Report - peso-pluma-rubicon.playurbano.com/

Report Overview

Visited public
2023-11-28 12:12:45
Tags
URL
peso-pluma-rubicon.playurbano.com/
Finishing URL
peso-pluma-rubicon.playurbano.com/
IP / ASN
172.67.166.234
#13335 CLOUDFLARENET
Title
(1) New Message!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
finallytrained.com	unknown	2023-09-05	2023-09-12 21:50:04	2023-11-19 13:28:27	467 B	16 kB	173.233.137.60
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-28 07:52:06	428 B	1.8 kB	142.250.74.106
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-11-27 18:32:50	1.6 kB	847 B	192.243.59.20
quantcast.mgr.consensu.org	2151	2017-12-18	2018-05-26 19:23:53	2023-08-07 13:23:26	439 B	0 B	0.0.0.0
peso-pluma-rubicon.playurbano.com	unknown	unknown	No data	No data	500 B	131 kB	104.21.16.77
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-28 07:50:39	3.4 kB	220 kB	216.58.207.227
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-11-28 05:10:47	586 B	68 kB	104.18.11.207
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-11-28 10:33:24	458 B	684 B	216.58.207.226
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-28 07:59:41	938 B	272 kB	142.250.74.168
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-11-28 08:05:40	350 B	942 B	143.204.53.97
notix.io	14765	2020-08-20	2020-08-20 15:14:00	2023-11-27 05:36:51	970 B	145 kB	139.45.240.92
vexationworship.com	unknown	unknown	No data	No data	5.4 kB	33 kB	173.233.139.164
roughseaside.com	unknown	unknown	No data	No data	513 B	467 B	173.233.137.44
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-11-27 11:39:00	443 B	44 kB	104.21.234.33
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-11-27 20:32:59	538 B	1.9 kB	45.133.44.4
www.playurbano.com	unknown	2015-09-01	2018-03-28 18:14:14	2023-11-08 14:00:45	5.2 kB	167 kB	188.114.96.1
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-11-27 20:32:59	2.4 kB	170 kB	172.64.109.10
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-11-27 20:33:00	932 B	30 kB	45.133.44.10
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-11-27 18:55:43	481 B	442 B	35.157.159.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	notix.io/ent/current/enot.min.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	finallytrained.com	Sinkholed
2023-11-28	medium	unseenreport.com	Sinkholed
2023-11-28	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	From	Size	First Seen	Last Seen
	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	154 B	2023-07-01	2024-09-19
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-01 11:30 Last Seen2024-09-19 22:55 Times Seen18 Hash b68298f0b7482e081cad50f2d3ea273c 6c5cffe61f4696a5622fa5387594df48dff1c392 88ac781294ee6a061539e59b12b79691ca06522d86544420450c4a160c56498f Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	821 B	2023-06-28	2024-09-19
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-28 10:50 Last Seen2024-09-19 22:55 Times Seen22 Hash b7bba5504ab55bf2164f95c51b64db50 ab54a8cbcd3e33cd590a62f49e89e6fe50b74716 2c8f9ae6b392c3d57e7b77d164068c46f852159da0fbb572d075ce77625baa52 Loading...

	peso-pluma-rubicon.playurbano.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL peso-pluma-rubicon.playurbano.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 10:34 Times Seen341881 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 10:34 Times Seen341079 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	2.9 kB	2023-06-28	2024-09-19
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-28 10:50 Last Seen2024-09-19 22:55 Times Seen22 Hash 45232a2c2d227082fabd0818f5d1be15 9156350802962569de2535ff3e7375517d38d467 e37388683fbdec0b1cb92e38a5f29f8463a90aa9ceccce8af23ce91ad5f757b3 Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	290 B	2023-06-28	2024-09-19
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-28 10:50 Last Seen2024-09-19 22:55 Times Seen22 Hash 1e1dae3a78a946cefcd6e06773082827 11282ca1bac6eae7c56471694ae4557c13327fea 271ae3f2b924937e12320d1c59abc4cf2096320afa572653ca3a1b7fc7dfd43e Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	97 kB	2023-06-28	2024-09-19
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-28 10:50 Last Seen2024-09-19 22:55 Times Seen22 Hash b36c1bcc03d0ba4806e8c9d570da5ba0 88938b20de2d977ae3925760b98876d8715f72a1 1d529b74cfd605d88a6689db8ae728fea2eb18bd01de30c83e557c03af57f744 Loading...

	www.playurbano.com/dectector.js	ScriptElement	5.3 kB	2023-03-08	2024-09-19
Pretty URL www.playurbano.com/dectector.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:48 Last Seen2024-09-19 22:55 Times Seen12 Hash e95bcb3e826b3c6229ed828f176ed282 d2d9bc90d4ed48839a54743d4a707d524cb795f5 ab16b46ef192fd9b2e97b18af1751c050c868864f2982b0e6c5c57c81227b51e Loading...

	notix.io/ent/current/enot.min.js	ScriptElement	144 kB	2023-11-27	2023-11-29
Pretty URL notix.io/ent/current/enot.min.js IP 139.45.240.92 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 13:11 Last Seen2023-11-29 09:51 Times Seen70 Hash 938c5b2fda0dc4bc1c5a990d82e79e04 1efdfe620289140a9829952cb1a18dc8aa741130 b75409fbfbd6f3df7d462d2e022e37627d88e83f391fea24d975e8773ecfd385 Loading...

	vexationworship.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js	ScriptElement	60 kB	2023-11-28	2023-11-28
Pretty URL vexationworship.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 13:12 Last Seen2023-11-28 13:12 Times Seen1 Hash 93da6eab0f25fa0c13022f619bc352ff 474b3e8c1e3a7ab68953793b16c8b8bb3d5d5832 2cab25efd8c21aaf14fef9cb572316f11fed7b1e3572e3bc2c00dcd798780e1e Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	287 B	2023-06-28	2024-09-19
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-28 10:50 Last Seen2024-09-19 22:55 Times Seen22 Hash 13fddb654794a8ee9543d31e74ecc508 26831be4946b862670226a2c9cb126a00565c832 7e3269949a7db80e7babdeea96729b031c024838159d50e86e66854c7ce1eeba Loading...

	www.googletagmanager.com/gtag/js?id=UA-77858712-2	ScriptElement	190 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=UA-77858712-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 13:12 Last Seen2023-11-28 13:12 Times Seen1 Hash 1279cc8c674cf69cea1e0eefdf0982e1 c903edd6118d0cb7b6f4e62c9004afd22857993f 8258ad440a82f402bcbf25ef584e843df7251394e82ef841cbc62001ca3e7564 Loading...

	www.googletagmanager.com/gtag/js?id=G-SQFXB0YJTT&l=dataLayer&cx=c	ScriptElement	229 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=G-SQFXB0YJTT&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 13:12 Last Seen2023-11-28 13:12 Times Seen1 Hash aeafb02dfdc2e293e9638c326f726f9a 1174ec4fa433c6d3bf9ae34ef8447476f5fc9e90 ffb6de8b6f2721e9fabfa4dd35e21d81c6fd30eca4b02d6f2e1092e4c7507cac Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	93 B	2023-03-07	2025-04-30
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-04-30 13:03 Times Seen366 Hash 38798e7e8bc5c07bbdfd5370b2507f22 2932a6b78f0434d9e211897685ca0c4b2decf61b a5acef2881fc7bd08395b14bdcebc4c71d78b7e3794ca77addc180d8f4ffa7fc Loading...

	www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.7.1	ScriptElement	3.0 kB	2023-03-07	2025-05-08
Pretty URL www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.7.1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27 Last Seen2025-05-08 10:05 Times Seen578 Hash 53e0fbdc5d79d07d6d955e523f8d2996 e830d0de78b481e31995d69bfda2e71f4cc1be56 2b3c6f1d3cea37b4d8cc609a141b421a88bcaf2f3646965f9f95f4d4a683c949 Loading...

	www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.7.1	ScriptElement	1.6 kB	2023-03-07	2025-05-08
Pretty URL www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.7.1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27 Last Seen2025-05-08 10:05 Times Seen605 Hash 3e6902b70ee52754121f017fd48175db 0a5d8a5716c7b249eb5e0b02d04aa74c5b9948cb 21dc21cf1cc77b458d114634e3775e70f229dc0c215b0c8958920e2079cb5a16 Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	111 B	2023-03-07	2025-04-30
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-04-30 13:03 Times Seen321 Hash c6f494191e9e5c281dbab8f8d0b3a418 0ece403656f730a041965d860ba4ad7067859a66 b1c27134592d1d1c85667216827d274186cf9861e0bc4be87439ece542c112d6 Loading...

	finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js	ScriptElement	43 kB	2023-11-28	2023-11-28
Pretty URL finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js IP 173.233.137.60 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 13:12 Last Seen2023-11-28 13:12 Times Seen1 Hash 99a8ab966e91964e56e09b6fc352cf18 65273c37aafdd48b36e2730dc16f41b23f6b275e b084ae2ce08ddd648acf4602b1443b40b00133f62a4901ac303afb6cc5f1e3de Loading...

	peso-pluma-rubicon.playurbano.com/	ScriptElement	525 B	2024-08-20	2024-08-20
Pretty URL peso-pluma-rubicon.playurbano.com/ IP 104.21.16.77 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:36 Last Seen2024-08-20 17:36 Times Seen1 Hash fbffccc6a112a8235033bab850ff1b6a 195b0fc15f85589db2638bb56e570bc54dca2c1f 6ca5dcb0022cc5e100c8aeae80309083820e7ef01548c24d3a0964c1dcc36f69 Loading...

	www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.7.1	ScriptElement	953 B	2023-03-07	2025-03-30
Pretty URL www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.7.1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27 Last Seen2025-03-30 05:44 Times Seen130 Hash 5b19285ed04053d37c8ab9a897ee5863 db15a2b9bd3db207aa32026436a54386cf54c110 de4ffa402b49132f160a4b72cdf855677151597c0644d51830bb66a20ebd8fb9 Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-10
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP 172.64.109.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 21:31 Times Seen7494 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	unknown	ScriptElement	1.3 kB	2023-07-06	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-06 12:35 Last Seen2024-08-21 04:33 Times Seen15 Hash 678266a9b76da209bcc143809d5c524a f19b32c9c5c61b2cdba6332b7726e8d039bf98da e14b8746c7598e05e398a1e223ee30e5a2c95fca188e23c84c1e5aeb3b613482 Loading...

HTTP Transactions (45)

URL IP Response Size

peso-pluma-rubicon.playurbano.com/

104.21.16.77

200 OK

130 kB

URL User Request GET HTTP/2
peso-pluma-rubicon.playurbano.com/
IP
104.21.16.77:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (21100)
Size
130 kB (130050 bytes)
Hash
0d6944ddbdf4b0274b87ed488b792938
81bb37d657e5f99f4659e246b2ea686dc26b7044
7a41bf4883af4226e5ba7dc37684721441984fbfb7abc3591ce6b899587fa246

HTTP Headers

GET / HTTP/1.1
Host: peso-pluma-rubicon.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-litespeed-cache: hit
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yB8dBTqdDWI6F%2FKYtUZBGos9Q4Dt79kodeY8l3dR%2FCMOC3OAL36F%2FwdbNPhbuEjaQIoYw256kV%2FmxXVPbcMcswTLI55VAHuCiVWkaIx00HlJB0O%2BL95z2CNsfYkCEDVoMU3mQboeo%2BlghEHnXIK%2FkljEc1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e34cc7b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.playurbano.com/wp-content/uploads/2023/06/Peso-Pluma-%E2%80%93-GENESIS-2023.jpg

188.114.96.1

200 OK

39 kB

URL GET HTTP/2
www.playurbano.com/wp-content/uploads/2023/06/Peso-Pluma-%E2%80%93-GENESIS-2023.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (39397 bytes)
Hash
3dc798edd8af2ed955774dc8ac500eee
b3b457d108b035a5d0fee8934c2749a29fc590bb
48e4a7a810f288c97fd673676273a9393daa0f67817b732e790c964583c72e65

HTTP Headers

GET /wp-content/uploads/2023/06/Peso-Pluma-%E2%80%93-GENESIS-2023.jpg HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: image/jpeg
content-length: 39397
cache-control: public, max-age=31536000
expires: Thu, 28 Dec 2023 12:12:26 GMT
last-modified: Fri, 23 Jun 2023 03:58:12 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OU5C1siALzaLzjepbSQ5RlszRRLw%2BmaylMSkauo%2Bu1fjY9k7n2A0nBiRwhuotv5ua3XacybxkHlPtS8MxDJ3AWFGn5oiCc6lKYF59B9WLw%2BgtLUlxYHSlkVPj9qgnUf2NO28S04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284e7592ab4ff-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v9/ATKpv8nLYAKUYexo8iqqrg.woff2

216.58.207.227

200 OK

45 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v9/ATKpv8nLYAKUYexo8iqqrg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45052, version 1.0\012- data
Size
45 kB (45052 bytes)
Hash
198d320b73bc44e4f0dd33d6b09c9511
32770201897de26b9c207215e4ec18c8eab82189
143c5c0124d14b936536af0c656e10aebbc2bb832563f00137f7e9c717195df1

HTTP Headers

GET /s/ptsans/v9/ATKpv8nLYAKUYexo8iqqrg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:30:11 GMT
expires: Fri, 22 Nov 2024 23:30:11 GMT
cache-control: public, max-age=31536000
age: 391335
last-modified: Wed, 11 Oct 2017 18:24:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-SQFXB0YJTT&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-SQFXB0YJTT&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
81 kB (81125 bytes)
Hash
aeafb02dfdc2e293e9638c326f726f9a
1174ec4fa433c6d3bf9ae34ef8447476f5fc9e90
ffb6de8b6f2721e9fabfa4dd35e21d81c6fd30eca4b02d6f2e1092e4c7507cac

HTTP Headers

GET /gtag/js?id=G-SQFXB0YJTT&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Nov 2023 12:12:26 GMT
expires: Tue, 28 Nov 2023 12:12:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81125
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js

173.233.137.60

200 OK

16 kB

URL GET HTTP/1.1
finallytrained.com/06/33/56/0633569b5e7b7ced877cf02d43663712.js
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectfinallytrained.com
Fingerprint8F:A1:2B:2D:3A:32:A7:71:00:73:CC:06:43:01:E1:62:6F:57:F2:4F
ValiditySat, 04 Nov 2023 06:34:02 GMT - Fri, 02 Feb 2024 06:34:01 GMT

File type
ASCII text, with very long lines (42883), with no line terminators
Size
16 kB (15478 bytes)
Hash
99a8ab966e91964e56e09b6fc352cf18
65273c37aafdd48b36e2730dc16f41b23f6b275e
b084ae2ce08ddd648acf4602b1443b40b00133f62a4901ac303afb6cc5f1e3de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /06/33/56/0633569b5e7b7ced877cf02d43663712.js HTTP/1.1
Host: finallytrained.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 28 Nov 2023 12:12:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6c63cf77bd034c84bd0b1d6c82392860
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/ptsans/v9/0XxGQsSc1g4rdRdjJKZrNPk_vArhqVIZ0nv9q090hN8.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/3
fonts.gstatic.com/s/ptsans/v9/0XxGQsSc1g4rdRdjJKZrNPk_vArhqVIZ0nv9q090hN8.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46620, version 1.0\012- data
Size
47 kB (46620 bytes)
Hash
f6d5807c5cbc7ff22671d30fbf09ae1a
f6573b244a01641be40c01ea0fe7a404b766ff86
080d87ea98497809417441c5267bcc92f38883b7023d125e7766b1f4ca8658df

HTTP Headers

GET /s/ptsans/v9/0XxGQsSc1g4rdRdjJKZrNPk_vArhqVIZ0nv9q090hN8.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Nov 2023 00:22:45 GMT
expires: Sat, 23 Nov 2024 00:22:45 GMT
cache-control: public, max-age=31536000
age: 388182
last-modified: Wed, 11 Oct 2017 18:24:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ab08b21b37480bf609deaf73dcbf1e34
4121333c3a37ff481b30918ce3a1aa643cf813c2
d8c99d9c9d12731615d29afd9aba86e213ce6c7dfb8938334de50d3edfd78fcd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 28 Nov 2023 12:12:27 GMT
Last-Modified: Tue, 28 Nov 2023 11:44:52 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: y82WoiDMPk6adR49Ay2C0LAw2aa_x3hyDsFP9ludy6UrHJ8_v8QQOQ==
Age: 1655

www.playurbano.com/dectector.js

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/2
www.playurbano.com/dectector.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
HTML document, ASCII text, with very long lines (623), with CRLF, LF line terminators
Size
1.5 kB (1511 bytes)
Hash
e95bcb3e826b3c6229ed828f176ed282
d2d9bc90d4ed48839a54743d4a707d524cb795f5
ab16b46ef192fd9b2e97b18af1751c050c868864f2982b0e6c5c57c81227b51e

HTTP Headers

GET /dectector.js HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5831
cache-control: public, max-age=31536000
expires: Tue, 26 Dec 2023 20:32:13 GMT
last-modified: Thu, 08 Sep 2022 23:22:46 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 142813
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fAOB0%2BODMEdKuGaTqAS%2FFaiE56B3c7CS6xX052161zR35mu2LX2y8%2Fs4oWmk7X6gYfcrGjH%2BCkqncvFPH9PMIs8bpc3G%2FsWrR7ktlgW0L7k9B1NTNXw9hu4Y6lXrjhXliCmqaoY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e7b9cfb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

104.18.11.207

200 OK

67 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:27 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 10/31/2023 18:48:08
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6962cc9532d4f2b5b0a4e4491e7f45e0
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82d284edcb460b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

notix.io/settings?appId=1004d5bcd6273f6638c17ffe69ed8c9&ver=0.15.18

139.45.240.92

200 OK

318 B

URL GET HTTP/2
notix.io/settings?appId=1004d5bcd6273f6638c17ffe69ed8c9&ver=0.15.18
IP
139.45.240.92:443
ASN
#9002 RETN Limited

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

File type
JSON data\012- , ASCII text, with very long lines (318), with no line terminators
Size
318 B (318 bytes)
Hash
2aa6e23f41c8163ad6687f06a3362efd
d94bb528db571a75d9f9131a0a45249de485de8f
6e305047f5ac1bf8acd8614bd52fce1ab9ac03c5af3eeef71f18cacd724b3fb9

HTTP Headers

GET /settings?appId=1004d5bcd6273f6638c17ffe69ed8c9&ver=0.15.18 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://peso-pluma-rubicon.playurbano.com/
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 12:12:25 GMT
content-type: application/json; charset=utf-8
content-length: 318
access-control-allow-origin: https://peso-pluma-rubicon.playurbano.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v9/0XxGQsSc1g4rdRdjJKZrNPk_vArhqVIZ0nv9q090hN8.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/3
fonts.gstatic.com/s/ptsans/v9/0XxGQsSc1g4rdRdjJKZrNPk_vArhqVIZ0nv9q090hN8.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46620, version 1.0\012- data
Size
47 kB (46620 bytes)
Hash
f6d5807c5cbc7ff22671d30fbf09ae1a
f6573b244a01641be40c01ea0fe7a404b766ff86
080d87ea98497809417441c5267bcc92f38883b7023d125e7766b1f4ca8658df

HTTP Headers

GET /s/ptsans/v9/0XxGQsSc1g4rdRdjJKZrNPk_vArhqVIZ0nv9q090hN8.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Nov 2023 00:22:45 GMT
expires: Sat, 23 Nov 2024 00:22:45 GMT
cache-control: public, max-age=31536000
age: 388182
last-modified: Wed, 11 Oct 2017 18:24:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/ptsans/v9/ATKpv8nLYAKUYexo8iqqrg.woff2

216.58.207.227

200 OK

45 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v9/ATKpv8nLYAKUYexo8iqqrg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45052, version 1.0\012- data
Size
45 kB (45052 bytes)
Hash
198d320b73bc44e4f0dd33d6b09c9511
32770201897de26b9c207215e4ec18c8eab82189
143c5c0124d14b936536af0c656e10aebbc2bb832563f00137f7e9c717195df1

HTTP Headers

GET /s/ptsans/v9/ATKpv8nLYAKUYexo8iqqrg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:30:11 GMT
expires: Fri, 22 Nov 2024 23:30:11 GMT
cache-control: public, max-age=31536000
age: 391336
last-modified: Wed, 11 Oct 2017 18:24:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

vexationworship.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js

173.233.139.164

200 OK

23 kB

URL GET HTTP/1.1
vexationworship.com/b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectvexationworship.com
FingerprintAB:75:EA:1F:F2:23:27:A4:01:23:97:24:D6:1E:24:CE:9F:65:F4:9C
ValidityTue, 28 Nov 2023 08:18:54 GMT - Mon, 26 Feb 2024 08:18:53 GMT

File type
ASCII text, with very long lines (59632), with no line terminators
Size
23 kB (23353 bytes)
Hash
93da6eab0f25fa0c13022f619bc352ff
474b3e8c1e3a7ab68953793b16c8b8bb3d5d5832
2cab25efd8c21aaf14fef9cb572316f11fed7b1e3572e3bc2c00dcd798780e1e

HTTP Headers

GET /b8/d7/49/b8d74904f6b94ccf8e1a8085aa5d1820.js HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 28 Nov 2023 12:12:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c54242971dfa919162eb9e7c077d15b2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.playurbano.com/wp-admin/admin-ajax.php

188.114.96.1

200 OK

4.1 kB

URL POST HTTP/3
www.playurbano.com/wp-admin/admin-ajax.php
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
data
Size
4.1 kB (4063 bytes)
Hash
309cf5097f0a6af6d00b9baf8527db80
c0b9a15e8d25b694d1392908a4407e158b792e13
d402c164630243226a19ed71342823c8128939b598d123c93370990c083626ac

HTTP Headers

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 34
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 12:12:27 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-robots-tag: noindex
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-litespeed-cache-control: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x7XsBNVRQNczFkaah3KomDfq8IOgj84qOieo2IIfB2Y0d1ZmpGS6IMPdkkl%2BhGPkkp7vDdKRW8zNGsymAs%2FbrLg%2BrCdhpvl4SWAGJJ49fSo1vmudfQKmyAWWd6IIocR7CpXOrU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284ed9af85693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vexationworship.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvZ3%2BuFBzUVQmINihOxs9%2FT09Iw5BGNMDMbdJX%2FYg6eqrurZcqu7mqru6dnxshiQHEfw4LH3m90smhCMR0GQWS%2ByIGQ8yBxcEO%2B5CDnLzA6MPqh673tfHd73vfpivzglLgo63fxYD6RSdC2ou7WLWzLlurS19bs1z627l2tbMm01L9f6s8v03vXcoO6%2BU7shoh291nA91%2FVcr3ZdGhHr%2Ftqchcwed7x6x603G3UvaKJv%2Fott4cBSB7x3Sl6B5JP%2Fbf%2FyFDIaI02%2BuybsTq6zSx8khaK5Nujxo3vpTqrLFMmyjI2DOD1avIa2E0K%2BPgedHi0UQPcOZgrA5IQ4v3tg6dFiTLDe4dmkTEGkYPz%2FKHtjCDWGpGNE%2Bj4kf0aAiGN9A2nycF2bku6esXTGTsjKi78hywlZ%2BeMC0uTJVSX7tTtaFbnUqUU%2FriD7Y8juGFlxjHzgQJbHiPLPIfmvZO3FLaTJwYZVGpJP3%2FRpqylcP1hthUFntdnq8NVOHNJVJkTo8zanrBnMLZJyDBmPocQQ1DooZkc6KGIHReYg4dMaDTqx64Yxi32%2F3YyiyPejKGi3eMD9Zjt2UUQzDUPk2RCRGiIye8jMHnbkEKb4CXa7guUObE7Q4xVKQVBagpISlJKgzAnKXnXIlW3Y6iFXtmDeIjcW2a9GOu%2Fu00Odd0VK9rNT8vLMOOfiWx52xLTmtnw%2FaHVYIEIWRoK3wzCK3QZv%2Bq2WH3oNWFlB2nNzmQM5IW%2B%2FvoJMPns1BaPHsOoYkXRAizdAy1HYcEG3R822i0H6iA4yoaStRzoB1xWyfAX5rrOvTslr8%2B19%2BMMnENHJla8Gf954cuEzRKZCZip8Kn8m6KoHo9u6JAe3dWnJ040sl4kc0Nlm7%2BQ0F%2Be%2F%2FUjsltrwm9fs8Jv3ohkxKx%2FfFTa%2FRVMu064lj65KzoW5rk0kyI837ZZgm4XdvlqYtMhubb5%2F%2FWaSGWGt1OkYVE4Ief49IjkhLz2381978d5fkGYMU1RIihOyCEh9jCjbg82WPasJjFpiljkoi2pkGmzZVJJAiSWmrIL9F2bLet8%2BQNc4oPl9pEmFnqnQUxWoGsIW50d5Zk6u%2FObPA0w5I6aMc8CUUV%2BemWvltCaC2I2F2xAs7rA4pC7vxM0Oox1PhCygHnI7EWJ66R8AAAD%2F%2FwEAAP%2F%2FvTCrCI0EAAA%3D

173.233.139.164

200 OK

7 B

URL GET HTTP/1.1
vexationworship.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvZ3%2BuFBzUVQmINihOxs9%2FT09Iw5BGNMDMbdJX%2FYg6eqrurZcqu7mqru6dnxshiQHEfw4LH3m90smhCMR0GQWS%2ByIGQ8yBxcEO%2B5CDnLzA6MPqh673tfHd73vfpivzglLgo63fxYD6RSdC2ou7WLWzLlurS19bs1z627l2tbMm01L9f6s8v03vXcoO6%2BU7shoh291nA91%2FVcr3ZdGhHr%2Ftqchcwed7x6x603G3UvaKJv%2Fott4cBSB7x3Sl6B5JP%2Fbf%2FyFDIaI02%2BuybsTq6zSx8khaK5Nujxo3vpTqrLFMmyjI2DOD1avIa2E0K%2BPgedHi0UQPcOZgrA5IQ4v3tg6dFiTLDe4dmkTEGkYPz%2FKHtjCDWGpGNE%2Bj4kf0aAiGN9A2nycF2bku6esXTGTsjKi78hywlZ%2BeMC0uTJVSX7tTtaFbnUqUU%2FriD7Y8juGFlxjHzgQJbHiPLPIfmvZO3FLaTJwYZVGpJP3%2FRpqylcP1hthUFntdnq8NVOHNJVJkTo8zanrBnMLZJyDBmPocQQ1DooZkc6KGIHReYg4dMaDTqx64Yxi32%2F3YyiyPejKGi3eMD9Zjt2UUQzDUPk2RCRGiIye8jMHnbkEKb4CXa7guUObE7Q4xVKQVBagpISlJKgzAnKXnXIlW3Y6iFXtmDeIjcW2a9GOu%2Fu00Odd0VK9rNT8vLMOOfiWx52xLTmtnw%2FaHVYIEIWRoK3wzCK3QZv%2Bq2WH3oNWFlB2nNzmQM5IW%2B%2FvoJMPns1BaPHsOoYkXRAizdAy1HYcEG3R822i0H6iA4yoaStRzoB1xWyfAX5rrOvTslr8%2B19%2BMMnENHJla8Gf954cuEzRKZCZip8Kn8m6KoHo9u6JAe3dWnJ040sl4kc0Nlm7%2BQ0F%2Be%2F%2FUjsltrwm9fs8Jv3ohkxKx%2FfFTa%2FRVMu064lj65KzoW5rk0kyI837ZZgm4XdvlqYtMhubb5%2F%2FWaSGWGt1OkYVE4Ief49IjkhLz2381978d5fkGYMU1RIihOyCEh9jCjbg82WPasJjFpiljkoi2pkGmzZVJJAiSWmrIL9F2bLet8%2BQNc4oPl9pEmFnqnQUxWoGsIW50d5Zk6u%2FObPA0w5I6aMc8CUUV%2BemWvltCaC2I2F2xAs7rA4pC7vxM0Oox1PhCygHnI7EWJ66R8AAAD%2F%2FwEAAP%2F%2FvTCrCI0EAAA%3D
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectvexationworship.com
FingerprintAB:75:EA:1F:F2:23:27:A4:01:23:97:24:D6:1E:24:CE:9F:65:F4:9C
ValidityTue, 28 Nov 2023 08:18:54 GMT - Mon, 26 Feb 2024 08:18:53 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvZ3%2BuFBzUVQmINihOxs9%2FT09Iw5BGNMDMbdJX%2FYg6eqrurZcqu7mqru6dnxshiQHEfw4LH3m90smhCMR0GQWS%2ByIGQ8yBxcEO%2B5CDnLzA6MPqh673tfHd73vfpivzglLgo63fxYD6RSdC2ou7WLWzLlurS19bs1z627l2tbMm01L9f6s8v03vXcoO6%2BU7shoh291nA91%2FVcr3ZdGhHr%2Ftqchcwed7x6x603G3UvaKJv%2Fott4cBSB7x3Sl6B5JP%2Fbf%2FyFDIaI02%2BuybsTq6zSx8khaK5Nujxo3vpTqrLFMmyjI2DOD1avIa2E0K%2BPgedHi0UQPcOZgrA5IQ4v3tg6dFiTLDe4dmkTEGkYPz%2FKHtjCDWGpGNE%2Bj4kf0aAiGN9A2nycF2bku6esXTGTsjKi78hywlZ%2BeMC0uTJVSX7tTtaFbnUqUU%2FriD7Y8juGFlxjHzgQJbHiPLPIfmvZO3FLaTJwYZVGpJP3%2FRpqylcP1hthUFntdnq8NVOHNJVJkTo8zanrBnMLZJyDBmPocQQ1DooZkc6KGIHReYg4dMaDTqx64Yxi32%2F3YyiyPejKGi3eMD9Zjt2UUQzDUPk2RCRGiIye8jMHnbkEKb4CXa7guUObE7Q4xVKQVBagpISlJKgzAnKXnXIlW3Y6iFXtmDeIjcW2a9GOu%2Fu00Odd0VK9rNT8vLMOOfiWx52xLTmtnw%2FaHVYIEIWRoK3wzCK3QZv%2Bq2WH3oNWFlB2nNzmQM5IW%2B%2FvoJMPns1BaPHsOoYkXRAizdAy1HYcEG3R822i0H6iA4yoaStRzoB1xWyfAX5rrOvTslr8%2B19%2BMMnENHJla8Gf954cuEzRKZCZip8Kn8m6KoHo9u6JAe3dWnJ040sl4kc0Nlm7%2BQ0F%2Be%2F%2FUjsltrwm9fs8Jv3ohkxKx%2FfFTa%2FRVMu064lj65KzoW5rk0kyI837ZZgm4XdvlqYtMhubb5%2F%2FWaSGWGt1OkYVE4Ief49IjkhLz2381978d5fkGYMU1RIihOyCEh9jCjbg82WPasJjFpiljkoi2pkGmzZVJJAiSWmrIL9F2bLet8%2BQNc4oPl9pEmFnqnQUxWoGsIW50d5Zk6u%2FObPA0w5I6aMc8CUUV%2BemWvltCaC2I2F2xAs7rA4pC7vxM0Oox1PhCygHnI7EWJ66R8AAAD%2F%2FwEAAP%2F%2FvTCrCI0EAAA%3D HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Cookie: u_pl=19408177; uid_id2=3a64e035-6759-469d-9f7a-bee73d8dab45:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0633569b5e7b7ced877cf02d43663712=[4766299]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 28 Nov 2023 12:12:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 92210a7274b99882c181ceb92b601e06
Strict-Transport-Security: max-age=0; includeSubdomains

roughseaside.com/pixel/purst?dl=0&th=0&sc=0&rs=2391&rd=2391&fd=883&bv=23.11.v.8&tmpl=136

173.233.137.44

200 OK

0 B

URL GET HTTP/1.1
roughseaside.com/pixel/purst?dl=0&th=0&sc=0&rs=2391&rd=2391&fd=883&bv=23.11.v.8&tmpl=136
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectroughseaside.com
Fingerprint3A:57:39:60:40:2F:89:02:EB:B8:9F:31:F8:2E:EA:0C:A3:48:8A:32
ValidityTue, 28 Nov 2023 08:04:43 GMT - Mon, 26 Feb 2024 08:04:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2391&rd=2391&fd=883&bv=23.11.v.8&tmpl=136 HTTP/1.1
Host: roughseaside.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 28 Nov 2023 12:12:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.207.226

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.207.226:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint6C:2A:75:F2:3F:EF:4F:43:B1:8D:C3:B7:E9:2E:4A:EF:40:6A:FC:92
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://peso-pluma-rubicon.playurbano.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 28 Nov 2023 12:12:28 GMT
expires: Tue, 28 Nov 2023 12:12:28 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15463958059143809233
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52715
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.109.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2456485
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8SpHoawkPOE%2Bdk8PcGYQ1KGLVqmNJP2O9wJ%2FG2T2j%2F6nI5f6CH6z4dsU6eas%2Bm6E14NAf0ih8quT8ugZCqn1f%2FsvFJAFZPCdCA8N8mE9zf0%2BJIs0OMy9n8Pt3MRTOu3R4v98GjdlN%2Fj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284f6ec9d23b4-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.2 kB (1197 bytes)
Hash
27eba73d86d1fa620247a7d64884e67d
d84af647044c90d38c1c837789644940436cf68d
f103be72da146dbf99c266528145065472f8e44f8f68c2decd5ec054c9ccddc1

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 12:12:28 GMT
date: Tue, 28 Nov 2023 12:12:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png

45.133.44.10

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20001 bytes)
Hash
ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3

HTTP Headers

GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Thu, 30 Nov 2023 12:12:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png

45.133.44.10

200 OK

9.0 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9016 bytes)
Hash
a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec

HTTP Headers

GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Thu, 30 Nov 2023 12:12:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=3a64e035-6759-469d-9f7a-bee73d8dab45&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=3a64e035-6759-469d-9f7a-bee73d8dab45&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=3a64e035-6759-469d-9f7a-bee73d8dab45&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=0633569b5e7b7ced877cf02d43663712&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 28 Nov 2023 12:12:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 112230dc45fbd3d5f1963441879c6280
Strict-Transport-Security: max-age=0; includeSubdomains

www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.7.1

188.114.96.1

200 OK

1.6 kB

URL GET HTTP/2
www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.7.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
ASCII text, with very long lines (2976)
Size
1.6 kB (1565 bytes)
Hash
53e0fbdc5d79d07d6d955e523f8d2996
e830d0de78b481e31995d69bfda2e71f4cc1be56
2b3c6f1d3cea37b4d8cc609a141b421a88bcaf2f3646965f9f95f4d4a683c949

HTTP Headers

GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.7.1 HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
expires: Mon, 25 Dec 2023 13:38:55 GMT
last-modified: Fri, 24 Nov 2023 05:06:02 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 254011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fH3yhh0lCmNz8ZgNJvOK8mAI46W9wVDPGy1j0C%2BsIr39OTFuoh7VLLzaqd1Kjg4C%2F1ExuqyTMgNbvNmhIX3B441%2BdNcRgeAYbTMp6rMx8D7SJec6SK5a5eJKObo6S1WsKSz5SlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e7b9d4b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.33

200 OK

43 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.33:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
43 kB (42982 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c01729ed25ac42893b90e7a35383217f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 28 Nov 2023 12:12:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g6gGpQSTOVsZnc1FFE7m%2BrgClI3gKjAo%2BBFC4HSgz%2BV%2F0HcyyJoHalw0o4EW2c76m9is0HTCrbqK57RNQeARZd1bGGRfBAzOp7wLrtoso5m6GWR24iFzZznDLeV0TWJwdw1za3g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284f1cff10b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:57:34 GMT
expires: Fri, 22 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 458095
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

vexationworship.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvZ3%2BuFBzUVQmINihOxs93T39Iw5BGNMDMYk5A85eKquqp4tt7qrqeqenh0viwHJcQQPHnu%2F2c2iCcF4FASZ9SILQsaDzMEF8Z6LkLPM7MDog6r3vvfV4X3fqy92y2PioqSzmx%2FroVSKboRNt3H2nsy4rmzj%2Bp2G5zbd8417MmsH5xuD%2BWX673pu2HTfaVwRbEtvtFzPdT3Xa1yWRiR6sLFgIfPHXa%2FZdZtBq%2BmFAQbmv9iWDix1wPvH5BVIPv3f5i9PIdkEWfrdJWG3Cp2f%2ByAtFS20QZ8f3M22Ml1lSFdlYhwk2cHyNbSdEvL1KejsYKkAur83V4BYTonzu4c4O1iOibi%2FfzJprCAyxPz%2FqPoTCDWBpBMwfR%2BSPyMA47h%2BA1n68Lo2Fd0%2BYemcnZK1F39DVlOy9scZZOmTi0oOGre1KgupM4tBUkMOJpC9CfLyEMXQgawOwYrPIfmvZOPFNWTp3g2rNCSfvenTdiBcP1xvR2F3PWh3%2BXo3ieh6LETk8w6ncRAuLJJyAplMoMQI1Doo50c6KBMHZe4g5bMGDbuJ60ZJnPh%2BJ2CM%2BT5jYafNQ%2B4HncRFyeYaRijyEZgagZkd5GYHW3IEU%2F4Eu1nDcge2IOjzGpUgqCxBRQkqSVAVBFW%2F3ufKtmz9kCtbxt4yt5bZr8e66O3SfV30REZ282Py8tw45%2BxbHrbErOG2fT9sd%2BNQRHHEBO9EEUvcFg%2F8dtuPvBasrCHtqYXMoZySt19fQy6fvZohpoew6hBMOqDlG6DVOGq5oJvjoONimD2iw1woaZtMp%2BC6Rl6sodh2dtUxeW2xvQ9%2F%2BASCHV34avjnlSdnPgMzNXJT41P5M0FPPRjf0hXZu6UrS57eyAuZyiGdb%2FZ2QQtx%2BtuPxHalDb96yY6%2BeY%2FNiXn5%2BI6wxTWacZn1LHl0UXIuzGVtmCA%2FXrX3RHyztJsXS5OV%2BbWb71%2B%2BmuZGWCt1NgGVU0Kefw8mp%2BSl53bxa8%2Fe%2FQvSTGDKGml5RJYBqQ%2FB8h3YfNWzmsCoFY5zB1VZj00rXjWVJFBihWlcw%2F4Lx6t61z5AzzigxX1kaY2%2BqdFXNagawZanx0Vuji785i8CsXLGsTLOXqyM%2BvLEXCtnjdALRCfuRIzzWDDuRS2%2F47tui%2FMg6gqvi8JOhZid%2BwcAAP%2F%2FAQAA%2F%2F%2BpOCXujQQAAA%3D%3D

173.233.139.164

200 OK

7 B

URL GET HTTP/1.1
vexationworship.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvZ3%2BuFBzUVQmINihOxs93T39Iw5BGNMDMYk5A85eKquqp4tt7qrqeqenh0viwHJcQQPHnu%2F2c2iCcF4FASZ9SILQsaDzMEF8Z6LkLPM7MDog6r3vvfV4X3fqy92y2PioqSzmx%2FroVSKboRNt3H2nsy4rmzj%2Bp2G5zbd8417MmsH5xuD%2BWX673pu2HTfaVwRbEtvtFzPdT3Xa1yWRiR6sLFgIfPHXa%2FZdZtBq%2BmFAQbmv9iWDix1wPvH5BVIPv3f5i9PIdkEWfrdJWG3Cp2f%2ByAtFS20QZ8f3M22Ml1lSFdlYhwk2cHyNbSdEvL1KejsYKkAur83V4BYTonzu4c4O1iOibi%2FfzJprCAyxPz%2FqPoTCDWBpBMwfR%2BSPyMA47h%2BA1n68Lo2Fd0%2BYemcnZK1F39DVlOy9scZZOmTi0oOGre1KgupM4tBUkMOJpC9CfLyEMXQgawOwYrPIfmvZOPFNWTp3g2rNCSfvenTdiBcP1xvR2F3PWh3%2BXo3ieh6LETk8w6ncRAuLJJyAplMoMQI1Doo50c6KBMHZe4g5bMGDbuJ60ZJnPh%2BJ2CM%2BT5jYafNQ%2B4HncRFyeYaRijyEZgagZkd5GYHW3IEU%2F4Eu1nDcge2IOjzGpUgqCxBRQkqSVAVBFW%2F3ufKtmz9kCtbxt4yt5bZr8e66O3SfV30REZ282Py8tw45%2BxbHrbErOG2fT9sd%2BNQRHHEBO9EEUvcFg%2F8dtuPvBasrCHtqYXMoZySt19fQy6fvZohpoew6hBMOqDlG6DVOGq5oJvjoONimD2iw1woaZtMp%2BC6Rl6sodh2dtUxeW2xvQ9%2F%2BASCHV34avjnlSdnPgMzNXJT41P5M0FPPRjf0hXZu6UrS57eyAuZyiGdb%2FZ2QQtx%2BtuPxHalDb96yY6%2BeY%2FNiXn5%2BI6wxTWacZn1LHl0UXIuzGVtmCA%2FXrX3RHyztJsXS5OV%2BbWb71%2B%2BmuZGWCt1NgGVU0Kefw8mp%2BSl53bxa8%2Fe%2FQvSTGDKGml5RJYBqQ%2FB8h3YfNWzmsCoFY5zB1VZj00rXjWVJFBihWlcw%2F4Lx6t61z5AzzigxX1kaY2%2BqdFXNagawZanx0Vuji785i8CsXLGsTLOXqyM%2BvLEXCtnjdALRCfuRIzzWDDuRS2%2F47tui%2FMg6gqvi8JOhZid%2BwcAAP%2F%2FAQAA%2F%2F%2BpOCXujQQAAA%3D%3D
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectvexationworship.com
FingerprintAB:75:EA:1F:F2:23:27:A4:01:23:97:24:D6:1E:24:CE:9F:65:F4:9C
ValidityTue, 28 Nov 2023 08:18:54 GMT - Mon, 26 Feb 2024 08:18:53 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvZ3%2BuFBzUVQmINihOxs93T39Iw5BGNMDMYk5A85eKquqp4tt7qrqeqenh0viwHJcQQPHnu%2F2c2iCcF4FASZ9SILQsaDzMEF8Z6LkLPM7MDog6r3vvfV4X3fqy92y2PioqSzmx%2FroVSKboRNt3H2nsy4rmzj%2Bp2G5zbd8417MmsH5xuD%2BWX673pu2HTfaVwRbEtvtFzPdT3Xa1yWRiR6sLFgIfPHXa%2FZdZtBq%2BmFAQbmv9iWDix1wPvH5BVIPv3f5i9PIdkEWfrdJWG3Cp2f%2ByAtFS20QZ8f3M22Ml1lSFdlYhwk2cHyNbSdEvL1KejsYKkAur83V4BYTonzu4c4O1iOibi%2FfzJprCAyxPz%2FqPoTCDWBpBMwfR%2BSPyMA47h%2BA1n68Lo2Fd0%2BYemcnZK1F39DVlOy9scZZOmTi0oOGre1KgupM4tBUkMOJpC9CfLyEMXQgawOwYrPIfmvZOPFNWTp3g2rNCSfvenTdiBcP1xvR2F3PWh3%2BXo3ieh6LETk8w6ncRAuLJJyAplMoMQI1Doo50c6KBMHZe4g5bMGDbuJ60ZJnPh%2BJ2CM%2BT5jYafNQ%2B4HncRFyeYaRijyEZgagZkd5GYHW3IEU%2F4Eu1nDcge2IOjzGpUgqCxBRQkqSVAVBFW%2F3ufKtmz9kCtbxt4yt5bZr8e66O3SfV30REZ282Py8tw45%2BxbHrbErOG2fT9sd%2BNQRHHEBO9EEUvcFg%2F8dtuPvBasrCHtqYXMoZySt19fQy6fvZohpoew6hBMOqDlG6DVOGq5oJvjoONimD2iw1woaZtMp%2BC6Rl6sodh2dtUxeW2xvQ9%2F%2BASCHV34avjnlSdnPgMzNXJT41P5M0FPPRjf0hXZu6UrS57eyAuZyiGdb%2FZ2QQtx%2BtuPxHalDb96yY6%2BeY%2FNiXn5%2BI6wxTWacZn1LHl0UXIuzGVtmCA%2FXrX3RHyztJsXS5OV%2BbWb71%2B%2BmuZGWCt1NgGVU0Kefw8mp%2BSl53bxa8%2Fe%2FQvSTGDKGml5RJYBqQ%2FB8h3YfNWzmsCoFY5zB1VZj00rXjWVJFBihWlcw%2F4Lx6t61z5AzzigxX1kaY2%2BqdFXNagawZanx0Vuji785i8CsXLGsTLOXqyM%2BvLEXCtnjdALRCfuRIzzWDDuRS2%2F47tui%2FMg6gqvi8JOhZid%2BwcAAP%2F%2FAQAA%2F%2F%2BpOCXujQQAAA%3D%3D HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Cookie: u_pl=19408177; uid_id2=3a64e035-6759-469d-9f7a-bee73d8dab45:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 28 Nov 2023 12:12:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69f2727083a40a082820b7ce5e2f62f9
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.109.10

200 OK

1.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
1.0 kB (1048 bytes)
Hash
aae84ccade4cab86c1afdf4c4532762a
b08de856858a730e980fb2a0ca2f0e1442c03d46
6e45c9c8dba52c75144c153e63a04d055f15e5f39897ab3f2413154c9cf2e91f

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:29 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2Bw4puSO3DTn3j7e7YfjUkbtijA5yW%2FeUiBxkZUGyJ3yWs0%2FsrQn4JJLyygu1I5B6P%2FJmi6FkA3rlp2yi1c8m%2FkkOs9JcqbEFPesMzpyYCLzT2Z7HvarzCyf%2BxoU%2FeGP8%2BeSTsKP1sd6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284f878136563-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=3a64e035-6759-469d-9f7a-bee73d8dab45&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=3a64e035-6759-469d-9f7a-bee73d8dab45&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=3a64e035-6759-469d-9f7a-bee73d8dab45&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=b8d74904f6b94ccf8e1a8085aa5d1820&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 28 Nov 2023 12:12:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ce2c49420ac7590f11e1014ad2a1949
Strict-Transport-Security: max-age=0; includeSubdomains

vexationworship.com/pixel/sbs?c=1

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
vexationworship.com/pixel/sbs?c=1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectvexationworship.com
FingerprintAB:75:EA:1F:F2:23:27:A4:01:23:97:24:D6:1E:24:CE:9F:65:F4:9C
ValidityTue, 28 Nov 2023 08:18:54 GMT - Mon, 26 Feb 2024 08:18:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Cookie: u_pl=19408177; uid_id2=3a64e035-6759-469d-9f7a-bee73d8dab45:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 28 Nov 2023 12:12:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:53:27 GMT
expires: Fri, 22 Nov 2024 04:53:27 GMT
cache-control: public, max-age=31536000
age: 458342
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=UA-77858712-2

142.250.74.168

200 OK

190 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-77858712-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
190 kB (190014 bytes)
Hash
1279cc8c674cf69cea1e0eefdf0982e1
c903edd6118d0cb7b6f4e62c9004afd22857993f
8258ad440a82f402bcbf25ef584e843df7251394e82ef841cbc62001ca3e7564

HTTP Headers

GET /gtag/js?id=UA-77858712-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Nov 2023 12:12:26 GMT
expires: Tue, 28 Nov 2023 12:12:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68786
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

quantcast.mgr.consensu.org/cmp.js

0.0.0.0

0 B

URL GET
quantcast.mgr.consensu.org/cmp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://peso-pluma-rubicon.playurbano.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cmp.js HTTP/1.1
Host: quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.4.1

188.114.96.1

200 OK

276 B

URL GET HTTP/2
www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.4.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
ASCII text, with no line terminators
Size
276 B (276 bytes)
Hash
4f3b7d52ca6ad3ce850aaef4cb7ce87c
4aae0892ba85f4a12a324bdae4cd3a79dceed680
e9e19b61ee5df173000dee8bb0e9d16821472745870f229d2b01770d0f2b6484

HTTP Headers

GET /wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.4.1 HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=311
cache-control: public, max-age=31536000
expires: Thu, 28 Dec 2023 04:54:38 GMT
last-modified: Fri, 24 Nov 2023 05:06:02 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 26268
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uk5D%2Fj36QKHJkuxeddGJnB%2FmPICrMuk0f1%2F5Q1tlhoE4tEGxTquyHe36kQVytVCvNq7NM8dpzoTAjKgRQKziP9XlWCm0Dhu9Vw2G3pTkHRNhndFgoScy0Am06KFmlwFtIb0O5Kc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e79991b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.7.1

188.114.96.1

200 OK

1.6 kB

URL GET HTTP/2
www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.7.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
ASCII text, with very long lines (1637), with no line terminators
Size
1.6 kB (1573 bytes)
Hash
767a13a0b6f62af29de776e16d541cf2
d306619ed1ec7916673a708c1dda568848880b9a
b7aef8beddb3e71e50d6e64537d2ab2c0383bcb9f9191c343517d846f5173235

HTTP Headers

GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.7.1 HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
expires: Mon, 25 Dec 2023 13:38:55 GMT
last-modified: Fri, 24 Nov 2023 05:06:02 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 254011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNnyJl812e6VmByrkRbyA0Ftf1OOrJklOnB9YgfVbCKGPXPT%2Bw45dj8w2UyMIlw3IApn3Y9SBh5cFHDYskBU7Dzwf5wQO0yimJEvk33tWdCs5YcixqbWWhH7S2STRWw96TZjQmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e7591fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.109.10

200 OK

958 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (1009), with no line terminators
Size
958 B (958 bytes)
Hash
04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:29 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHLWisO2fJeRJhwCZoKsFDTdBKs7jKRJvKQIo0clXeJ9i9U6AdgMwXX80ZPzCnYs5HZpB1YTHpPF9UyXfN4DHE4rUFD41s%2FJhaNNQpECPdJXwCTuqIsCkmF0lGpPyoCeCb8R2HFtp8Y9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284f81f956563-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

notix.io/ent/current/enot.min.js

139.45.240.92

200 OK

144 kB

URL GET HTTP/2
notix.io/ent/current/enot.min.js
IP
139.45.240.92:443
ASN
#9002 RETN Limited

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
144 kB (143573 bytes)
Hash
938c5b2fda0dc4bc1c5a990d82e79e04
1efdfe620289140a9829952cb1a18dc8aa741130
b75409fbfbd6f3df7d462d2e022e37627d88e83f391fea24d975e8773ecfd385

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 12:12:25 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 11:19:12 GMT
etag: W/"65647b30-230d5"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

vexationworship.com/sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=3a64e035-6759-469d-9f7a-bee73d8dab45%3A1%3A1

192.243.59.20

200 OK

6.0 kB

URL GET HTTP/1.1
vexationworship.com/sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=3a64e035-6759-469d-9f7a-bee73d8dab45%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectvexationworship.com
FingerprintAB:75:EA:1F:F2:23:27:A4:01:23:97:24:D6:1E:24:CE:9F:65:F4:9C
ValidityTue, 28 Nov 2023 08:18:54 GMT - Mon, 26 Feb 2024 08:18:53 GMT

File type
ASCII text, with very long lines (6086), with no line terminators
Size
6.0 kB (6010 bytes)
Hash
1927f638bb9186e44e6c1ec197f62b55
edb0fdde94e896e1c711018560d1da6d544d52da
edca1320b0f2398db525e1c7fa4e4a9a715a23acf19eebe39df30cd955412b43

HTTP Headers

GET /sbar.json?key=0633569b5e7b7ced877cf02d43663712&uuid=3a64e035-6759-469d-9f7a-bee73d8dab45%3A1%3A1 HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 28 Nov 2023 12:12:28 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://peso-pluma-rubicon.playurbano.com
Access-Control-Allow-Origin: https://peso-pluma-rubicon.playurbano.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19408177; expires=Wed, 29 Nov 2023 12:12:27 GMT; secure; SameSite=None
uid_id2=3a64e035-6759-469d-9f7a-bee73d8dab45:1:1; expires=Tue, 05 Dec 2023 12:12:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 29 Nov 2023 12:12:28 GMT; secure; SameSite=None
uncs=1; expires=Wed, 29 Nov 2023 12:12:28 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 29 Nov 2023 12:12:28 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 29 Nov 2023 12:12:28 GMT; secure; SameSite=None
slec0633569b5e7b7ced877cf02d43663712=[4766299]; expires=Tue, 28 Nov 2023 12:12:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d084b55ea76253583088a7b17b34d5d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.4

200 OK

1.5 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators
Size
1.5 kB (1538 bytes)
Hash
97b357c624104a8e915d01424dfe16ce
6bd7fcedfb7986b149601b1bc840f525b67a8f06
8d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 28 Nov 2023 13:12:28 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.109.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OZiKv5957cMWTLUfY7JvtrmhNEpTfXZMNvVlg6LpgY0F8S39F7sfzrKEG185BOe5W05GEvP%2BMrLCWlsHPpKQhOaUAlXEldhQOsjekJ%2BPw92OydebCNoLNptzLJJmF%2BI3lIkb5xsD5NUW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284f62c6d6563-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.7.1

188.114.96.1

200 OK

953 B

URL GET HTTP/2
www.playurbano.com/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.7.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
ASCII text, with very long lines (954), with no line terminators
Size
953 B (953 bytes)
Hash
5f8acd177611bf552cd7c013e3c5438a
7a2e4d6938a916cb00b5fc65516eaabfcf14f5ad
ad4ef456c763bd0bd66b54869f9c7c9a35e968f0149606c4575cd8f633d8efea

HTTP Headers

GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.7.1 HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1045
cache-control: public, max-age=31536000
expires: Mon, 25 Dec 2023 13:38:55 GMT
last-modified: Fri, 24 Nov 2023 05:06:02 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 254011
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzkBQlF4wyKEw23DpHkeS5%2Fb%2BGvnRRIPZCdTuMdyy2mzphCvHqUSJmXRNCk0cI3kLEIIuCJB%2BSJMQBrRDJ0HTux2%2BkIhXkQvcPGoIMofNuzcBxFWpooNzgjDxTUH6Bsp31ET5SI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e75925b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.playurbano.com/wp-content/themes/mp3/images/favicon.ico

0.0.0.0

0 B

URL GET
www.playurbano.com/wp-content/themes/mp3/images/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/mp3/images/favicon.ico HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Cookie: _ga_SQFXB0YJTT=GS1.1.1701173550.1.0.1701173550.0.0.0; _ga=GA1.1.1121661117.1701173551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 28 Nov 2023 12:12:27 GMT
content-type: image/x-icon
cache-control: public, max-age=31536000
expires: Thu, 28 Dec 2023 04:54:40 GMT
last-modified: Tue, 17 May 2016 04:14:02 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 26267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wvRri5WuHQUtogHJzddLINcSYwRJamgFIzXJEDe9eLYhsOgH0BrG9r6guN0brs8yihYWTTiHsNzheMCuLUgnnZeWV%2BJr%2F93a4mOvKZj8vF3eF9KCnMYRNzBtDpRgpONCKx9T08%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284f15cf5569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.playurbano.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1

188.114.96.1

200 OK

110 kB

URL GET HTTP/2
www.playurbano.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type

Size
110 kB (110035 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.1 HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Fri, 22 Dec 2023 12:37:42 GMT
last-modified: Mon, 20 Nov 2023 13:19:39 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 516884
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WhqSTv%2B73FOMDMlAgIOdGogU7f0%2BFUnemt4I1WtwTgfRrXBEUkjkhhMKx0KfnQJ1ZT5jl5jFbELf33kUg8qfvwzBjTYeqHUH3Cwdhqn2LM6jZoofPtdPj15iyfF1KlbNdSJFTNQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d284e79988b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.playurbano.com/wp-content/uploads/sass/a3_lazy_load.min.css?ver=1509416944

188.114.96.1

200 OK

127 B

URL GET HTTP/2
www.playurbano.com/wp-content/uploads/sass/a3_lazy_load.min.css?ver=1509416944
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerLet's Encrypt
Subjectplayurbano.com
FingerprintFD:B6:7D:5A:CA:4F:BA:02:50:77:38:14:C1:1A:57:F0:17:EF:B7:F9
ValidityMon, 30 Oct 2023 13:01:30 GMT - Sun, 28 Jan 2024 13:01:29 GMT

File type
ASCII text, with no line terminators
Size
127 B (127 bytes)
Hash
c27b42550dfbec022904e63b23ede660
b007b7f59147d49fd46e2d3aa1b77a71129e1f34
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd

HTTP Headers

GET /wp-content/uploads/sass/a3_lazy_load.min.css?ver=1509416944 HTTP/1.1
Host: www.playurbano.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:26 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Fri, 22 Dec 2023 12:37:42 GMT
last-modified: Tue, 31 Oct 2017 02:29:04 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 516884
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XkQKfyf2z88lU66pDQEcnNsGjj%2BXho4ifXSY4RVz1Kdf3ISEpCM04%2F28t%2F6%2FSHSzC6IS1kzBDMirOjhWjbLdHS6MTjy7NoRqSFityW%2BaBp1ib1MjCOfAYDAYuvLja6E%2BkWQ08C8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284e77968b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

35.157.159.40

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.157.159.40:443
ASN
#16509 AMAZON-02

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d01eea200a72fca2f31d621887b68fc5
1a9d4acbc332cc6e413731fd6c40d4e8032aa2cc
383748b65e08fe3412fb89c88f2b8420b486585e3bf1f91b06e5f002f024f344

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://peso-pluma-rubicon.playurbano.com
DNT: 1
Connection: keep-alive
Referer: https://peso-pluma-rubicon.playurbano.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://peso-pluma-rubicon.playurbano.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3a64e035-6759-469d-9f7a-bee73d8dab45:1:1; expires=Fri, 25 Nov 2033 12:12:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.109.10

200 OK

84 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://peso-pluma-rubicon.playurbano.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:12:28 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1670309
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLdTGjYZdPj7Cb9HCnvuUqN5cTHRTBxNmEQKDFMDoDbjAVPSu%2BStVteAx3m8i7q6mJOEAEvqVKzSxDbi1%2FBRmsp4AgO0AvCbRi8GWqyiu%2FryAP7R4KhhOzEESvfB1SPiGWVYYeAVzGk2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d284f6dc9c23b4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by