Report - btdb.theproxy2.cc/

Report Overview

Visited public
2023-10-14 19:21:48
Tags
URL
btdb.theproxy2.cc/
Finishing URL
btdb.theproxy2.cc/
IP / ASN
104.21.95.157
#13335 CLOUDFLARENET
Title
BTDB - Free Torrent Search Engine | Bittorrent Movies Search Engine | Free Movies Torrent Magnet Search Engine

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
inpagepush.com	78279	2019-11-30	2019-12-03 21:32:41	2023-10-14 10:16:42	406 B	90 kB	139.45.197.237
heartilyscales.com	unknown	2022-12-16	2022-12-16 09:32:11	2023-10-13 21:53:38	441 B	15 kB	173.233.137.44
theusualsuspectz.biz	unknown	2023-01-27	2023-01-27 02:27:31	2023-10-13 21:53:38	412 B	49 kB	188.114.96.1
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-10-13 18:58:36	884 B	57 kB	104.17.24.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-10-13 22:22:00	468 B	3.2 kB	151.101.1.229
phamsacm.net	unknown	2023-09-25	2023-09-25 16:04:24	2023-10-13 21:53:38	806 B	116 kB	139.45.197.245
btdb.theproxy2.cc	unknown	2020-02-01	2022-11-19 14:23:36	2023-09-24 05:51:46	5.9 kB	458 kB	172.67.145.231
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-10-13 20:35:58	439 B	36 kB	104.18.11.207
vpop2.com	unknown	2023-02-20	2023-02-21 12:38:02	2023-08-28 02:23:51	420 B	813 B	0.0.0.0
matomo.hellohi.me	545402	2019-07-03	2019-07-03 22:13:04	2023-10-13 21:21:45	407 B	67 kB	188.114.96.1
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-10-13 18:13:46	1.6 kB	145 kB	172.64.103.11
a.we-are-anon.com	unknown	2023-07-17	2023-07-20 01:30:25	2023-08-08 02:58:24	400 B	741 B	0.0.0.0
petchoub.com	unknown	2023-09-18	2023-09-19 11:53:46	2023-10-13 21:53:38	411 B	13 kB	139.45.197.251
formden.com	454894	2015-01-11	2015-02-28 03:46:06	2023-09-16 07:48:24	471 B	204 kB	172.67.74.24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-14 19:21:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-10-14 19:21:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-10-14 19:21:30	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-10-14 19:21:30	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-14	medium	heartilyscales.com	Sinkholed
2023-10-14	medium	phamsacm.net	Sinkholed
2023-10-14	medium	petchoub.com	Sinkholed
2023-10-14	medium	phamsacm.net	Sinkholed
2023-10-14	medium	theusualsuspectz.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	btdb.theproxy2.cc/	ScriptElement	208 B	2023-03-29	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 22:55 Last Seen2024-08-21 04:42 Times Seen4 Hash 4be6588b9650d63c8034927b7ae145d0 57a127077111dc2075310eda76dc9369651cc06d 73eaaf8c35f60d5ff2fb22ab36ea99fcbc6daad2dfe0d2aedf3886e0c9f2ab4e Loading...

	unknown	Function	34 B	2023-04-11	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-05-10 19:46 Times Seen67031 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 03:19 Times Seen57531 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	btdb.theproxy2.cc/	ScriptElement	28 B	2023-03-29	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 22:55 Last Seen2024-08-21 04:42 Times Seen4 Hash b2ac40e4410229f0c3a6b567852983c0 153278185e8afa6bc67ad372f9b097cfc6353bc2 baccad037870581fe00cdee037b38c00dfb89fa592907051337a1d53cf2867d8 Loading...

	btdb.theproxy2.cc/	ScriptElement	29 B	2023-03-29	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 22:55 Last Seen2024-08-21 04:42 Times Seen4 Hash 5947c3025f3331d1e86c1c3b0f8c8c87 c3d5ae1c3db59e1db25a823e006786c7dd8ef0c2 843b2b00225e1cab51194e2b6776fda3f62f736f549581b82bc2f3cab50bb006 Loading...

	btdb.theproxy2.cc/	ScriptElement	23 B	2023-03-29	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 22:55 Last Seen2024-08-21 04:42 Times Seen4 Hash 16f63b9dcf0f424d166b06552e753025 852462482ea547b421acf7fde7aa0397b125f836 8987ec50ed22908b8b41659c4c93826189ac1b9dd9a588f97ca9074d37a837c6 Loading...

	btdb.theproxy2.cc/	ScriptElement	469 B	2023-04-13	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-13 18:12 Last Seen2024-08-21 04:42 Times Seen4 Hash bf417fe4e512829632380c81a7e42fe3 d3035dcfe4a7dc51d07d11781536240cfd5544da 310eff8fb93c3a778046909a0ed58f55242d27c26a16c6fe321780dc922ea3af Loading...

	btdb.theproxy2.cc/	ScriptElement	508 B	2023-03-29	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 22:55 Last Seen2024-08-21 04:42 Times Seen4 Hash 971e865ea5337d6b2aa044559c8cef84 a336f6bb07e1dd502f4bd9926db43f009401d665 ffe1ecdd8128c02ffb72bdab6c678c05e5786f3f2bf0c0d957183eaf1cd51284 Loading...

	unknown	EventHandler	21 B	2023-04-10	2025-05-10
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 22:51 Last Seen2025-05-10 22:31 Times Seen5394 Hash e56ddbb05a974a6bc5ea44661e509a21 448d4cb69f9441e10731b1ff4aa9dc81502589bd 1759e8c6c2ce9c987245281cd33bb9260ce82e31b604131a5da486db89369913 Loading...

	btdb.theproxy2.cc/	ScriptElement	551 B	2023-03-08	2025-04-17
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:45 Last Seen2025-04-17 05:24 Times Seen63 Hash 0777d21c374ffc4f9676ca1ff556a451 ed8f5d5c3f1fea36fed73130f0a7bf86c6e402f1 f14a0d9a871bd227ffcfccebe71df45ccd2f9b3d49ffd6cf57088abbabb81b81 Loading...

	btdb.theproxy2.cc/app/apx14.js	ScriptElement	7.7 kB	2023-03-07	2025-05-10
Pretty URL btdb.theproxy2.cc/app/apx14.js IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40 Last Seen2025-05-10 16:28 Times Seen810 Hash dfb1f327618e201778f2de85cfbcd173 fceb89a2221463e5bc5a71feff1247683ab08cc5 dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33 Loading...

	btdb.theproxy2.cc/	ScriptElement	816 B	2024-08-21	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 04:42 Last Seen2024-08-21 04:42 Times Seen1 Hash 1887367cd96f7d10bcd30c66109197d1 a6a2030b6a45194773a0cb8f9a66b6bb99d62085 32f1c7fc0f4ea6a6beee99da0deea78c97093391998590d6ea33ffd9bf47a8fe Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js	ScriptElement	35 kB	2023-03-07	2025-05-07
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 04:54 Times Seen589 Hash 281cd50dd9f58c5550620fc148a7bc39 dfb8410ffc10a57d69b81620087c5a0b6027765a 484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306 Loading...

	btdb.theproxy2.cc/	ScriptElement	464 B	2023-03-29	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 21:56 Last Seen2024-08-21 04:42 Times Seen3 Hash 1c1f3f5d218add4a420a27578ecb0907 31756976766f615933af489c095c5771376251e4 cd8079375b54f642b4ee022b9ea91f1dd7534db6a10cda2860ebcbfbfdef2f1d Loading...

	btdb.theproxy2.cc/app/apx19.js	ScriptElement	9.2 kB	2023-03-07	2025-05-10
Pretty URL btdb.theproxy2.cc/app/apx19.js IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40 Last Seen2025-05-10 16:28 Times Seen806 Hash 2344c3f05f624d595f6fb920e4d74ded eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1 3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a Loading...

	btdb.theproxy2.cc/	ScriptElement	449 B	2023-03-07	2025-04-15
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2025-04-15 12:49 Times Seen391 Hash 8ec4ea2cc07fb4298dd793cbc67d3755 04c34c92ef5baad58af7c56b728d4a84c55f7185 9a0e8ee9789c9f554b318f332bf0d2c61f85cdcf33afc1228b6f94181f841b1d Loading...

	btdb.theproxy2.cc/	ScriptElement	60 kB	2023-03-07	2024-08-21
Pretty URL btdb.theproxy2.cc/ IP 172.67.145.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2024-08-21 04:42 Times Seen1 Hash 1e99586b1da43ea72174991d85c20317 256ab4ff25b9e1dd9b2fb3dca97f44e115fd2348 167ab11af625b4491a1a62d102bc48377e4dfdb0f141ce5faa1b95d195560910 Loading...

HTTP Transactions (29)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27501 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 27501
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1e-6b6d"
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3828948
expires: Thu, 03 Oct 2024 19:21:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fq15YZiJf0URPQ%2FEdG2AqGsXVRClwi8XdyKAsXN9Tbts2m%2FkxG%2FQ5c9mjdDSkbiglmjE1ztdVlj7nVVryNMFaLqEwQ6MSbTfuURI0wtRnEocjJed%2BQYKtaJUA%2Bl46y0yzuq94Coc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81622f8a6c095696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/file-icon-vectors@1.0.0/dist/file-icon-square-o.min.css

151.101.1.229

200 OK

2.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/file-icon-vectors@1.0.0/dist/file-icon-square-o.min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (25734)
Size
2.4 kB (2434 bytes)
Hash
fca0ba5ed4d8f09dd04b4b69669baf75
46b5d1d7ed20d24fafd7c920ec77aa7905c9c80c
c7593a2088993b008f62c4f0e70de7ee5fe596646d6b74b1b76da918ef904dc0

HTTP Headers

GET /npm/file-icon-vectors@1.0.0/dist/file-icon-square-o.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.0.0
x-jsd-version-type: version
etag: W/"6578-RrXR1+0g0k+v18kg7HeqeQXJyAw"
content-encoding: br
accept-ranges: bytes
date: Sat, 14 Oct 2023 19:21:30 GMT
age: 1619140
x-served-by: cache-fra-etou8220052-FRA, cache-bma1627-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2434
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27501 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 27501
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1e-6b6d"
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3828949
expires: Thu, 03 Oct 2024 19:21:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUM4SpxAf1dYahtY%2F%2FS7ZYgDH4l5ZSx1PKbcx92X33O1epqqJANflhSp5lf7UM8srt6BQ0AFpgVFuB%2FW5Kb7qTY8dmmi7p1Yodwl87unD%2BN1yrToBV6HrE44PQsOj%2BwtG55VQZ2S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81622f8eaca356b4-OSL
alt-svc: h3=":443"; ma=86400

use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2

172.64.103.11

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74256, version 329.-17761\012- data
Size
74 kB (74256 bytes)
Hash
418dad87601f9c8abd0e5798c0dc1feb
a6b003ef506e92d05cde73adf67487d7fd7ec6df
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

HTTP Headers

GET /releases/v5.8.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btdb.theproxy2.cc
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: font/woff2
content-length: 74256
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "418dad87601f9c8abd0e5798c0dc1feb"
last-modified: Fri, 22 Sep 2023 01:45:57 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjlSmESccuTVLEt0Gnvfn2pne%2FKnH0C3sU0QsolBqJSiY8pNP2TRGN5aw7kFS1X9MIqe49K5ta5BWGHkK3NfP%2FPCS5%2BeYlHuEQ2ihLj%2FsK0n2lqsjVfUTPFILMfp3LvWClzz3VWr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8e8c15071a-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

173.233.137.44

200 OK

14 kB

URL GET HTTP/1.1
heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjectheartilyscales.com
FingerprintF0:0C:2F:00:27:D9:41:A2:9B:5F:2C:5F:B6:BE:55:43:BB:A5:CC:81
ValidityFri, 13 Oct 2023 06:44:51 GMT - Thu, 11 Jan 2024 06:44:50 GMT

File type
ASCII text, with very long lines (40522), with no line terminators
Size
14 kB (14447 bytes)
Hash
75bf255682e8feeb3c5e0925830d82fe
ac354a29f7f3c91e47ca47afd4ec3cea0136bb12
4d6a5b275c45bfbb8df67951fd384f17e453c2137535ed6753ecca000d4bfd3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 14 Oct 2023 19:21:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0baf38b114f1f909455804a5e8cc05d6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

use.fontawesome.com/releases/v5.8.1/webfonts/fa-regular-400.woff2

172.64.103.11

200 OK

14 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/webfonts/fa-regular-400.woff2
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13552, version 329.-17761\012- data
Size
14 kB (13552 bytes)
Hash
e6257a726a0cf6ec8c6fec22821c055f
8583a4f0dd12e15a48b3395593307a84d971cc33
ccf4db1eeb68c96e05e74f8ebfa75cc60c3a0fed862dae6b0ad85d4e1b5b4e4f

HTTP Headers

GET /releases/v5.8.1/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btdb.theproxy2.cc
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:31 GMT
content-type: font/woff2
content-length: 13552
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "e6257a726a0cf6ec8c6fec22821c055f"
last-modified: Fri, 22 Sep 2023 01:45:57 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hr8a5U4pci8XWpx07nAm%2FNhollIiWeUBHizi7M445Yg%2BO3ZH24KlcCCMGO39wMktusrl8M1jFJsPAtk7YTIoFiSaAmeY0ZGC2P94fqdzQWsSfJExQXcPJFoVAGV6rsZNkSCnkAe9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8eac34071a-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

phamsacm.net/5/2632704

139.45.197.245

200 OK

71 kB

URL GET HTTP/2
phamsacm.net/5/2632704
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjectphamsacm.net
FingerprintDE:80:EB:6A:39:A3:99:A4:73:45:FA:98:C7:49:89:52:8B:32:2B:12
ValidityMon, 25 Sep 2023 10:18:42 GMT - Sun, 24 Dec 2023 10:18:41 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
71 kB (70932 bytes)
Hash
5fe14d2276b23a5f8fe442057320ebe6
cb7fac0edbb428704f2ca9dbd27f64579e189710
29c47928e6e1c20def793131aa59ae200040f165e6ef7198822c40ea72607775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/2632704 HTTP/1.1
Host: phamsacm.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript
x-trace-id: b972e90b51d24d1140447305bef0159b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=7eeec80845a04ee6a0ae7530c5e52824; expires=Sun, 13 Oct 2024 19:21:30 GMT; path=/; secure; SameSite=None
oaidts=1697311290; expires=Sun, 13 Oct 2024 19:21:30 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

a.we-are-anon.com/h/

0.0.0.0

0 B

URL GET
a.we-are-anon.com/h/
IP
0.0.0.0:0
ASN
#0

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjectwe-are-anon.com
FingerprintBE:0B:14:13:DD:1E:0F:02:39:75:C1:FB:07:09:AD:F0:B7:05:A1:91
ValidityThu, 14 Sep 2023 04:33:05 GMT - Wed, 13 Dec 2023 04:33:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /h/ HTTP/1.1
Host: a.we-are-anon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://btdb.theproxy2.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=kv246vcna8vnfufvp67btmlied; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCB9l1cp%2Ftp84R5dog4NIABesXkkRuEX1x70KtrBgRfzNsTqa9VJzEn45r%2BDOFcEdXckAZLOtDT28UTMhBylPKGeDrYmyMdARrEvXWMy%2BAaQIP1I4bXTP9xt7rT0o3GWlKaZFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8c3ea256a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

btdb.theproxy2.cc/app/apx19.js

172.67.145.231

200 OK

9.2 kB

URL GET HTTP/3
btdb.theproxy2.cc/app/apx19.js
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
ASCII text, with very long lines (10516), with no line terminators
Size
9.2 kB (9183 bytes)
Hash
d26dea46bd49f9297502159ed377f84c
2da344f74215617efd03c4805e5e15d7d8039515
77d7964a36f5c3105bc99271b3ffe2d4ebc5541e4acd38def734b3eaea38fd38

HTTP Headers

GET /app/apx19.js HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Sep 2020 18:46:59 GMT
etag: W/"5f610c23-23df"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TqT4Ib3uiMOjAJkxV2o9Jpbpdc2eF8%2B%2Bmce41Ls1MrK4vWoHuVboPGAi7QsySmGcMhYocsLp0gvkTQUyev1CQ8RlVDrPIywXpx9PK1UqkPdSoc0Gzj1WqRhwOs1yDA5Ri0hkDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a1a5656c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js

104.18.11.207

200 OK

35 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32108)
Size
35 kB (34653 bytes)
Hash
281cd50dd9f58c5550620fc148a7bc39
dfb8410ffc10a57d69b81620087c5a0b6027765a
484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306

HTTP Headers

GET /bootstrap/3.3.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:57 GMT
cdn-cachedat: 2021-06-08 21:25:28
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 228ac7b1bbec9f47d120a9620e4c6c75
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 11224522
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 81622f8a7bf1b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

petchoub.com/ntfc.php?p=2651991

139.45.197.251

200 OK

13 kB

URL GET HTTP/2
petchoub.com/ntfc.php?p=2651991
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjectpetchoub.com
FingerprintAD:A1:87:6F:F2:7F:B9:72:79:A3:74:BF:B5:A5:E0:FA:BD:32:D9:68
ValidityMon, 18 Sep 2023 18:42:45 GMT - Sun, 17 Dec 2023 18:42:44 GMT

File type
C source, ASCII text, with very long lines (12988), with no line terminators
Size
13 kB (12988 bytes)
Hash
4c607bd00ea97ba3940ca5abcad0f75a
18750201cbc3badb9518408acd49e933ace2a696
7f1feec26180d4b871b10073113f3a234da33ef7c7ca2c3a4c866e18f1e6ff12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntfc.php?p=2651991 HTTP/1.1
Host: petchoub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript
last-modified: Thu, 12 Oct 2023 11:51:57 GMT
etag: W/"6527dddd-32bc"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

btdb.theproxy2.cc/files/style.css?v=3

172.67.145.231

200 OK

15 kB

URL GET HTTP/3
btdb.theproxy2.cc/files/style.css?v=3
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type

Size
15 kB (14554 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /files/style.css?v=3 HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/css;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: view=1; expires=Sun, 15-Oct-2023 19:21:30 GMT; Max-Age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ztvlg%2FEQF%2B9MCyvXqLhW0KddjZ0qbKbhfIWEQxbsy1j0gV0pGjPunUQwyos3cubH4FaFpERAvW%2BUcgyRCPEBo7f51cW80J3n%2B2zkiv7sYQg3V5k%2B9fQ2nGUpwB6Y1VLFBrD%2BGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a0a1a56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

phamsacm.net/1?z=3372123

139.45.197.245

200 OK

43 kB

URL GET HTTP/2
phamsacm.net/1?z=3372123
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjectphamsacm.net
FingerprintDE:80:EB:6A:39:A3:99:A4:73:45:FA:98:C7:49:89:52:8B:32:2B:12
ValidityMon, 25 Sep 2023 10:18:42 GMT - Sun, 24 Dec 2023 10:18:41 GMT

File type
ASCII text, with very long lines (41880)
Size
43 kB (42870 bytes)
Hash
74e49ef16a7dee8f9fb7acb24e494a7d
7bd8567f68e95c8648d5e7da2da2bf1949374297
ab796aff80d36d73cbfc9104ae3452fb7e220fd342db4484c433a7ef6b2fc8f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=3372123 HTTP/1.1
Host: phamsacm.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: f7ed48703177d6b431ccf325f7abe852
access-control-expose-headers: X-Sc
x-sc: cqYavAYdzP4CZ6OaWH8JVLzloU-6iP5v7Jw5uhUeFY88r6a3WraHu0QCneivV6jpaQNYpG_Kj_5mocCN0rnQZmuwg6o=
set-cookie: scm=1; expires=Sun, 13 Oct 2024 19:21:30 GMT; secure; SameSite=None
OAID=d69404757486454c99a9fd4424c7e8fc; expires=Sun, 13 Oct 2024 19:21:30 GMT; secure; SameSite=None
oaidts=1697311290; expires=Sun, 13 Oct 2024 19:21:30 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

btdb.theproxy2.cc/zpp/zpp4.js?q22q2q2

172.67.145.231

200 OK

39 kB

URL GET HTTP/3
btdb.theproxy2.cc/zpp/zpp4.js?q22q2q2
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
ASCII text, with very long lines (38995), with no line terminators
Size
39 kB (38995 bytes)
Hash
7dc63553536847077855df4f82f1ec18
146c3aac34cb4e7e1e9c692ccd0161b2e4f018de
3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

HTTP Headers

GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 05:53:53 GMT
etag: W/"603dd2f1-9853"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5Mg4AAtZBpr%2FnYLMoKDX2tg4v1MRly1yWIR3eaVuEwgoaa1crZ9Q900J7ZHgiuSYIwmGF80Az7PSCDEbKuukwfkILWkdmuAe7qDn3EkHLrIptODpJ9uhRMvXuGRNEOQoBE%2FAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a5ab256c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

inpagepush.com/400/3064505

139.45.197.237

200 OK

89 kB

URL GET HTTP/2
inpagepush.com/400/3064505
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjectinpagepush.com
Fingerprint3E:DE:79:BB:1D:FB:C5:44:AB:BA:9F:4E:87:C5:5C:93:C7:AA:BB:0B
ValidityTue, 08 Aug 2023 01:31:17 GMT - Mon, 06 Nov 2023 01:31:16 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (89007 bytes)
Hash
a974d89418763beb125eebb2cd328565
37a8638dffbda40e3cd8be23a6469f2ea8f66d13
2af7d5040ca926ddb066359c0e7ec04559170a5dc16838b5980a746f0966c447

HTTP Headers

GET /400/3064505 HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript
x-trace-id: b3f49ae59140ee6fc16fb34267a068e9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=8e7e3a33e248452c8148a5728e3510ae; expires=Sun, 13 Oct 2024 19:21:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

btdb.theproxy2.cc/

172.67.145.231

200 OK

263 kB

URL User Request GET HTTP/2
btdb.theproxy2.cc/
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type

Size
263 kB (262771 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:29 GMT
content-type: text/html;charset=UTF-8
set-cookie: view=1; expires=Sun, 15-Oct-2023 19:21:29 GMT; Max-Age=86400
PHPSESSID=008tqqgqns929ao665t0h903md; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FhC3JKctfwAi3uFt2wEjHbXcrzNDDho0%2Bumr1C3YYEVOBvzlOAFPA%2Bl4kFHYEgjeCwNOo9P4yiqFsco8zRuY%2FrA4pXAjN9WS3Vn9S%2BUc8JU3Iy65kQ0LHbLzRMDJ7EpM1QHl9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f86ef4f56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

btdb.theproxy2.cc/files/logo.png

172.67.145.231

200 OK

1.9 kB

URL GET HTTP/3
btdb.theproxy2.cc/files/logo.png
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
PNG image data, 304 x 93, 8-bit colormap, non-interlaced\012- data
Size
1.9 kB (1901 bytes)
Hash
6f645b7af1f3bdca67aa63b6ff66feff
c2f7b59a1056156f2f626b00d1090e154299ddfd
bbf464c6924486f9dac61ca28427e1f17e4a4f02cc5f3e4009e48241622636f9

HTTP Headers

GET /files/logo.png HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: image/png
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: view=1; expires=Sun, 15-Oct-2023 19:21:30 GMT; Max-Age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAlqkL8Q3e9gieEV4rI49BuFzR3Co7t2DmnbiRBLJjZCUjRssjObBrh5yMcqiq%2F0lJWsn5wJZ76uc4R%2BeQXBBbN09Bxa8o0h0dJMZPUjA7wFB%2FwBl11bWVp1xBIWpPkNQeEfTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a1a4a56c9-OSL
alt-svc: h3=":443"; ma=86400

btdb.theproxy2.cc/app/x12.js

172.67.145.231

200 OK

11 kB

URL GET HTTP/3
btdb.theproxy2.cc/app/x12.js
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
ASCII text, with very long lines (11180), with no line terminators
Size
11 kB (11180 bytes)
Hash
94efa3c05291ac5cccd32cc3a11c9724
3a033e4d6f5e5eaf76030a81c8a05c619de436c2
58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

HTTP Headers

GET /app/x12.js HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Sep 2020 18:26:18 GMT
etag: W/"5f61074a-2bac"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GbOh6XEVWpFVdoLl9jC0zLPA7hp%2BvT0kIrkOS%2BLiJTa0p0FEppPaeWWCqMZ%2Be%2Fe0vgbqcM%2FOpgNppENtJNGmkjUgyLp5z8JltZEvdZQY%2B3yKOX%2FFAGXihK0UJsJO85PNF807w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a5ab556c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

theusualsuspectz.biz/j/m/qqqq.js

188.114.96.1

200 OK

48 kB

URL GET HTTP/2
theusualsuspectz.biz/j/m/qqqq.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecttheusualsuspectz.biz
Fingerprint24:F3:7E:77:4B:2B:67:1B:B9:2E:2F:DF:7F:15:E9:9A:23:12:2F:89
ValidityWed, 20 Sep 2023 02:26:53 GMT - Tue, 19 Dec 2023 02:26:52 GMT

File type
ASCII text, with very long lines (48351), with no line terminators
Size
48 kB (48351 bytes)
Hash
febd5bfc829d7c8aa363e93e2e61f414
10d66213a9249bea47b15acf295323f01d217ef0
ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 03:16:06 GMT
etag: W/"603dadf6-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 22524108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgQGsaWFl0NXwV6lmmdmRiRyC8Mdxse4MQNEuFqW5mz7Ms21MxyyFakm0OeDNGDqG2oWi%2FBJKulJfK7LyWOyV4zAyQQr1qV4rU0NKOQbZ6Zu82X3srvfSFLPALy3mGnlmWdIlMQHmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8aac1fb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

btdb.theproxy2.cc/user.php

172.67.145.231

200 OK

0 B

URL POST HTTP/3
btdb.theproxy2.cc/user.php
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /user.php HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: https://btdb.theproxy2.cc
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RCUd5a5BUhdWHgx1afU0SsE4vJLDPqevVST4POXrnZ9Dv6jOzD8GNNE8WZS6yPi0X7DlG%2FOIebhVGLycraG4dHZ1UZviw8Xr6xqjOnVkHcCiM9QS0THOpyKnfylphHuE9Ock8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8f1ec356c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

btdb.theproxy2.cc/favicon.ico

172.67.145.231

200 OK

15 kB

URL GET HTTP/3
btdb.theproxy2.cc/favicon.ico
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15086 bytes)
Hash
78dd0e186388a14197d9f79a10712145
a3250a837f99f52cbdd470c8b035aced9c3853d9
9097c15555c5392a97778f6a3860d7648b8ff59d06b28d2bae1d147052fd8ddc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:32 GMT
content-type: image/x-icon
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: view=1; expires=Sun, 15-Oct-2023 19:21:31 GMT; Max-Age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PqDjkajyKS7IHDTHh7HPIRmnHwa%2FUehqJw9jS%2Fafm14zdjn21Y47ztvCQEnBrp%2BEbVYFf5gEY5brOrCLQ5uBE2SbBEjlGeJbTy7SxnTVqdt1IibE3yRJWZOrONmw%2F0erNQPIIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f95fc1956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

use.fontawesome.com/releases/v5.8.1/css/all.css

172.64.103.11

200 OK

55 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/css/all.css
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54926)
Size
55 kB (55111 bytes)
Hash
e4c542a7f6bf6f74fdd8cdf6e8096396
3a0571a695a35f238026b9398386dc99d9a0c56d
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

HTTP Headers

GET /releases/v5.8.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://btdb.theproxy2.cc
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
last-modified: Fri, 22 Sep 2023 01:45:55 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BC%2F1s6PAz7pcNco9H3QE1aJezz0alnaaexGAz93yyhD04uVm9%2F%2BdvEpDt9l%2BVCOuuLue6WwWwnsZqao3CO8qBpG5%2FjfEkphcH4T4kFN3xN2S5JdnUkLAVmTYRPJ9czKFaSeJc5F8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8bfa19071a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vpop2.com/api_.null.p_.null.nfo.php?js=1

0.0.0.0

0 B

URL GET
vpop2.com/api_.null.p_.null.nfo.php?js=1
IP
0.0.0.0:0
ASN
#0

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjectvpop2.com
Fingerprint26:D7:76:FB:92:4E:88:25:39:85:4E:D9:BC:4A:13:DD:D9:82:5C:0D
ValidityThu, 17 Aug 2023 02:42:15 GMT - Wed, 15 Nov 2023 02:42:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api_.null.p_.null.nfo.php?js=1 HTTP/1.1
Host: vpop2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/html; charset=UTF-8
location: https://a.we-are-anon.com/h/
set-cookie: view=1; expires=Sun, 15-Oct-2023 19:21:30 GMT; Max-Age=86400
PHPSESSID=37k8tdm438hksmrls296v7s2uv; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MHc0CdXCeGIZxzfNiqe%2B6rhmn%2Bi881j55fJizZCwdvmOsCWedJwjAQZMKYcOzZ0Q%2F2n8axAy46ozzYO1IPyZoQRiEmigCxfovKQPlyhW%2F%2BVZebo9zwRqj8czSGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8a9b56b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

btdb.theproxy2.cc/app/apx14.js

172.67.145.231

200 OK

7.7 kB

URL GET HTTP/3
btdb.theproxy2.cc/app/apx14.js
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
ASCII text, with very long lines (8720), with no line terminators
Size
7.7 kB (7663 bytes)
Hash
3db7729f5768690d08cfbb852bda88b3
29d50e49674a25263da47dec24318c1a68f003e0
997dcda1cc75d9821ee6a9b2dba6fff73b5f104ed1a49792f998d7fe70d24893

HTTP Headers

GET /app/apx14.js HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Sep 2020 18:26:19 GMT
etag: W/"5f61074b-1def"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0J0JeashgI0UeyIrisIE6MuStSjD8kj3c%2FB6e5aWNFeLGQ4FJoMxBmCUzsgLCuEWede%2FdpdlDKfLpTr7W%2B2BInc474mPBjYNexI1vobnnQagRcm8uu1AQGaKpoWDBg0rXfsJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a5ab456c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

matomo.hellohi.me/matomo.js

188.114.96.1

200 OK

66 kB

URL GET HTTP/2
matomo.hellohi.me/matomo.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint3B:19:FF:F4:F0:F2:6F:BE:66:7F:4C:A0:E8:02:E6:F4:94:A8:6C:68
ValidityWed, 01 Mar 2023 00:00:00 GMT - Thu, 29 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1601)
Size
66 kB (65842 bytes)
Hash
a3a7245d6daf7d31d2069c0ba05879dd
ec1bf464889e71aec1ced6d8361a26c76e4a1460
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sat, 10 Jun 2023 05:56:32 GMT
etag: W/"64841090-10132"
expires: Sat, 14 Oct 2023 19:46:00 GMT
cache-control: public, max-age=14400
pragma: public
cf-cache-status: HIT
age: 2129
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9k%2FVgsJZGtzB9FDuzaKoydxbVTwlCb4APiOK%2BPQUVBt6LXvVedcgttabUBLGkVdr5n8kFPkuJR4EJmQUtb2C4VLsBSC4Cet0iCBqMppvsdLe%2BZJMydG2YI9oXk2zVdVTM3XRwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8f985956af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

btdb.theproxy2.cc/files/font-awesome.min.css

172.67.145.231

200 OK

32 kB

URL GET HTTP/3
btdb.theproxy2.cc/files/font-awesome.min.css
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
ASCII text, with very long lines (30808)
Size
32 kB (31579 bytes)
Hash
617e867a0b0f815f3bb65942971a26e3
542160bc1c9a120eb1660f11d4426d9e9cbb5ce3
d802f77b468c09dbaf124f8fffc9de28bad80b11589d0652deee6c06b871ea4f

HTTP Headers

GET /files/font-awesome.min.css HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/css;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: view=1; expires=Sun, 15-Oct-2023 19:21:30 GMT; Max-Age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KeP%2B%2Fm1xMzuSdUnclEiHDutptQZvCPlW%2BFbrLDNhc08mRJElhBST6AQblXWqpsgFSiRT3UqaDf%2Fu1QAnv35kV3ZJQ8wnUe9TvvDqW68BXzOJWeJmVH9dSkHZePjx6wrz%2FA19mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a0a1b56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

formden.com/static/assets/demos/bootstrap-iso/bootstrap-iso/bootstrap-iso.css

172.67.74.24

200 OK

203 kB

URL GET HTTP/2
formden.com/static/assets/demos/bootstrap-iso/bootstrap-iso/bootstrap-iso.css
IP
172.67.74.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintB4:20:D5:56:2D:B7:AA:41:22:3D:EF:6E:99:C8:76:04:93:79:F0:F1
ValidityWed, 19 Apr 2023 00:00:00 GMT - Thu, 18 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (386)
Size
203 kB (202858 bytes)
Hash
983b32a3322df186728fb6b0f8a1fb74
16402572b9e1e854737c0adade7372b680739f2b
404e4e0e62d557f5850e6f82dcf55d7295566f59046b98d6bdd8f043bd61a136

HTTP Headers

GET /static/assets/demos/bootstrap-iso/bootstrap-iso/bootstrap-iso.css HTTP/1.1
Host: formden.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: text/css
last-modified: Fri, 25 Sep 2015 15:49:42 GMT
etag: W/"3186a-520944bc5d687-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inhSMzXOO%2Bwt3F2dfoDoU8kEBYh5vRqGiguSWnL3LCNlwD9WfIr9rtmymyV%2FpA7Ecod%2FtpAJ7wtfwGf2GNEsQdvjp%2B7sdSvz8oa7pMw2YittP%2FeA71ks%2Fo2p9xVE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81622f8a8f8c1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2

btdb.theproxy2.cc/hy.js?q22q2q2

172.67.145.231

200 OK

56 kB

URL GET HTTP/3
btdb.theproxy2.cc/hy.js?q22q2q2
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type
ASCII text, with very long lines (56131), with no line terminators
Size
56 kB (56131 bytes)
Hash
667d77da844b6d5ad62b2f26e77b4b12
01ae61192a38af73a93c67468fb8271d7bbfa4f6
f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

HTTP Headers

GET /hy.js?q22q2q2 HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 14 Oct 2023 19:21:30 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 05:53:48 GMT
etag: W/"603dd2ec-db43"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wH7pU%2F5fxhmYmD42nHwa15xTFB9uMRVj85mWk6ro4hwxlL5SxESMv2cI0gCyKAe418HgfBmnlxEOmkPFrz2%2B3mBfv6Vqb1ivafvezVto%2FGnvSBH2%2BII%2F2xZyFsBh2aP7yKBiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a2a9256c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

btdb.theproxy2.cc/cdn-cgi/apps/head/eonMsSaWoPGHqHdsBoYDBPjD6UM.js

172.67.145.231

404 Not Found

0 B

URL GET HTTP/3
btdb.theproxy2.cc/cdn-cgi/apps/head/eonMsSaWoPGHqHdsBoYDBPjD6UM.js
IP
172.67.145.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://btdb.theproxy2.cc/
Certificate
IssuerLet's Encrypt
Subjecttheproxy2.cc
Fingerprint9B:94:44:B2:EF:C8:29:78:9E:64:8C:F0:08:EE:80:E8:4A:67:C0:4A
ValiditySat, 09 Sep 2023 06:55:09 GMT - Fri, 08 Dec 2023 06:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/apps/head/eonMsSaWoPGHqHdsBoYDBPjD6UM.js HTTP/1.1
Host: btdb.theproxy2.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btdb.theproxy2.cc/
Cookie: view=1; PHPSESSID=008tqqgqns929ao665t0h903md
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 14 Oct 2023 19:21:29 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zRx8dgSWCdGqo31tV7zuC4D2Kv%2B6Q%2Fl0r7hMvlruX4wfVXF9EfvAxIn8b2Jw3%2FiGnH9kggupOwwpTMSeyL%2FwUsuhMCZnkxDiFDBFF4MefWq9kcqU2kluUz0W%2BBMHAvs2BBpyIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81622f8a0a1856c9-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN