Report - cndata.4jpg.top/js%20%E9%80%86%E3%81%95/pic1.html

Report Overview

Visited public
2024-05-25 17:44:37
Tags
URL
cndata.4jpg.top/js%20%E9%80%86%E3%81%95/pic1.html
Finishing URL
data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html
IP / ASN
104.21.77.220
#13335 CLOUDFLARENET
Title
js逆さ投稿画像263枚

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
translate.googleapis.com	1005	2005-01-25	2012-05-31 09:21:21	2024-05-25 14:04:21	1.2 kB	1.1 kB	142.250.74.138
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-05-25 02:29:32	454 B	4.2 kB	216.58.207.227
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22 13:20:32	2024-05-25 01:22:46	1.0 kB	821 B	157.90.84.242
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04 07:37:42	2024-05-25 18:12:07	531 B	2.2 kB	142.250.74.138
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-05-24 18:20:15	431 B	737 B	142.250.74.132
75616927db.6096db9a2b.com	unknown	2024-04-25	2024-05-25 02:25:41	2024-05-25 02:32:05	831 B	320 B	45.133.44.52
js.wpshsdk.com	12130	2021-06-04	2021-06-04 15:50:00	2024-05-24 21:31:54	412 B	15 kB	45.133.44.52
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-05-24 18:12:49	650 B	1.4 kB	142.250.74.131
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-05-25 00:46:10	386 B	72 kB	142.250.74.168
notification.tubecup.net	8210	2008-09-26	2019-08-30 11:36:01	2024-05-25 19:13:01	581 B	309 B	88.198.200.36
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2024-05-24 23:39:37	1.6 kB	12 kB	142.250.74.99
storage.multstorage.com	unknown	2023-09-22	2023-09-22 14:56:00	2024-05-25 02:25:41	527 B	1.1 kB	104.21.30.242
static.bookmsg.com	47495	2020-09-15	2020-11-24 15:56:32	2024-05-25 01:23:12	2.2 kB	4.4 kB	45.133.44.24
css.4jpg.top	unknown	2024-03-07	2024-03-18 05:19:51	2024-04-18 00:48:22	1.5 kB	175 kB	172.67.211.235
jsjs.4jpg.top	unknown	2024-03-07	2024-03-08 21:38:07	2024-03-10 10:23:15	370 B	31 kB	172.67.211.235
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2024-05-24 18:12:35	1.7 kB	9.6 kB	64.233.165.84
www.w3schools.com	17487	2000-03-21	2014-02-05 21:15:46	2024-05-24 14:31:03	770 B	12 kB	192.229.133.221
js.capndr.com	316718	2021-08-30	2021-08-30 14:51:01	2024-05-25 02:32:03	404 B	374 B	45.133.44.52
1ff191713b.a11d3c1b4d.com	unknown	unknown	No data	No data	930 B	140 kB	45.133.44.53
mc.webvisor.org	17571	2009-08-25	2017-08-16 04:40:17	2024-05-25 13:02:01	1.5 kB	3.0 kB	93.158.134.119
translate.google.com	1156	1997-09-15	2012-05-30 03:30:32	2024-05-24 18:14:39	412 B	44 kB	142.250.74.46
nereserv.com	40015	2020-12-21	2020-12-21 12:07:56	2024-05-25 01:22:53	1.2 kB	640 B	168.119.25.102
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-05-25 08:44:49	798 B	9.9 kB	104.17.25.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-05-25 11:01:21	778 B	152 kB	104.18.187.31
a2ef3e82bc.5144955a1c.com	unknown	unknown	No data	No data	6.9 kB	4.0 kB	167.235.163.216
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-05-25 13:27:03	1.2 kB	94 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-25	medium	a11d3c1b4d.com	Sinkholed
2024-05-25	medium	a11d3c1b4d.com	Sinkholed
2024-05-25	medium	6096db9a2b.com	Sinkholed
2024-05-25	medium	5144955a1c.com	Sinkholed
2024-05-25	medium	5144955a1c.com	Sinkholed
2024-05-25	medium	5144955a1c.com	Sinkholed
2024-05-25	medium	5144955a1c.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	From	Size	First Seen	Last Seen
	data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html	ScriptElement	145 B	2024-08-19	2024-08-19
Pretty URL data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:47 Last Seen2024-08-19 21:47 Times Seen1 Hash 5a54dc352b0f86574cb3d65a6a6305c0 3fa84169a8ec27a0c120a25dda5e5c37f1d0c991 6130ed52458d0d115ce9cdaa583bbc6beea62de330f8c9550cc7d8bcb4e66bb2 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-02
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-02 03:24 Times Seen56948 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html	ScriptElement	220 B	2023-03-07	2024-08-19
Pretty URL data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2024-08-19 21:52 Times Seen32 Hash 39541824421ceb93c38f4f9147726f66 bc577cb7618e37723327ba8eb35347ec20c2473e bf477157ddf6a64d733d66619063974fc4b4290589c39ae3e3dbdda6398da351 Loading...

	cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js	ScriptElement	11 kB	2023-03-07	2025-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02 Last Seen2025-04-24 14:39 Times Seen1439 Hash ea77f824de2ef57acb12e7cb6596365e 10bad0dbdf30a0471c2c786b349daeb1dd19180e 2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c Loading...

	data.jpg4.monster/_/translate_http/_/js/k=translate_http.tr.no.i35NZk4jS1E.O/am=AgM/d=1/rs=AN8SPfouP7H-j66y6Z8LSV-Z7Ry_hSpE_A/m=el_conf	ScriptElement	92 kB	2024-08-19	2024-08-19
Pretty URL data.jpg4.monster/_/translate_http/_/js/k=translate_http.tr.no.i35NZk4jS1E.O/am=AgM/d=1/rs=AN8SPfouP7H-j66y6Z8LSV-Z7Ry_hSpE_A/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 21:47 Last Seen2024-08-19 21:48 Times Seen2 Hash b6e89dcb30f572222d219da31f7985f3 fff4ee2a64d6dca155a51e2c07f7e7d1a81923a1 402e2c5498400774df8662d80f0fcb6388e27a97736d76fc41f170ac79623902 Loading...

	www.googletagmanager.com/gtag/js?id=UA-620120-3	ScriptElement	196 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-620120-3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 21:47 Last Seen2024-08-19 21:47 Times Seen1 Hash 4b9cb1bb3e40c0f075b7dd3a31541faa b6984c711bdfbb3e2d79d5e0d731f9ad72d11ae9 a3a13df56eebdd386ecb95c10683c51559b4f7c7b1b046e334a48ceffb4268d1 Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.i35NZk4jS1E.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfp1Q_lelBpcDgT1THggTwFXqXGPEA/m=el_main	ScriptElement	211 kB	2024-05-23	2024-08-19
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.i35NZk4jS1E.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfp1Q_lelBpcDgT1THggTwFXqXGPEA/m=el_main IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-23 21:54 Last Seen2024-08-19 21:59 Times Seen178 Hash 1667228321ebb5757f510e81da973a38 b3c9d9caf2c121bfa1783e0501738d59ec051d75 c16c6f2d4164c9297edbc4e2693996b7890631977bacf14041f13f35f54ab44c Loading...

	1ff191713b.a11d3c1b4d.com/6bd2e31efcf5d0cf45257ff54656d95b.js	ScriptElement	101 kB	2024-05-15	2024-08-19
Pretty URL 1ff191713b.a11d3c1b4d.com/6bd2e31efcf5d0cf45257ff54656d95b.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-15 17:00 Last Seen2024-08-19 22:52 Times Seen738 Hash 4bb95a2223acf3cc0df9d4268f6b78f0 3c6080e7e4a5d3edcb04f2454846a1bb8c92ecdf 3abdd6eff2b15ad1d1c80ac3366be71010f78ab5631aecb4d1b5d95ed5c38030 Loading...

	1ff191713b.a11d3c1b4d.com/78fab07f37adf9fb5d5054dbf1712bbe.js	ScriptElement	178 kB	2024-05-23	2024-08-19
Pretty URL 1ff191713b.a11d3c1b4d.com/78fab07f37adf9fb5d5054dbf1712bbe.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-23 17:37 Last Seen2024-08-19 22:06 Times Seen203 Hash 3b1bbbdcf79f9a3af534d1ea4b5bbbfb 472abbb1e8cf6161dedf7ffb264563ab64334bda 7edcaecba073618990b2130418045d269313597b8759a5890ca3b6d9b0e6cead Loading...

	cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js	ScriptElement	179 kB	2024-05-16	2024-08-19
Pretty URL cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js IP 104.18.187.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-16 20:18 Last Seen2024-08-19 22:46 Times Seen316 Hash c432049dbcf60baa4af691e35260b679 b54e0a95cb18cb9913d37a29377f2a869f4f36f8 3dc85fe31a6be778f20339b6d1ecca064bf6ae735055289f1badd48d2428e51a Loading...

	css.4jpg.top/index.php?js=jpg4&aaa1	ScriptElement	176 kB	2024-08-19	2024-08-19
Pretty URL css.4jpg.top/index.php?js=jpg4&aaa1 IP 172.67.211.235 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 21:47 Last Seen2024-08-19 21:47 Times Seen1 Hash 12cafca01474139b85b05774cca3c9a5 decf0048a4260260ddd8fcb22230a6611d51de99 abf18a89936116e70e27788bcf68e3db9576b585fd49d7aa558f7fe01201f933 Loading...

	data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html	ScriptElement	10 B	2023-03-07	2024-08-19
Pretty URL data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:28 Last Seen2024-08-19 21:52 Times Seen38 Hash 6ae49e8c7f5b9d8c587e9daf2f042f32 9a6595f141403364ec7b5ae2b6d3909860040566 dd988b25ebb90ef0b5c30f98b725da321e1d8d69fe79ba03975e011622c1780c Loading...

	jsjs.4jpg.top/index.php?js=very	ScriptElement	82 B	2024-04-16	2025-04-24
Pretty URL jsjs.4jpg.top/index.php?js=very IP 172.67.211.235 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37 Last Seen2025-04-24 14:39 Times Seen1472 Hash 77542f8a3ada1bb8b45eb9139c5e69ef 08556fa802dce18bec90fc57d62c7caaa4dbbdd0 4a12c40c3eb9ed0e055519dbd5be4cb7e88ee707739484aa38e3e3284c0bdc46 Loading...

	js.capndr.com/advertising.js	ScriptElement	0 B	0001-01-01	2025-05-02
Pretty URL js.capndr.com/advertising.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-02 03:28 Times Seen4593592 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	storage.multstorage.com/log/count.html	ScriptElement	718 B	2023-09-18	2025-03-01
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19 Last Seen2025-03-01 23:33 Times Seen12563 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	js.wpshsdk.com/npc/sdk/push.m.js?v=1	ScriptElement	34 kB	2024-04-27	2024-08-20
Pretty URL js.wpshsdk.com/npc/sdk/push.m.js?v=1 IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:51 Last Seen2024-08-20 02:22 Times Seen1687 Hash a069fdae233705c69db53cdddf953015 2dcfb71c08faa8c09be0196751a3b7f08afbb2e0 8358b4d2ef244f2c763073105b21a552b4589aafcf9b46e128820b35a34f7d9a Loading...

	1ff191713b.a11d3c1b4d.com/10576ac212151fb23fedb053c767d85d.js	ScriptElement	475 kB	2024-05-17	2024-08-19
Pretty URL 1ff191713b.a11d3c1b4d.com/10576ac212151fb23fedb053c767d85d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-17 18:30 Last Seen2024-08-19 22:40 Times Seen694 Hash 685b0bc180f8b42db8aa85fc59f69813 b73ca077396e59d92e032555e64184387c2250ec be65fa7266ccc5e1e2002280639e866bc791fbd3a570854d51068b61a05bca5a Loading...

	data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html	ScriptElement	715 B	2023-03-07	2024-08-19
Pretty URL data.jpg4.monster/js%20%E9%80%86%E3%81%95/pic1.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2024-08-19 21:52 Times Seen38 Hash 234c06dfc2743b146cf8de18ca032e70 fc1277d352feef393451a500b634e6036a4bb0cf 64c54e6dcf515d60043444a14fe1769922ec8a2a0ee4c5fa40943f2cd8b83033 Loading...

	1ff191713b.a11d3c1b4d.com/df089b43e46c12dcab7e4df72f03a872.js	ScriptElement	115 kB	2024-05-14	2024-08-19
Pretty URL 1ff191713b.a11d3c1b4d.com/df089b43e46c12dcab7e4df72f03a872.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-14 17:23 Last Seen2024-08-19 22:59 Times Seen875 Hash 6852ede1099cd44412dc80af8e9e07bb b5edf4f7ac08e00e7dec39d0c989551f30f58c86 c6e441a36f5b5d2ebd78587e8508368084c03727205a05aac257e562b3604656 Loading...

		Size	First Seen	Last Seen
	#1 Write - 8da66cae5fc09ad0ad54710cd4960dbd	88 B	2023-03-07 12:02	2025-04-24 14:39
Pretty Observations First Seen2023-03-07 12:02 Last Seen2025-04-24 14:39 Times Seen1505 Hash 8da66cae5fc09ad0ad54710cd4960dbd 01ef404d9c252491d6f0cd6900cce145d4b76db1 90b1ab53462f9b18c6a0d06704f07055e834c86239bdc87a3708514e9a6b6762 Loading...

	#2 Write - 511deefea4464a46676b3db2738a2188	61 B	2023-03-07 12:02	2024-08-19 21:52
Pretty Observations First Seen2023-03-07 12:02 Last Seen2024-08-19 21:52 Times Seen39 Hash 511deefea4464a46676b3db2738a2188 d9fe8cf5645da49968cd1d4c20e83ce49b9676af 4fb17fa4d3e642322d8e1b49721446fea7f3310f08b123eae72524d499e56a2a Loading...

	#3 Write - 4972a0950d2518b10bdb7f84331db44c	776 B	2024-05-25 04:41	2024-08-19 21:52
Pretty Observations First Seen2024-05-25 04:41 Last Seen2024-08-19 21:52 Times Seen39 Hash 4972a0950d2518b10bdb7f84331db44c 927c183dcefc8f4f09f67afffc573c2170598619 bbefb1b8013abeca1c33d11e9096ddb85e2dab50dc48c02ae9c8eb061ce8e7f3 Loading...

	#4 Write - f328ea08ebe65680d4263e882bf3b703	20 B	2023-03-07 12:02	2025-04-28 04:45
Pretty Observations First Seen2023-03-07 12:02 Last Seen2025-04-28 04:45 Times Seen418 Hash f328ea08ebe65680d4263e882bf3b703 0070c10f8f3a3885319ce413d997888ef62d1b4a f783038c7258d592f01cd4cb2045087e4ed331cf5cab52ffd459b086a0537bf9 Loading...

	#5 Write - 9d63d1c18e2eb50d91a03c3e30ce4c6e	1.4 kB	2024-08-19 21:47	2024-08-19 21:47
Pretty Observations First Seen2024-08-19 21:47 Last Seen2024-08-19 21:47 Times Seen1 Hash 9d63d1c18e2eb50d91a03c3e30ce4c6e 4548913a5d36e32e7f65124aa61f13ed0fe50ead d33eaee90c9fd2964a0e15dbdd3a52b33cadc92eb9a9038e901585c8ff93eccd Loading...

	#6 Write - 16183db7d8f751eb4208ff30486c99da	142 B	2023-03-07 12:02	2024-08-19 21:52
Pretty Observations First Seen2023-03-07 12:02 Last Seen2024-08-19 21:52 Times Seen39 Hash 16183db7d8f751eb4208ff30486c99da ece4b705b5b76f997272825ace2ef04603fd16b4 ca62b06b7701aee9eb0e000f395b917e388a86345d5df050fea030b28849af0d Loading...

	#7 Write - fc4d36d8b38ddf6bfa449db23eb3be3e	39 B	2024-05-18 21:25	2024-11-08 00:11
Pretty Observations First Seen2024-05-18 21:25 Last Seen2024-11-08 00:11 Times Seen63 Hash fc4d36d8b38ddf6bfa449db23eb3be3e 6f85dd387b51c5295e961b0cca4e3e0802dc7136 2ac8ff9d5426a23925325c9997ab980bd667bdf6f8f39aec27eafbc7ef716651 Loading...

	#8 Write - 950f6664e136648e9dba366dd7115b67	469 B	2024-05-21 06:49	2024-08-19 22:20
Pretty Observations First Seen2024-05-21 06:49 Last Seen2024-08-19 22:20 Times Seen143 Hash 950f6664e136648e9dba366dd7115b67 b1397a1ce19134a15eb9775b93fa1ba2bd0b8dab 3a6aa37739b8b477f2fcf852d116369c07dcfd463946efafa971545f6085c79c Loading...

	#9 Write - c735d1f9299cb96ca57b9bdf5ed6b3a4	3.0 kB	2024-05-21 06:49	2024-08-19 22:20
Pretty Observations First Seen2024-05-21 06:49 Last Seen2024-08-19 22:20 Times Seen100 Hash c735d1f9299cb96ca57b9bdf5ed6b3a4 a4dde2db1c3f8767c507304c95f095cb151045c8 1e686dad625180de3805a5a31c8f20973d78c052e6fa73e0de26e5c9711d6934 Loading...

HTTP Transactions (49)

URL IP Response Size

www.w3schools.com/w3css/4/w3.css

192.229.133.221

5.3 kB

URL
www.w3schools.com/w3css/4/w3.css
IP
192.229.133.221:0
ASN
#15133 EDGECAST

File type
Unicode text, UTF-8 (with BOM) text
Size
5.3 kB (5256 bytes)
Hash
ba0537e9574725096af97c27d7e54f76
bd46b47d74d344f435b5805114559d45979762d5
4a7611bc677873a0f87fe21727bc3a2a43f57a5ded3b10ce33a0f371a2e6030f

HTTP Headers

GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 1589
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Sat, 25 May 2024 17:44:12 GMT
etag: "0587bc3d9adda1:0+gzip"
last-modified: Fri, 24 May 2024 12:56:16 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5256
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 May 2024 11:57:04 GMT
expires: Thu, 22 May 2025 11:57:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 280028
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js

104.17.25.14

4.0 kB

URL
cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (10613)
Size
4.0 kB (3953 bytes)
Hash
ea77f824de2ef57acb12e7cb6596365e
10bad0dbdf30a0471c2c786b349daeb1dd19180e
2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c

HTTP Headers

GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 326772
expires: Thu, 15 May 2025 17:44:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qOOjn6acVcxN6L6OVyy9AnFp9Eo%2ByB7uVsFQT6zKUHbrbAaWohYL%2FqatYjo44%2BkBaUFBgmmm1blxHenf4fira%2B5n0L9bWvl3Gyb1p7OHzeu1b%2FAx8HlKvD49Ux5HizTDqmCX7Em"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8897550a7ec6568d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js

104.18.187.31

75 kB

URL
cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
IP
104.18.187.31:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (571)
Size
75 kB (74915 bytes)
Hash
21234aac857e6e0e9f7b0f060b0c62f3
2a48d8aab2b4069678e6a5a5317d7cc9c94d30c8
f1755dde2af1ae0bee97aa7a4177b0295aa45b8e75a2d50d194deb923b02e387

HTTP Headers

GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 74915
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.326.0
x-jsd-version-type: version
etag: W/"2bc83-KkjYqrK0BpZ45qWlMX18yclNMMg"
content-encoding: br
x-served-by: cache-fra-eddf8230153-FRA, cache-lga21955-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15079
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ryWkAyu5S7VYFvV9LAtSVTjYRVHnMcbhuRkMOiVPuyRt96p%2FQdX0f84f21erbf57KoY%2B4SPDQnIsliHX2rQkNvHdooPYnkkBzdERsYej3ZgjbVqchaMfcfiSJ7bmAVHE%2BSc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8897550a8a420b55-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-620120-3

142.250.74.168

71 kB

URL
www.googletagmanager.com/gtag/js?id=UA-620120-3
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
71 kB (70999 bytes)
Hash
08e38b5deded2df5032e48a9af7328ca
c9cbc34a6816289e7d72419932c40df46aac931a
e583dbf77c0620e86c0e760639e8b6484b5f09e4e0ea854667dca4534de70101

HTTP Headers

GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 May 2024 17:44:13 GMT
expires: Sat, 25 May 2024 17:44:13 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70999
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

css.4jpg.top/index.php?js=jpg4&aaa1

172.67.211.235

52 kB

URL
css.4jpg.top/index.php?js=jpg4&aaa1
IP
172.67.211.235:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6529), with CRLF line terminators
Size
52 kB (52354 bytes)
Hash
12cafca01474139b85b05774cca3c9a5
decf0048a4260260ddd8fcb22230a6611d51de99
abf18a89936116e70e27788bcf68e3db9576b585fd49d7aa558f7fe01201f933

HTTP Headers

GET /index.php?js=jpg4&aaa1 HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 25 May 2024 17:44:12 GMT
content-type: text/html; charset=UTF-8
imghost: 17296161209-h-css4jpgtopmh--NO-rm16215822283/index.php?js=jpg4&aaa1
56nloadrate: 1.969375
cache-control: public, max-age=14400, s-max-age=1800
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: HIT
age: 115
last-modified: Sat, 25 May 2024 17:42:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAPyepSk7Bv2Fiv45AlPhgdY81gfSr0vsdl6viqMo5AF5JcgZTu1nq42QqEA49BCaNy4eoN2eyS2MXirnUt%2B%2BS8CZsRQE0ZfOqIjM3KXeno6RUIsCLGSZXDnlHX1K0g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 889755074a345688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

css.4jpg.top/mycss/jpg4.css

172.67.211.235

6.9 kB

URL
css.4jpg.top/mycss/jpg4.css
IP
172.67.211.235:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
6.9 kB (6868 bytes)
Hash
c741f1a56ddd257b0b060173d6801ef1
25edc3ded3e61eea1c1dca8288272a6d6018c8ea
ff9596bc99c3e6f423d810ec50a40754ce365a5616e8918c36588bddb112c983

HTTP Headers

GET /mycss/jpg4.css HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 25 May 2024 17:44:12 GMT
content-type: text/css
etag: W/"6b7-5a117879baec0"
access-control-allow-origin: *
access-control-allow-headers: Cake
cache-control: public, max-age=360000
cf-cache-status: HIT
age: 349283
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RTh%2BrM0ULkmjT1thkak41z82fWCqsnPX2g7aeNbuvShnnoD%2BySpV6QmzCvsAG5I8AOYQxw1aoC%2BrxdZh6bzK5uQULvBVW%2FQwSk4GopY8zVl48uka0uxOBQQKE78RV%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 889755074a355688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

142.250.74.46

43 kB

URL
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
43 kB (43202 bytes)
Hash
8a52df1bd29e1314c4bd7d46e6c095c4
054836a4417bfacf82da00a1fd78f21e2fa35024
80682c2e6f876f61957a586b002b4d94700bcb0dba0aedfb3c371a060e9c9cbe

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 May 2024 17:44:12 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: __Secure-BUCKET=CNYH; Domain=.google.com; Expires=Thu, 21-Nov-2024 17:44:12 GMT; Path=/; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1ff191713b.a11d3c1b4d.com/27fa218f575825aac711f75c001d60a7/23782?version_name=d

45.133.44.53

11 kB

URL
1ff191713b.a11d3c1b4d.com/27fa218f575825aac711f75c001d60a7/23782?version_name=d
IP
45.133.44.53:0
ASN
#39572 DataWeb Global Group B.V.

File type
data
Size
11 kB (10846 bytes)
Hash
d9452ff9539ad7a4dbea48d8c97c0b22
475351b400e01bf99f3a426983ebb6611722b4ff
fa69d51ecfa837f9ac7c0026a092d4da5f71cdc2513cc00690aef187cbb91b26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27fa218f575825aac711f75c001d60a7/23782?version_name=d HTTP/1.1
Host: 1ff191713b.a11d3c1b4d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cndata.4jpg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:13 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 25 May 2024 17:49:13 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.w3schools.com/w3css/4/w3.css

192.229.133.221

5.3 kB

URL
www.w3schools.com/w3css/4/w3.css
IP
192.229.133.221:0
ASN
#15133 EDGECAST

File type
Unicode text, UTF-8 (with BOM) text
Size
5.3 kB (5256 bytes)
Hash
ba0537e9574725096af97c27d7e54f76
bd46b47d74d344f435b5805114559d45979762d5
4a7611bc677873a0f87fe21727bc3a2a43f57a5ded3b10ce33a0f371a2e6030f

HTTP Headers

GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 1590
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Sat, 25 May 2024 17:44:13 GMT
etag: "0587bc3d9adda1:0+gzip"
last-modified: Fri, 24 May 2024 12:56:16 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5256
X-Firefox-Spdy: h2

css.4jpg.top/index.php?js=jpg4&aaa1

172.67.211.235

41 kB

URL
css.4jpg.top/index.php?js=jpg4&aaa1
IP
172.67.211.235:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6529), with CRLF line terminators
Size
41 kB (41020 bytes)
Hash
12cafca01474139b85b05774cca3c9a5
decf0048a4260260ddd8fcb22230a6611d51de99
abf18a89936116e70e27788bcf68e3db9576b585fd49d7aa558f7fe01201f933

HTTP Headers

GET /index.php?js=jpg4&aaa1 HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:13 GMT
content-type: text/html; charset=UTF-8
imghost: 17296161209-h-css4jpgtopmh--NO-rm16215822283/index.php?js=jpg4&aaa1
56nloadrate: 1.969375
cache-control: public, max-age=14400, s-max-age=1800
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: HIT
age: 116
last-modified: Sat, 25 May 2024 17:42:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8JuQHdYwjOCcVy%2ByRFyDWtzqgvaxoH41bEo4CU21x27eNOtGkHfDsVHwq28gIFfYYjJ71KDEybzWGXfKcZSdpEJ9Sa2V3ChDEtm5KtFxj6iupK8TpWpggcwtjcO3Js%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8897550f1bff56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 May 2024 11:57:04 GMT
expires: Thu, 22 May 2025 11:57:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 280030
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jsjs.4jpg.top/index.php?js=very

172.67.211.235

30 kB

URL
jsjs.4jpg.top/index.php?js=very
IP
172.67.211.235:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
30 kB (30472 bytes)
Hash
77542f8a3ada1bb8b45eb9139c5e69ef
08556fa802dce18bec90fc57d62c7caaa4dbbdd0
4a12c40c3eb9ed0e055519dbd5be4cb7e88ee707739484aa38e3e3284c0bdc46

HTTP Headers

GET /index.php?js=very HTTP/1.1
Host: jsjs.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:14 GMT
content-type: text/html; charset=UTF-8
imghost: 17296161209-h-jsjs4jpgtopmh--NO-rm162158222116/index.php?js=very
56nloadrate: 1.9075
cache-control: max-age=360000, private
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Cake
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4sPqcgjapYxLtQzEoHnc7JngqYwvo7qrGkUAIIe9Ou0vn6N7EXIujkpqfltJlUyqiW8Ubn%2BzEqRg7mxvflsN%2BRi7%2B0f4y9TLQiFKW91LHuFSnPIipUhdYlBNdfVp8qwW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8897550f0b965695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js

104.17.24.14

4.0 kB

URL
cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (10613)
Size
4.0 kB (3953 bytes)
Hash
ea77f824de2ef57acb12e7cb6596365e
10bad0dbdf30a0471c2c786b349daeb1dd19180e
2b19d92ce83bf3b498f73103ba1240f09c84798b1f92aedf1491ccf0aa6f5e4c

HTTP Headers

GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 326773
expires: Thu, 15 May 2025 17:44:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bc6Y%2BL8isZdzvUQBOEghEMzwAJoKa1erctuJ8%2BRc867oW0hHfxxaOPTMLp0aTB31sJI7oobrSr2tEFrJfVwgc04i8Ozqsp8eduSnYN2FF3uZgFhfjEUZmG%2BOZXAyjuTZo1gQXTyO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88975510aeeb0b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js

104.18.186.31

75 kB

URL
cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
IP
104.18.186.31:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (571)
Size
75 kB (74915 bytes)
Hash
21234aac857e6e0e9f7b0f060b0c62f3
2a48d8aab2b4069678e6a5a5317d7cc9c94d30c8
f1755dde2af1ae0bee97aa7a4177b0295aa45b8e75a2d50d194deb923b02e387

HTTP Headers

GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 74915
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.326.0
x-jsd-version-type: version
etag: W/"2bc83-KkjYqrK0BpZ45qWlMX18yclNMMg"
content-encoding: br
x-served-by: cache-fra-eddf8230153-FRA, cache-lga21955-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15080
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2Bvt66CTVvyhztC%2BCnNiSjnyaqC6KOXcex1n2LkAZ0MyQ%2F01b5tAmmDY3mejqmRUgF2E%2B%2BuApYMfBlL6KTgmr%2BVPc1aJnlD7nPlYnWCcQCvnNoz4Y4dPq%2BMSNZ25cV%2BrDag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 889755109fe65699-OSL
X-Firefox-Spdy: h2

css.4jpg.top/mycss/jpg4.css

172.67.211.235

72 kB

URL
css.4jpg.top/mycss/jpg4.css
IP
172.67.211.235:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
72 kB (71592 bytes)
Hash
c741f1a56ddd257b0b060173d6801ef1
25edc3ded3e61eea1c1dca8288272a6d6018c8ea
ff9596bc99c3e6f423d810ec50a40754ce365a5616e8918c36588bddb112c983

HTTP Headers

GET /mycss/jpg4.css HTTP/1.1
Host: css.4jpg.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:13 GMT
content-type: text/css
etag: W/"6b7-5a117879baec0"
access-control-allow-origin: *
access-control-allow-headers: Cake
cache-control: public, max-age=360000
cf-cache-status: HIT
age: 349284
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=APVOEN7ncmrKwDthwpu4nxoriC04bGmQbZoNv%2BqQv%2B4xK3ySsxT0unA7x11iU3r3dq6zajEbQjx7c0qM0S%2FC8Vq%2BhZ6XLeoT1ykJLcrVO7dER0fHMNeEjLYVhhsQGgw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8897550f1bf856ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css

142.250.74.99

4.0 kB

URL
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:35:52 GMT
expires: Sun, 25 May 2025 08:35:52 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 32902
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.52

0 B

URL
js.capndr.com/advertising.js
IP
45.133.44.52:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Sat, 25 May 2024 17:49:14 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

mc.webvisor.org/watch/48140495?wmode=7&page-url=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666dqja3bemjnoc0jc7nsv4pr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1340%3Acn%3A1%3Adp%3A0%3Als%3A270514659930%3Ahid%3A371218979%3Az%3A0%3Ai%3A20240525174414%3Aet%3A1716659054%3Ac%3A1%3Arn%3A249191641%3Arqn%3A1%3Au%3A1716659054152811758%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1124%3Ads%3A0%2C31%2C500%2C0%2C61%2C0%2C%2C584%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716659053130%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1716659055%3At%3Ajs%E9%80%86%E3%81%95%E6%8A%95%E7%A8%BF%E7%94%BB%E5%83%8F263%E6%9E%9A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3441412)fip(1)ti(1)

93.158.134.119

448 B

URL
mc.webvisor.org/watch/48140495?wmode=7&page-url=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666dqja3bemjnoc0jc7nsv4pr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1340%3Acn%3A1%3Adp%3A0%3Als%3A270514659930%3Ahid%3A371218979%3Az%3A0%3Ai%3A20240525174414%3Aet%3A1716659054%3Ac%3A1%3Arn%3A249191641%3Arqn%3A1%3Au%3A1716659054152811758%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1124%3Ads%3A0%2C31%2C500%2C0%2C61%2C0%2C%2C584%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716659053130%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1716659055%3At%3Ajs%E9%80%86%E3%81%95%E6%8A%95%E7%A8%BF%E7%94%BB%E5%83%8F263%E6%9E%9A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3441412)fip(1)ti(1)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
JSON text data
Size
448 B (448 bytes)
Hash
3a5cb5a23c493ff15220dc6f5918f5b8
dc664094a158e004906ce01c1577cb29018f364c
890fac63ae9decf8801353c5f8e309f5928d7a0fff9dc07a9c748af7705e774b

HTTP Headers

GET /watch/48140495?wmode=7&page-url=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666dqja3bemjnoc0jc7nsv4pr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1340%3Acn%3A1%3Adp%3A0%3Als%3A270514659930%3Ahid%3A371218979%3Az%3A0%3Ai%3A20240525174414%3Aet%3A1716659054%3Ac%3A1%3Arn%3A249191641%3Arqn%3A1%3Au%3A1716659054152811758%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1124%3Ads%3A0%2C31%2C500%2C0%2C61%2C0%2C%2C584%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716659053130%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1716659055%3At%3Ajs%E9%80%86%E3%81%95%E6%8A%95%E7%A8%BF%E7%94%BB%E5%83%8F263%E6%9E%9A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3441412)fip(1)ti(1) HTTP/1.1
Host: mc.webvisor.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: /watch/48140495/1?wmode=7&page-url=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666dqja3bemjnoc0jc7nsv4pr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1340%3Acn%3A1%3Adp%3A0%3Als%3A270514659930%3Ahid%3A371218979%3Az%3A0%3Ai%3A20240525174414%3Aet%3A1716659054%3Ac%3A1%3Arn%3A249191641%3Arqn%3A1%3Au%3A1716659054152811758%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A1124%3Ads%3A0%2C31%2C500%2C0%2C61%2C0%2C%2C584%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716659053130%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-0ed8ce9e1e39cec802dafc59181dfc61-a81f3b9bcdd80a361c14af38dc09b309-08cddc828a0a4cecdead9052886a5778-4335742423629acc806791d3e9f585f3-b3a4b0ac1b44d5bc13e6d73ffb506aad-61b9878bbce18de73aafc8582a198c0c-5274424d88b08056c17f1a11bd3f2aff-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-861578da3666aba98730162cd5ac0199%3Arqnl%3A1%3Ast%3A1716659055%3At%3Ajs%E9%80%86%E3%81%95%E6%8A%95%E7%A8%BF%E7%94%BB%E5%83%8F263%E6%9E%9A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%283441412%29fip%281%29ti%281%29&redirnss=1
date: Sat, 25 May 2024 17:44:14 GMT
access-control-allow-origin: https://data.jpg4.monster
set-cookie: yabs-sid=1319556671716659054; Path=/; SameSite=None; Secure
i=LVOG0XZW90yp0gpgNWbhvedJ6/zd0g7sjVMhSNOpgoeyvW5sHZCZZa6EC85heFJ1fHjvpvbvGaG1n9awSh6MDnl5U/U=; Expires=Tue, 23-May-2034 17:44:12 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=3216837321716659054; Expires=Tue, 23-May-2034 17:44:12 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None
yuidss=3216837321716659054; Expires=Sun, 25-May-2025 17:44:14 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure
ymex=1748195054.yrts.1716659054#1748195054.yrtsi.1716659054; Expires=Sun, 25-May-2025 17:44:14 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 25-May-2024 17:44:14 GMT
last-modified: Sat, 25-May-2024 17:44:14 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 May 2024 11:57:04 GMT
expires: Thu, 22 May 2025 11:57:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 280030
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1ff191713b.a11d3c1b4d.com/df089b43e46c12dcab7e4df72f03a872.js

45.133.44.53

128 kB

URL
1ff191713b.a11d3c1b4d.com/df089b43e46c12dcab7e4df72f03a872.js
IP
45.133.44.53:0
ASN
#39572 DataWeb Global Group B.V.

File type
gzip compressed data, from Unix
Size
128 kB (128170 bytes)
Hash
f2aa7c45af8fdfd17e97e733ab65c4d4
114c9861d7a1d693e669152976f4a18e8c6eea4d
165a42bc43c42b88c1e0fa86053fb53b801d9b3fb9a71d328f1abecfd60a7aeb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /df089b43e46c12dcab7e4df72f03a872.js HTTP/1.1
Host: 1ff191713b.a11d3c1b4d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:14 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 14 May 2024 13:04:56 GMT
etag: W/"66436178-1c009"
content-encoding: gzip
expires: Sat, 25 May 2024 17:49:14 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css

142.250.74.99

4.0 kB

URL
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:35:52 GMT
expires: Sun, 25 May 2025 08:35:52 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 32903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=b&med_script_id=81&page=https%3A//data.jpg4.monster/js%2520%25E9%2580%2586%25E3%2581%2595/pic1.html

88.198.200.36

0 B

URL
notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=b&med_script_id=81&page=https%3A//data.jpg4.monster/js%2520%25E9%2580%2586%25E3%2581%2595/pic1.html
IP
88.198.200.36:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tags?tag_id=23782&timezone_olson=UTC&version_name=b&med_script_id=81&page=https%3A//data.jpg4.monster/js%2520%25E9%2580%2586%25E3%2581%2595/pic1.html HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 25 May 2024 17:44:15 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

1.8 kB

URL
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=AgM/d=0/rs=AN8SPfoc6wor_vd6aosD_uJ1zFAOYTymGg/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 May 2024 14:20:49 GMT
expires: Sat, 24 May 2025 14:20:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 98606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

142.250.74.138

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 25 May 2024 17:44:15 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=514=sOO767U_fvoITAxu_CFhaPFb8apaYHoHkWtfDIl4_nJjxqFQkg1bMyIbLSPpX6xqUeOz9IblvSsM2bc7_vXiyiCw7tRBTy2vv-dKFhtuGA4hmT_Gwdx9TtFZtSBwwPXyGAhiA7yRciYgoZ-B6klLoED20-nDCR8iX5ats3qzfuw; expires=Sun, 24-Nov-2024 17:44:15 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
expires: Sat, 25 May 2024 17:44:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/images/cleardot.gif

142.250.74.132

43 B

URL
www.google.com/images/cleardot.gif
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /images/cleardot.gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 43
date: Sat, 25 May 2024 17:44:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

216.58.207.227

3.3 kB

URL
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:40:53 GMT
expires: Sun, 25 May 2025 08:40:53 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 32602
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=23782

157.90.84.242

0 B

URL
fp.metricswpsh.com/fp?tag_id=23782
IP
157.90.84.242:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://data.jpg4.monster/
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 25 May 2024 17:44:15 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://data.jpg4.monster
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

75616927db.6096db9a2b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDU1NTMzMzg4MTk1MjkxMTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjEiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNTcsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0=

45.133.44.52

0 B

URL
75616927db.6096db9a2b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDU1NTMzMzg4MTk1MjkxMTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjEiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNTcsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0=
IP
45.133.44.52:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDU1NTMzMzg4MTk1MjkxMTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjEiLCJ0YWdfaWQiOjIzNzgyLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNTcsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MH0= HTTP/1.1
Host: 75616927db.6096db9a2b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:15 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=23782

157.90.84.242

58 B

URL
fp.metricswpsh.com/fp?tag_id=23782
IP
157.90.84.242:0
ASN
#24940 Hetzner Online GmbH

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 25 May 2024 17:44:15 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://data.jpg4.monster
Set-Cookie: id=18009887211348385209; Expires=Sun, 25 May 2025 17:44:15 GMT; Secure; SameSite=None
Vary: Origin

storage.multstorage.com/log/count.html

104.21.30.242

390 B

URL
storage.multstorage.com/log/count.html
IP
104.21.30.242:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (700)
Size
390 B (390 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:15 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 9f6ae2a3ec1c2620457dc850365388ea
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zgDl0mUSFotnvXZAQzLXeVU%2BC90lDevhDjWf7BRFkdQA%2FIwVKj19Gs4kM3a4sijGagi138HWARYz4ZReXr3iZHdznMbXAtv1qPyvoJ9EtROOaAZhAJhXxWT1HiNM6ojNcaH%2BxPv3Iq0Ryg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88975517fb91b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/push.m.js?v=1

45.133.44.52

15 kB

URL
js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
45.133.44.52:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33497), with no line terminators
Size
15 kB (14981 bytes)
Hash
a069fdae233705c69db53cdddf953015
2dcfb71c08faa8c09be0196751a3b7f08afbb2e0
8358b4d2ef244f2c763073105b21a552b4589aafcf9b46e128820b35a34f7d9a

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 14 May 2024 11:48:59 GMT
etag: W/"66434fab-845a"
content-encoding: gzip
expires: Sat, 25 May 2024 17:49:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

a2ef3e82bc.5144955a1c.com/in/multy

167.235.163.216

0 B

URL
a2ef3e82bc.5144955a1c.com/in/multy
IP
167.235.163.216:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: a2ef3e82bc.5144955a1c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://data.jpg4.monster/
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 25 May 2024 17:44:15 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=f5b2ea83-25c9-449e-9f1f-4dbe08e7fc4d&subid=809032184&sid=2291679442&spot_id=17050&created_at=2024-05-25&timezone=0&ver=8.162.0&is_native=1

168.119.25.102

0 B

URL
nereserv.com/in/dip?site=native-push&wl=1&event_id=f5b2ea83-25c9-449e-9f1f-4dbe08e7fc4d&subid=809032184&sid=2291679442&spot_id=17050&created_at=2024-05-25&timezone=0&ver=8.162.0&is_native=1
IP
168.119.25.102:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=f5b2ea83-25c9-449e-9f1f-4dbe08e7fc4d&subid=809032184&sid=2291679442&spot_id=17050&created_at=2024-05-25&timezone=0&ver=8.162.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 25 May 2024 17:44:15 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c39dce9bd44cdad3c98c75a2f5fd975f
8e8a0e38fdf7b78efdeb402821900a5a7f0877e4
03d25ae1fb57ab7a6a890580b2e32df0bbc88a7152c7b6287c712ea64026f4be

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 May 2024 17:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

64.233.165.84

0 B

URL
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
64.233.165.84:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:MW6j-cRVisV84oBQbUGq31yzjOXosw:q6i4B0BIcXmeDLju; Expires=Mon, 25-May-2026 17:44:16 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 May 2024 17:44:16 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxEQ1tM9UnmIZJsJlHm8cki5LUYtxVexanxvvfU5IbMk8GVBDAxSWLFQb3Mmf0MFDVAcoVS
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-KzymAz4CCWWaoRXDk9VNlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxEQ1tM9UnmIZJsJlHm8cki5LUYtxVexanxvvfU5IbMk8GVBDAxSWLFQb3Mmf0MFDVAcoVS

64.233.165.84

420 B

URL
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxEQ1tM9UnmIZJsJlHm8cki5LUYtxVexanxvvfU5IbMk8GVBDAxSWLFQb3Mmf0MFDVAcoVS
IP
64.233.165.84:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (391)
Size
420 B (420 bytes)
Hash
ed744a1f70c736caf00aa79cba950b1d
95928a14811fc7df7d6ee60382939327f2f7095e
787468536bbecb5fa4f70b7c42b6132cd3967b45711601011e1232f188bf0d96

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxEQ1tM9UnmIZJsJlHm8cki5LUYtxVexanxvvfU5IbMk8GVBDAxSWLFQb3Mmf0MFDVAcoVS HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:ymQS1_HcffpKPlEFc0NgEVjVaqwLDA:S5s1ZelDAL50d7qk;Path=/;Expires=Mon, 25-May-2026 17:44:16 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 May 2024 17:44:16 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyfZVs1iVJTJR23pGbz2Rc_uKj4V9HsAsghLbRJ8NTRNiIpFgD5MDSbXeu7VCHyIaywO8VZ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1072881357%3A1716659056104065&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-APtIsNjKLRwgmXWj1P376Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 420
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d5480df06fea1e38047bf8f65ee0bcf5
5c8273776a59541764beabcb49288086f2687c80
5d048013c47c586f4e13dc8109ee852d574b8d48afe50445f8f3a139b1da41d5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 May 2024 17:44:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nereserv.com/in/dip?event_id=518a915f-0ae3-440a-a6a1-1cc973cb6efa&subid=114096166&spot_id=81665&created_at=2024-05-25&timezone=0&ver=1.142.0

168.119.25.102

0 B

URL
nereserv.com/in/dip?event_id=518a915f-0ae3-440a-a6a1-1cc973cb6efa&subid=114096166&spot_id=81665&created_at=2024-05-25&timezone=0&ver=1.142.0
IP
168.119.25.102:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=518a915f-0ae3-440a-a6a1-1cc973cb6efa&subid=114096166&spot_id=81665&created_at=2024-05-25&timezone=0&ver=1.142.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 25 May 2024 17:44:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

a2ef3e82bc.5144955a1c.com/in/multy

167.235.163.216

2.7 kB

URL
a2ef3e82bc.5144955a1c.com/in/multy
IP
167.235.163.216:0
ASN
#24940 Hetzner Online GmbH

File type
JSON text data
Size
2.7 kB (2697 bytes)
Hash
dec663a513bbc2bff1aecacef20c01bb
9420626d5271d6b7001a628fd229c68ec7dd71fa
1c24718bb536fcee5b9d0e1ff2add26ffc7e5979d91e88668e5de9c28b2f451f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: a2ef3e82bc.5144955a1c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2542
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 25 May 2024 17:44:16 GMT
content-type: application/json
content-length: 2697
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

a2ef3e82bc.5144955a1c.com/in/show/?tag_ab=b&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&refdom=data.jpg4.monster&auction_time=1716659055&subid=809032184&sid=2291679442&tcid=0&ver=8.162.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-25&iabcat=IAB25-3&keywords=&user_fp=15251936750156859499&score=42.191456129703134&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fdata.jpg4.monster%252Fjs%252520%2525E9%252580%252586%2525E3%252581%252595%252Fpic1.html%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Famalt-sqc.com%2Fzclkvisitor%2F67c46f91-1abe-11ef-abac-12e9c8def0b7%2Fba075020-c9e4-11eb-90df-0a54a3175cb9%3Fcampaignid%3D89248473-11fb-11ef-a9bb-0affd04c9415&icons=EQOqiUDVG9D5s_Fv4rNGyin1Rmyu3_P5cogwcTY4mHcW84JxKSaEEO6oSMWLLru55dBrRpuSr_cOQIyy6F3HTuImn2DqhWy2yqFp7H5j7p4l1ytvUKyxPBlVfv0Hw_CfQM6ydKd70j9xS-vc2iw-QQsAZNx9Wm44WZ5otdXJbSzWRyO_2w&ext_cid=0&px_id=3117050&min_cpm=0.01682129072711926&out_id=1&campaign_type=lq-pop&aid=221&cid=2695&uniq=&mid=6291646603926577092&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.00778386165649256&cpm=0&verify_hash=8f33f96a3ae4e97090c564abef2c98bd&is_native=2&real_bid=0.00026674200296401986&original_bid_usd=0.00042&original_bid=0.00042&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1716745455&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00042&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000042000000000000006&ext_campaign_id_str=89248473-11fb-11ef-a9bb-0affd04c9415&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.03&cpa=79133799-a5df-45e5-9685-c1ae3dd4659a&prev_step_diff=727

167.235.163.216

0 B

URL
a2ef3e82bc.5144955a1c.com/in/show/?tag_ab=b&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&refdom=data.jpg4.monster&auction_time=1716659055&subid=809032184&sid=2291679442&tcid=0&ver=8.162.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-25&iabcat=IAB25-3&keywords=&user_fp=15251936750156859499&score=42.191456129703134&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fdata.jpg4.monster%252Fjs%252520%2525E9%252580%252586%2525E3%252581%252595%252Fpic1.html%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Famalt-sqc.com%2Fzclkvisitor%2F67c46f91-1abe-11ef-abac-12e9c8def0b7%2Fba075020-c9e4-11eb-90df-0a54a3175cb9%3Fcampaignid%3D89248473-11fb-11ef-a9bb-0affd04c9415&icons=EQOqiUDVG9D5s_Fv4rNGyin1Rmyu3_P5cogwcTY4mHcW84JxKSaEEO6oSMWLLru55dBrRpuSr_cOQIyy6F3HTuImn2DqhWy2yqFp7H5j7p4l1ytvUKyxPBlVfv0Hw_CfQM6ydKd70j9xS-vc2iw-QQsAZNx9Wm44WZ5otdXJbSzWRyO_2w&ext_cid=0&px_id=3117050&min_cpm=0.01682129072711926&out_id=1&campaign_type=lq-pop&aid=221&cid=2695&uniq=&mid=6291646603926577092&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.00778386165649256&cpm=0&verify_hash=8f33f96a3ae4e97090c564abef2c98bd&is_native=2&real_bid=0.00026674200296401986&original_bid_usd=0.00042&original_bid=0.00042&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1716745455&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00042&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000042000000000000006&ext_campaign_id_str=89248473-11fb-11ef-a9bb-0affd04c9415&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.03&cpa=79133799-a5df-45e5-9685-c1ae3dd4659a&prev_step_diff=727
IP
167.235.163.216:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&refdom=data.jpg4.monster&auction_time=1716659055&subid=809032184&sid=2291679442&tcid=0&ver=8.162.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-25&iabcat=IAB25-3&keywords=&user_fp=15251936750156859499&score=42.191456129703134&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fdata.jpg4.monster%252Fjs%252520%2525E9%252580%252586%2525E3%252581%252595%252Fpic1.html%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Famalt-sqc.com%2Fzclkvisitor%2F67c46f91-1abe-11ef-abac-12e9c8def0b7%2Fba075020-c9e4-11eb-90df-0a54a3175cb9%3Fcampaignid%3D89248473-11fb-11ef-a9bb-0affd04c9415&icons=EQOqiUDVG9D5s_Fv4rNGyin1Rmyu3_P5cogwcTY4mHcW84JxKSaEEO6oSMWLLru55dBrRpuSr_cOQIyy6F3HTuImn2DqhWy2yqFp7H5j7p4l1ytvUKyxPBlVfv0Hw_CfQM6ydKd70j9xS-vc2iw-QQsAZNx9Wm44WZ5otdXJbSzWRyO_2w&ext_cid=0&px_id=3117050&min_cpm=0.01682129072711926&out_id=1&campaign_type=lq-pop&aid=221&cid=2695&uniq=&mid=6291646603926577092&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.00778386165649256&cpm=0&verify_hash=8f33f96a3ae4e97090c564abef2c98bd&is_native=2&real_bid=0.00026674200296401986&original_bid_usd=0.00042&original_bid=0.00042&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1716745455&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00042&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000042000000000000006&ext_campaign_id_str=89248473-11fb-11ef-a9bb-0affd04c9415&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.03&cpa=79133799-a5df-45e5-9685-c1ae3dd4659a&prev_step_diff=727 HTTP/1.1
Host: a2ef3e82bc.5144955a1c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 25 May 2024 17:44:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyfZVs1iVJTJR23pGbz2Rc_uKj4V9HsAsghLbRJ8NTRNiIpFgD5MDSbXeu7VCHyIaywO8VZ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1072881357%3A1716659056104065&ddm=0

64.233.165.84

4.3 kB

URL
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyfZVs1iVJTJR23pGbz2Rc_uKj4V9HsAsghLbRJ8NTRNiIpFgD5MDSbXeu7VCHyIaywO8VZ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1072881357%3A1716659056104065&ddm=0
IP
64.233.165.84:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
4.3 kB (4286 bytes)
Hash
d042729054b44570181e7c9eb96a21d4
eee5fd459d4c5c1c30079fc0d2dcea1405541935
84e45c3e46a7ab6ba47e1f158f88e12476b26a9c0e5bd5b3c26e93d1a2936f54

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyfZVs1iVJTJR23pGbz2Rc_uKj4V9HsAsghLbRJ8NTRNiIpFgD5MDSbXeu7VCHyIaywO8VZ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1072881357%3A1716659056104065&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 May 2024 17:44:16 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-7H3waw-gUIiKyBZiQV1iQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a2ef3e82bc.5144955a1c.com/in/show/?tag_ab=b&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&refdom=data.jpg4.monster&auction_time=1716659055&subid=809032184&sid=2291679442&tcid=0&ver=8.162.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-25&iabcat=IAB25-3&keywords=&user_fp=15251936750156859499&score=42.191456129703134&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fdata.jpg4.monster%252Fjs%252520%2525E9%252580%252586%2525E3%252581%252595%252Fpic1.html%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Famalt-sqc.com%2Fzclkvisitor%2F67c46f91-1abe-11ef-abac-12e9c8def0b7%2Fba075020-c9e4-11eb-90df-0a54a3175cb9%3Fcampaignid%3D89248473-11fb-11ef-a9bb-0affd04c9415&icons=rnwLP_hl8ub4P8bV_tQMlj-kDWMTA6sGm1VNUtEfQhro2Z6nWzHj_HYj2GaNZvNacqnucRaqZveFIqaI633DfVFGZ9PIjZebW3XPVJQE7xJ2Nxe5ul7iCW-qNyiRrr_OsT0GGu0wh6GHTwpB8bHDDY2QjhIRBPf874_B__bgQH_gg5OEYg&ext_cid=0&px_id=3117050&min_cpm=0.00824197863910422&out_id=0&campaign_type=lq-pop&aid=221&cid=2695&uniq=&mid=6291646603926577092&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0038138822129222473&cpm=0&verify_hash=8bdda727caf52463836abcc65b0c2495&is_native=2&real_bid=0.00026674200296401986&original_bid_usd=0.00042&original_bid=0.00042&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,89,27,20,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1716745455&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00042&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000042000000000000006&ext_campaign_id_str=89248473-11fb-11ef-a9bb-0affd04c9415&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.03&cpa=bee0da1b-8361-4abb-a23f-7c94602092a6&prev_step_diff=727

167.235.163.216

0 B

URL
a2ef3e82bc.5144955a1c.com/in/show/?tag_ab=b&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&refdom=data.jpg4.monster&auction_time=1716659055&subid=809032184&sid=2291679442&tcid=0&ver=8.162.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-25&iabcat=IAB25-3&keywords=&user_fp=15251936750156859499&score=42.191456129703134&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fdata.jpg4.monster%252Fjs%252520%2525E9%252580%252586%2525E3%252581%252595%252Fpic1.html%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Famalt-sqc.com%2Fzclkvisitor%2F67c46f91-1abe-11ef-abac-12e9c8def0b7%2Fba075020-c9e4-11eb-90df-0a54a3175cb9%3Fcampaignid%3D89248473-11fb-11ef-a9bb-0affd04c9415&icons=rnwLP_hl8ub4P8bV_tQMlj-kDWMTA6sGm1VNUtEfQhro2Z6nWzHj_HYj2GaNZvNacqnucRaqZveFIqaI633DfVFGZ9PIjZebW3XPVJQE7xJ2Nxe5ul7iCW-qNyiRrr_OsT0GGu0wh6GHTwpB8bHDDY2QjhIRBPf874_B__bgQH_gg5OEYg&ext_cid=0&px_id=3117050&min_cpm=0.00824197863910422&out_id=0&campaign_type=lq-pop&aid=221&cid=2695&uniq=&mid=6291646603926577092&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0038138822129222473&cpm=0&verify_hash=8bdda727caf52463836abcc65b0c2495&is_native=2&real_bid=0.00026674200296401986&original_bid_usd=0.00042&original_bid=0.00042&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,89,27,20,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1716745455&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00042&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000042000000000000006&ext_campaign_id_str=89248473-11fb-11ef-a9bb-0affd04c9415&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.03&cpa=bee0da1b-8361-4abb-a23f-7c94602092a6&prev_step_diff=727
IP
167.235.163.216:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=3117050&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fdata.jpg4.monster%2Fjs%2520%25E9%2580%2586%25E3%2581%2595%2Fpic1.html&refdom=data.jpg4.monster&auction_time=1716659055&subid=809032184&sid=2291679442&tcid=0&ver=8.162.0&ver_c=&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-25&iabcat=IAB25-3&keywords=&user_fp=15251936750156859499&score=42.191456129703134&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fdata.jpg4.monster%252Fjs%252520%2525E9%252580%252586%2525E3%252581%252595%252Fpic1.html%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Famalt-sqc.com%2Fzclkvisitor%2F67c46f91-1abe-11ef-abac-12e9c8def0b7%2Fba075020-c9e4-11eb-90df-0a54a3175cb9%3Fcampaignid%3D89248473-11fb-11ef-a9bb-0affd04c9415&icons=rnwLP_hl8ub4P8bV_tQMlj-kDWMTA6sGm1VNUtEfQhro2Z6nWzHj_HYj2GaNZvNacqnucRaqZveFIqaI633DfVFGZ9PIjZebW3XPVJQE7xJ2Nxe5ul7iCW-qNyiRrr_OsT0GGu0wh6GHTwpB8bHDDY2QjhIRBPf874_B__bgQH_gg5OEYg&ext_cid=0&px_id=3117050&min_cpm=0.00824197863910422&out_id=0&campaign_type=lq-pop&aid=221&cid=2695&uniq=&mid=6291646603926577092&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0038138822129222473&cpm=0&verify_hash=8bdda727caf52463836abcc65b0c2495&is_native=2&real_bid=0.00026674200296401986&original_bid_usd=0.00042&original_bid=0.00042&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,4,89,27,20,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1716745455&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00042&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000042000000000000006&ext_campaign_id_str=89248473-11fb-11ef-a9bb-0affd04c9415&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.03&cpa=bee0da1b-8361-4abb-a23f-7c94602092a6&prev_step_diff=727 HTTP/1.1
Host: a2ef3e82bc.5144955a1c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 25 May 2024 17:44:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.03&cpa=95ee6d23-4578-429a-994f-a1b055520b80&prev_step_diff=727

45.133.44.24

486 B

URL
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.03&cpa=95ee6d23-4578-429a-994f-a1b055520b80&prev_step_diff=727
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&mlc=1&st=0.03&cpa=95ee6d23-4578-429a-994f-a1b055520b80&prev_step_diff=727 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:16 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 25 May 2025 17:44:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

1.1 kB

URL
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:16 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 25 May 2025 17:44:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

1.1 kB

URL
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:16 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 25 May 2025 17:44:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.03&cpa=ab23b09c-2c09-4180-9c67-bc6bfca16256&prev_step_diff=727

45.133.44.24

486 B

URL
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.03&cpa=ab23b09c-2c09-4180-9c67-bc6bfca16256&prev_step_diff=727
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_r-body&mlf=1&st=0.03&cpa=ab23b09c-2c09-4180-9c67-bc6bfca16256&prev_step_diff=727 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 May 2024 17:44:16 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 25 May 2025 17:44:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.138

0 B

URL
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://data.jpg4.monster/
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://data.jpg4.monster
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Sat, 25 May 2024 17:44:25 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.138

131 B

URL
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
JSON text data
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1182
Origin: https://data.jpg4.monster
DNT: 1
Connection: keep-alive
Referer: https://data.jpg4.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://data.jpg4.monster
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Sat, 25 May 2024 17:44:25 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by