Report - wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html

Report Overview

Visited public
2025-02-01 05:04:45
Tags
suspicious
URL
wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Finishing URL
wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
IP / ASN
172.67.165.78
#13335 CLOUDFLARENET
Title
DIL SHEESHE JAISE MERA JISME THA TERA BASERA SAD SONG DJBANTU VERMA (djbantuverma.wapqiz.com).mp3
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-01-29	930 B	2.8 kB	185.199.110.133
wugroansaghadry.com	unknown	2024-10-08	2024-10-08	2025-01-27	3.2 kB	191 kB	139.45.197.119
uciftoongardo.net	unknown	2025-01-21	2025-01-29	2025-01-29	506 B	7.1 kB	139.45.197.244
fleraprt.com	unknown	2022-01-14	2022-01-14	2025-01-28	2.3 kB	1.8 kB	139.45.195.252
weegraphooph.net	unknown	2024-11-13	2024-12-29	2025-01-28	2.5 kB	17 kB	139.45.197.106
taleszone.com	unknown	2022-11-11	2020-11-29	2025-02-01	521 B	0 B	0.0.0.0
github.com	1423	2007-10-09	2016-07-13	2025-01-29	908 B	7.9 kB	140.82.121.4
adstook.com	unknown	2018-04-08	2018-09-26	2025-02-01	406 B	1.1 kB	188.114.96.1
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-01-29	872 B	45 kB	142.250.74.10
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-29	2.8 kB	605 kB	142.250.74.168
naupsithizeekee.com	unknown	2024-12-03	2025-01-03	2025-01-27	415 B	43 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-01-29	433 B	10 kB	172.64.146.234
tzegilo.com	unknown	2022-01-14	2022-01-14	2025-01-27	407 B	11 kB	104.21.11.245
theetheks.com	unknown	2024-08-26	2024-08-26	2025-02-01	6.4 kB	202 kB	139.45.197.119
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-01-29	1.7 kB	123 kB	142.250.74.163
1337x1.wb4.xyz	unknown	2022-04-16	2022-06-11	2025-01-31	3.0 kB	100 kB	104.21.26.18
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-01-29	457 B	63 kB	104.18.11.207
wk.jdi5.com	unknown	2021-02-16	2022-06-07	2025-02-01	2.0 kB	13 kB	172.67.165.78
cank.xyz	unknown	2024-07-28	2015-08-15	2025-01-31	1.0 kB	20 kB	172.67.221.41
onmanectrictor.com	unknown	2024-07-26	2024-07-26	2025-01-27	1.9 kB	49 kB	188.114.97.1
funnyfoto.me	unknown	2023-04-13	2020-07-06	2025-02-01	520 B	0 B	0.0.0.0
afarkas.github.io	106835	2013-03-08	2014-01-15	2025-02-01	426 B	4.2 kB	185.199.108.153
ptichoolsougn.net	unknown	2024-11-26	2024-12-10	2025-02-01	3.2 kB	46 kB	139.45.197.107

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-01	medium	ptichoolsougn.net	Sinkholed
2025-02-01	medium	wugroansaghadry.com	Sinkholed
2025-02-01	medium	wugroansaghadry.com	Sinkholed
2025-02-01	medium	naupsithizeekee.com	Sinkholed
2025-02-01	medium	uciftoongardo.net	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	wugroansaghadry.com	Sinkholed
2025-02-01	medium	onmanectrictor.com	Sinkholed
2025-02-01	medium	ptichoolsougn.net	Sinkholed
2025-02-01	medium	ptichoolsougn.net	Sinkholed
2025-02-01	medium	weegraphooph.net	Sinkholed
2025-02-01	medium	wugroansaghadry.com	Sinkholed
2025-02-01	medium	onmanectrictor.com	Sinkholed
2025-02-01	medium	onmanectrictor.com	Sinkholed
2025-02-01	medium	weegraphooph.net	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	onmanectrictor.com	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	funnyfoto.me	Sinkholed
2025-02-01	medium	ptichoolsougn.net	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	theetheks.com	Sinkholed
2025-02-01	medium	taleszone.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (36)

	URL	From	Size	First Seen	Last Seen
	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-27
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-27 19:02 Times Seen346172 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	1.1 kB	2023-05-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 19:56 Last Seen2025-04-26 10:13 Times Seen111 Hash c045e67082f208e65d2b618ee0577c33 094f568c571e56dc47560ab3250b99f893528836 cf72882ded107bbfdf513b32575958593dfe37e354bbfb655145f179a6af899c Loading...

	www.googletagmanager.com/gtag/js?id=G-49LW6323V3	ScriptElement	340 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-49LW6323V3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:56 Times Seen2 Hash d42b2858bb43dc589a72497c5eeea2a6 4ea9120eaf6f2591326d32b291b7d60b8960cf9d 38a9be504883742a4f321bca1b8827a0fd45d9bc6407d926fac27a3cc9b4f357 Loading...

	theetheks.com/400/8837581	ScriptElement	94 kB	2025-02-01	2025-02-01
Pretty URL theetheks.com/400/8837581 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash f86a8bd8e3405e62744c551545dfa07c ab84fc6a50391c107fa470be7e22baa9b7be0a0a 79a9df3ab6bd8f6344e3b274e262e3d9ba6caa8fc63d2f2098f27e4c5dbf8250 Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	1.0 kB	2023-04-10	2025-02-26
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-10 21:07 Last Seen2025-02-26 23:12 Times Seen160 Hash 0e481ace6afebfd56f0fbdb4e2ef4db7 3115a9be4b9d9149584e57a80b20f72415df1883 4b8f417c519dad613a207c9ce71499c042e5e383d1c0ab0231eed4e462e4743a Loading...

	wugroansaghadry.com/401/8837431	ScriptElement	101 kB	2025-02-01	2025-02-01
Pretty URL wugroansaghadry.com/401/8837431 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash 7e8a7be1b38b1544a2cbf37099cee3f8 9bcf5e6a173f4b35a91b91e42d46c4b3e4380589 210e52a758d1a85f4cd0d7e2da061b10b462fca65a88188e321265dfe5aa99df Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-27
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-27 19:02 Times Seen345383 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200	ScriptElement	291 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:52 Times Seen2 Hash 97e80878a6274918e308b49188605c88 d0ad1de4fed3ad7aa045fc5d9e52af193a238bbe e3c4bab29264cf36c4c0fead2474129ff6d9db0a37d50526e6a0e4a7d6739693 Loading...

	www.googletagmanager.com/gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200	ScriptElement	291 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 07:18 Times Seen3 Hash 127c4ed3ef1291e1168fc826f90e096a 6dc780596401c3531c8693cec0aa6d703cc369cf 08e04d4a03561f6c58a6e5460fe92b38f701cb0db520893dddcc3247862adf14 Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	0 B	0001-01-01	2025-05-27
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-27 19:13 Times Seen4771363 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	naupsithizeekee.com/tag.min.js	ScriptElement	71 kB	2025-01-31	2025-02-02
Pretty URL naupsithizeekee.com/tag.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-31 02:47 Last Seen2025-02-02 19:00 Times Seen26 Hash 51b47a08f38115aa9c27b3d67c27fccb 8bd0c4b86f7e6be39a04533a62b708b556a680ff 3262df26c93f3f3a2d183ea13d6c663ff0104a222a6141cacc1c1301e35637f2 Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	205 B	2025-02-01	2025-02-26
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-01 03:26 Last Seen2025-02-26 23:12 Times Seen17 Hash f135407a753947c43bdf792d625016ae 785fa59155ccb13d51f3849071a52efffe8e04f4 8134467c482580a5d985c148a969ec2a5fe1014fe1429854f76aa1d0c7291fd0 Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	625 B	2023-05-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 19:56 Last Seen2025-04-26 10:13 Times Seen116 Hash 967e4d130ed223edd1b9556f89506f35 f1941891d896d1c84196888c93002111c7184479 87e53d522d400c8beaa819f75fdcc2fc6b75bbe7bdb42197367cc4f435c6c942 Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	191 B	2025-02-01	2025-02-26
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-01 03:26 Last Seen2025-02-26 23:12 Times Seen17 Hash 40707c8c1c31e8e1fc844eba0618c8a7 ada49af3addbaba129166b3856700a605a6b109b fa32bb8e4b8baaa07f94d6cd9b76e30cb4f349b88d37135f757a73f41fc514fa Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	189 B	2025-02-01	2025-02-26
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-01 03:26 Last Seen2025-02-26 23:12 Times Seen17 Hash 96383ce1ab2eb5aa3bfafcb92a7c1f98 a6fce573330c7005f66c866965ae97d352e0c5ef 6cb490b6636f1ccd8ba4098457ad0203fcf9c299f0d64cf1d44e28443ed8d6f2 Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	185 B	2025-02-01	2025-02-26
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-01 03:26 Last Seen2025-02-26 23:12 Times Seen17 Hash 8c6d8dd49b48c44b3bf40c0c0b1b6877 dba1a4473eea298c100a741ef64021865bb5c8a9 7068fb94cc0cf39290d0fe2573137c5220b2aa5d04b9e6888b280dd1a064e038 Loading...

	ptichoolsougn.net/401/8837469	ScriptElement	101 kB	2025-02-01	2025-02-01
Pretty URL ptichoolsougn.net/401/8837469 IP 139.45.197.107 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash 34c17b337c5c7a88aaa35c1003eaea7e 92706d25bb2c787814b5602515c494d4910cf8bf b071e473eda3a96ae0dbab2800ccb503968c1e70736ba337b3dab991c6e23dda Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	38 B	2024-01-15	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-15 03:09 Last Seen2025-04-26 10:13 Times Seen110 Hash 9dcd671aee1442173de42e1d3c503ef7 b0588f074ebc75cea09e7dc76d0b53d69c864946 cc9cc8f49456652d0ad1a5b47359fd559db2faf31ff0a49349f0242650dee42d Loading...

	adstook.com/webworker.js	ScriptElement	1 B	2023-03-07	2025-05-27
Pretty URL adstook.com/webworker.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-27 19:00 Times Seen65934 Hash 68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	63 B	2023-05-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 19:56 Last Seen2025-04-26 10:13 Times Seen116 Hash c39e2d36d5c42c5b6238bf915d4bcd2c ed39e87925aadfbd7f5ecb8243405d0b435b1a4d ad3f32ba1d3acc12d21b01d9875021f96ab8e8ac8fe3b9c18f2aa032dda41be6 Loading...

	www.googletagmanager.com/gtag/js?id=UA-46789381-48	ScriptElement	238 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=UA-46789381-48 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash d4c57d16e26c80b61f9dbff3c9109f29 ec5679004a9d2cbcaf6c93af3fd525ed7f1f4f17 e9345197498ec8a57c33e29a0d751f4fbd09ea1e0c6296822c56a03bbebd9c82 Loading...

	www.googletagmanager.com/gtag/js?id=UA-46789381-49	ScriptElement	238 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=UA-46789381-49 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash 1dd6fc8416b38ff02a6b94c16f780a84 7bebc90076844770545adbff63c4e92c74a6713b 758c3b4b7f5709388663bb9ab300fc1a0afe6dd2a8c8270e1e15274f84379c24 Loading...

	theetheks.com/400/8837581	ScriptElement	94 kB	2025-02-01	2025-02-01
Pretty URL theetheks.com/400/8837581 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash a5ee6546239d25bd0e33ce54f2608134 a98af7d79815c33d49868a2dafaef3f65f9b4e7c b82a277de84e8c41325cbf5b61f779113e07e7c874efd14181cb4fca57bd0300 Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	58 B	2023-05-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 19:56 Last Seen2025-04-26 10:13 Times Seen116 Hash 41aeac9d70b89083cfd8d99ab881072f e9163b1e1fc27028dbf705700060d3c591ca044a 1992a76247b7dd6c22c15b9d7c874034d63ea0e0c03e70b9068bb07dbf75a669 Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	463 B	2025-01-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-07 00:36 Last Seen2025-04-26 10:13 Times Seen47 Hash a054b976c0e9b046836856362b360593 ed456de72aca20c5458edb850f293a2e0c6b2ad2 d035124c7b596f2acf4ec39050da6536c2732f71971233cbabd7c3b5dc4e5bbf Loading...

	www.googletagmanager.com/gtag/js?id=UA-46789381-49	ScriptElement	240 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=UA-46789381-49 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash bdbc8bcd2ebbb4cddaec20dbb5555d8a 10af8dd0718c873a10cdf52490be932603efa92e d3529d1b28f758c5938ea2f17722d0f3582eaa33461e867c47a1b5ec7d388f87 Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	4.8 kB	2023-05-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 19:56 Last Seen2025-04-26 10:13 Times Seen116 Hash 9421b8b2703151b9ae93d19d34a72ffa 03f5afcf096cdfdde4468de96f36e81fc671f1bd 4e57c63b43ab2c38524875e34f5874baf5b1ca96fb375ab232bc156a20e26d88 Loading...

	www.googletagmanager.com/gtag/js?id=G-49LW6323V3&l=dataLayer&cx=c&gtm=45je51u0v9136562244za200	ScriptElement	340 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-49LW6323V3&l=dataLayer&cx=c&gtm=45je51u0v9136562244za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash 00bd75827ae7897b082fc45255c80624 a98ac2f8f6693d404115b1bdf0b5d3c6de3af9f7 61d1c477d7df6caf9295dde6864ede3ab28320d4c5471c6cb52f6cf718c333af Loading...

	wugroansaghadry.com/401/8837431	ScriptElement	101 kB	2025-02-01	2025-02-01
Pretty URL wugroansaghadry.com/401/8837431 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash 4afa3b7019d2ea37b40eb79dee7c0f17 7f6eb77cfaad368ac349008a14a92d704c9d5ce8 69111d083df0886a573aa30a1cfe9b7067cea67c9573778eb17030c12f4fab5f Loading...

	ptichoolsougn.net/401/8837469	ScriptElement	101 kB	2025-02-01	2025-02-01
Pretty URL ptichoolsougn.net/401/8837469 IP 139.45.197.107 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash f7b943fc4b67c95c184caceec55c0f7f f6ce69a90bb2ce25af68cdf84b89d0f7e6887375 d344b65059dedcc1c734254f3194663d86dd9281448b5ecf39f36f0580294274 Loading...

	tzegilo.com/stattag.js	ScriptElement	18 kB	2024-07-11	2025-05-27
Pretty URL tzegilo.com/stattag.js IP 104.21.11.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-11 16:28 Last Seen2025-05-27 18:22 Times Seen1951 Hash 01227f5edc20e0ff4ed643b27cb8bb68 d71a88f7341f2b1bdaa7deb9a66888607bd52598 75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2 Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	1.0 kB	2023-05-07	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-07 19:56 Last Seen2025-04-26 10:13 Times Seen116 Hash d90adb6cdd22ff355967ae6423c87e7c 53ec4a3b0c25ab01eae1a373aa526130f99a26b3 3fdf49bc8848922f80b1ccfa4caae1c83b3100fe84b08f968f36256529285218 Loading...

	afarkas.github.io/lazysizes/lazysizes.min.js	ScriptElement	7.9 kB	2023-03-07	2025-05-27
Pretty URL afarkas.github.io/lazysizes/lazysizes.min.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-27 15:09 Times Seen5323 Hash 45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b Loading...

	1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html	ScriptElement	169 B	2023-04-10	2025-02-26
Pretty URL 1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html IP 104.21.26.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-10 21:07 Last Seen2025-02-26 23:12 Times Seen160 Hash 834fc7c039a13fbba4a03f9aef779b1c c4c84b10a47e9c191eb9997c582e19305c389aa7 28eee164b1920610b7fc3573774ce64b57f0ccdc450843418fc21b52bb83bfcd Loading...

	www.googletagmanager.com/gtag/js?id=G-BXJ1TNEJ97&l=dataLayer&cx=c&gtm=457e51u0za200	ScriptElement	291 kB	2025-02-01	2025-02-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-BXJ1TNEJ97&l=dataLayer&cx=c&gtm=457e51u0za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 05:04 Last Seen2025-02-01 05:04 Times Seen1 Hash aa2d853b8b6cd2195dc1812319e5331e b4210f0ccbe56151e05979bec2b768cb5c958ef7 2285d5545f0b29dc6e6db689dc2e9df1b8135834b327be6afdc66412b8f130b9 Loading...

	wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html	ScriptElement	153 B	2024-03-19	2025-04-26
Pretty URL wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html IP 172.67.165.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-19 04:31 Last Seen2025-04-26 10:13 Times Seen87 Hash c4ac8c572af377e0a3902e2a1ae9f80f 30f69db91f177a38fb7a4cc888e2f75bbaaee64f 2930e2f9b3bd8ac2a057e109d109aeb7d6fb70ca822fdb782895955d8f4ed3c4 Loading...

HTTP Transactions (59)

URL IP Response Size

afarkas.github.io/lazysizes/lazysizes.min.js

185.199.108.153

200 OK

3.5 kB

URL GET HTTP/2
afarkas.github.io/lazysizes/lazysizes.min.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7862)
Size
3.5 kB (3497 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /lazysizes/lazysizes.min.js HTTP/1.1
Host: afarkas.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Mon, 17 May 2021 09:28:46 GMT
access-control-allow-origin: *
etag: W/"60a2374e-1ed1"
expires: Tue, 21 Jan 2025 02:53:40 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: HIT
x-github-request-id: 5A23:1169:A5EDBE:A74FC3:678F0A88
accept-ranges: bytes
age: 247
date: Sat, 01 Feb 2025 05:04:12 GMT
via: 1.1 varnish
x-served-by: cache-hel1410021-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1738386252.087216,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: fecc0cc6bb246873cb8072b61d9d906638ecb5a7
content-length: 3497
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-46789381-48

142.250.74.168

200 OK

85 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-46789381-48
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3
ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
85 kB (84792 bytes)
Hash
d4c57d16e26c80b61f9dbff3c9109f29
ec5679004a9d2cbcaf6c93af3fd525ed7f1f4f17
e9345197498ec8a57c33e29a0d751f4fbd09ea1e0c6296822c56a03bbebd9c82

HTTP Headers

GET /gtag/js?id=UA-46789381-48 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Feb 2025 05:04:12 GMT
expires: Sat, 01 Feb 2025 05:04:12 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Feb 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:838:0
report-to: {"group":"ascgcycc:838:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 84792
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-49LW6323V3

142.250.74.168

200 OK

113 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-49LW6323V3
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3
ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
113 kB (112951 bytes)
Hash
d42b2858bb43dc589a72497c5eeea2a6
4ea9120eaf6f2591326d32b291b7d60b8960cf9d
38a9be504883742a4f321bca1b8827a0fd45d9bc6407d926fac27a3cc9b4f357

HTTP Headers

GET /gtag/js?id=G-49LW6323V3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Feb 2025 05:04:12 GMT
expires: Sat, 01 Feb 2025 05:04:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:838:0
report-to: {"group":"ascgcycc:838:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 112951
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

github.com/wapkiz/cdn/raw/master/js/page_templates_simple.js

140.82.121.4

302 Found

0 B

URL GET HTTP/2
github.com/wapkiz/cdn/raw/master/js/page_templates_simple.js
IP
140.82.121.4:443
ASN
#36459 GITHUB

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wapkiz/cdn/raw/master/js/page_templates_simple.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin: 
location: https://raw.githubusercontent.com/wapkiz/cdn/master/js/page_templates_simple.js
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 4A5C:22052D:2B371BB:2CE3B72:679DAB4C
X-Firefox-Spdy: h2

adstook.com/webworker.js

188.114.96.1

200 OK

1 B

URL GET HTTP/2
adstook.com/webworker.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectadstook.com
Fingerprint9F:22:E3:B9:5B:F8:0C:BF:AA:17:FD:39:C0:14:8D:22:38:4F:C4:30
ValidityFri, 13 Dec 2024 09:51:20 GMT - Thu, 13 Mar 2025 10:51:16 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /webworker.js HTTP/1.1
Host: adstook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: application/javascript
content-length: 1
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "1d0ed781ac185aa16548c9ed7d74304f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9w6EoPLrYBVYqP8r7ppMAc%2BbgPUvoiFEk1TnrsOyBhmpQEsIhgkNrSf7VV%2FVWtqyFR0AC15EisMms%2Fc1Wh9q3jpuBRCMggheoMRHoA9CtShAM64lgN6ovWMPFpMM7MCB0dZT9EZjOyFCjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5886
accept-ranges: bytes
server: cloudflare
cf-ray: 90af663d7a5a56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=497&min_rtt=446&rtt_var=109&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3183&recv_bytes=1062&delivery_rate=7006451&cwnd=254&unsent_bytes=0&cid=0f5099b76cfb957a&ts=26&x=0"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-BXJ1TNEJ97&l=dataLayer&cx=c&gtm=457e51u0za200

142.250.74.168

200 OK

102 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-BXJ1TNEJ97&l=dataLayer&cx=c&gtm=457e51u0za200
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3
ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
102 kB (101706 bytes)
Hash
aa2d853b8b6cd2195dc1812319e5331e
b4210f0ccbe56151e05979bec2b768cb5c958ef7
2285d5545f0b29dc6e6db689dc2e9df1b8135834b327be6afdc66412b8f130b9

HTTP Headers

GET /gtag/js?id=G-BXJ1TNEJ97&l=dataLayer&cx=c&gtm=457e51u0za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Feb 2025 05:04:12 GMT
expires: Sat, 01 Feb 2025 05:04:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:838:0
report-to: {"group":"ascgcycc:838:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 101706
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

raw.githubusercontent.com/wapkiz/cdn/master/js/page_templates_simple.js

185.199.110.133

200 OK

409 B

URL GET HTTP/2
raw.githubusercontent.com/wapkiz/cdn/master/js/page_templates_simple.js
IP
185.199.110.133:443
ASN
#54113 FASTLY

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text
Size
409 B (409 bytes)
Hash
f53687164731cffce276463948dfcbef
0cf35a404a601d49466ae09bc2ba3d9ec1130500
5b3002cada011b91348a429587aa8197d10f3557b68a485195a2dcc1ffcacc6f

HTTP Headers

GET /wapkiz/cdn/master/js/page_templates_simple.js HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"e10025dca4e9820776b525fc26581e0967381374797a37e2a4228695d3202429"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: DED6:3423EA:6C0967:70D280:679D944E
content-encoding: gzip
accept-ranges: bytes
date: Sat, 01 Feb 2025 05:04:12 GMT
via: 1.1 varnish
x-served-by: cache-hel1410029-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1738386252.458566,VS0,VE155
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 981300e212db151b40f638555d4b62e38e07c3b6
expires: Sat, 01 Feb 2025 05:09:12 GMT
source-age: 0
content-length: 409
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-49LW6323V3&l=dataLayer&cx=c&gtm=45je51u0v9136562244za200

142.250.74.168

200 OK

113 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-49LW6323V3&l=dataLayer&cx=c&gtm=45je51u0v9136562244za200
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3
ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
113 kB (112960 bytes)
Hash
00bd75827ae7897b082fc45255c80624
a98ac2f8f6693d404115b1bdf0b5d3c6de3af9f7
61d1c477d7df6caf9295dde6864ede3ab28320d4c5471c6cb52f6cf718c333af

HTTP Headers

GET /gtag/js?id=G-49LW6323V3&l=dataLayer&cx=c&gtm=45je51u0v9136562244za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Feb 2025 05:04:12 GMT
expires: Sat, 01 Feb 2025 05:04:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:838:0
report-to: {"group":"ascgcycc:838:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 112960
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

github.com/wapkiz/cdn/raw/master/image/close2.png

140.82.121.4

302 Found

0 B

URL GET HTTP/2
github.com/wapkiz/cdn/raw/master/image/close2.png
IP
140.82.121.4:443
ASN
#36459 GITHUB

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wapkiz/cdn/raw/master/image/close2.png HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: GitHub.com
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin: 
location: https://raw.githubusercontent.com/wapkiz/cdn/master/image/close2.png
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 4A5C:22052D:2B3732F:2CE3CF7:679DAB4C
X-Firefox-Spdy: h2

raw.githubusercontent.com/wapkiz/cdn/master/image/close2.png

185.199.110.133

200 OK

564 B

URL GET HTTP/2
raw.githubusercontent.com/wapkiz/cdn/master/image/close2.png
IP
185.199.110.133:443
ASN
#54113 FASTLY

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
564 B (564 bytes)
Hash
865dce1b2a4002b9a85f75ea622f4000
f56c8218b5ca721a9e5a3daec742a6f38c33c075
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3

HTTP Headers

GET /wapkiz/cdn/master/image/close2.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"07ab105ccfd60fc2e0eccdd6f43cf3a305a8137d752da013e06d9eba2c8ddc27"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: FF1A:2901D2:700997:74D29A:679D944F
accept-ranges: bytes
date: Sat, 01 Feb 2025 05:04:13 GMT
via: 1.1 varnish
x-served-by: cache-hel1410029-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1738386253.894209,VS0,VE107
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: dc4421a529a0f3a326d634ceb9e3dbec4597aa4e
expires: Sat, 01 Feb 2025 05:09:13 GMT
source-age: 0
content-length: 564
X-Firefox-Spdy: h2

1337x1.wb4.xyz/

104.21.26.18

200 OK

86 kB

URL POST HTTP/3
1337x1.wb4.xyz/
IP
104.21.26.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectwb4.xyz
FingerprintB8:D6:DD:E8:AC:EB:F4:86:CD:F1:5F:A5:B5:87:95:EE:B1:55:0A:59
ValiditySat, 07 Dec 2024 03:06:49 GMT - Fri, 07 Mar 2025 03:06:48 GMT

File type
HTML document, ASCII text
Size
86 kB (86472 bytes)
Hash
0d5158f50e5c1c1b0161daf7f2aede85
3b5de6674ecffeabab9a0a0027c2b611422a1e07
b5e5f877647bc1bd6cfd192e3e44b2885f5d75c94d188a8d0b0e4b0073c7be96

HTTP Headers

POST / HTTP/1.1
Host: 1337x1.wb4.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/submit.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: sam=sam; expires=Mon, 03-Mar-2025 05:04:13 GMT; Max-Age=2592000; path=/; domain=1337x1.wb4.xyz
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NI0o0cb6Byoejnan1iNMEsvnFJ7fuWf5OrriQRWSlle%2FAtz3mOzaQO4ML9a8oVwytNaawj%2B4%2FkfNHqQ8h2WB5S%2B%2FD0KKwah0FqLSvXapopGYhvIgxLj2wawd2I9akzUlsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af664328e8568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6233&min_rtt=3644&rtt_var=3216&sent=14&recv=9&lost=0&retrans=0&sent_bytes=4160&recv_bytes=1701&delivery_rate=162966&cwnd=12000&unsent_bytes=0&cid=f463ac6f10d91028&ts=359&x=1", cfExtPri, cfHdrFlush;dur=0

www.googletagmanager.com/gtag/js?id=UA-46789381-49

142.250.74.168

200 OK

85 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-46789381-49
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3
ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
85 kB (85344 bytes)
Hash
bdbc8bcd2ebbb4cddaec20dbb5555d8a
10af8dd0718c873a10cdf52490be932603efa92e
d3529d1b28f758c5938ea2f17722d0f3582eaa33461e867c47a1b5ec7d388f87

HTTP Headers

GET /gtag/js?id=UA-46789381-49 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Feb 2025 05:04:13 GMT
expires: Sat, 01 Feb 2025 05:04:13 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Feb 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:838:0
report-to: {"group":"ascgcycc:838:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 85344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ptichoolsougn.net/401/8837469

139.45.197.107

200 OK

42 kB

URL GET HTTP/2
ptichoolsougn.net/401/8837469
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerLet's Encrypt
Subjectptichoolsougn.net
Fingerprint8B:23:0C:24:5C:8E:60:08:8A:8F:8E:C1:5F:FC:F7:FB:77:B8:91:31
ValidityTue, 26 Nov 2024 15:38:47 GMT - Mon, 24 Feb 2025 15:38:46 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (41576 bytes)
Hash
c86e01980088e61e9bd085fbafd28873
8f30bb5a7b35a3dcd18070b82cdfbb6e1d110921
9e53d1fb614c57676d9bbe68b7ae4089da514277def8481139ee5d8a60a27442

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/8837469 HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/javascript
x-trace-id: 4b8864ad45102e34f496eec01808b968
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=030163397b584da9fdf840b4c69e9fcd; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

wugroansaghadry.com/401/8837431

139.45.197.119

200 OK

143 kB

URL GET HTTP/2
wugroansaghadry.com/401/8837431
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectwugroansaghadry.com
FingerprintB3:FC:C2:A6:01:5A:46:7D:C9:6B:03:D1:B8:D9:57:D2:E3:05:F3:DB
ValidityFri, 27 Dec 2024 06:16:16 GMT - Thu, 27 Mar 2025 06:16:15 GMT

File type
gzip compressed data, max speed, from Unix
Size
143 kB (142803 bytes)
Hash
ae83194b80e52dd827f6346a74cdb4e3
24d8faeccd481f588b46993dbdfcab909e845b9a
155166af13c426f9d9d7678c1321805b268f1d5f72ebc26d85e26c364d1e71e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/8837431 HTTP/1.1
Host: wugroansaghadry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/javascript
x-trace-id: f3fcf9f28fd73f960e06d2d84283957d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0301632b53614856fa9097c08c54bb23; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css

104.18.11.207

200 OK

62 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint53:78:04:46:B4:48:0A:28:30:67:23:9B:D5:25:73:FE:FA:81:58:19
ValidityThu, 16 Jan 2025 00:27:53 GMT - Wed, 16 Apr 2025 01:27:34 GMT

File type
ASCII text, with very long lines (65371)
Size
62 kB (61905 bytes)
Hash
2f624089c65f12185e79925bc5a7fc42
8eb176c70b9cfa6871b76d6dc98fb526e7e9b3de
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

HTTP Headers

GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "2f624089c65f12185e79925bc5a7fc42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 09/26/2024 10:53:39
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 92ce5a8f9fec211725129bb843866184
cdn-cache: HIT
cf-cache-status: HIT
age: 1201024
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 90af663b2cf67128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html

172.67.165.78

200 OK

5.7 kB

URL User Request GET HTTP/2
wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
IP
172.67.165.78:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectjdi5.com
Fingerprint6A:3B:01:B6:6E:75:B7:2A:FD:EC:1E:64:AA:35:B1:A7:1D:3B:1E:82
ValidityThu, 02 Jan 2025 20:02:51 GMT - Wed, 02 Apr 2025 21:01:02 GMT

File type
HTML document, ASCII text, with very long lines (461)
Size
5.7 kB (5697 bytes)
Hash
a27c61fa7dab4d2e46802f0ba171cfc5
155422784937c789c7c9d1401b2985d74f97da0d
973dc0f1d860bd19a96bfa3447d3af196901db8dcdf5632721291e43969e20a7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html HTTP/1.1
Host: wk.jdi5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=srOc%2Br7Y0O0KZCwX0rfT2mFdb9yQmZY2GUVMBAa0AWGTux%2BXVCTkgFQva7lK9Y5plkI2q8fmu10UwKiC4blSvuEAEzRXPFnSbM%2FbgMWjVAUIdYe%2FpqRpZ6%2F27s7s5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af6638a84b5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5907&min_rtt=413&rtt_var=11004&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3265&recv_bytes=1406&delivery_rate=8369942&cwnd=254&unsent_bytes=0&cid=3319c844534d6faa&ts=90&x=0"
X-Firefox-Spdy: h2

wugroansaghadry.com/401/8837431

139.45.197.119

200 OK

42 kB

URL GET HTTP/2
wugroansaghadry.com/401/8837431
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectwugroansaghadry.com
FingerprintB3:FC:C2:A6:01:5A:46:7D:C9:6B:03:D1:B8:D9:57:D2:E3:05:F3:DB
ValidityFri, 27 Dec 2024 06:16:16 GMT - Thu, 27 Mar 2025 06:16:15 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (41565 bytes)
Hash
0f3603137208ca7b973626ab069f57ef
4be3ca87b77cf8d164f82ac9bc99319d032adebe
2f94eceb12e6bf99268195f4ca45961862ebf5afc2b97fe61e1ea54e85c2927a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/8837431 HTTP/1.1
Host: wugroansaghadry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/javascript
x-trace-id: a15fb680cecf537d20fa31468bfbcd0e
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=03016315aada4d20f22c6cebed25b653; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

naupsithizeekee.com/tag.min.js

188.114.96.1

200 OK

41 kB

URL GET HTTP/2
naupsithizeekee.com/tag.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectnaupsithizeekee.com
FingerprintA0:2D:FB:33:7F:74:38:2B:3C:61:79:E8:0F:9C:FD:77:BA:A3:48:A6
ValidityFri, 31 Jan 2025 15:23:47 GMT - Thu, 01 May 2025 16:21:22 GMT

File type
gzip compressed data, from Unix
Size
41 kB (41141 bytes)
Hash
83c48fb56d9cd2cfa672917fbaf21f7f
bca1740f0c9e60e4c65cc60d712e3cad67eec3e5
c763fb0343bb79c75f20fd1994cad438c5f847e46d4138e6fec2b89817dae54c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: naupsithizeekee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/javascript
x-trace-id: 74c61cc590765955d66b94b0d62fe986
cache-control: public, max-age=3600, s-maxage=1800
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 1792
last-modified: Sat, 01 Feb 2025 04:34:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MQ382vquyqCzW6EPsdDPEdywIgx4Ax9QAgYo4Uy0RGbMTOpuTeRhPhp5kimjpmoCXBr63kbF8i9cfhuWh77grIaVvJSYzPjgGvpiwp6fOXPIa1kfSDc3SICGDUzeLL4BB1ReO4vr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af6644cf8356bd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1519&min_rtt=443&rtt_var=1997&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3222&recv_bytes=1143&delivery_rate=7647887&cwnd=254&unsent_bytes=0&cid=583f92dc26b8e425&ts=43&x=0"
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

172.64.146.234

200 OK

9.5 kB

URL GET HTTP/2
my.rtmark.net/gid.js
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint56:7F:53:10:57:2F:C3:F4:06:8B:DB:2F:C1:F7:6A:1D:68:59:14:3F
ValiditySat, 04 Jan 2025 10:02:11 GMT - Fri, 04 Apr 2025 11:00:33 GMT

File type
gzip compressed data, from Unix
Size
9.5 kB (9489 bytes)
Hash
41830c8c915fa9601273c81263e3283a
17b934cebca58b55e9044595c09a0f8b55648b48
09a23e11ae65de9c496019b9c048ffe7b95399a5ebc9af2cee77f9e4035ac0be

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=0801630a52cc4a96f0c10d75c47acb30; expires=Sun, 01 Feb 2026 05:04:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 90af664768131c0e-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uciftoongardo.net/5/8837420/?oo=1&js_build=iclick-v1.1068.0&dmn=naupsithizeekee.com&tt=2&ix=1

139.45.197.244

200 OK

5.9 kB

URL GET HTTP/2
uciftoongardo.net/5/8837420/?oo=1&js_build=iclick-v1.1068.0&dmn=naupsithizeekee.com&tt=2&ix=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectuciftoongardo.net
FingerprintB3:6E:4C:90:35:BF:83:73:64:0A:44:9F:AC:14:49:28:91:35:23:41
ValidityTue, 21 Jan 2025 13:46:54 GMT - Mon, 21 Apr 2025 13:46:53 GMT

File type
gzip compressed data, max speed, from Unix
Size
5.9 kB (5864 bytes)
Hash
df8cc7f93c005bd744f6866de4699072
77f3d5406c00b68009be1125c60e9eecc9ff38f0
11f7c27850345eb009fec054edc04a8b3da58fd978f6ba29a2e5123dead77e38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/8837420/?oo=1&js_build=iclick-v1.1068.0&dmn=naupsithizeekee.com&tt=2&ix=1 HTTP/1.1
Host: uciftoongardo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/json
x-trace-id: 347d8c85b453afa63303825e93047d25
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008163c645184921eb68465b755d5572; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
oaidts=1738386253; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cank.xyz/red2.php?id=30

172.67.221.41

302 Found

6.2 kB

URL GET HTTP/2
cank.xyz/red2.php?id=30
IP
172.67.221.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectcank.xyz
FingerprintC5:5E:24:74:A1:EF:47:BE:4E:C5:56:1C:82:97:83:05:9B:F3:43:FB
ValiditySat, 21 Dec 2024 11:12:03 GMT - Fri, 21 Mar 2025 12:09:48 GMT

File type
data
Size
6.2 kB (6221 bytes)
Hash
247f55cd9de88f10ec7c8a9ecd1383a7
42324f5cbb4d775783b8c0a1c9b664f0e68413aa
48a9ddd0db89b8bab0a9ec086924ee10ae14ec7b699e842505868ef1e2a6bdfa

HTTP Headers

GET /red2.php?id=30 HTTP/1.1
Host: cank.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: text/html; charset=UTF-8
location: https://1337x1.wb4.xyz/submit.php
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJZzBPPpY3D4zDUptLCu2bSaD1GcAZlGWmLdL%2BSm1qN%2FmP0ySAfIAmv%2BKFHi5HUDOp%2FtZzvIURi6ZzCS%2FsbLj0YmQvgVNXwe8WpJ97oTHjXCyVW6jpx2zXkdqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af663fdb877131-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=635&min_rtt=509&rtt_var=232&sent=10&recv=12&lost=0&retrans=0&sent_bytes=3828&recv_bytes=1226&delivery_rate=7063414&cwnd=256&unsent_bytes=0&cid=5d21f8d79d42a627&ts=103&x=0"
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.11.245

200 OK

9.7 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.11.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjecttzegilo.com
Fingerprint8E:DC:31:F6:FF:38:97:24:78:2A:5C:E7:4F:8B:25:4F:18:35:BF:AA
ValiditySun, 19 Jan 2025 12:16:23 GMT - Sat, 19 Apr 2025 13:13:31 GMT

File type
JavaScript source, ASCII text, with very long lines (17229)
Size
9.7 kB (9738 bytes)
Hash
01227f5edc20e0ff4ed643b27cb8bb68
d71a88f7341f2b1bdaa7deb9a66888607bd52598
75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/javascript
last-modified: Thu, 11 Jul 2024 10:23:58 GMT
etag: W/"668fb2be-45d7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1620
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZTcL190id%2FU7oj2QA5CLYUwz9ruD8uSmwnC9E2g8mGhBMuCBsxDJdMVa4S%2B4fQBeFFmqhkf5tSwJ7E4tmhcJOZ8a5mwB%2FtU%2BQhaNRGbjnG3ixBas0H5oSK5gyT%2B9Yg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af66497b275688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=809&min_rtt=441&rtt_var=739&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3273&recv_bytes=1261&delivery_rate=7156507&cwnd=254&unsent_bytes=0&cid=7920a336a5a84644&ts=91&x=0"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200

142.250.74.168

200 OK

102 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3
ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
102 kB (101694 bytes)
Hash
97e80878a6274918e308b49188605c88
d0ad1de4fed3ad7aa045fc5d9e52af193a238bbe
e3c4bab29264cf36c4c0fead2474129ff6d9db0a37d50526e6a0e4a7d6739693

HTTP Headers

GET /gtag/js?id=G-32THDDHNK8&l=dataLayer&cx=c&gtm=457e51u0za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Feb 2025 05:04:14 GMT
expires: Sat, 01 Feb 2025 05:04:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:838:0
report-to: {"group":"ascgcycc:838:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 101694
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

theetheks.com/500/8837581?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com

139.45.197.119

200 OK

0 B

URL GET HTTP/2
theetheks.com/500/8837581?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/8837581?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://1337x1.wb4.xyz/
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

wugroansaghadry.com/500/8837431?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=wugroansaghadry.com

139.45.197.119

200 OK

3.6 kB

URL OPTIONS HTTP/2
wugroansaghadry.com/500/8837431?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=wugroansaghadry.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectwugroansaghadry.com
FingerprintB3:FC:C2:A6:01:5A:46:7D:C9:6B:03:D1:B8:D9:57:D2:E3:05:F3:DB
ValidityFri, 27 Dec 2024 06:16:16 GMT - Thu, 27 Mar 2025 06:16:15 GMT

File type
JSON text data
Size
3.6 kB (3578 bytes)
Hash
953cffdf8edbdc2520a52095aad471ee
49487c80aee647a096d827feb2c31ab128869559
9897a1b988f4c2a9173ba790301e64039b4d9d0f9c3d519fffab5834bacaba00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/8837431?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=wugroansaghadry.com HTTP/1.1
Host: wugroansaghadry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=03016315aada4d20f22c6cebed25b653
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/javascript
x-trace-id: da68b61bc889a35ea1e5ce1087cb47f2
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0801636fbe874e19eba495310ab53ae1; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

onmanectrictor.com/www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg

188.114.97.1

200 OK

10 kB

URL GET HTTP/3
onmanectrictor.com/www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectonmanectrictor.com
Fingerprint84:5C:2E:87:AD:5B:77:93:AB:8F:FF:36:9A:C1:4D:91:FE:A3:FD:2A
ValiditySun, 19 Jan 2025 09:17:08 GMT - Sat, 19 Apr 2025 10:15:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
10 kB (10226 bytes)
Hash
2663d85bf3f3c4eaa989866f5c7eff92
6fcf831e78895da5767edeb239f610538668cd60
b36c4f626d6183f36b999f70c9bca3d239760563e281f299e10a081dc021bca3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg HTTP/1.1
Host: onmanectrictor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: image/jpeg
content-length: 10226
last-modified: Wed, 11 Dec 2024 12:08:51 GMT
etag: "675980d3-27f2"
expires: Sat, 01 Feb 2025 06:20:31 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 81823
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEQhyvw2yFIR7ChNknTWSkacsWfzzw1i48hF72yunLcQdeV8yg%2FiW6BubqOXasphEeOrJXALZgybF4VoAqFsjS7bRkb469a5aVci1d%2BulA0EufkQXqdaHhAeBTeqg6BHQ4H4DSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af664b0e70b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=646&min_rtt=535&rtt_var=266&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3220&recv_bytes=1111&delivery_rate=7715808&cwnd=254&unsent_bytes=0&cid=62af3999459d907c&ts=44&x=0"
X-Firefox-Spdy: h2

ptichoolsougn.net/mtg/

139.45.197.107

200 OK

0 B

URL POST HTTP/2
ptichoolsougn.net/mtg/
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectptichoolsougn.net
Fingerprint8B:23:0C:24:5C:8E:60:08:8A:8F:8E:C1:5F:FC:F7:FB:77:B8:91:31
ValidityTue, 26 Nov 2024 15:38:47 GMT - Mon, 24 Feb 2025 15:38:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /mtg/ HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1337x1.wb4.xyz/
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-length: 0
allow: OPTIONS, POST
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c970483b-99cf-466d-af0a-6b7d7cc074f0

139.45.195.252

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c970483b-99cf-466d-af0a-6b7d7cc074f0
IP
139.45.195.252:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0
ValidityWed, 11 Dec 2024 00:00:00 GMT - Sun, 11 Jan 2026 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c970483b-99cf-466d-af0a-6b7d7cc074f0 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2153
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Sat, 01 Feb 2025 05:04:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://1337x1.wb4.xyz
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ptichoolsougn.net/500/8837469?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=ptichoolsougn.net

139.45.197.107

200 OK

1.1 kB

URL GET HTTP/2
ptichoolsougn.net/500/8837469?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=ptichoolsougn.net
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectptichoolsougn.net
Fingerprint8B:23:0C:24:5C:8E:60:08:8A:8F:8E:C1:5F:FC:F7:FB:77:B8:91:31
ValidityTue, 26 Nov 2024 15:38:47 GMT - Mon, 24 Feb 2025 15:38:46 GMT

File type
JSON text data
Size
1.1 kB (1069 bytes)
Hash
bf96eb1d1d3844a9c2e5c8ec4be953b3
7bc4b82fbccfd917c1f0a6aa04e72a8ff46c3816
3c512fb5224addd2b5dc8d5510e126b99435c5a554f02a73ad803a5b2805e00d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/8837469?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=ptichoolsougn.net HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=030163397b584da9fdf840b4c69e9fcd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/javascript
x-trace-id: 4fd3b4ef9f0d925a35d365cc2a52e4b0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0801636fbe874e19eba495310ab53ae1; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

weegraphooph.net/?rb=ncRqpOlniOoUysnPV2u6FQp6PzsaadcuvovL45CB_eYNHn7QlrNdQeUAEJ0FUd9q4EiCYk_OXk6o082rnGDHGA7DObRVj0qPSAAddLa-DD5r9Y-OCwKw7Y_GWkUwN-r0Xqipb7id5tdGPHFTAeGxzYbALdXzTBmjC59rmWNClIuWayFQnoNm2joZb3myYQw9x9KDO8CKv1N7_dP8VBRKERmSQeABeQYuZ3Bnzq9A43OWtAIvZpjYlXjmgNIQQnRF8IR21CS133L3rwmv5unMQIsFp1Dedpqe_puG9oa3lDY%3D&request_ab2=0&zoneid=8837420&js_build=iclick-v1.1068.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=270&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1068.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=a57a737b-ebff-4b60-90bc-004ebdfe3849&wasm=1&userId=0801630a52cc4a96f0c10d75c47acb30&m=link

139.45.197.106

200 OK

2.2 kB

URL GET HTTP/2
weegraphooph.net/?rb=ncRqpOlniOoUysnPV2u6FQp6PzsaadcuvovL45CB_eYNHn7QlrNdQeUAEJ0FUd9q4EiCYk_OXk6o082rnGDHGA7DObRVj0qPSAAddLa-DD5r9Y-OCwKw7Y_GWkUwN-r0Xqipb7id5tdGPHFTAeGxzYbALdXzTBmjC59rmWNClIuWayFQnoNm2joZb3myYQw9x9KDO8CKv1N7_dP8VBRKERmSQeABeQYuZ3Bnzq9A43OWtAIvZpjYlXjmgNIQQnRF8IR21CS133L3rwmv5unMQIsFp1Dedpqe_puG9oa3lDY%3D&request_ab2=0&zoneid=8837420&js_build=iclick-v1.1068.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=270&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1068.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=a57a737b-ebff-4b60-90bc-004ebdfe3849&wasm=1&userId=0801630a52cc4a96f0c10d75c47acb30&m=link
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectweegraphooph.net
FingerprintD4:AA:27:3B:BF:84:5F:27:D4:CC:E1:2F:02:E9:B9:63:E8:2F:21:38
ValidityWed, 13 Nov 2024 18:32:15 GMT - Tue, 11 Feb 2025 18:32:14 GMT

File type
JSON text data
Size
2.2 kB (2173 bytes)
Hash
040bd7096731c140fa3ad6cb2ff7030b
5e19ab0ea07cbe81b4314bf242d73486ff19bcf9
e0133a1a1d9d38d089bf5eadb87d30170a22127d10fe0cc2231d52940623d323

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=ncRqpOlniOoUysnPV2u6FQp6PzsaadcuvovL45CB_eYNHn7QlrNdQeUAEJ0FUd9q4EiCYk_OXk6o082rnGDHGA7DObRVj0qPSAAddLa-DD5r9Y-OCwKw7Y_GWkUwN-r0Xqipb7id5tdGPHFTAeGxzYbALdXzTBmjC59rmWNClIuWayFQnoNm2joZb3myYQw9x9KDO8CKv1N7_dP8VBRKERmSQeABeQYuZ3Bnzq9A43OWtAIvZpjYlXjmgNIQQnRF8IR21CS133L3rwmv5unMQIsFp1Dedpqe_puG9oa3lDY%3D&request_ab2=0&zoneid=8837420&js_build=iclick-v1.1068.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=270&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1068.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=a57a737b-ebff-4b60-90bc-004ebdfe3849&wasm=1&userId=0801630a52cc4a96f0c10d75c47acb30&m=link HTTP/1.1
Host: weegraphooph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1337x1.wb4.xyz/
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/json
x-trace-id: 583ff366e5274183ceaacb72b4752a03
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0801630a52cc4a96f0c10d75c47acb30; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
oaidts=1738386254; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 08 Feb 2025 05:04:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=715913f8-dccf-407d-a3d2-c8cc9344a47a

139.45.195.252

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=715913f8-dccf-407d-a3d2-c8cc9344a47a
IP
139.45.195.252:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0
ValidityWed, 11 Dec 2024 00:00:00 GMT - Sun, 11 Jan 2026 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=715913f8-dccf-407d-a3d2-c8cc9344a47a HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2147
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Sat, 01 Feb 2025 05:04:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://1337x1.wb4.xyz
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=715913f8-dccf-407d-a3d2-c8cc9344a47a

139.45.195.252

200 OK

0 B

URL POST HTTP/1.1
fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=715913f8-dccf-407d-a3d2-c8cc9344a47a
IP
139.45.195.252:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0
ValidityWed, 11 Dec 2024 00:00:00 GMT - Sun, 11 Jan 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=715913f8-dccf-407d-a3d2-c8cc9344a47a HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1154
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Sat, 01 Feb 2025 05:04:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://1337x1.wb4.xyz
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

wugroansaghadry.com/impression/31KQn2nd5rHEjW8HRw628xaslO6hYKde7pPbUrZ7263L59NFzDAw_akt5pamBWVwEYQgQyngV8haFZ2P6E_1kf1UeYLH8ZSZLR2E_D_JeOoS8kskSsH50-brzpnqUT5e-WTB1OQW3GrRdAMh_FlLmWYGhJkle2f_BpifESwbXkMbVmbYwpTEJv380tZy8lLP-vIFdcAzku5MmIYj_xqSmRYJ56PAajOhsTOr3gvzgwzHdAIQxcsm47fNzoyASWe3bjX9BLpkiYxd4yThKO0OlKRzolXnfzMoU_VBPdj9Ft_6_t3ZTX8E_oS3TW78Oyo5RsRzHqlTHuAcBzE8QS9X36LJDvr3YTjJMvT-pCOjqbdZ5Txhd_WIst2WXm4bTy73puS7Fo4dpuNkm6RCAH0cq6ADRNVNRsWyofoZ6AJ8RAzEbufWuWi8V0Aby6BPoj5hHYr3NbSSwL8hMZQ-cGLRT2PcdYkigJBvNScwkDuT5Z1_faYeFAxJoMom3k4nkmPrKBOQTIBIZrcxFzDEzGeebFNUFWgupxKIEoYLUd3C1ubB2TOmyJdfRlk3Z2Yq5TsQ2DS7k_zQSjPbjcAdr96YEUMmh6Y=?_z=8837431&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=wugroansaghadry.com

139.45.197.119

200 OK

43 B

URL GET HTTP/2
wugroansaghadry.com/impression/31KQn2nd5rHEjW8HRw628xaslO6hYKde7pPbUrZ7263L59NFzDAw_akt5pamBWVwEYQgQyngV8haFZ2P6E_1kf1UeYLH8ZSZLR2E_D_JeOoS8kskSsH50-brzpnqUT5e-WTB1OQW3GrRdAMh_FlLmWYGhJkle2f_BpifESwbXkMbVmbYwpTEJv380tZy8lLP-vIFdcAzku5MmIYj_xqSmRYJ56PAajOhsTOr3gvzgwzHdAIQxcsm47fNzoyASWe3bjX9BLpkiYxd4yThKO0OlKRzolXnfzMoU_VBPdj9Ft_6_t3ZTX8E_oS3TW78Oyo5RsRzHqlTHuAcBzE8QS9X36LJDvr3YTjJMvT-pCOjqbdZ5Txhd_WIst2WXm4bTy73puS7Fo4dpuNkm6RCAH0cq6ADRNVNRsWyofoZ6AJ8RAzEbufWuWi8V0Aby6BPoj5hHYr3NbSSwL8hMZQ-cGLRT2PcdYkigJBvNScwkDuT5Z1_faYeFAxJoMom3k4nkmPrKBOQTIBIZrcxFzDEzGeebFNUFWgupxKIEoYLUd3C1ubB2TOmyJdfRlk3Z2Yq5TsQ2DS7k_zQSjPbjcAdr96YEUMmh6Y=?_z=8837431&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=wugroansaghadry.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectwugroansaghadry.com
FingerprintB3:FC:C2:A6:01:5A:46:7D:C9:6B:03:D1:B8:D9:57:D2:E3:05:F3:DB
ValidityFri, 27 Dec 2024 06:16:16 GMT - Thu, 27 Mar 2025 06:16:15 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/31KQn2nd5rHEjW8HRw628xaslO6hYKde7pPbUrZ7263L59NFzDAw_akt5pamBWVwEYQgQyngV8haFZ2P6E_1kf1UeYLH8ZSZLR2E_D_JeOoS8kskSsH50-brzpnqUT5e-WTB1OQW3GrRdAMh_FlLmWYGhJkle2f_BpifESwbXkMbVmbYwpTEJv380tZy8lLP-vIFdcAzku5MmIYj_xqSmRYJ56PAajOhsTOr3gvzgwzHdAIQxcsm47fNzoyASWe3bjX9BLpkiYxd4yThKO0OlKRzolXnfzMoU_VBPdj9Ft_6_t3ZTX8E_oS3TW78Oyo5RsRzHqlTHuAcBzE8QS9X36LJDvr3YTjJMvT-pCOjqbdZ5Txhd_WIst2WXm4bTy73puS7Fo4dpuNkm6RCAH0cq6ADRNVNRsWyofoZ6AJ8RAzEbufWuWi8V0Aby6BPoj5hHYr3NbSSwL8hMZQ-cGLRT2PcdYkigJBvNScwkDuT5Z1_faYeFAxJoMom3k4nkmPrKBOQTIBIZrcxFzDEzGeebFNUFWgupxKIEoYLUd3C1ubB2TOmyJdfRlk3Z2Yq5TsQ2DS7k_zQSjPbjcAdr96YEUMmh6Y=?_z=8837431&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=wugroansaghadry.com HTTP/1.1
Host: wugroansaghadry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=0801636fbe874e19eba495310ab53ae1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:18 GMT
content-type: image/gif
content-length: 43
x-trace-id: ef472ceeb2da9a94910a4a4cfe116ec7
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

onmanectrictor.com/www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg

188.114.97.1

200 OK

10 kB

URL GET HTTP/3
onmanectrictor.com/www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectonmanectrictor.com
Fingerprint84:5C:2E:87:AD:5B:77:93:AB:8F:FF:36:9A:C1:4D:91:FE:A3:FD:2A
ValiditySun, 19 Jan 2025 09:17:08 GMT - Sat, 19 Apr 2025 10:15:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
10 kB (10226 bytes)
Hash
2663d85bf3f3c4eaa989866f5c7eff92
6fcf831e78895da5767edeb239f610538668cd60
b36c4f626d6183f36b999f70c9bca3d239760563e281f299e10a081dc021bca3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg HTTP/1.1
Host: onmanectrictor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:19 GMT
content-type: image/jpeg
content-length: 10226
last-modified: Wed, 11 Dec 2024 12:08:51 GMT
etag: "675980d3-27f2"
expires: Sat, 01 Feb 2025 06:20:31 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 81828
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKlvTQGrTIReYm16LGY1kO%2F%2BWHv74OMu%2FIL1a41ukR78J7t3UStCqox7yIVow3G9uo70bJZ5dMXDzjySIQ7qnw73K8EDbQCjHc6FyPE%2FEtWHrNN63G0VpgwGajpb1%2BejXelYWA8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af66670d8356cb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3312&min_rtt=2291&rtt_var=1588&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4168&recv_bytes=1211&delivery_rate=259230&cwnd=12000&unsent_bytes=0&cid=31a127a2e95a073c&ts=4474&x=1", cfExtPri, cfHdrFlush;dur=0

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.10

200 OK

1.9 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint91:3E:F9:90:4B:40:4C:8E:D9:11:EA:64:14:86:3D:AD:DB:41:93:5C
ValidityMon, 20 Jan 2025 08:37:08 GMT - Mon, 14 Apr 2025 08:37:07 GMT

File type
gzip compressed data, max compression
Size
1.9 kB (1858 bytes)
Hash
57ee3e59f2d67a9a642524b81ee78664
4cfffbee766b88ed1dc2cdebb922a00f8d64e798
997ec72070c33e731c88ae49a2c0947fb17143c3484b1212057dad3614b017ab

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Feb 2025 05:04:19 GMT
date: Sat, 01 Feb 2025 05:04:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.163

200 OK

40 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:57:FE:D4:36:DB:03:15:19:B1:2C:50:42:64:6E:D7:C2:32:4F:B6
ValidityMon, 20 Jan 2025 08:37:07 GMT - Mon, 14 Apr 2025 08:37:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Jan 2025 12:25:12 GMT
expires: Fri, 30 Jan 2026 12:25:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
age: 146347
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.163

200 OK

40 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:57:FE:D4:36:DB:03:15:19:B1:2C:50:42:64:6E:D7:C2:32:4F:B6
ValidityMon, 20 Jan 2025 08:37:07 GMT - Mon, 14 Apr 2025 08:37:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Jan 2025 12:25:12 GMT
expires: Fri, 30 Jan 2026 12:25:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
age: 146347
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

onmanectrictor.com/www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg

188.114.97.1

200 OK

10 kB

URL GET HTTP/3
onmanectrictor.com/www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectonmanectrictor.com
Fingerprint84:5C:2E:87:AD:5B:77:93:AB:8F:FF:36:9A:C1:4D:91:FE:A3:FD:2A
ValiditySun, 19 Jan 2025 09:17:08 GMT - Sat, 19 Apr 2025 10:15:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
10 kB (10226 bytes)
Hash
2663d85bf3f3c4eaa989866f5c7eff92
6fcf831e78895da5767edeb239f610538668cd60
b36c4f626d6183f36b999f70c9bca3d239760563e281f299e10a081dc021bca3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www/images/2663d85bf3f3c4eaa989866f5c7eff92.jpg HTTP/1.1
Host: onmanectrictor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:19 GMT
content-type: image/jpeg
content-length: 10226
last-modified: Wed, 11 Dec 2024 12:08:51 GMT
etag: "675980d3-27f2"
expires: Sat, 01 Feb 2025 06:20:31 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 81828
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7h1G2va8jLouCKwXeolMr7Ca26rOWUPLnjgtYUKL8BelMi8ZaXAuQseLdIJeuWlv5TG3lqTSjC0fy9JOhsVTL6TizF%2FWZxZjpt4duQMBa0GeILonFhrwpr30Q8BuAu1dXLjsy%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af6668be0b56cb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3179&min_rtt=2250&rtt_var=1457&sent=24&recv=10&lost=0&retrans=0&sent_bytes=15566&recv_bytes=1542&delivery_rate=2550&cwnd=12000&unsent_bytes=0&cid=31a127a2e95a073c&ts=4738&x=1", cfExtPri, cfHdrFlush;dur=0

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.163

200 OK

40 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:57:FE:D4:36:DB:03:15:19:B1:2C:50:42:64:6E:D7:C2:32:4F:B6
ValidityMon, 20 Jan 2025 08:37:07 GMT - Mon, 14 Apr 2025 08:37:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Jan 2025 12:25:12 GMT
expires: Fri, 30 Jan 2026 12:25:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
age: 146347
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.10

200 OK

42 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint91:3E:F9:90:4B:40:4C:8E:D9:11:EA:64:14:86:3D:AD:DB:41:93:5C
ValidityMon, 20 Jan 2025 08:37:08 GMT - Mon, 14 Apr 2025 08:37:07 GMT

File type
gzip compressed data, max compression
Size
42 kB (41943 bytes)
Hash
e2cb6df499910aff82a8bbb8e652e7d9
40321e5e9c8d23ebc6e25bea05ab25fb9a1a80ae
04161dbaf5da4b5e2dbc7e71469efb8d41500b7b997e26a4fb6294b91e1e37d2

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Feb 2025 05:04:19 GMT
date: Sat, 01 Feb 2025 05:04:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cank.xyz/red.php?id=35

172.67.221.41

302 Found

12 kB

URL GET HTTP/2
cank.xyz/red.php?id=35
IP
172.67.221.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectcank.xyz
FingerprintC5:5E:24:74:A1:EF:47:BE:4E:C5:56:1C:82:97:83:05:9B:F3:43:FB
ValiditySat, 21 Dec 2024 11:12:03 GMT - Fri, 21 Mar 2025 12:09:48 GMT

File type
data
Size
12 kB (12141 bytes)
Hash
07f91022e0d0e596f520d2bcda0236a4
c623e28ed266089119c5f8a345142e610391f020
633770ab08a3e7e725c1e223cd550ebdabb07623cfe641a27bf31a485e67912d

HTTP Headers

GET /red.php?id=35 HTTP/1.1
Host: cank.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: text/html; charset=UTF-8
location: https://1337x1.wb4.xyz/submit.php
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ibma0vDOGJCXnvfsMC6Q4%2FML9DFzVy4IRy9rGrWzueb0hOhEW91TuK1z9g4II39dmmf0VyMpd%2FYAxBfVE6voGm2JzuTHnOi8sV1xJTe3cxtvPPe6hm0JKwyKEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af663fdb817131-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=569&min_rtt=509&rtt_var=133&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3187&recv_bytes=1226&delivery_rate=7063414&cwnd=254&unsent_bytes=0&cid=5d21f8d79d42a627&ts=98&x=0"
X-Firefox-Spdy: h2

weegraphooph.net/?rb=eTHsvvLiBiSXOlNYO6-zp8ydUcyFQMLqr-YdMv29ExOcIMp2-OCxXFzMweve8RsV6_3_7JgP27Px1SG3n7FYvPoj9k1HSw0vnlrlZezk5I_fPBdmsQGj_ahct0GuPymyiXZlfydt4kZreiqRNbkx6N5S0vrwIEqyYnTwUr7vFZPkRtt-XHlv1Qg_ERl8KT7YcBhaWAXD1Q_kuTSkSzl3wfrBadhu7Jq7sVxO7aIiuczntMsqs39qAPkW8UAzqr8m-Kc3cXeLZJmleDASqHZ2dKAXnwRYcHnfGw6VfVcOXmU%3D&request_ab2=0&zoneid=8837420&js_build=iclick-v1.1068.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=270&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchargha-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1068.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&bs=a57a737b-ebff-4b60-90bc-004ebdfe3849&userId=0801636fbe874e19eba495310ab53ae1&m=link

139.45.197.106

200 OK

12 kB

URL GET HTTP/2
weegraphooph.net/?rb=eTHsvvLiBiSXOlNYO6-zp8ydUcyFQMLqr-YdMv29ExOcIMp2-OCxXFzMweve8RsV6_3_7JgP27Px1SG3n7FYvPoj9k1HSw0vnlrlZezk5I_fPBdmsQGj_ahct0GuPymyiXZlfydt4kZreiqRNbkx6N5S0vrwIEqyYnTwUr7vFZPkRtt-XHlv1Qg_ERl8KT7YcBhaWAXD1Q_kuTSkSzl3wfrBadhu7Jq7sVxO7aIiuczntMsqs39qAPkW8UAzqr8m-Kc3cXeLZJmleDASqHZ2dKAXnwRYcHnfGw6VfVcOXmU%3D&request_ab2=0&zoneid=8837420&js_build=iclick-v1.1068.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=270&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchargha-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1068.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&bs=a57a737b-ebff-4b60-90bc-004ebdfe3849&userId=0801636fbe874e19eba495310ab53ae1&m=link
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerLet's Encrypt
Subjectweegraphooph.net
FingerprintD4:AA:27:3B:BF:84:5F:27:D4:CC:E1:2F:02:E9:B9:63:E8:2F:21:38
ValidityWed, 13 Nov 2024 18:32:15 GMT - Tue, 11 Feb 2025 18:32:14 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (12322 bytes)
Hash
739f6de23751604f5df80291a3624453
dae70e29e381411b6a5949f2974974753e3fd5bc
1fb9fa6da6b864312f36374d1c66b9988531fc15c92e4f5496fbd6aaabdf127d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=eTHsvvLiBiSXOlNYO6-zp8ydUcyFQMLqr-YdMv29ExOcIMp2-OCxXFzMweve8RsV6_3_7JgP27Px1SG3n7FYvPoj9k1HSw0vnlrlZezk5I_fPBdmsQGj_ahct0GuPymyiXZlfydt4kZreiqRNbkx6N5S0vrwIEqyYnTwUr7vFZPkRtt-XHlv1Qg_ERl8KT7YcBhaWAXD1Q_kuTSkSzl3wfrBadhu7Jq7sVxO7aIiuczntMsqs39qAPkW8UAzqr8m-Kc3cXeLZJmleDASqHZ2dKAXnwRYcHnfGw6VfVcOXmU%3D&request_ab2=0&zoneid=8837420&js_build=iclick-v1.1068.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=270&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchargha-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=2&wgl=&js_build=iclick-v1.1068.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&bs=a57a737b-ebff-4b60-90bc-004ebdfe3849&userId=0801636fbe874e19eba495310ab53ae1&m=link HTTP/1.1
Host: weegraphooph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1337x1.wb4.xyz/
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=0801630a52cc4a96f0c10d75c47acb30; oaidts=1738386254; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/json
x-trace-id: 94e486f26e47da143b66037c5bcaaf21
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0801636fbe874e19eba495310ab53ae1; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
oaidts=1738386254; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 08 Feb 2025 05:04:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.119

200 OK

9.2 kB

URL GET HTTP/2
theetheks.com/500/8837581?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.2 kB (9222 bytes)
Hash
4145d7f2fc2f747fbff9ba1ae2537c9f
e3f4a67891038210cc411ef847ff6ae7ad96de49
8a4b984e63d0b226bb97c5ad5cbdd23dedd1f70b5d0a12879abc4b3c47440d13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/8837581?excludes=&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=030163bffde34126eb1ba3f83a82b04b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:14 GMT
content-type: application/javascript
x-trace-id: a02ef7d86276a800c2eb697a496b66d8
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0801636fbe874e19eba495310ab53ae1; expires=Sun, 01 Feb 2026 05:04:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

theetheks.com/impression/BUIP-rK-s7mGsRdRLcBJ6LYTXJpe7d5seFnAUTrH8I7kOJacPheB4jMwlMPOJVGXUOeaQs7x96A6TBlH0ltHX4IcGOJ5nELXE0wim26UuHVUHzxMPXPgtBH-Zcwd3UNSbPh1oWmIw_FWENz03l0EEM-hrPU-c_qhc2OaBhIQHXmcXIoGA4Uwcm34VdRnb_wxhQOLs_JYjEN1dVAYDB7wXh94wogu5l38_ch5EhXBgmofNzQceH6svzwaEenaWScT3HzsHAKUBgFj_h8H0gLaUS5PQc8blLXS5_j5BzT1ComB9XMe5ZqxhG0tyW38bmk0Wz4RQ8KPmTPqw5u-GcXJd7lSLAcYo4UXObN3PW_adjRMQhwrw3Y-PltVi4YomMiYohuONhs9hhJ8MVr33XrvY-t2ACM4VrwqPX4Ly8Fh32LfZOe7F-rDfiSJakieNq_sQ12-ADyxkmeUVRdi647CmWETPhGADzp5618f8JI0BQGCuR50vYBzXr8HvlBTd6H1Zxgoy8K7X3m2UU2-LLPdtzCAfLfgRLD1BEBRvB1pLt-6sCEBKdCgnZJ1JI6_80SMydmMU1vKoeN5rUdI5p1ofB3EIWo=?_z=8837581&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com

139.45.197.119

200 OK

43 B

URL GET HTTP/2
theetheks.com/impression/BUIP-rK-s7mGsRdRLcBJ6LYTXJpe7d5seFnAUTrH8I7kOJacPheB4jMwlMPOJVGXUOeaQs7x96A6TBlH0ltHX4IcGOJ5nELXE0wim26UuHVUHzxMPXPgtBH-Zcwd3UNSbPh1oWmIw_FWENz03l0EEM-hrPU-c_qhc2OaBhIQHXmcXIoGA4Uwcm34VdRnb_wxhQOLs_JYjEN1dVAYDB7wXh94wogu5l38_ch5EhXBgmofNzQceH6svzwaEenaWScT3HzsHAKUBgFj_h8H0gLaUS5PQc8blLXS5_j5BzT1ComB9XMe5ZqxhG0tyW38bmk0Wz4RQ8KPmTPqw5u-GcXJd7lSLAcYo4UXObN3PW_adjRMQhwrw3Y-PltVi4YomMiYohuONhs9hhJ8MVr33XrvY-t2ACM4VrwqPX4Ly8Fh32LfZOe7F-rDfiSJakieNq_sQ12-ADyxkmeUVRdi647CmWETPhGADzp5618f8JI0BQGCuR50vYBzXr8HvlBTd6H1Zxgoy8K7X3m2UU2-LLPdtzCAfLfgRLD1BEBRvB1pLt-6sCEBKdCgnZJ1JI6_80SMydmMU1vKoeN5rUdI5p1ofB3EIWo=?_z=8837581&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/BUIP-rK-s7mGsRdRLcBJ6LYTXJpe7d5seFnAUTrH8I7kOJacPheB4jMwlMPOJVGXUOeaQs7x96A6TBlH0ltHX4IcGOJ5nELXE0wim26UuHVUHzxMPXPgtBH-Zcwd3UNSbPh1oWmIw_FWENz03l0EEM-hrPU-c_qhc2OaBhIQHXmcXIoGA4Uwcm34VdRnb_wxhQOLs_JYjEN1dVAYDB7wXh94wogu5l38_ch5EhXBgmofNzQceH6svzwaEenaWScT3HzsHAKUBgFj_h8H0gLaUS5PQc8blLXS5_j5BzT1ComB9XMe5ZqxhG0tyW38bmk0Wz4RQ8KPmTPqw5u-GcXJd7lSLAcYo4UXObN3PW_adjRMQhwrw3Y-PltVi4YomMiYohuONhs9hhJ8MVr33XrvY-t2ACM4VrwqPX4Ly8Fh32LfZOe7F-rDfiSJakieNq_sQ12-ADyxkmeUVRdi647CmWETPhGADzp5618f8JI0BQGCuR50vYBzXr8HvlBTd6H1Zxgoy8K7X3m2UU2-LLPdtzCAfLfgRLD1BEBRvB1pLt-6sCEBKdCgnZJ1JI6_80SMydmMU1vKoeN5rUdI5p1ofB3EIWo=?_z=8837581&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=0801636fbe874e19eba495310ab53ae1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:23 GMT
content-type: image/gif
content-length: 43
x-trace-id: d5f52164f03425fe9a78b20c5c3de341
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

theetheks.com/500/8837581?excludes=22975994&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com

139.45.197.119

200 OK

0 B

URL OPTIONS HTTP/2
theetheks.com/500/8837581?excludes=22975994&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/8837581?excludes=22975994&oaid=0801636fbe874e19eba495310ab53ae1&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://1337x1.wb4.xyz/
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:24 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1337x1.wb4.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

onmanectrictor.com/www/images/b85ad934afdb0f6def6d670fc7cb0826.jpg

188.114.97.1

200 OK

14 kB

URL GET HTTP/3
onmanectrictor.com/www/images/b85ad934afdb0f6def6d670fc7cb0826.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerGoogle Trust Services
Subjectonmanectrictor.com
Fingerprint84:5C:2E:87:AD:5B:77:93:AB:8F:FF:36:9A:C1:4D:91:FE:A3:FD:2A
ValiditySun, 19 Jan 2025 09:17:08 GMT - Sat, 19 Apr 2025 10:15:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
14 kB (13536 bytes)
Hash
b85ad934afdb0f6def6d670fc7cb0826
785dd8a25b5a23266370845bfd8f1a7adf632091
e1cccf178b0512ea63f446675847855f04e0c856acbd3cc51b7fe2a839beb4aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /www/images/b85ad934afdb0f6def6d670fc7cb0826.jpg HTTP/1.1
Host: onmanectrictor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:24 GMT
content-type: image/jpeg
content-length: 13536
last-modified: Sun, 24 Nov 2024 14:31:11 GMT
etag: "674338af-34e0"
expires: Sun, 02 Feb 2025 01:43:48 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 12036
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vPBhkDeEQ0LXo6WvYSWNOTdcltrQnOGYlHa9wODjOA1lxnEX6GbmZWyX57YC%2FJlelxr39GcpLGe0UFHJ91MBw1TdELxsNvn%2Bmy4RpgJaXptSqY6SZ92%2BmJO%2Fo9O4t7p7Ci4AXY0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af66876ba456cb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3034&min_rtt=2018&rtt_var=1383&sent=35&recv=12&lost=0&retrans=0&sent_bytes=26922&recv_bytes=1893&delivery_rate=1098111&cwnd=12000&unsent_bytes=0&cid=31a127a2e95a073c&ts=9653&x=1", cfExtPri, cfHdrFlush;dur=0

theetheks.com/impression/sIbrYH7h3yFNmZgyCHkAI0J5HvFYDMO-jXXrMcgadBcEiPxBdL62zgW464IQMxpa9EmVJhUMaBZeAaZZKUEQYibI4QxHE3YeBBYMRfG13HNbGQL9zXJCe6nW_TpQQ6Ya9v35Abkax5uzMEYT0byg7tbdjer3zoQkNHfSkEsC4I9XCXR0jq5kCab9pnQljmDLSmYGvZS9YVjmdh5N99_m8loKsKinK1ubIMpNdPJUzB5JBpb2qyqLfk6gZdHn_iq79_OcoO241bOWS607yAM_ua_OthWavAFdAdkiv3-HXDbLcuXkpcHKLDWIbJxGMRnQilnqkPCzblfwArzzHICzLEprd2-A2f7IRUuz-Wq2ePWbqdJxaPFElq2BeyO3sVJg8fG1rDZ2nO_apFxRQsL3J2ER0RaH_2aL5XH2hK21jnDQDc_N0a69tcOtYUeIUjxmJtSqprvLQagmUYetUucmwXApQxZt3rOgKGXA07uwNq_nuYsXnSp-A5uHufPAV058J7hQOQImwV1cooxzHeaprPwUkS-fBxt_J3XbDZp3bDFujm7rOdVv_6QVtTSRfhGilSig8Urz5CqWdenUC75Zbxzg2L8=?_z=8837581&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com

139.45.197.119

200 OK

43 B

URL GET HTTP/2
theetheks.com/impression/sIbrYH7h3yFNmZgyCHkAI0J5HvFYDMO-jXXrMcgadBcEiPxBdL62zgW464IQMxpa9EmVJhUMaBZeAaZZKUEQYibI4QxHE3YeBBYMRfG13HNbGQL9zXJCe6nW_TpQQ6Ya9v35Abkax5uzMEYT0byg7tbdjer3zoQkNHfSkEsC4I9XCXR0jq5kCab9pnQljmDLSmYGvZS9YVjmdh5N99_m8loKsKinK1ubIMpNdPJUzB5JBpb2qyqLfk6gZdHn_iq79_OcoO241bOWS607yAM_ua_OthWavAFdAdkiv3-HXDbLcuXkpcHKLDWIbJxGMRnQilnqkPCzblfwArzzHICzLEprd2-A2f7IRUuz-Wq2ePWbqdJxaPFElq2BeyO3sVJg8fG1rDZ2nO_apFxRQsL3J2ER0RaH_2aL5XH2hK21jnDQDc_N0a69tcOtYUeIUjxmJtSqprvLQagmUYetUucmwXApQxZt3rOgKGXA07uwNq_nuYsXnSp-A5uHufPAV058J7hQOQImwV1cooxzHeaprPwUkS-fBxt_J3XbDZp3bDFujm7rOdVv_6QVtTSRfhGilSig8Urz5CqWdenUC75Zbxzg2L8=?_z=8837581&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/sIbrYH7h3yFNmZgyCHkAI0J5HvFYDMO-jXXrMcgadBcEiPxBdL62zgW464IQMxpa9EmVJhUMaBZeAaZZKUEQYibI4QxHE3YeBBYMRfG13HNbGQL9zXJCe6nW_TpQQ6Ya9v35Abkax5uzMEYT0byg7tbdjer3zoQkNHfSkEsC4I9XCXR0jq5kCab9pnQljmDLSmYGvZS9YVjmdh5N99_m8loKsKinK1ubIMpNdPJUzB5JBpb2qyqLfk6gZdHn_iq79_OcoO241bOWS607yAM_ua_OthWavAFdAdkiv3-HXDbLcuXkpcHKLDWIbJxGMRnQilnqkPCzblfwArzzHICzLEprd2-A2f7IRUuz-Wq2ePWbqdJxaPFElq2BeyO3sVJg8fG1rDZ2nO_apFxRQsL3J2ER0RaH_2aL5XH2hK21jnDQDc_N0a69tcOtYUeIUjxmJtSqprvLQagmUYetUucmwXApQxZt3rOgKGXA07uwNq_nuYsXnSp-A5uHufPAV058J7hQOQImwV1cooxzHeaprPwUkS-fBxt_J3XbDZp3bDFujm7rOdVv_6QVtTSRfhGilSig8Urz5CqWdenUC75Zbxzg2L8=?_z=8837581&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=theetheks.com HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=0801636fbe874e19eba495310ab53ae1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:26 GMT
content-type: image/gif
content-length: 43
x-trace-id: 770eadb8087cfba14b2bd8c4ace2a89f
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

1337x1.wb4.xyz/2019/05/chargha-recipe.html

104.21.26.18

200 OK

3.1 kB

URL POST HTTP/3
1337x1.wb4.xyz/2019/05/chargha-recipe.html
IP
104.21.26.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectwb4.xyz
FingerprintB8:D6:DD:E8:AC:EB:F4:86:CD:F1:5F:A5:B5:87:95:EE:B1:55:0A:59
ValiditySat, 07 Dec 2024 03:06:49 GMT - Fri, 07 Mar 2025 03:06:48 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3318), with no line terminators
Size
3.1 kB (3140 bytes)
Hash
86449c0d6c5423ac6d36b60647ab9f2b
771e3eae958e64d76ab42fd3e35c34dbfd37c66a
8a35429c77ff0fcb899c8c2a8226d703881199cfa1f2886a7f2ec85c0e37e4b5

HTTP Headers

POST /2019/05/chargha-recipe.html HTTP/1.1
Host: 1337x1.wb4.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: sam=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1337x1.wb4.xyz
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9ML9drxKTwrRirPh%2BF51WzLhRgYeTTsZ%2BMeyOwoujWyrM%2BJUfHBxG0f5zZhsMr0Gzlixy0vO9%2BBIpxH%2F2ifQgP%2BjIhmeHitHQMtgPkE31F65fTe4HshM2KY%2FeWlQCILhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af664409a1568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4701&min_rtt=1366&rtt_var=3643&sent=23&recv=14&lost=0&retrans=0&sent_bytes=8777&recv_bytes=2648&delivery_rate=51699&cwnd=12000&unsent_bytes=0&cid=f463ac6f10d91028&ts=476&x=1", cfExtPri, cfHdrFlush;dur=0

funnyfoto.me/submit.php

0.0.0.0

0 B

URL GET
funnyfoto.me/submit.php
IP
0.0.0.0:0
ASN
#0

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /submit.php HTTP/1.1
Host: funnyfoto.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c970483b-99cf-466d-af0a-6b7d7cc074f0

139.45.195.252

200 OK

0 B

URL POST HTTP/1.1
fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c970483b-99cf-466d-af0a-6b7d7cc074f0
IP
139.45.195.252:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0
ValidityWed, 11 Dec 2024 00:00:00 GMT - Sun, 11 Jan 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c970483b-99cf-466d-af0a-6b7d7cc074f0 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1154
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Sat, 01 Feb 2025 05:04:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://1337x1.wb4.xyz
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ptichoolsougn.net/impression/FD6h4FKj0tEN86QonqF_IMvJFrPbbKkarmsma1L2j74XzcUs3GrY6lBqylOrn6Xfsaf374XcguMWNlk7TMn0A-m-luFrzmpkg0XDGg_zRL4UvRCwpXmpM1ucG4lZZUyIBe_qgb9wEU8si8UtqjxvgZEsYmCaTYssGpmuoIMfuBepZInKiH6DrhZujFXd_hrDCLAk6X5rYeYpFFC9-C99pPy0g9RRHHQ3ZfDiBDAzwkzLKSQwNEueDyaI_BA2JAKU-6OZz8_AWn8wNwDKXAjM9X-p2x4EB6jkD_8JJ-IoL_l37SbPEyl4VCGbu36LFiWOFyylBUDftlsO1rJlo9Cdir7_j9xEFXN3mcjUJ6C4i2FEKoEuCwbcmkVLBiSp2BYhT_ss6BBinPNA68UEDW8Pg51N1dthNXbGW_AcBo9liU1mFD6cL52X7fseGYZPo34XeuC438OgwApVkZkZjxBy9KmHZfYLeMjSeywtGOq4BXxD_iPb_0rJe2-HJKAFhLRor3VHTWK5oUCa44OVQeShQ4WAjO5M0-uWnonh-aUaZcnTEBloqqwSoEda0MqM_TYOz7Mp9KwWmTNzywjcZyyQwUR_QZA=?_z=8837469&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=ptichoolsougn.net

139.45.197.107

200 OK

43 B

URL GET HTTP/2
ptichoolsougn.net/impression/FD6h4FKj0tEN86QonqF_IMvJFrPbbKkarmsma1L2j74XzcUs3GrY6lBqylOrn6Xfsaf374XcguMWNlk7TMn0A-m-luFrzmpkg0XDGg_zRL4UvRCwpXmpM1ucG4lZZUyIBe_qgb9wEU8si8UtqjxvgZEsYmCaTYssGpmuoIMfuBepZInKiH6DrhZujFXd_hrDCLAk6X5rYeYpFFC9-C99pPy0g9RRHHQ3ZfDiBDAzwkzLKSQwNEueDyaI_BA2JAKU-6OZz8_AWn8wNwDKXAjM9X-p2x4EB6jkD_8JJ-IoL_l37SbPEyl4VCGbu36LFiWOFyylBUDftlsO1rJlo9Cdir7_j9xEFXN3mcjUJ6C4i2FEKoEuCwbcmkVLBiSp2BYhT_ss6BBinPNA68UEDW8Pg51N1dthNXbGW_AcBo9liU1mFD6cL52X7fseGYZPo34XeuC438OgwApVkZkZjxBy9KmHZfYLeMjSeywtGOq4BXxD_iPb_0rJe2-HJKAFhLRor3VHTWK5oUCa44OVQeShQ4WAjO5M0-uWnonh-aUaZcnTEBloqqwSoEda0MqM_TYOz7Mp9KwWmTNzywjcZyyQwUR_QZA=?_z=8837469&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=ptichoolsougn.net
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjectptichoolsougn.net
Fingerprint8B:23:0C:24:5C:8E:60:08:8A:8F:8E:C1:5F:FC:F7:FB:77:B8:91:31
ValidityTue, 26 Nov 2024 15:38:47 GMT - Mon, 24 Feb 2025 15:38:46 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/FD6h4FKj0tEN86QonqF_IMvJFrPbbKkarmsma1L2j74XzcUs3GrY6lBqylOrn6Xfsaf374XcguMWNlk7TMn0A-m-luFrzmpkg0XDGg_zRL4UvRCwpXmpM1ucG4lZZUyIBe_qgb9wEU8si8UtqjxvgZEsYmCaTYssGpmuoIMfuBepZInKiH6DrhZujFXd_hrDCLAk6X5rYeYpFFC9-C99pPy0g9RRHHQ3ZfDiBDAzwkzLKSQwNEueDyaI_BA2JAKU-6OZz8_AWn8wNwDKXAjM9X-p2x4EB6jkD_8JJ-IoL_l37SbPEyl4VCGbu36LFiWOFyylBUDftlsO1rJlo9Cdir7_j9xEFXN3mcjUJ6C4i2FEKoEuCwbcmkVLBiSp2BYhT_ss6BBinPNA68UEDW8Pg51N1dthNXbGW_AcBo9liU1mFD6cL52X7fseGYZPo34XeuC438OgwApVkZkZjxBy9KmHZfYLeMjSeywtGOq4BXxD_iPb_0rJe2-HJKAFhLRor3VHTWK5oUCa44OVQeShQ4WAjO5M0-uWnonh-aUaZcnTEBloqqwSoEda0MqM_TYOz7Mp9KwWmTNzywjcZyyQwUR_QZA=?_z=8837469&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=300&wiw=300&wih=270&wfc=6&pl=https%3A%2F%2F1337x1.wb4.xyz%2F2019%2F05%2Fchicken-pasta-recipe.html&drf=https%3A%2F%2F1337x1.wb4.xyz%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1&js_build=8&sw_version=v1.521.0&dmn=ptichoolsougn.net HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Cookie: OAID=0801636fbe874e19eba495310ab53ae1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:19 GMT
content-type: image/gif
content-length: 43
x-trace-id: c705276fd7a0215499ba7339c5ccca8a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

1337x1.wb4.xyz/submit.php

104.21.26.18

200 OK

1.4 kB

URL GET HTTP/2
1337x1.wb4.xyz/submit.php
IP
104.21.26.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectwb4.xyz
FingerprintB8:D6:DD:E8:AC:EB:F4:86:CD:F1:5F:A5:B5:87:95:EE:B1:55:0A:59
ValiditySat, 07 Dec 2024 03:06:49 GMT - Fri, 07 Mar 2025 03:06:48 GMT

File type
HTML document, ASCII text, with very long lines (1550), with no line terminators
Size
1.4 kB (1448 bytes)
Hash
6e04ae0291ac5a7135a90f8412fc718b
272168b78030b90e73971a3d23198395f34427dc
9b52547de8e5044f81cd0541d0767209ea6f543ac5f59fdea4928533dcd3ff2a

HTTP Headers

GET /submit.php HTTP/1.1
Host: 1337x1.wb4.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wk.jdi5.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2B8pzqo4Vw4k1BxrQD3cFvL5kiILboqOXHfJ4cyQuoiMgJPp6py6%2F68Metd6fj5ayFgs0HRIQTEjy86qB7LLlZPhN%2BALQ0b6i69v4L2PKELgy9xZJTX5z%2FRrjMlDqv%2Fu6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af6640c9dd56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=535&min_rtt=485&rtt_var=104&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3260&recv_bytes=1350&delivery_rate=6819466&cwnd=254&unsent_bytes=0&cid=17de2bb4c03e0667&ts=113&x=0"
X-Firefox-Spdy: h2

theetheks.com/400/8837581

139.45.197.119

200 OK

94 kB

URL GET HTTP/2
theetheks.com/400/8837581
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
94 kB (93610 bytes)
Hash
f86a8bd8e3405e62744c551545dfa07c
ab84fc6a50391c107fa470be7e22baa9b7be0a0a
79a9df3ab6bd8f6344e3b274e262e3d9ba6caa8fc63d2f2098f27e4c5dbf8250

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/8837581 HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/javascript
x-trace-id: 394e7f11a144266697b87091623a7e45
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0301632d8f1a40b2f19c8bd61f6d6309; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

wk.jdi5.com/style.css

172.67.165.78

200 OK

4.6 kB

URL GET HTTP/3
wk.jdi5.com/style.css
IP
172.67.165.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectjdi5.com
Fingerprint6A:3B:01:B6:6E:75:B7:2A:FD:EC:1E:64:AA:35:B1:A7:1D:3B:1E:82
ValidityThu, 02 Jan 2025 20:02:51 GMT - Wed, 02 Apr 2025 21:01:02 GMT

File type
ASCII text, with very long lines (4592), with no line terminators
Size
4.6 kB (4592 bytes)
Hash
c4b94c72fbf6af7a5b03c888916d0e87
b74ec2fc2807c1bb8cdc13603eab50350bf97fd2
a624a4fdd1e260b9c175cbf7c937796b9c54ea563a655bc5894bc7fc2c59bc4b

HTTP Headers

GET /style.css HTTP/1.1
Host: wk.jdi5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:11 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=7081
etag: W/"5fb50283-1ba9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 18 Nov 2020 11:16:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 11256180
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6Lba4ITpKjYAbqKEjj%2B0p%2FWXfUM45ZtGZ3w%2Flht0lbB5qXCMlIrge3mB8bjjk%2FGeiVe%2BaGNwV5DnyDIw%2FfJT2%2FKW1mdvm7Czr9oTQCW5PyGf3W4vHqD00VDOVxX4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af663aef92b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4181&min_rtt=2129&rtt_var=2264&sent=14&recv=8&lost=0&retrans=0&sent_bytes=4160&recv_bytes=1349&delivery_rate=276590&cwnd=12000&unsent_bytes=0&cid=aa615e80939aa531&ts=286&x=1", cfExtPri, cfHdrFlush;dur=0

theetheks.com/400/8837581

139.45.197.119

200 OK

94 kB

URL GET HTTP/2
theetheks.com/400/8837581
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://1337x1.wb4.xyz/2019/05/chargha-recipe.html
Certificate
IssuerLet's Encrypt
Subjecttheetheks.com
Fingerprint67:7A:01:75:FB:3C:8A:7E:72:FD:0B:72:D4:44:16:52:E4:48:A3:E2
ValidityThu, 14 Nov 2024 06:29:53 GMT - Wed, 12 Feb 2025 06:29:52 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
94 kB (93616 bytes)
Hash
a5ee6546239d25bd0e33ce54f2608134
a98af7d79815c33d49868a2dafaef3f65f9b4e7c
b82a277de84e8c41325cbf5b61f779113e07e7c874efd14181cb4fca57bd0300

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/8837581 HTTP/1.1
Host: theetheks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: application/javascript
x-trace-id: 27487d0443b9cc70270f4c759fb8c357
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=030163bffde34126eb1ba3f83a82b04b; expires=Sun, 01 Feb 2026 05:04:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

wk.jdi5.com/favicon.ico

172.67.165.78

404 Not Found

238 B

URL GET HTTP/3
wk.jdi5.com/favicon.ico
IP
172.67.165.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectjdi5.com
Fingerprint6A:3B:01:B6:6E:75:B7:2A:FD:EC:1E:64:AA:35:B1:A7:1D:3B:1E:82
ValidityThu, 02 Jan 2025 20:02:51 GMT - Wed, 02 Apr 2025 21:01:02 GMT

File type
HTML document, ASCII text, with no line terminators
Size
238 B (238 bytes)
Hash
327e140a6015094f4bc2cc2822706b87
8db50b70e15667506a5694b17c159b4697bb1d6f
42a0b56fe7f0b8315e25a6f84ce03ae321ee0cadc5f4904145de479088a6a9b1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wk.jdi5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Cookie: _ga_BXJ1TNEJ97=GS1.1.1738386252.1.0.1738386252.0.0.0; _ga=GA1.1.1366494905.1738386253
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 01 Feb 2025 05:04:12 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
x-robots-tag: noindex, nofollow
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsvcgM032XvXedogdXNuzvznbcFfroEtY6BJKpZtICTL%2BkM1gc46jIda0ohc7ar3COEuwg4J0qkAdDQkOH4gpBALgTOufIQcOLtkv3iOZ%2Fo6y7BxYeieOuMw7GGHZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90af66406a18b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4196&min_rtt=2129&rtt_var=1728&sent=17&recv=10&lost=0&retrans=0&sent_bytes=6253&recv_bytes=1892&delivery_rate=7860&cwnd=12000&unsent_bytes=0&cid=aa615e80939aa531&ts=1230&x=1", cfExtPri, cfHdrFlush;dur=0

1337x1.wb4.xyz/submit.php

104.21.26.18

200 OK

1.4 kB

URL GET HTTP/2
1337x1.wb4.xyz/submit.php
IP
104.21.26.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectwb4.xyz
FingerprintB8:D6:DD:E8:AC:EB:F4:86:CD:F1:5F:A5:B5:87:95:EE:B1:55:0A:59
ValiditySat, 07 Dec 2024 03:06:49 GMT - Fri, 07 Mar 2025 03:06:48 GMT

File type
HTML document, ASCII text, with very long lines (1550), with no line terminators
Size
1.4 kB (1448 bytes)
Hash
6e04ae0291ac5a7135a90f8412fc718b
272168b78030b90e73971a3d23198395f34427dc
9b52547de8e5044f81cd0541d0767209ea6f543ac5f59fdea4928533dcd3ff2a

HTTP Headers

GET /submit.php HTTP/1.1
Host: 1337x1.wb4.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wk.jdi5.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mem3%2FVRqfBvh8NCnxh9r0ulLVSAfZJie4pfbdVFBYOmnlPWyntvmizm0r9O5VdozyIpOVEcfOp1PMdrg9T8cEFoT8Ankz4nflLjH80z84wdVJlahNQ1ejYKGcecXcsYV3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af6640c9d956b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=660&min_rtt=485&rtt_var=328&sent=10&recv=12&lost=0&retrans=0&sent_bytes=4404&recv_bytes=1350&delivery_rate=6819466&cwnd=256&unsent_bytes=0&cid=17de2bb4c03e0667&ts=117&x=0"
X-Firefox-Spdy: h2

1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html

104.21.26.18

200 OK

3.1 kB

URL POST HTTP/3
1337x1.wb4.xyz/2019/05/chicken-pasta-recipe.html
IP
104.21.26.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html
Certificate
IssuerGoogle Trust Services
Subjectwb4.xyz
FingerprintB8:D6:DD:E8:AC:EB:F4:86:CD:F1:5F:A5:B5:87:95:EE:B1:55:0A:59
ValiditySat, 07 Dec 2024 03:06:49 GMT - Fri, 07 Mar 2025 03:06:48 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3318), with no line terminators
Size
3.1 kB (3140 bytes)
Hash
5cdcfd48f0661711539fe973facc88c9
1cddc93cc51706fcd62d98adfaf408063e5cdc1d
8387622fd52038b6a05914905c3b50699f61b728800a60d9689007429548803d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

POST /2019/05/chicken-pasta-recipe.html HTTP/1.1
Host: 1337x1.wb4.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://1337x1.wb4.xyz
DNT: 1
Connection: keep-alive
Referer: https://1337x1.wb4.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 05:04:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: sam=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1337x1.wb4.xyz
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrX35hHM1sMQ5UNQpFtoWnvAUCVfYfBJS7ouYGFb8XK7MxOQJ2g7vlwNkzN9Ht0FDL%2BiWVWQMzENzbBCrT6OAVjCEOBtckWwvbKZwmkzOrc0UcGp73Q%2FyqTIJEyN%2BtrL5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90af6643f965568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5116&min_rtt=1366&rtt_var=3753&sent=20&recv=13&lost=0&retrans=0&sent_bytes=6779&recv_bytes=2604&delivery_rate=924051&cwnd=12000&unsent_bytes=0&cid=f463ac6f10d91028&ts=452&x=1", cfExtPri, cfHdrFlush;dur=0

taleszone.com/submit.php

0.0.0.0

0 B

URL GET
taleszone.com/submit.php
IP
0.0.0.0:0
ASN
#0

Requested by
https://wk.jdi5.com/download/dl5/b8a8bd93f58f1c369b26d11493c21529/3cc4eed7f2149d9f55caa5fb47d1357d/djbantuverma+wapqiz+com/DIL-SHEESHE-JAISE-MERA-JISME-THA-TERA-BASERA-SAD-SONG-DJBANTU-VERMA-(djbantuverma.wapqiz.com).mp3.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /submit.php HTTP/1.1
Host: taleszone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wk.jdi5.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (36)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML