rand=830810860171608250216816718060920221159067900055282286217811151090270802110020412861291&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDU1NjldLFsiYWJuY2giLDM3XSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstOCwiLSJdLFstNywiLSJdLFstMzQsIi0iXSxbLTM3LCItIl0sWy00MSwiLSJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTYyLCI1OCJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yOSwiLSJdLFstMzMsIi0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFstNjUsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8fHw0OHwtfC0iXSxbLTcwLCItIl0sWy0zOCwiaSwtMSwtMSwxMTU0LDAsOSwwLDEsMCwxMDEsLTEsMCwsMjIyNCwyOTY1LDI5NjQiXSxbLTQwLCIzNyJdLFstNDYsIjAiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6NDkyLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTAsIi0iXSxbLTE1LCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01OCwiLSJdLFstNjcsIi0iXSxbLTEzLCItIl0sWy0xNiwiMCJdLFstMzEsImZhbHNlIl0sWy00OSwiLSJdLFstNTIsIi0iXSxbLTU5LCItIl0sWy03MiwiRXhVPSJdLFstMiwiMTAsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTIzLCIrIl0sWy0zMiwiMCJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstMjQsIltdIl0sWy0yNiwiLSJdLFstNjgsIi0iXSxbLTQsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy05LCItIl0sWy0xMiwiXCIxXCIiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yNywiLSJdLFstMzAsIltcInZcIiwwXSJdLFstNTUsIjAiXSxbLTYzLCItIl0sWy02NCwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFsiYm5jaCIsMTc0OV0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy0zNSwiWzE3NDQ1MDg1NDkwMjgsMF0iXSxbLTUxLCItIl0sWy01LCItIl0sWy0xNywiNDgiXSxbLTI4LCJlbi1VUyxlbiJdLFstNDIsIjg4MzM5OTAxNiJdLFstNTAsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCIsXCJfMlwiLFwiMzgyMzQ0MzQyN1wiXSxcInNcIjoxfSJdLFstNjYsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMCJdLFstNDgsIltcIi1cIixcIi1cIixcIi1cIl0iXSxbLTUzLCIwMDEiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFNseFlTbEpBWFU5ZEYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhMQ0FzTkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hTbHhZU2xKQVhVOWRGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TENnc0pGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBwY1dFcFNRRjFQWFJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjEsIi0iXSxbImRkYiIsIjAsMTAsMCw0LDEsMTUsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwzLDAsMCwwLDYsMCwxLDEsMCwwLDEsMSw2LDc0LDAsNTYsMSwyLDAsMCwwLDIsMCwwLDAsMCwyNCwwLDAsMSwxLDAsMCwwLDAsMCwwLDEsMSwxLDAiXSxbImNiIiwiMSwwLDAsMCwwLDAsMCwwLDEsNywzNCwxLDU2MiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMjMsMCwwLDAsMCwwLDEsMCwxLDAsMCwwLDAsMSwwLDAsMCwxLDAsMywxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMywwLDAsMSw1Il1d&dep=0&pre=0&sdd=&cri=1gfw1rhgtP&pto=4069&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744508549.owMkrpHKZYPhbNAK&suid=1.1744508549.VmDLlMhtTduKyHGj&tuid=1.1744508549.DsAM1ZXQCM66bCAz&fbc=-&gtm=-&it=11%2C1809%2C211&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D IP 3.248.162.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-13 01:42 Last Seen2025-04-13 01:42 Times Seen1 Hash d4b95c393be53f581b0e1c418f69064d e7f209a0b177ead36e772c19e9c75aab4db8e6a2 c4511a188e81628c897ee8c4733cb211ed26c1f06fe132c142872accf6e0c429 Loading...

	ww38.totalsporttek.zip/	Eval	7 B	2023-03-07	2025-05-22
Pretty URL ww38.totalsporttek.zip/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-22 04:30 Times Seen86578 Hash e5d8c139688b25ef77b263d88ea99150 7abc9c61c4966543f66d150c0155bfac575f86a7 53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148 Loading...

HTTP Transactions (22)

URL IP Response Size

ww38.totalsporttek.zip/munin/a/ls?t=67fb1682&token=f3110a3498672995a77c4c33062d9574294b66e7

13.248.148.254

201 Created

0 B

URL GET
ww38.totalsporttek.zip/munin/a/ls?t=67fb1682&token=f3110a3498672995a77c4c33062d9574294b66e7
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /munin/a/ls?t=67fb1682&token=f3110a3498672995a77c4c33062d9574294b66e7 HTTP/1.1
Host: ww38.totalsporttek.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: 
Access-Control-Max-Age: 86400
Charset: utf-8
Content-Length: 0
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 13 Apr 2025 01:42:27 GMT
Server: Caddy, nginx
Status: 201 Created
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_VZs/r0zwgZQMGmDooGCtUIZVMbnekeNJ2d7NnTLXcFO/JZ8PlVjVe+MRHMAwECn1SutCgIoVWPHyJbuScmnejw==
X-Log-Success: 67fb16831f416ffdc30cbc91

obseu.seaskydvd.com/mon

3.248.162.96

200 OK

0 B

URL POST
obseu.seaskydvd.com/mon
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /mon HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1696
Origin: http://ww38.totalsporttek.zip
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Cookie: cg_uuid=cd9592767673d6fcf629242f21847171
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww38.totalsporttek.zip
content-type: application/json
date: Sun, 13 Apr 2025 01:42:32 GMT
content-length: 0
X-Firefox-Spdy: h2

obseu.seaskydvd.com/mon

3.248.162.96

200 OK

0 B

URL POST
obseu.seaskydvd.com/mon
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /mon HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1696
Origin: http://ww38.totalsporttek.zip
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Cookie: cg_uuid=cd9592767673d6fcf629242f21847171
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww38.totalsporttek.zip
content-type: application/json
date: Sun, 13 Apr 2025 01:42:34 GMT
content-length: 0
X-Firefox-Spdy: h2

obseu.seaskydvd.com/mon

3.248.162.96

200 OK

0 B

URL POST
obseu.seaskydvd.com/mon
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /mon HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1699
Origin: http://ww38.totalsporttek.zip
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Cookie: cg_uuid=cd9592767673d6fcf629242f21847171
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww38.totalsporttek.zip
content-type: application/json
date: Sun, 13 Apr 2025 01:42:39 GMT
content-length: 0
X-Firefox-Spdy: h2

ww38.totalsporttek.zip/

13.248.148.254

200 OK

18 kB

URL User Request GET
ww38.totalsporttek.zip/
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9064)
Size
18 kB (17456 bytes)
Hash
f84090c65ff71c5b4a99223232a6a82f
795322405ec8e5866e194ecd1a784e6d7de9af41
63749bc1f0aebe5bdb828392cd6a70dc6d2d976663f5536fdac766a2cf628740

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: ww38.totalsporttek.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 13 Apr 2025 01:42:26 GMT
Server: Caddy, nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_iqzazvp54GUpNsOBdJHY4kAFjwAHC38SCiyFORYw1vRJQyTZmsMTNseprznlEg76t5EoaDP0iOhAizH9Foz7hw==
X-Buckets: bucket102
X-Domain: totalsporttek.zip
X-Language: norwegian
X-Pcrew-Blocked-Reason: hosting network
X-Pcrew-Ip-Organization: Blix Solutions
X-Subdomain: ww38
X-Template: tpl_CleanPeppermintBlack_twoclick
Transfer-Encoding: chunked

www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

142.250.74.132

200 OK

144 kB

URL GET
www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
IP
142.250.74.132:80
ASN
#15169 GOOGLE

Requested by
http://ww38.totalsporttek.zip/

File type
JavaScript source, ASCII text, with very long lines (1831)
Size
144 kB (144063 bytes)
Hash
03d974afacc5f4bfb1273d826ada6f1e
daa33b60051f661bfc922031e040b595c4a12b0e
b889b98409f9223d09655bb1cda7bf9bb41c83ac4f4a64fec07c12a6479f3a19

HTTP Headers

GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 13 Apr 2025 01:42:27 GMT
Expires: Sun, 13 Apr 2025 01:42:27 GMT
Cache-Control: private, max-age=3600
ETag: "17389966078823250003"
X-Content-Type-Options: nosniff
Link: <https://syndicatedsearch.goog>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

ww38.totalsporttek.zip/munin/a/tr/answercheck/yes?domain=totalsporttek.zip&caf=1&toggle=answercheck&answer=yes&uid=MTc0NDUwODU0Ni4xODc4OmMxODNkMTI0M2Q4MThjMzkwYjU1NmI3YjQ1YmU0OTM2ZmY2MmM4MmFkZTc1NmY4ZGNlMjcxYWFmN2Y3NTI5YTc6NjdmYjE2ODIyZGQ5MA%3D%3D

13.248.148.254

200 OK

0 B

URL GET
ww38.totalsporttek.zip/munin/a/tr/answercheck/yes?domain=totalsporttek.zip&caf=1&toggle=answercheck&answer=yes&uid=MTc0NDUwODU0Ni4xODc4OmMxODNkMTI0M2Q4MThjMzkwYjU1NmI3YjQ1YmU0OTM2ZmY2MmM4MmFkZTc1NmY4ZGNlMjcxYWFmN2Y3NTI5YTc6NjdmYjE2ODIyZGQ5MA%3D%3D
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /munin/a/tr/answercheck/yes?domain=totalsporttek.zip&caf=1&toggle=answercheck&answer=yes&uid=MTc0NDUwODU0Ni4xODc4OmMxODNkMTI0M2Q4MThjMzkwYjU1NmI3YjQ1YmU0OTM2ZmY2MmM4MmFkZTc1NmY4ZGNlMjcxYWFmN2Y3NTI5YTc6NjdmYjE2ODIyZGQ5MA%3D%3D HTTP/1.1
Host: ww38.totalsporttek.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sun, 13 Apr 2025 01:42:28 GMT
Server: Caddy, nginx
X-Custom-Track: answercheck

obseu.seaskydvd.com/ct?id=80705&url=http%3A%2F%2Fww38.totalsporttek.zip%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=f3110a3498672995a77c4c33062d9574294b66e7&tsf=0&tsfmi=&tsfu=&cb=1744508549049&hl=2&op=0&ag=2881387774&rand=830810860171608250216816718060920221159067900055282286217811151090270802110020412861291&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDU1NjldLFsiYWJuY2giLDM3XSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstOCwiLSJdLFstNywiLSJdLFstMzQsIi0iXSxbLTM3LCItIl0sWy00MSwiLSJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTYyLCI1OCJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yOSwiLSJdLFstMzMsIi0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFstNjUsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8fHw0OHwtfC0iXSxbLTcwLCItIl0sWy0zOCwiaSwtMSwtMSwxMTU0LDAsOSwwLDEsMCwxMDEsLTEsMCwsMjIyNCwyOTY1LDI5NjQiXSxbLTQwLCIzNyJdLFstNDYsIjAiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6NDkyLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTAsIi0iXSxbLTE1LCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01OCwiLSJdLFstNjcsIi0iXSxbLTEzLCItIl0sWy0xNiwiMCJdLFstMzEsImZhbHNlIl0sWy00OSwiLSJdLFstNTIsIi0iXSxbLTU5LCItIl0sWy03MiwiRXhVPSJdLFstMiwiMTAsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTIzLCIrIl0sWy0zMiwiMCJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstMjQsIltdIl0sWy0yNiwiLSJdLFstNjgsIi0iXSxbLTQsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy05LCItIl0sWy0xMiwiXCIxXCIiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yNywiLSJdLFstMzAsIltcInZcIiwwXSJdLFstNTUsIjAiXSxbLTYzLCItIl0sWy02NCwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFsiYm5jaCIsMTc0OV0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy0zNSwiWzE3NDQ1MDg1NDkwMjgsMF0iXSxbLTUxLCItIl0sWy01LCItIl0sWy0xNywiNDgiXSxbLTI4LCJlbi1VUyxlbiJdLFstNDIsIjg4MzM5OTAxNiJdLFstNTAsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCIsXCJfMlwiLFwiMzgyMzQ0MzQyN1wiXSxcInNcIjoxfSJdLFstNjYsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMCJdLFstNDgsIltcIi1cIixcIi1cIixcIi1cIl0iXSxbLTUzLCIwMDEiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFNseFlTbEpBWFU5ZEYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhMQ0FzTkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hTbHhZU2xKQVhVOWRGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TENnc0pGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBwY1dFcFNRRjFQWFJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjEsIi0iXSxbImRkYiIsIjAsMTAsMCw0LDEsMTUsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwzLDAsMCwwLDYsMCwxLDEsMCwwLDEsMSw2LDc0LDAsNTYsMSwyLDAsMCwwLDIsMCwwLDAsMCwyNCwwLDAsMSwxLDAsMCwwLDAsMCwwLDEsMSwxLDAiXSxbImNiIiwiMSwwLDAsMCwwLDAsMCwwLDEsNywzNCwxLDU2MiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMjMsMCwwLDAsMCwwLDEsMCwxLDAsMCwwLDAsMSwwLDAsMCwxLDAsMywxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMywwLDAsMSw1Il1d&dep=0&pre=0&sdd=&cri=1gfw1rhgtP&pto=4069&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744508549.owMkrpHKZYPhbNAK&suid=1.1744508549.VmDLlMhtTduKyHGj&tuid=1.1744508549.DsAM1ZXQCM66bCAz&fbc=-&gtm=-&it=11%2C1809%2C211&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D

3.248.162.96

200 OK

3.4 kB

URL GET
obseu.seaskydvd.com/ct?id=80705&url=http%3A%2F%2Fww38.totalsporttek.zip%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=f3110a3498672995a77c4c33062d9574294b66e7&tsf=0&tsfmi=&tsfu=&cb=1744508549049&hl=2&op=0&ag=2881387774&rand=830810860171608250216816718060920221159067900055282286217811151090270802110020412861291&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDU1NjldLFsiYWJuY2giLDM3XSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstOCwiLSJdLFstNywiLSJdLFstMzQsIi0iXSxbLTM3LCItIl0sWy00MSwiLSJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTYyLCI1OCJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yOSwiLSJdLFstMzMsIi0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFstNjUsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8fHw0OHwtfC0iXSxbLTcwLCItIl0sWy0zOCwiaSwtMSwtMSwxMTU0LDAsOSwwLDEsMCwxMDEsLTEsMCwsMjIyNCwyOTY1LDI5NjQiXSxbLTQwLCIzNyJdLFstNDYsIjAiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6NDkyLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTAsIi0iXSxbLTE1LCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01OCwiLSJdLFstNjcsIi0iXSxbLTEzLCItIl0sWy0xNiwiMCJdLFstMzEsImZhbHNlIl0sWy00OSwiLSJdLFstNTIsIi0iXSxbLTU5LCItIl0sWy03MiwiRXhVPSJdLFstMiwiMTAsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTIzLCIrIl0sWy0zMiwiMCJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstMjQsIltdIl0sWy0yNiwiLSJdLFstNjgsIi0iXSxbLTQsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy05LCItIl0sWy0xMiwiXCIxXCIiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yNywiLSJdLFstMzAsIltcInZcIiwwXSJdLFstNTUsIjAiXSxbLTYzLCItIl0sWy02NCwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFsiYm5jaCIsMTc0OV0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy0zNSwiWzE3NDQ1MDg1NDkwMjgsMF0iXSxbLTUxLCItIl0sWy01LCItIl0sWy0xNywiNDgiXSxbLTI4LCJlbi1VUyxlbiJdLFstNDIsIjg4MzM5OTAxNiJdLFstNTAsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCIsXCJfMlwiLFwiMzgyMzQ0MzQyN1wiXSxcInNcIjoxfSJdLFstNjYsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMCJdLFstNDgsIltcIi1cIixcIi1cIixcIi1cIl0iXSxbLTUzLCIwMDEiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFNseFlTbEpBWFU5ZEYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhMQ0FzTkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hTbHhZU2xKQVhVOWRGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TENnc0pGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBwY1dFcFNRRjFQWFJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjEsIi0iXSxbImRkYiIsIjAsMTAsMCw0LDEsMTUsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwzLDAsMCwwLDYsMCwxLDEsMCwwLDEsMSw2LDc0LDAsNTYsMSwyLDAsMCwwLDIsMCwwLDAsMCwyNCwwLDAsMSwxLDAsMCwwLDAsMCwwLDEsMSwxLDAiXSxbImNiIiwiMSwwLDAsMCwwLDAsMCwwLDEsNywzNCwxLDU2MiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMjMsMCwwLDAsMCwwLDEsMCwxLDAsMCwwLDAsMSwwLDAsMCwxLDAsMywxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMywwLDAsMSw1Il1d&dep=0&pre=0&sdd=&cri=1gfw1rhgtP&pto=4069&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744508549.owMkrpHKZYPhbNAK&suid=1.1744508549.VmDLlMhtTduKyHGj&tuid=1.1744508549.DsAM1ZXQCM66bCAz&fbc=-&gtm=-&it=11%2C1809%2C211&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3389), with no line terminators
Size
3.4 kB (3389 bytes)
Hash
d4b95c393be53f581b0e1c418f69064d
e7f209a0b177ead36e772c19e9c75aab4db8e6a2
c4511a188e81628c897ee8c4733cb211ed26c1f06fe132c142872accf6e0c429

HTTP Headers

GET /ct?id=80705&url=http%3A%2F%2Fww38.totalsporttek.zip%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=f3110a3498672995a77c4c33062d9574294b66e7&tsf=0&tsfmi=&tsfu=&cb=1744508549049&hl=2&op=0&ag=2881387774&rand=830810860171608250216816718060920221159067900055282286217811151090270802110020412861291&fs=1280x1024&fst=1280x1024&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDU1NjldLFsiYWJuY2giLDM3XSxbLTEsIkxpbnV4IHg4Nl82NCJdLFstOCwiLSJdLFstNywiLSJdLFstMzQsIi0iXSxbLTM3LCItIl0sWy00MSwiLSJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTYyLCI1OCJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMTAxMDAxMTAxMTAwMDAwMDEwIl0sWy0xOCwiWzEsMCwwLDBdIl0sWy0yOSwiLSJdLFstMzMsIi0iXSxbLTQ0LCIwLDUsMCw1Il0sWy02MCwiLSJdLFstNjUsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8fHw0OHwtfC0iXSxbLTcwLCItIl0sWy0zOCwiaSwtMSwtMSwxMTU0LDAsOSwwLDEsMCwxMDEsLTEsMCwsMjIyNCwyOTY1LDI5NjQiXSxbLTQwLCIzNyJdLFstNDYsIjAiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6NDkyLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTAsIi0iXSxbLTE1LCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2VdIl0sWy01OCwiLSJdLFstNjcsIi0iXSxbLTEzLCItIl0sWy0xNiwiMCJdLFstMzEsImZhbHNlIl0sWy00OSwiLSJdLFstNTIsIi0iXSxbLTU5LCItIl0sWy03MiwiRXhVPSJdLFstMiwiMTAsSXNOOW5HbldiQVlBSXhOZlFhT3FHRTBDRkFRc2NHMDBJbmhPYllCQUtZVU96UU82RVgwMjBJbUdMY3U2MnVyZFAvYzJkMnBObVZaQXdmMy8vOHo3OUdySGExV3UzT21YUFB2ZSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCJdfSJdLFstMjAsIi0iXSxbLTIzLCIrIl0sWy0zMiwiMCJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstMjQsIltdIl0sWy0yNiwiLSJdLFstNjgsIi0iXSxbLTQsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCIsXCJnb29nbGVORFRfXCIsXCJnb29nbGVBbHRMb2FkZXJcIixcImdvb2dsZVwiLFwiX19zYXNDb29raWVcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy05LCItIl0sWy0xMiwiXCIxXCIiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yNywiLSJdLFstMzAsIltcInZcIiwwXSJdLFstNTUsIjAiXSxbLTYzLCItIl0sWy02NCwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFsiYm5jaCIsMTc0OV0sWy0xNCwiLSJdLFstMjEsIi0iXSxbLTI1LCItIl0sWy0zNSwiWzE3NDQ1MDg1NDkwMjgsMF0iXSxbLTUxLCItIl0sWy01LCItIl0sWy0xNywiNDgiXSxbLTI4LCJlbi1VUyxlbiJdLFstNDIsIjg4MzM5OTAxNiJdLFstNTAsIi0iXSxbLTU0LCJ7XCJoXCI6W1wiMzI5OTcyODQ1MlwiLFwiODIyODIzMTE5XCIsXCJfM1wiLFwiMjYzOTIyMjQ2OFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMFwiLFwiMjY0NjAzODgyXCIsXCJfMlwiLFwiMzgyMzQ0MzQyN1wiXSxcInNcIjoxfSJdLFstNjYsIi0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMCJdLFstNDgsIltcIi1cIixcIi1cIixcIi1cIl0iXSxbLTUzLCIwMDEiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFNseFlTbEpBWFU5ZEYxcFdWQlpLUVVrV1VCWUxDdzFmQVF3S0NRdFlXQXRiRDF4YUNnbFlXRm9BV0FFTVhWZ0xXbHRmQUJkVFNnTUlBdzhMQ0FzTkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hTbHhZU2xKQVhVOWRGMXBXVkJaS1FVa1dVQllMQ3cxZkFRd0tDUXRZV0F0YkQxeGFDZ2xZV0ZvQVdBRU1YVmdMV2x0ZkFCZFRTZ01JQXc4TENnc0pGVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjBwY1dFcFNRRjFQWFJkYVZsUVdTa0ZKRmxBV0N3c05Yd0VNQ2drTFdGZ0xXdzljV2c9PSJdLFstNjEsIi0iXSxbImRkYiIsIjAsMTAsMCw0LDEsMTUsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwzLDAsMCwwLDYsMCwxLDEsMCwwLDEsMSw2LDc0LDAsNTYsMSwyLDAsMCwwLDIsMCwwLDAsMCwyNCwwLDAsMSwxLDAsMCwwLDAsMCwwLDEsMSwxLDAiXSxbImNiIiwiMSwwLDAsMCwwLDAsMCwwLDEsNywzNCwxLDU2MiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMjMsMCwwLDAsMCwwLDEsMCwxLDAsMCwwLDAsMSwwLDAsMCwxLDAsMywxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMywwLDAsMSw1Il1d&dep=0&pre=0&sdd=&cri=1gfw1rhgtP&pto=4069&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1744508549.owMkrpHKZYPhbNAK&suid=1.1744508549.VmDLlMhtTduKyHGj&tuid=1.1744508549.DsAM1ZXQCM66bCAz&fbc=-&gtm=-&it=11%2C1809%2C211&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/javascript
date: Sun, 13 Apr 2025 01:42:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
set-cookie: cg_uuid=cd9592767673d6fcf629242f21847171; Max-Age=29030400; Path=/; Expires=Sun, 15 Mar 2026 01:42:29 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: http://ww38.totalsporttek.zip
content-length: 1156
X-Firefox-Spdy: h2

syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=4abh6slneg5s&cd_fexp=72717108&aqid=gxb7Z8TyN6HKxdwP4vb24Q4&psid=5837883959&pbt=bs&adbx=375&adby=167&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=744711979&csala=8%7C0%7C920%7C228%7C124&lle=0&ifv=1&hpt=1

216.58.207.238

204 No Content

0 B

URL GET
syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=4abh6slneg5s&cd_fexp=72717108&aqid=gxb7Z8TyN6HKxdwP4vb24Q4&psid=5837883959&pbt=bs&adbx=375&adby=167&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=744711979&csala=8%7C0%7C920%7C228%7C124&lle=0&ifv=1&hpt=1
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=4abh6slneg5s&cd_fexp=72717108&aqid=gxb7Z8TyN6HKxdwP4vb24Q4&psid=5837883959&pbt=bs&adbx=375&adby=167&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=744711979&csala=8%7C0%7C920%7C228%7C124&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-gYtdg8e1rbaLdCBF7axmjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Sun, 13 Apr 2025 01:42:30 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

obseu.seaskydvd.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126eeac235e2428e949225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671ad68a8c0e2e381df97e7007d33d89319102320c219750565d340c5bc1bf6c4e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2246700e0eafdb28657455f7fa4b2a8bfdf32ec1b358204c79abf2a1949025b9cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6d44b20bf84b834d044bb02e7df0688168bd06dd82a61c38b2dd9798290bda2ccb0bd0b20f52eb5a7e87a433eaead1c82a850e1574c03cb4f1fd4c2db9e8fbc9537cc2dc08eb29838b63c3b7ac47921d4ccd16d21c1ce74a50aa5dc0f907aa07e4947168374b10ed0c1a573bd953bc21ba7c19cd7649a52416eeb55195f3e113ecbec2df440d7ed892fa29273d6966c82c2a6be33cfb4e77e68758fe5486fddf7511a4db4a2a224f82890815feee332b37ca031954fd514d7aa34db1b27e4ad907a3e3f60002217580bb7e08e64ce1fb44d495f34fbb24bc3851e0efea4c2bdbd6ddef0e3fd82e4b2f74b4e20e64186b2347291172042837157636de87aa8721dc7ebc9668e69c97accd6778ff875e211664178500262e7d2f8c97f3e0cce0a4f87d2c7bab7ce57009eb8b8799fd11526acae4e4131bdf58d135afe5ff2058d06f17bde4b8fda19eabb2ce39c8cd69d476aeae4327df635d7f0b1c17efd1f491003c61b321aa3bf4dcdac42d893f0a548dfc5c36a1c3d47a22fff54ee04cede3ac7761a7e1f582828b805d0933957a57d94f2b727d3cc4c8f6861ef4c2d3e95e9cd181ab324b79c1ad906321c58fc666e90a5d774d9087dc9d401abdec1eddf01890817301ff176264e8ecf4f0ff82eedfedd3fd685b91c577dbe78714b16c51250e599ea0403d2262895858d1f8c88e6d34b7bf949fb7536099f157a2182c20e17da8aa083af&cri=1gfw1rhgtP&ts=330&cb=1744508549380

3.248.162.96

200 OK

43 B

URL GET
obseu.seaskydvd.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126eeac235e2428e949225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671ad68a8c0e2e381df97e7007d33d89319102320c219750565d340c5bc1bf6c4e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2246700e0eafdb28657455f7fa4b2a8bfdf32ec1b358204c79abf2a1949025b9cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6d44b20bf84b834d044bb02e7df0688168bd06dd82a61c38b2dd9798290bda2ccb0bd0b20f52eb5a7e87a433eaead1c82a850e1574c03cb4f1fd4c2db9e8fbc9537cc2dc08eb29838b63c3b7ac47921d4ccd16d21c1ce74a50aa5dc0f907aa07e4947168374b10ed0c1a573bd953bc21ba7c19cd7649a52416eeb55195f3e113ecbec2df440d7ed892fa29273d6966c82c2a6be33cfb4e77e68758fe5486fddf7511a4db4a2a224f82890815feee332b37ca031954fd514d7aa34db1b27e4ad907a3e3f60002217580bb7e08e64ce1fb44d495f34fbb24bc3851e0efea4c2bdbd6ddef0e3fd82e4b2f74b4e20e64186b2347291172042837157636de87aa8721dc7ebc9668e69c97accd6778ff875e211664178500262e7d2f8c97f3e0cce0a4f87d2c7bab7ce57009eb8b8799fd11526acae4e4131bdf58d135afe5ff2058d06f17bde4b8fda19eabb2ce39c8cd69d476aeae4327df635d7f0b1c17efd1f491003c61b321aa3bf4dcdac42d893f0a548dfc5c36a1c3d47a22fff54ee04cede3ac7761a7e1f582828b805d0933957a57d94f2b727d3cc4c8f6861ef4c2d3e95e9cd181ab324b79c1ad906321c58fc666e90a5d774d9087dc9d401abdec1eddf01890817301ff176264e8ecf4f0ff82eedfedd3fd685b91c577dbe78714b16c51250e599ea0403d2262895858d1f8c88e6d34b7bf949fb7536099f157a2182c20e17da8aa083af&cri=1gfw1rhgtP&ts=330&cb=1744508549380
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
db04c7b378cb2db912c3ba8a5a774ee3
dee34bd86c3484d31002182aa2b7caa4699126b8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

HTTP Headers

GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126eeac235e2428e949225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f671ad68a8c0e2e381df97e7007d33d89319102320c219750565d340c5bc1bf6c4e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2246700e0eafdb28657455f7fa4b2a8bfdf32ec1b358204c79abf2a1949025b9cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6d44b20bf84b834d044bb02e7df0688168bd06dd82a61c38b2dd9798290bda2ccb0bd0b20f52eb5a7e87a433eaead1c82a850e1574c03cb4f1fd4c2db9e8fbc9537cc2dc08eb29838b63c3b7ac47921d4ccd16d21c1ce74a50aa5dc0f907aa07e4947168374b10ed0c1a573bd953bc21ba7c19cd7649a52416eeb55195f3e113ecbec2df440d7ed892fa29273d6966c82c2a6be33cfb4e77e68758fe5486fddf7511a4db4a2a224f82890815feee332b37ca031954fd514d7aa34db1b27e4ad907a3e3f60002217580bb7e08e64ce1fb44d495f34fbb24bc3851e0efea4c2bdbd6ddef0e3fd82e4b2f74b4e20e64186b2347291172042837157636de87aa8721dc7ebc9668e69c97accd6778ff875e211664178500262e7d2f8c97f3e0cce0a4f87d2c7bab7ce57009eb8b8799fd11526acae4e4131bdf58d135afe5ff2058d06f17bde4b8fda19eabb2ce39c8cd69d476aeae4327df635d7f0b1c17efd1f491003c61b321aa3bf4dcdac42d893f0a548dfc5c36a1c3d47a22fff54ee04cede3ac7761a7e1f582828b805d0933957a57d94f2b727d3cc4c8f6861ef4c2d3e95e9cd181ab324b79c1ad906321c58fc666e90a5d774d9087dc9d401abdec1eddf01890817301ff176264e8ecf4f0ff82eedfedd3fd685b91c577dbe78714b16c51250e599ea0403d2262895858d1f8c88e6d34b7bf949fb7536099f157a2182c20e17da8aa083af&cri=1gfw1rhgtP&ts=330&cb=1744508549380 HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Cookie: cg_uuid=cd9592767673d6fcf629242f21847171
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
date: Sun, 13 Apr 2025 01:42:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 43
X-Firefox-Spdy: h2

obseu.seaskydvd.com/mon

3.248.162.96

200 OK

0 B

URL POST
obseu.seaskydvd.com/mon
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /mon HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2618
Origin: http://ww38.totalsporttek.zip
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Cookie: cg_uuid=cd9592767673d6fcf629242f21847171
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww38.totalsporttek.zip
content-type: application/json
date: Sun, 13 Apr 2025 01:42:30 GMT
content-length: 0
X-Firefox-Spdy: h2

syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=dpj2euj0mhl0&cd_fexp=72717108&aqid=gxb7Z8TyN6HKxdwP4vb24Q4&psid=5837883959&pbt=bv&adbx=375&adby=167&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=744711979&csala=8%7C0%7C920%7C228%7C124&lle=0&ifv=1&hpt=1

216.58.207.238

204 No Content

0 B

URL GET
syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=dpj2euj0mhl0&cd_fexp=72717108&aqid=gxb7Z8TyN6HKxdwP4vb24Q4&psid=5837883959&pbt=bv&adbx=375&adby=167&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=744711979&csala=8%7C0%7C920%7C228%7C124&lle=0&ifv=1&hpt=1
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=dpj2euj0mhl0&cd_fexp=72717108&aqid=gxb7Z8TyN6HKxdwP4vb24Q4&psid=5837883959&pbt=bv&adbx=375&adby=167&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=744711979&csala=8%7C0%7C920%7C228%7C124&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-BWJiBFur-FQ34dSpc1lJag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Sun, 13 Apr 2025 01:42:30 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

totalsporttek.zip/

103.224.182.241

302 Found

18 kB

URL User Request GET
totalsporttek.zip/
IP
103.224.182.241:443
ASN
#133618 Trellian Pty. Limited

Certificate
IssuerLet's Encrypt
Subjectburklee.online
Fingerprint5A:13:3A:7E:FF:2E:21:D9:9C:02:AA:7B:CF:EA:7D:7A:70:20:20:7B
ValidityWed, 12 Feb 2025 04:03:34 GMT - Tue, 13 May 2025 04:03:33 GMT

File type

Size
18 kB (17456 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: totalsporttek.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Sun, 13 Apr 2025 01:42:25 GMT
server: Apache
set-cookie: __tad=1744508545.4232482; expires=Wed, 11-Apr-2035 01:42:25 GMT; Max-Age=315360000
location: http://ww38.totalsporttek.zip/
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js

54.240.174.69

200 OK

111 kB

URL GET
euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js
IP
54.240.174.69:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerAmazon
Subject*.seaskydvd.com
Fingerprint5D:E2:D2:FB:0A:F9:91:11:96:63:07:24:64:47:1E:C8:64:72:1A:12
ValidityTue, 18 Jun 2024 00:00:00 GMT - Fri, 18 Jul 2025 23:59:59 GMT

File type
data
Size
111 kB (111069 bytes)
Hash
f7b4ab1bebbca49be5bb7203095d0cb5
7a2f171f01f5239e5569976623b0b21fc106c636
558beae89b8830d8e7a0b09d6d901447cce591552e91c3fde0a2f682eddabe92

HTTP Headers

GET /sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js HTTP/1.1
Host: euob.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 40716
content-encoding: gzip
server: Caddy
etag: "1b1dd-ei8XHwH1I55VaZdmI7CyH8EGxjY"
date: Sun, 13 Apr 2025 00:50:40 GMT
cache-control: max-age=43200
expires: Sun, 13 Apr 2025 12:50:40 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3x56Pi1addU82GGUDtgSkXhPjXdoVMWEMfwCN0lAqwcgkOzuK9p2MQ==
age: 3106
X-Firefox-Spdy: h2

ww38.totalsporttek.zip/munin/a/tr/browserjs?domain=totalsporttek.zip&toggle=browserjs&uid=MTc0NDUwODU0Ni4xODc4OmMxODNkMTI0M2Q4MThjMzkwYjU1NmI3YjQ1YmU0OTM2ZmY2MmM4MmFkZTc1NmY4ZGNlMjcxYWFmN2Y3NTI5YTc6NjdmYjE2ODIyZGQ5MA%3D%3D

13.248.148.254

200 OK

0 B

URL GET
ww38.totalsporttek.zip/munin/a/tr/browserjs?domain=totalsporttek.zip&toggle=browserjs&uid=MTc0NDUwODU0Ni4xODc4OmMxODNkMTI0M2Q4MThjMzkwYjU1NmI3YjQ1YmU0OTM2ZmY2MmM4MmFkZTc1NmY4ZGNlMjcxYWFmN2Y3NTI5YTc6NjdmYjE2ODIyZGQ5MA%3D%3D
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /munin/a/tr/browserjs?domain=totalsporttek.zip&toggle=browserjs&uid=MTc0NDUwODU0Ni4xODc4OmMxODNkMTI0M2Q4MThjMzkwYjU1NmI3YjQ1YmU0OTM2ZmY2MmM4MmFkZTc1NmY4ZGNlMjcxYWFmN2Y3NTI5YTc6NjdmYjE2ODIyZGQ5MA%3D%3D HTTP/1.1
Host: ww38.totalsporttek.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sun, 13 Apr 2025 01:42:27 GMT
Server: Caddy, nginx
X-Custom-Track: browserjs

ww38.totalsporttek.zip/favicon.ico

13.248.148.254

200 OK

0 B

URL GET
ww38.totalsporttek.zip/favicon.ico
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww38.totalsporttek.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Sun, 13 Apr 2025 01:42:27 GMT
Etag: "670f7248-0"
Last-Modified: Wed, 16 Oct 2024 07:59:04 GMT
Server: Caddy, nginx

obseu.seaskydvd.com/mon

3.248.162.96

200 OK

0 B

URL POST
obseu.seaskydvd.com/mon
IP
3.248.162.96:443
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerZeroSSL
Subject*.seaskydvd.com
Fingerprint83:E6:81:53:64:C2:1C:D9:61:DD:3E:40:EB:D3:E1:18:43:D9:D0:62
ValidityMon, 31 Mar 2025 00:00:00 GMT - Sun, 29 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /mon HTTP/1.1
Host: obseu.seaskydvd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1699
Origin: http://ww38.totalsporttek.zip
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Cookie: cg_uuid=cd9592767673d6fcf629242f21847171
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww38.totalsporttek.zip
content-type: application/json
date: Sun, 13 Apr 2025 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

18.165.121.185

200 OK

11 kB

URL GET
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
18.165.121.185:80
ASN
#16509 AMAZON-02

Requested by
http://ww38.totalsporttek.zip/

File type
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
Size
11 kB (11375 bytes)
Hash
0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sat, 12 Apr 2025 11:05:06 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT
ETag: "czzekhpxmtxd8rz"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 314739a512b2afae40702e1a95e8f8de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HEL51-P2
X-Amz-Cf-Id: lwX6f1i7YPNUjehuNEtPv3COSsyMaAtjhZNgbVFm1nd6si323QqOLw==
Age: 52641

syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F

216.58.207.238

200 OK

16 kB

URL GET
syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
http://ww38.totalsporttek.zip/
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (15320)
Size
16 kB (16107 bytes)
Hash
336628ee6334973dcb1a43c365583790
50991ea657466ed7c6372a8555fe2b0cf261e152
1ea10586906ff59c4c94f971b54dc44fcd86dae563bd352401cd4e98e8791153

HTTP Headers

GET /afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww38.totalsporttek.zip/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 13 Apr 2025 01:42:27 GMT
expires: Sun, 13 Apr 2025 01:42:27 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-atNeB7SnNQF_h9lIPE9fdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 3456
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

syndicatedsearch.goog/adsense/domains/caf.js

216.58.207.238

200 OK

144 kB

URL GET
syndicatedsearch.goog/adsense/domains/caf.js
IP
216.58.207.238:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F
Certificate
IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint40:28:84:65:00:64:ED:A3:1A:C2:1B:45:AA:96:A6:16:CA:BD:37:41
ValidityThu, 20 Mar 2025 11:21:50 GMT - Thu, 12 Jun 2025 11:21:49 GMT

File type
JavaScript source, ASCII text, with very long lines (1831)
Size
144 kB (144079 bytes)
Hash
ce459a192bdba6229f23b42801d0b8e0
0c8f11b60144756280d00c34346fac6cc2b366ca
c78c9b051fc276a0bad68848dbc2b0b90733ca6cf886ce7caf03bd274a9653c8

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 13 Apr 2025 01:42:28 GMT
expires: Sun, 13 Apr 2025 01:42:28 GMT
cache-control: private, max-age=3600
etag: "7113848885155800737"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.178.33

200 OK

200 B

URL GET
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint85:BF:6A:5F:09:9C:AA:F5:8D:3B:2E:65:D1:16:4F:7F:03:2D:A8:DD
ValidityThu, 20 Mar 2025 11:19:41 GMT - Thu, 12 Jun 2025 11:19:40 GMT

File type
SVG Scalable Vector Graphics image
Size
200 B (200 bytes)
Hash
11b3089d616633ca6b73b57aa877eeb4
07632f63e06b30d9b63c97177d3a8122629bda9b
809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 12 Apr 2025 18:24:00 GMT
expires: Sun, 13 Apr 2025 17:24:00 GMT
cache-control: public, max-age=82800
age: 26309
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

142.250.178.33

200 OK

391 B

URL GET
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
142.250.178.33:443
ASN
#15169 GOOGLE

Requested by
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=http%3A%2F%2Fww38.totalsporttek.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UNdMT-p6SmATPUP-LOCIzhKYXQD8fp2XgY0PqxZtZlJaySrf-ypWDw.nvOuMZLlxupaLDq9hLwP5A.AkBvP3Yw_65Va9JXpWtSKaRMlPLXPSDKvUqtvDJIwbbiJoyxPrOueiBWuq604I-kzYRCsyk5tq3xLL2t-D5JAwGchpB79x8mW4LRvZl2nYXun7qezPxaFNL_FZctenfVS5dtDInnIkhyexpSl-fijYKj5nKc2lphdTIDu4UrVpiIxlzxJKYs0aeplfs92hfTFCnBhSzvJlpv4GKHLZbW-0IbUFKf20X81dX4l3JXqJbj-VCBfxHEY7uFUqVdPiPQzm2A91PMlP5uGX1maeDNr9pzEOX1OtubRr9hPTdoomDvLzWLe1fJYHfE6XsDktlAngiIpIu3k-YVoO-0X1puGj0sQrRfKyy-UuxkwoYioCNT1sJV7BP8oCzilCD0uXdZnq4h-mU2XGRBQDLI9IXgtbYdGn5q3rn1k39M0pcr2PDAGfVR0q8O0lvoxzZP8bst1V3MaOi1XvUnS-vKUbluwzQIb7fCnuAOfkNNVvWC-C8WRfwarR2dprR5ks7oxZZpy0e01a21J0yBi4vWT6Hq8LOww35cF2QSCEf2o1YueR4ZAyPSxZpwf9caqFTCTI2fW_6CfHXMXWFjUBa8Fhc0_A_yCHHwr4l-g4rekGLkLoM.5AzTX2EP7whX-dxm2tL6tQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2710553488346008&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108&format=r3%7Cs&nocache=5431744508547724&num=0&output=afd_ads&domain_name=ww38.totalsporttek.zip&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1744508547726&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=795&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=744711979&rurl=http%3A%2F%2Fww38.totalsporttek.zip%2F
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint85:BF:6A:5F:09:9C:AA:F5:8D:3B:2E:65:D1:16:4F:7F:03:2D:A8:DD
ValidityThu, 20 Mar 2025 11:19:41 GMT - Thu, 12 Jun 2025 11:19:40 GMT

File type
SVG Scalable Vector Graphics image
Size
391 B (391 bytes)
Hash
8959ddcd9712196961d93f58064ed655
62ab1e38e7e9fbf58a04381b76c2d96a9c829f24
17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 12 Apr 2025 03:46:33 GMT
expires: Sun, 13 Apr 2025 02:46:33 GMT
cache-control: public, max-age=82800
age: 78956
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML