Report - rebeccaneverbase.com/rmysmn7n6c9g

Report Overview

Visited public
2024-06-05 06:53:03
Tags
suspicious
URL
rebeccaneverbase.com/rmysmn7n6c9g
Finishing URL
rebeccaneverbase.com/rmysmn7n6c9g
IP / ASN
186.2.163.111
#59692 IQWeb FZ-LLC
Title
Watch Young.Sheldon.S06E09.Das.Wunder.von.Medford.und.ein.Date.mit.Oma.German.DD51.Dubbed.720p.AmazonHD.AVC-TVS.mkv - VOE | Content Delivery Network (CDN) & Video Cloud
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rebeccaneverbase.com	unknown	2024-06-01	2024-06-04 17:30:14	2024-06-04 19:06:24	7.8 kB	213 kB	186.2.163.111
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-06-04 22:28:45	2.6 kB	202 kB	104.17.25.14
imasdk.googleapis.com	11661	2005-01-25	2014-10-30 18:42:18	2024-06-04 22:28:45	421 B	141 kB	142.250.74.170
attenuatenovelty.com	unknown	2024-06-02	2024-06-04 17:30:14	2024-06-04 19:06:24	444 B	15 kB	192.243.61.225
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-06-04 23:34:57	525 B	21 kB	216.58.207.195
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-06-04 18:13:44	465 B	3.0 kB	216.58.211.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-05	medium	attenuatenovelty.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	rebeccaneverbase.com/rmysmn7n6c9g	ScriptElement	502 B	2023-12-21	2025-03-09
Pretty URL rebeccaneverbase.com/rmysmn7n6c9g IP 186.2.163.111 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-21 19:29 Last Seen2025-03-09 12:44 Times Seen637 Hash a70fb3ccc190fdfe4c06804cafa694bc 50630603fa35dcf518ed6bbeef164ec2a65ab6ae 2dd7b05386bab0c4528e26a81a13742dc580154aa2980ff125e99e0b4974376d Loading...

	imasdk.googleapis.com/js/sdkloader/ima3.js	ScriptElement	409 kB	2024-05-30	2024-08-19
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 00:47 Last Seen2024-08-19 21:20 Times Seen117 Hash 7296a36a8e0a913e75421d33eddd3aa4 011373c6da8e761731335635db4e959f9bd50fac 4b9bac858acbb3b447b2d63bc6834014aecea6191a95d46d47e3f166fc182bab Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js	ScriptElement	88 kB	2023-08-31	2025-06-06
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03 Last Seen2025-06-06 17:15 Times Seen38114 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	rebeccaneverbase.com/rmysmn7n6c9g	ScriptElement	3.9 kB	2024-01-10	2025-04-11
Pretty URL rebeccaneverbase.com/rmysmn7n6c9g IP 186.2.163.111 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-10 02:44 Last Seen2025-04-11 02:20 Times Seen618 Hash f646a3bf6021cf9b091ce25e3e02accd fd5856375a2de55c233b98cea458dd45ad731b7f 1e03159bafb1e8ba958c5ee6d609084aea470aaa24fe3a05f4da41c152ab6006 Loading...

HTTP Transactions (17)

URL IP Response Size

rebeccaneverbase.com/s/css/site.min.css?b88a47d08bc271205f94a89a0b229d92

186.2.163.111

200 OK

36 kB

URL GET HTTP/2
rebeccaneverbase.com/s/css/site.min.css?b88a47d08bc271205f94a89a0b229d92
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65268)
Size
36 kB (36084 bytes)
Hash
693911829343f289c06e6c9aae38a67a
959dc426cea1454bfc42ad25a570d9d92f155bcf
20ff9cfee735b48ff17502b3e82696fb0b0ee2a10ec49436d0c601eb83405ed0

HTTP Headers

GET /s/css/site.min.css?b88a47d08bc271205f94a89a0b229d92 HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/rmysmn7n6c9g
Cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Sat, 01 Jun 2024 16:36:13 GMT
content-type: text/css
last-modified: Thu, 16 May 2024 18:14:03 GMT
vary: Accept-Encoding
etag: W/"66464ceb-41f8f"
expires: Mon, 01 Jul 2024 16:36:13 GMT
cache-control: max-age=2592000
content-encoding: br
age: 310585
content-length: 36084
ddg-cache-status: HIT
X-Firefox-Spdy: h2

rebeccaneverbase.com/s/images/logos/voe-logo.svg?v=2

186.2.163.111

200 OK

967 B

URL GET HTTP/2
rebeccaneverbase.com/s/images/logos/voe-logo.svg?v=2
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type
SVG Scalable Vector Graphics image
Size
967 B (967 bytes)
Hash
54860be10a609212a47e58224f1f5a77
d5a9b87028f23ffb0daf4533faad5188b5b5d5e1
1b0cbfb702895cca8d51fcf2c3f8c9f56668372253c6c53ea50b17992fdde642

HTTP Headers

GET /s/images/logos/voe-logo.svg?v=2 HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/rmysmn7n6c9g
Cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Tue, 04 Jun 2024 20:08:42 GMT
content-type: image/svg+xml
last-modified: Mon, 20 May 2024 13:32:00 GMT
vary: Accept-Encoding
etag: W/"664b50d0-735"
expires: Thu, 04 Jul 2024 20:08:42 GMT
cache-control: max-age=2592000
content-encoding: br
age: 38636
content-length: 967
ddg-cache-status: HIT
X-Firefox-Spdy: h2

rebeccaneverbase.com/s/images/logos/voe-logo-2.svg?v=2

186.2.163.111

200 OK

239 B

URL GET HTTP/2
rebeccaneverbase.com/s/images/logos/voe-logo-2.svg?v=2
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type
SVG Scalable Vector Graphics image
Size
239 B (239 bytes)
Hash
b1596cdc210a2042143491e18763edab
b848dda4a8630ca524603b206a305ff25e764455
48e9c5371db27436eb5cb330335ae02d4253e90d7babe3a02e0231b34f208b65

HTTP Headers

GET /s/images/logos/voe-logo-2.svg?v=2 HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/rmysmn7n6c9g
Cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Sat, 01 Jun 2024 16:36:14 GMT
content-type: image/svg+xml
last-modified: Mon, 20 May 2024 13:32:00 GMT
etag: W/"664b50d0-1d9"
expires: Mon, 01 Jul 2024 16:36:14 GMT
cache-control: max-age=2592000
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 310584
content-length: 239
ddg-cache-status: HIT
X-Firefox-Spdy: h2

rebeccaneverbase.com/s/js/site.min.js?ea7bc466cd21d4b756b621241c671b1d

186.2.163.111

200 OK

24 kB

URL GET HTTP/2
rebeccaneverbase.com/s/js/site.min.js?ea7bc466cd21d4b756b621241c671b1d
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (52179)
Size
24 kB (23500 bytes)
Hash
72e89292dad5c7e8a82f6101fc52b71a
11917db2f454df110fedaf803ebf640052f953b8
1058329efc2e4de916dc58c5996ae6620836b878c33d13742b90f20ccddabe61

HTTP Headers

GET /s/js/site.min.js?ea7bc466cd21d4b756b621241c671b1d HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/rmysmn7n6c9g
Cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Sat, 01 Jun 2024 16:36:13 GMT
content-type: application/javascript
last-modified: Sun, 21 Apr 2024 00:38:03 GMT
etag: W/"66245feb-191d9"
expires: Mon, 01 Jul 2024 16:36:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 310585
content-length: 23500
ddg-cache-status: HIT
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js

104.17.25.14

200 OK

27 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
27 kB (27446 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Jun 2024 06:52:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 27446
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64ed75bb-6b36"
last-modified: Tue, 29 Aug 2023 04:36:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 60100
expires: Mon, 26 May 2025 06:52:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VIshRxPZ5IywJzE6f72RK%2BcneMk7eEFoYyPspZAllHENfSNrz8LuOy%2BYr6W1iVaO9HoYDLo%2FDAshdn7UvsBizUXULmmusU0nm7idHHXpFMkk%2BIf6EHK6LVZSsPN223FhAitxCR%2FK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88ee3db21d3456a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/plyr/3.7.8/plyr.min.js

104.17.25.14

200 OK

29 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/plyr/3.7.8/plyr.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (29012 bytes)
Hash
4fb2ab36696965f30dd02a36089bfc64
9b165c0e728a0ac4e2cddc944c9a2c5819ca7342
ae7266d9eb50c1614c4f425edba8b3aa805b8b22c97cbbd360ae9a0ea47c02ad

HTTP Headers

GET /ajax/libs/plyr/3.7.8/plyr.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Jun 2024 06:52:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 29012
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "641dd583-7154"
last-modified: Fri, 24 Mar 2023 16:53:23 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 40425
expires: Mon, 26 May 2025 06:52:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tj%2BrVZtPS1zdE6J6LzBXG8Ah%2Ba%2BJOKT5oSHE4FMX0VE92MVH3sgObGliOwLlOVmtwPxwIaxA%2F8J0iAqHbdUVemM1BoDQxolU7wjCmXi1L1bBol5MYxYt%2FEOp8pR4VJqDV0K%2BqwHS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88ee3db21d4756a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/hls.js/1.2.7/hls.min.js

104.17.25.14

200 OK

83 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/hls.js/1.2.7/hls.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
83 kB (82604 bytes)
Hash
1e59b3a541bcfa025fdda12cbbaa9f6e
b04d134373a70c5c2c536e0246b99dabdde8db9d
88fa861d6c2d711a4a0e9c186234ab06f7e0f77b7bda6da22ae50eae6c892570

HTTP Headers

GET /ajax/libs/hls.js/1.2.7/hls.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Jun 2024 06:52:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 82604
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "636ff6bc-142ac"
last-modified: Sat, 12 Nov 2022 19:40:44 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 60820
expires: Mon, 26 May 2025 06:52:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcdZzVrL8Ljo9fvyx1AhUQKD1MY5CrUO3ZPApsdowS%2FBFVv8ax5zM5gFcjHPiRv4TsZqagutztUewjpkXeiUn91xqI5Wid%2FdPjwjHdkiDF4x9F6xqzCXHhyRuqtrrIx8r7eBLrcu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88ee3db21d4b56a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/plyr/3.7.8/plyr.polyfilled.min.js

104.17.25.14

200 OK

31 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/plyr/3.7.8/plyr.polyfilled.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30620 bytes)
Hash
71dc06ef63bafd519190803503d6fdd0
efc20140bd1efe04b3a56bb3635874f0749cd8ca
b0fc604958d3c5d9b393c4a4e48f77e232ab9928ee1a585a0e87e97984b5b024

HTTP Headers

GET /ajax/libs/plyr/3.7.8/plyr.polyfilled.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Jun 2024 06:52:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 30620
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "641dd583-779c"
last-modified: Fri, 24 Mar 2023 16:53:23 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 44591
expires: Mon, 26 May 2025 06:52:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blzqOxXOVv9yuofAY5e1nVMmvokQLJmuPQNlWUfiomoFqoQWvunnPDY0MaZOlAlAIe8ttOenM15qW6vCIjUN7A8qQmK1140lr68nzExe8ZnunRkJ3vSJ6KoYeEm%2B%2FWZnuedWr9JK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88ee3db21d4c56a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/plyr/3.7.8/plyr.min.css

104.17.25.14

200 OK

4.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/plyr/3.7.8/plyr.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
Unicode text, UTF-8 text, with very long lines (32524), with no line terminators
Size
4.5 kB (4503 bytes)
Hash
27a5932e6ea87c90e820203b47311518
9cd7e9b94c01a5cf5ffe0bd27f2d2e2429738e91
6bfc1e307a874e08da7f2529dd89cca1e4a213d32cc06afaa1086ed85179d8b1

HTTP Headers

GET /ajax/libs/plyr/3.7.8/plyr.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Jun 2024 06:52:38 GMT
content-type: text/css; charset=utf-8
content-length: 4503
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "641dd583-1197"
last-modified: Fri, 24 Mar 2023 16:53:23 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 45441
expires: Mon, 26 May 2025 06:52:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cNy3CgNs3e3dTWl5J%2FgWEjesd8%2BgxXKCbEhtYw6GNQEP%2FQ%2FXEf%2Fvjszan07HP1AezXyDqrdmFYGv8ZUDYu0yeuzGhRjWFOgpAsXMW0icpcghwBN0ARGd9kTxzrA5AY8u7lfHFzQq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88ee3db22d6256a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.2/js/bootstrap.bundle.min.js

104.17.25.14

200 OK

21 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.2/js/bootstrap.bundle.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
21 kB (21203 bytes)
Hash
6baf57f25796c332144ed58a2a0cd9ee
f7fd0f3dc84b2cf93bf81e832505a673f354e0a3
82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd

HTTP Headers

GET /ajax/libs/bootstrap/5.3.2/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Jun 2024 06:52:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 21203
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6503298b-52d3"
last-modified: Thu, 14 Sep 2023 15:40:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3062431
expires: Mon, 26 May 2025 06:52:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMi8N%2FrvzKb2Bl4pAIn56el3YJpGTx7%2FiO2IE2Fiu3jwG2rFrQfWBxqwm0PLS3qyU1Tt2kROTq5QZ3VrHoRXuag2mkhtB%2FWeXKCe%2BHY1K6%2F62isIlTYsSgIkyA8b4rJinBQ%2FWvBu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88ee3db22d7956a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imasdk.googleapis.com/js/sdkloader/ima3.js

142.250.74.170

200 OK

140 kB

URL GET HTTP/2
imasdk.googleapis.com/js/sdkloader/ima3.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint8E:9C:6E:70:61:4E:A0:D8:4A:BD:CA:F0:BF:75:60:FE:A2:36:FB:7A
ValidityMon, 13 May 2024 07:31:30 GMT - Mon, 05 Aug 2024 07:31:29 GMT

File type
JavaScript source, ASCII text, with very long lines (1900)
Size
140 kB (140315 bytes)
Hash
7296a36a8e0a913e75421d33eddd3aa4
011373c6da8e761731335635db4e959f9bd50fac
4b9bac858acbb3b447b2d63bc6834014aecea6191a95d46d47e3f166fc182bab

HTTP Headers

GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 140315
date: Wed, 05 Jun 2024 06:52:38 GMT
expires: Wed, 05 Jun 2024 06:52:38 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

attenuatenovelty.com/0e/d5/91/0ed591400877d316744c6353cd338f08.js

192.243.61.225

200 OK

14 kB

URL GET HTTP/1.1
attenuatenovelty.com/0e/d5/91/0ed591400877d316744c6353cd338f08.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectattenuatenovelty.com
FingerprintAB:F2:97:72:59:41:4A:B1:E1:01:7F:F5:C7:C2:48:3D:C6:19:82:DB
ValiditySun, 02 Jun 2024 08:53:33 GMT - Sat, 31 Aug 2024 08:53:32 GMT

File type
JavaScript source, ASCII text, with very long lines (39485), with no line terminators
Size
14 kB (13871 bytes)
Hash
cf69c010f9d476ce8dd129dd581f57ce
2e371ef669d0de16b1f51a00358f5f9b3197af94
0674300eb68c9578943e91618dd71c3dae6dfcd3c9ae89bfd1c8cd08f63abb88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0e/d5/91/0ed591400877d316744c6353cd338f08.js HTTP/1.1
Host: attenuatenovelty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 05 Jun 2024 06:52:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d7a58e4b7ddca4b5b48886bb96c9d1e5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/figtree/v5/_Xms-HUzqDCFdgfMm4S9DQ.woff2

216.58.207.195

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/figtree/v5/_Xms-HUzqDCFdgfMm4S9DQ.woff2
IP
216.58.207.195:443
ASN
#15169 GOOGLE

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint58:31:72:3C:50:20:A6:E5:54:6A:03:86:57:71:48:CB:E7:EF:75:55
ValidityMon, 13 May 2024 07:31:25 GMT - Mon, 05 Aug 2024 07:31:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20080, version 1.0
Size
20 kB (20080 bytes)
Hash
a87b95d73b0a1092ca62a6934227ec22
5e1de72648af71b468843876289fdd0a763a10c4
aafc56842faa29d254e8317348063a257c11c5d2369d36d5a437e36c398bbe99

HTTP Headers

GET /s/figtree/v5/_Xms-HUzqDCFdgfMm4S9DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rebeccaneverbase.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Jun 2024 08:29:15 GMT
expires: Sun, 01 Jun 2025 08:29:15 GMT
cache-control: public, max-age=31536000
age: 339803
last-modified: Thu, 20 Jul 2023 20:53:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rebeccaneverbase.com/favicon-16x16.png

186.2.163.111

200 OK

533 B

URL GET HTTP/2
rebeccaneverbase.com/favicon-16x16.png
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
533 B (533 bytes)
Hash
4a1c219d978909f413ca1b9a39f7523d
08859f796b01690ee81a13e4bcc0976f16c473ca
dc91f3be29e28fa5aa027f4c3165a5df794424e66c1627b90a204482b470f0be

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/rmysmn7n6c9g
Cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Sat, 01 Jun 2024 16:36:15 GMT
content-type: image/png
content-length: 533
last-modified: Mon, 14 Aug 2023 01:22:27 GMT
etag: "64d981d3-215"
expires: Mon, 01 Jul 2024 16:36:15 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 310584
ddg-cache-status: HIT
X-Firefox-Spdy: h2

rebeccaneverbase.com/android-icon-192x192.png

186.2.163.111

200 OK

7.1 kB

URL GET HTTP/2
rebeccaneverbase.com/android-icon-192x192.png
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7068 bytes)
Hash
6e09fa5e43f9f169c8b65bdba9683b46
e986e9353a404b28a522b85dc0b7afb480b6cb27
7940cbb7ef222596bef1a1d1db04e8a1b745dfdeb769ff9a46f4e3717396af0b

HTTP Headers

GET /android-icon-192x192.png HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/rmysmn7n6c9g
Cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
date: Sat, 01 Jun 2024 16:36:15 GMT
content-type: image/png
content-length: 7068
last-modified: Mon, 20 May 2024 13:32:00 GMT
etag: "664b50d0-1b9c"
expires: Mon, 01 Jul 2024 16:36:15 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 310584
ddg-cache-status: HIT
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Figtree:wght@400;600;800&display=swap

216.58.211.10

200 OK

2.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Figtree:wght@400;600;800&display=swap
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://rebeccaneverbase.com/rmysmn7n6c9g
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint8E:9C:6E:70:61:4E:A0:D8:4A:BD:CA:F0:BF:75:60:FE:A2:36:FB:7A
ValidityMon, 13 May 2024 07:31:30 GMT - Mon, 05 Aug 2024 07:31:29 GMT

File type
ASCII text, with very long lines (2391), with no line terminators
Size
2.3 kB (2337 bytes)
Hash
ddba7b8787290772e4475f68d088c2dc
9c967d600b474c8197044f47f61fcbfddd83613c
c8d913cb4a80ebf4bd6994233d28ef96270195c5bbc113120265b390cf993f8c

HTTP Headers

GET /css2?family=Figtree:wght@400;600;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rebeccaneverbase.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Jun 2024 06:52:38 GMT
date: Wed, 05 Jun 2024 06:52:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rebeccaneverbase.com/rmysmn7n6c9g

186.2.163.111

200 OK

141 kB

URL User Request GET HTTP/2
rebeccaneverbase.com/rmysmn7n6c9g
IP
186.2.163.111:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subjectrebeccaneverbase.com
FingerprintDA:3F:4B:56:D9:A0:00:8C:8A:B7:FF:C9:F0:BE:4E:F9:49:1E:44:B9
ValiditySat, 01 Jun 2024 15:34:27 GMT - Fri, 30 Aug 2024 15:34:26 GMT

File type

Size
141 kB (140889 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /rmysmn7n6c9g HTTP/1.1
Host: rebeccaneverbase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
strict-transport-security: max-age=2628000
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Wed, 05 Jun 2024 06:52:37 GMT
set-cookie: __ddg1_=ekqAo31XOX6ySgi9F2CQ; Domain=.rebeccaneverbase.com; HttpOnly; Path=/; Expires=Thu, 05-Jun-2025 06:52:37 GMT
XSRF-TOKEN=eyJpdiI6Ii9ZWVZTbHFEdUtNSFRHcERLakJYRkE9PSIsInZhbHVlIjoidDBOaHF0UWQ5blgyajdYb01hUkhwNnQ5NEF2U3ZOUXRRNTNrUkhSWlZmd1JTdjZOTXFUejIwWGZSVlBQWHIweVBkbVlhblN3dmpnTHVMeXI4TVpRTnBLdlZENjdwdjlQbDhoS0hYSXM4NG96QnY2UXlxWTlQOFlyZ3F5WUNiSGciLCJtYWMiOiI0ZWUyYjVjNDAwOWYyODIzM2M4YWY1MTViODIzYzU0Y2ZjZmY2ODMyYmVmMDc3ZWFiOTRlMjg4MmI1MTM4ZDZhIiwidGFnIjoiIn0%3D; expires=Wed, 05 Jun 2024 08:22:37 GMT; Max-Age=5400; path=/; secure; samesite=none
voe_session=eyJpdiI6IndoOU1BaWZSL3dpV2tFTEJQK2xhcHc9PSIsInZhbHVlIjoidmliUFdZN28zTHJIN3dhdDNacThzaC9IWUdGYlE0TXpscTNaN210SFUwaXdRNDQ1OThXRWE5Lzg3MTZNQUxjVlhwWncwbk5JQjNDY1FzTTZXN3dORC9NZ2VVTXhLdE1PZnBQR0o4ZHlQT3B0cmdlSFl1V1NYWjFIWXZIQjBqYWEiLCJtYWMiOiJkZmI0ZGZjOWQ3OGMzNmJhYThkMzEzZjlkN2ViYWJlNjBkMDczYjdhMzU2NzJiNjc0OTk0MDA1YzMyYTg5ZGE3IiwidGFnIjoiIn0%3D; expires=Wed, 05 Jun 2024 08:22:37 GMT; Max-Age=5400; path=/; secure; httponly; samesite=none
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP