Report - pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid=

Report Overview

Visited public
2025-04-24 15:24:34
Tags
URL
pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid=
Finishing URL
arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
IP / ASN
104.21.35.146
#13335 CLOUDFLARENET
Title
Press Allow

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pstopp.com	unknown	2025-03-14	2025-03-14	2025-04-24	2.4 kB	7.9 kB	172.67.176.182
arrowhurt.xyz	91802	2019-09-24	2020-08-23	2025-04-20	1.5 kB	24 kB	104.21.16.1
sdk.unative.com	468198	2011-07-21	2019-08-11	2025-04-20	846 B	201 kB	185.76.9.27
api-un.unative.com	297644	2011-07-21	2019-07-05	2025-04-20	1.1 kB	1.5 kB	162.55.0.219
trcpo.com	unknown	2024-11-04	2023-01-31	2025-04-20	1.1 kB	10 kB	162.55.127.182
img.altaffiliatesol.com	unknown	2023-07-21	2023-08-11	2025-04-24	621 B	0 B	0.0.0.0
tr-un.unative.com	86814	2011-07-21	2019-10-10	2025-04-20	1.2 kB	1.0 kB	162.55.0.220

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-24	medium	trcpo.com	Sinkholed
2025-04-24	medium	pstopp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid=	ScriptElement	4.7 kB	2025-04-24	2025-04-24
Pretty URL pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid= IP 172.67.176.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-24 15:24 Last Seen2025-04-24 15:24 Times Seen1 Hash aed3576ddcd7c3bf9efe2fe4d2c1abe2 a07b588c671875824165f4bfb1bab3e99afc8576 1fb13557b8bd3fb80deff9d6e494e4242174e208aa9b84a63003f33759f00308 Loading...

	arrowhurt.xyz/js/pop-sdk.js	ScriptElement	4.9 kB	2023-03-07	2025-05-13
Pretty URL arrowhurt.xyz/js/pop-sdk.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen727 Hash 7a3b88db9f1e69e84da82f3ecf466391 aab94e786ce955f7918fd7d2ad1a9f8171dae983 68fc8807e968efa891db5b096b21d7cc998884bdf7cf5e8adfa127fdaf325990 Loading...

	arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee	ScriptElement	194 B	2023-03-07	2025-05-13
Pretty URL arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen728 Hash 3b5180c6b40a05834adcf70f79126ff7 56e95ceaeb30721ac37b03d146e6dbe61e8ceef2 0d37e64b6af711e8dd4220494fc6f815ec195deb0c6b6eff8069c375d33b57c2 Loading...

	arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee	ScriptElement	287 B	2023-03-07	2025-05-13
Pretty URL arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen728 Hash c934abd066517412e5d532beacebc859 1cc6cce5f531d681cfe5324c359fd2c1ee8cb7d9 7b07990e30e037893895c1ff79790f4bab49744e5afc0ba01f6fa5450edea4ec Loading...

	sdk.unative.com/UNativeSDK.js	ScriptElement	17 kB	2023-03-07	2025-05-13
Pretty URL sdk.unative.com/UNativeSDK.js IP 185.76.9.27 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-13 18:05 Times Seen779 Hash 647c17795b88ec6b0432e10ebebbce67 ae012902de61b37343ed3288b65e07a4f94edb31 12f3ffc2bef3ae11d82ec74d1c21eaf9d7ee389d320b85d8fb00b666a6eefa2c Loading...

	sdk.unative.com/UNativePageSDKES6.js?v=150706	ScriptElement	183 kB	2023-05-07	2025-05-13
Pretty URL sdk.unative.com/UNativePageSDKES6.js?v=150706 IP 185.76.9.27 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-07 17:04 Last Seen2025-05-13 18:05 Times Seen779 Hash b3332c141ef65c70ffcb6c233261d49e 64340ed0e6f5ed9cefd865ab49b93b5b16e9dc53 2d97792c95b1c337e75917308f9da48c3497c1896cc3039106bf343b2f14d3b8 Loading...

HTTP Transactions (12)

URL IP Response Size

arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee

104.21.16.1

200 OK

10 kB

URL User Request GET
arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectarrowhurt.xyz
FingerprintF8:BD:3B:C8:3F:23:95:E0:AE:F9:78:2E:9C:3E:2B:D0:D0:44:6B:11
ValiditySun, 02 Mar 2025 03:04:27 GMT - Sat, 31 May 2025 04:01:29 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5305)
Size
10 kB (10019 bytes)
Hash
0cf8f3558db55a5f4187958734c2622d
b056e03455c3c5cdcbba0770e8ef40a1f1fb9576
b23bab9d1ba59a16db8660cd2ab16d6c97300a87baad8e773d6d893000fec461

HTTP Headers

GET /progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: arrowhurt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 15:24:03 GMT
content-type: text/html
server: cloudflare
last-modified: Mon, 05 Dec 2022 19:58:48 GMT
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93569af68a170b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sdk.unative.com/UNativeSDK.js

185.76.9.27

200 OK

17 kB

URL GET
sdk.unative.com/UNativeSDK.js
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subject1058678020.rsc.cdn77.org
Fingerprint84:DC:F0:8F:29:81:15:83:57:FF:C0:E4:0B:E0:D0:F8:41:3B:63:A0
ValiditySun, 09 Mar 2025 12:49:09 GMT - Sat, 07 Jun 2025 12:49:08 GMT

File type
JavaScript source, ASCII text, with very long lines (17396), with no line terminators
Size
17 kB (17396 bytes)
Hash
647c17795b88ec6b0432e10ebebbce67
ae012902de61b37343ed3288b65e07a4f94edb31
12f3ffc2bef3ae11d82ec74d1c21eaf9d7ee389d320b85d8fb00b666a6eefa2c

HTTP Headers

GET /UNativeSDK.js HTTP/1.1
Host: sdk.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 15:24:03 GMT
content-type: application/x-javascript
last-modified: Thu, 27 Apr 2023 15:05:30 GMT
etag: W/"43f4-5fa52affcd6e3"
vary: Accept-Encoding
x-77-nzt: EwwBuUwJGwH3nwgIAAwBuUwKEwH36gEAAAwBJRPCNAG3RZcPAA
x-77-nzt-ray: fdb541236575380893570a684621e72b
x-77-cache: HIT
x-77-age: 526495
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

sdk.unative.com/UNativePageSDKES6.js?v=150706

185.76.9.27

200 OK

183 kB

URL GET
sdk.unative.com/UNativePageSDKES6.js?v=150706
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subject1058678020.rsc.cdn77.org
Fingerprint84:DC:F0:8F:29:81:15:83:57:FF:C0:E4:0B:E0:D0:F8:41:3B:63:A0
ValiditySun, 09 Mar 2025 12:49:09 GMT - Sat, 07 Jun 2025 12:49:08 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Size
183 kB (182707 bytes)
Hash
b3332c141ef65c70ffcb6c233261d49e
64340ed0e6f5ed9cefd865ab49b93b5b16e9dc53
2d97792c95b1c337e75917308f9da48c3497c1896cc3039106bf343b2f14d3b8

HTTP Headers

GET /UNativePageSDKES6.js?v=150706 HTTP/1.1
Host: sdk.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 15:24:03 GMT
content-type: application/x-javascript
last-modified: Thu, 27 Apr 2023 15:05:30 GMT
etag: W/"2c9b3-5fa52affcd6e3"
vary: Accept-Encoding
x-77-nzt: EwwBuUwJGwH3h5EFAAwBuUwKDAH39tsDAAwBJRPCLgG3DqEIAA
x-77-nzt-ray: fdb541236575380893570a683d0a2430
x-77-cache: HIT
x-77-age: 364935
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.219

200

18 B

URL OPTIONS
api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
Fingerprint28:C9:C0:12:B9:72:4E:A1:B8:3B:81:C0:D5:40:82:BF:E2:6B:DE:D7
ValiditySun, 02 Mar 2025 08:09:31 GMT - Sat, 31 May 2025 08:09:30 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
cc7fd95a87ea3721ce1853bf3c4dd75e
7f687f7881adf0fc407378d375a61b8f198c0912
0f06a4c8d34690d4e42c81f232a5bdfe9fcbde8a54b5ccd0609a313e90da0879

HTTP Headers

OPTIONS /p/w/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: api-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,sdk-version
Referer: https://arrowhurt.xyz/
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
allow: HEAD,GET,OPTIONS
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
access-control-allow-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
content-type: text/plain;charset=UTF-8
content-length: 18
date: Thu, 24 Apr 2025 15:24:04 GMT

trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv

162.55.127.182

302

10 kB

URL User Request GET
trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv
IP
162.55.127.182:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecttrcpo.com
FingerprintD0:15:FF:D4:2E:76:82:BE:8B:20:F5:C6:D0:ED:99:21:AE:C9:6E:ED
ValiditySat, 08 Mar 2025 08:07:08 GMT - Fri, 06 Jun 2025 08:07:07 GMT

File type

Size
10 kB (10019 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv HTTP/1.1
Host: trcpo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
location: https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-length: 0
date: Thu, 24 Apr 2025 15:24:02 GMT

img.altaffiliatesol.com/mkt/acct/1be035660d66d3/tick?td=ep&ip=91.90.42.154&creative_id=kfg1raprm9vglv6c1vv6lzjci5xcv&ts=1745508242172&pub_id=bfc36609-7e48-4298-a54e-c83a742cc001&tc=327ef770-a2f8-4228-a528-7cf2479749fb

0.0.0.0

0 B

URL GET
img.altaffiliatesol.com/mkt/acct/1be035660d66d3/tick?td=ep&ip=91.90.42.154&creative_id=kfg1raprm9vglv6c1vv6lzjci5xcv&ts=1745508242172&pub_id=bfc36609-7e48-4298-a54e-c83a742cc001&tc=327ef770-a2f8-4228-a528-7cf2479749fb
IP
0.0.0.0:0
ASN
#0

Requested by
https://pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mkt/acct/1be035660d66d3/tick?td=ep&ip=91.90.42.154&creative_id=kfg1raprm9vglv6c1vv6lzjci5xcv&ts=1745508242172&pub_id=bfc36609-7e48-4298-a54e-c83a742cc001&tc=327ef770-a2f8-4228-a528-7cf2479749fb HTTP/1.1
Host: img.altaffiliatesol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pstopp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

arrowhurt.xyz/js/pop-sdk.js

104.21.16.1

200 OK

4.9 kB

URL GET
arrowhurt.xyz/js/pop-sdk.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerGoogle Trust Services
Subjectarrowhurt.xyz
FingerprintF8:BD:3B:C8:3F:23:95:E0:AE:F9:78:2E:9C:3E:2B:D0:D0:44:6B:11
ValiditySun, 02 Mar 2025 03:04:27 GMT - Sat, 31 May 2025 04:01:29 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
4.9 kB (4899 bytes)
Hash
7a3b88db9f1e69e84da82f3ecf466391
aab94e786ce955f7918fd7d2ad1a9f8171dae983
68fc8807e968efa891db5b096b21d7cc998884bdf7cf5e8adfa127fdaf325990

HTTP Headers

GET /js/pop-sdk.js HTTP/1.1
Host: arrowhurt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 15:24:03 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A8F1OxhFzFWFgosmx1ZabuIaFEJHGuAz0BcgtqCWhsOgUxBs9EvhOqSn9Z3qzvbTHGwN7%2FndeHOt20Tc%2BZylYX5WZA7KJPmAJaBi3%2BP3DG9EXDEXYnj4Qhwd1Ev2vo8e"}],"group":"cf-nel","max_age":604800}
etag: W/"4899-1670270328000"
last-modified: Mon, 05 Dec 2022 19:58:48 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2920
content-encoding: br
cf-ray: 93569af98f8b0b65-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7626&min_rtt=2546&rtt_var=6871&sent=46&recv=60&lost=0&retrans=0&sent_bytes=5581&recv_bytes=3907&delivery_rate=2127&cwnd=12000&unsent_bytes=0&cid=8cd35c6619746ad6&ts=353&x=16"

arrowhurt.xyz/favicon.ico

104.21.16.1

200 OK

6.9 kB

URL GET
arrowhurt.xyz/favicon.ico
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerGoogle Trust Services
Subjectarrowhurt.xyz
FingerprintF8:BD:3B:C8:3F:23:95:E0:AE:F9:78:2E:9C:3E:2B:D0:D0:44:6B:11
ValiditySun, 02 Mar 2025 03:04:27 GMT - Sat, 31 May 2025 04:01:29 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced, 32 bits/pixel
Size
6.9 kB (6881 bytes)
Hash
b58051f458d0cd0fbf58ff901356a6d6
2184af1e9211161e0c4ce7711da6350f049ad8eb
782316ae0ab742418ed75306b7ee0985230e28e27bc5cc88a5e3d4af648729ed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arrowhurt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 15:24:03 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5gehAnFhfbPY2oIKgGiNULorLlxFPOcB69FkKSj%2BXtMiigXZ6Wzjc%2FH30ocPnCk5aVzK%2BbTBDGMKBI%2FtteV1NICBS1LEU1F43nnCRjqmHzjyiv5%2BraJc5%2FalaS7509T"}],"group":"cf-nel","max_age":604800}
etag: W/"6881-1670270328000"
last-modified: Mon, 05 Dec 2022 19:58:48 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-encoding: br
cf-ray: 93569afaff9f0b65-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7068&min_rtt=2546&rtt_var=6270&sent=50&recv=62&lost=0&retrans=0&sent_bytes=7516&recv_bytes=4269&delivery_rate=84615&cwnd=12000&unsent_bytes=0&cid=8cd35c6619746ad6&ts=632&x=16"

tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.220

200

18 B

URL OPTIONS
tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.220:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
Fingerprint28:C9:C0:12:B9:72:4E:A1:B8:3B:81:C0:D5:40:82:BF:E2:6B:DE:D7
ValiditySun, 02 Mar 2025 08:09:31 GMT - Sat, 31 May 2025 08:09:30 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
cc7fd95a87ea3721ce1853bf3c4dd75e
7f687f7881adf0fc407378d375a61b8f198c0912
0f06a4c8d34690d4e42c81f232a5bdfe9fcbde8a54b5ccd0609a313e90da0879

HTTP Headers

OPTIONS /track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: tr-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,sdk-version
Referer: https://arrowhurt.xyz/
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
allow: HEAD,GET,OPTIONS
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
access-control-allow-headers: content-type,sdk-version,origin,accept,content-type,x-requested-with
content-type: text/plain;charset=UTF-8
content-length: 18
date: Thu, 24 Apr 2025 15:24:04 GMT

tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.220

200

0 B

URL GET
tr-un.unative.com/track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.220:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
Fingerprint28:C9:C0:12:B9:72:4E:A1:B8:3B:81:C0:D5:40:82:BF:E2:6B:DE:D7
ValiditySun, 02 Mar 2025 08:09:31 GMT - Sat, 31 May 2025 08:09:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /track/visit/incognito/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: tr-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://arrowhurt.xyz/
content-type: application/json;charset=UTF-8
sdk-version: unative/web/150706
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-length: 0
date: Thu, 24 Apr 2025 15:24:04 GMT

api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee

162.55.0.219

200

429 B

URL GET
api-un.unative.com/p/w/cecef939-3587-4e47-a28a-282aaa2c0cee
IP
162.55.0.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://arrowhurt.xyz/progress-bar.html?un=cecef939-3587-4e47-a28a-282aaa2c0cee
Certificate
IssuerLet's Encrypt
Subjectunative.com
Fingerprint28:C9:C0:12:B9:72:4E:A1:B8:3B:81:C0:D5:40:82:BF:E2:6B:DE:D7
ValiditySun, 02 Mar 2025 08:09:31 GMT - Sat, 31 May 2025 08:09:30 GMT

File type
JSON text data
Size
429 B (429 bytes)
Hash
aa5bf976f2cec3161a2fd92593ff63cc
d064b8b81676a9893437b890c927433415a1fe4e
22b9c3b2a424da9ba78986be4baca36b4334241398812cabc44b71af5d1dd7c1

HTTP Headers

GET /p/w/cecef939-3587-4e47-a28a-282aaa2c0cee HTTP/1.1
Host: api-un.unative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://arrowhurt.xyz/
content-type: application/json;charset=UTF-8
sdk-version: unative/web/150706
Origin: https://arrowhurt.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
x-responded-by: cors-support-provider
access-control-expose-headers: set-cookie
access-control-allow-origin: *
access-control-request-headers: origin,accept,content-type,x-requested-with
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 86400
content-type: application/json;charset=UTF-8
content-length: 429
date: Thu, 24 Apr 2025 15:24:04 GMT

pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid=

172.67.176.182

200 OK

7.5 kB

URL User Request GET
pstopp.com/r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid=
IP
172.67.176.182:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpstopp.com
FingerprintED:7F:56:13:FF:3A:11:A4:12:AC:F0:67:42:F7:69:6A:32:BD:72:98
ValidityFri, 14 Mar 2025 09:31:09 GMT - Thu, 12 Jun 2025 10:29:24 GMT

File type
HTML document, ASCII text, with very long lines (729)
Size
7.5 kB (7517 bytes)
Hash
f3b649a48014acf07c530f40ed3656e5
b239f493ddd274ce35db8c63d7902a6061dd785f
67191aaf73e6138342705f538461531fc9a3c2465565d8272b8acfd81b6db991

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /r4/index.php?p=2&pid=bfc36609-7e48-4298-a54e-c83a742cc001&sid=4206&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&u=https://trcpo.com/track/click/zny0RGAtgmPUNHANq11FU9ZZ8Eflo8aKnKJCZLVe7Bad0JMGKDLES6eZTeQHeHskQ3EdU_x8CTv82rPalNT4lOu2OZP_eRqUNuVqb_zkNcTdnpzddEXmxXnODKdVsHO3CbLV_ZThBmOHGSvjJhu30RifUcGPesHPkHbSu23FCVqGf2mzFaxyxs--eJ-j_M1OQ9f63dVQnE4OfayiNJjpu1t0Ege_f-UQcaz2GlLGmi96tGYVtteHvCowRZZhH7oyvRkk7lrjtfOUi8P7YyJrdctwkqHb6RIefHlCNhJudz9A5wUWFAcBRigswgqC8p2fMqJ-oXeOaBQScWImgrtRcLB4j5a-6B5AwvgRNnSYudaeJtCHVcouTbRqQ4-kYpzt-QG-_6uyI8jmUNmW3rHlvfEF8wzAyd8BZ3_qjswLvEmKehqwm-Q0nSuYO9mzOo6ZO5f9YhGRQx7BZ1C7bg1-HPrFUd1aPqIPX8gqyuQNuTmxZlWaDHZIi36Y0JBzSoYq7-jItcWeduN6HrAKiwi8cxze0AQ?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=NETAD_ADL_2&bid=0.0012&ts=1745504996631&tid=kfg1raprm9vglv6c1vv6lzjci5xcv&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=kfg1raprm9vglv6c1vv6lzjci5xcv&price=${AUCTION_PRICE}&campaign_id=ba67a89a-c21d-4a79-a702-ba81acdf1a15&campaign=LQ_T1+NETAD_ADL_2&creative_id=b02c9590-3b46-4803-a323-e5fa86bb8ad5&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=4206&placement=&category=&sub_category=&app_bundle=&placement_id=4206&site_url=amaporn.com&carrier=Wind&device_os=macos&os_version=10.15&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=it&platform_ip=&lat=&lon=&country=ITA&cc=&region=lombardia&city=milan&zc=20155&isp=wind&ip=93.44.118.22&ua=mozilla/5.0+(macintosh;+intel+mac+os+x+10.15;+rv:137.0)+gecko/20100101+firefox/137.0&ifa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&idfa=ce6849e4-8960-33a7-9b1e-76cda46ed33d&gaid= HTTP/1.1
Host: pstopp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 15:24:02 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
x-powered-by: PHP/7.4.16
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: _tfc=395a2b50ee2420400685980561c852cc; SameSite=Strict
cf-ray: 93569af13ec8568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash