Report - www.luckypatchers.com/lucky-patcher-all-versions/

Report Overview

Visited public
2024-05-04 16:35:27
Tags
Submit Tags
URL
www.luckypatchers.com/lucky-patcher-all-versions/
Finishing URL
www.luckypatchers.com/lucky-patcher-all-versions/
IP / ASN
104.26.7.23
#13335 CLOUDFLARENET
Title
Lucky Patcher All Versions Free Download - Lucky Patcher

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-05-03 19:23:37	475 B	750 B	139.45.195.8
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04 23:39:03	2024-05-03 19:58:45	416 B	29 kB	188.114.96.1
endlesslyalwaysbeset.com	unknown	2024-04-29	2024-04-30 19:45:19	2024-04-30 19:45:19	7.9 kB	22 kB	192.243.59.13
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2024-05-03 07:51:09	741 B	423 B	192.243.59.20
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2024-05-03 19:58:45	958 B	732 B	52.29.105.35
vaikijie.net	unknown	2023-01-06	2023-01-07 01:00:06	2024-02-25 12:27:59	854 B	33 kB	139.45.197.244
tailorprecious.com	unknown	2023-12-02	2023-12-02 10:51:16	2024-02-13 23:16:47	882 B	23 kB	172.240.108.84
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2024-05-03 20:46:12	338 B	942 B	3.164.222.26
sunflowercoastlineprobe.com	unknown	2024-04-29	2024-04-30 07:12:54	2024-04-30 13:14:13	3.2 kB	23 kB	172.240.127.234
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2024-05-03 18:39:44	2.4 kB	572 kB	45.133.44.10
www.luckypatchers.com	unknown	2016-03-06	2016-05-18 10:08:52	2024-02-25 06:29:52	7.6 kB	1.1 MB	172.67.74.56
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-05-03 18:39:23	876 B	333 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	vaikijie.net	Sinkholed
2024-05-04	medium	sunflowercoastlineprobe.com	Sinkholed
2024-05-04	medium	sunflowercoastlineprobe.com	Sinkholed
2024-05-04	medium	endlesslyalwaysbeset.com	Sinkholed
2024-05-04	medium	sunflowercoastlineprobe.com	Sinkholed
2024-05-04	medium	endlesslyalwaysbeset.com	Sinkholed
2024-05-04	medium	endlesslyalwaysbeset.com	Sinkholed
2024-05-04	medium	endlesslyalwaysbeset.com	Sinkholed
2024-05-04	medium	endlesslyalwaysbeset.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	vaikijie.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	From	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-16
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-16 09:03 Times Seen409199 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	downstairsnegotiatebarren.com/sfp.js	ScriptElement	86 kB	2024-03-29	2024-08-21
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13 Last Seen2024-08-21 22:41 Times Seen2254 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	www.luckypatchers.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2	ScriptElement	19 kB	2024-04-10	2025-07-09
Pretty URL www.luckypatchers.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-10 21:07 Last Seen2025-07-09 13:54 Times Seen147 Hash 0eec1c4ab7bf86f404adde4eb7fef079 8ffda7ff4628796dc1e4133b4ac22cc4c12a191f 24a2071a6ff33f8868cf8d73f227924716780ba699241ada0a66298ab7e6b824 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	3.2 kB	2024-08-20	2024-08-20
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 4dba238b04abf10d82eb8f35afedf334 13b66b08ca5a6bbab48900ec2a52193e62b063e3 5727229d50ac06b896f035d02f29934f745823135c333776a34bc3d79b7a8c05 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	161 B	2024-05-04	2024-08-29
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 18:35 Last Seen2024-08-29 17:44 Times Seen3 Hash 294b6a3f27893ec45cbba745a4e1d335 95ca2c67be834735323118b005938588471e4104 f4eaca58540d51f0f30664cf444f8b3550af2c01c12fa535b43be7a01e157f98 Loading...

	www.luckypatchers.com/wp-content/cache/minify/1615d.js	ScriptElement	6.3 kB	2023-03-07	2025-07-11
Pretty URL www.luckypatchers.com/wp-content/cache/minify/1615d.js IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-07-11 08:17 Times Seen90 Hash 6b4f474dd7e9cdb72b1b38f723007883 b882e63a139948e21a3a1bae6747225333276421 3590a50189b749c071460b4b98b86d4231f3fe83c3bac6b8d35f0bcee14e1aec Loading...

	www.googletagmanager.com/gtag/js?id=UA-74724554-1	ScriptElement	208 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtag/js?id=UA-74724554-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 46082dd7fb3412816c2e8f2fcc69ab5a 76f77e939681923bde49ed17a739c3d2b77dd070 a427fac3e3a77449d22e0faddb50cc7f2e998270aa8991507d9d4da543ba25de Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	243 B	2024-02-14	2025-03-26
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-14 19:10 Last Seen2025-03-26 23:16 Times Seen10 Hash 4129cede91887eaac392c20fd11c4439 78f227a90f334503abc348a0e314051c7fae7135 e29ed8c59fa74eb4a84bd38ad5b8a3cc80e19319fa3403a21bee3cc30d7932a2 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	884 B	2024-04-10	2024-08-20
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-10 21:07 Last Seen2024-08-20 05:04 Times Seen4 Hash 7f2459aed2cfff9c2fe9657c4cf7beb7 4bf4b38d0e2a2d1608449353089beeec9e48b4ac 3fcd48c7d2982cc2d89bf7ece4d14d346a70f1e421fdf056e2048cd6f9a326ff Loading...

	www.luckypatchers.com/wp-content/cache/minify/618c8.js	ScriptElement	317 kB	2024-08-20	2024-08-20
Pretty URL www.luckypatchers.com/wp-content/cache/minify/618c8.js IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 149df67de920263ad6be63ff35a8f677 d65b7958b48aed5305b1601ed840a5bae4c75609 5d1e61dad3f04706d666b87e8319e4cf173bbaaa7f288b94dc319e1bf76cb1a7 Loading...

	unknown	EventHandler	45 B	2023-04-15	2025-07-15
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-15 03:57 Last Seen2025-07-15 23:36 Times Seen549 Hash 952469182aea581c736ffd4b71eda314 9265ee9add6982ee32396077039277f9cc81ee1d 584e8f5e5b167a9ed7d94949f22463c400266a1715471031c394aa2d47bb7d5f Loading...

	tailorprecious.com/3eca821ef45fde49595e58b6255cacf3/invoke.js	ScriptElement	27 kB	2024-08-20	2024-08-20
Pretty URL tailorprecious.com/3eca821ef45fde49595e58b6255cacf3/invoke.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 09718604282b1fd3597f33fce3cc1783 ebc70fbc2620de1d2730e6076aed56ba612a9a30 e4f715421fc2b26ef3065177c9d7fcc142ae37c9b6144590e795df3adbb16646 Loading...

	tailorprecious.com/ae6b00eba237d65649579c179e26a29b/invoke.js	ScriptElement	31 kB	2024-08-20	2024-08-20
Pretty URL tailorprecious.com/ae6b00eba237d65649579c179e26a29b/invoke.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash b38d2b1aca0cafe30afe387a7451718a fd5f2dc78ef5f4946dee221bc564f5e59f9eb930 a4266b94f9e2dd870136dc17c9d629cc7da7ce0b6191d504b159d3e677d3e74f Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	7.4 kB	2024-04-10	2025-03-26
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-10 21:07 Last Seen2025-03-26 23:16 Times Seen9 Hash 9c1e124a1fe3886cd0161f77cdb130a8 1fa4cf41c6d04ea47dc1e4eeedeebbcba545bf39 24265d3c63c30d6bda7ec798af2aa84ef8fc87c9858090f18800384a21a0e04c Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	59 kB	2024-05-04	2024-09-19
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 18:35 Last Seen2024-09-19 21:59 Times Seen2 Hash 2f1f707824656eee8dae67373fc22420 299db84852c62c75d9bf5a5897e8eed83a35a71d 90919583285657dd90dd5b32a837154e850862151050ab14028cad0060eca950 Loading...

	www.luckypatchers.com/wp-content/cache/minify/1f540.js	ScriptElement	12 kB	2024-03-02	2025-07-16
Pretty URL www.luckypatchers.com/wp-content/cache/minify/1f540.js IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-02 15:39 Last Seen2025-07-16 08:53 Times Seen10055 Hash efc27e253fae1b7b891fb5a40e687768 ad12044651ffac0badcd0e42f32edef91678b1ff 46e36dd6ca93014e4915c723632bf180d27cc96ccfb7c26e69213e1a82129a62 Loading...

	www.googletagmanager.com/gtag/js?id=G-FBV84JFNZ5&l=dataLayer&cx=c	ScriptElement	257 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-FBV84JFNZ5&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 7e512714000706cb1b9aa1d5715766e5 ea180f0b5ba012d897e11ad2775231dece04eb23 91de1acb83083547b2f34d1f63e45f867768a0401b0d59f11e3d4796e0a33bcc Loading...

	unknown	ScriptElement	196 B	2024-01-25	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-25 10:20 Last Seen2024-08-20 11:09 Times Seen6 Hash effb78007983ca2068e2a87c89129014 a463a88835209e523c3be0078f37618cf791dd8f 2862c40863ef696699241e4681b5fbf276788d6af4d66e0ce6b46786b32a1b39 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	447 B	2024-05-04	2024-09-19
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 18:35 Last Seen2024-09-19 21:59 Times Seen2 Hash 93df8f2015951458bc37dff6386f4ced 665d877656d670b8dc7b37c270100d7b3048336e 1216ff3e2e184065ab45176faba9b4203aee9e797fa63486b8af1024e3edd8e9 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	118 B	2023-03-14	2024-09-19
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 14:50 Last Seen2024-09-19 21:59 Times Seen30 Hash 752ac34f8cd91403d4aadc9559201eeb e0fc2f261253a8b464a1b527757f77b2761624dc 6e6a1250bfb226009f428d12122e8ad6c2e8b14bd5ddebc7a539649c2c7c629d Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 0780cf003f9ece3988f350528224aaef cc6b5cd0bde8d1abfbdb7a4d3bf3097a65848586 2b943122766940cc3ed41acb431a9f8e9c6dde84f9a6ab9c4d06dc3ff42218c0 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	216 B	2023-03-09	2025-07-11
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 05:45 Last Seen2025-07-11 22:05 Times Seen52 Hash c103b7740afd44bf7861c9a9c54f35ad 561f26ad2c1b96ad17b990a94e5e791cd3502708 170b5b42a76669d64663c6a95a3f6e325beda9b3297edc5385b872af7716ecbd Loading...

	vaikijie.net/tag.min.js	ScriptElement	90 kB	2024-05-03	2024-08-20
Pretty URL vaikijie.net/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 10:08 Last Seen2024-08-20 01:00 Times Seen43 Hash 6161cd5b16afc637789c8a29da15ed13 04f9e513c05079726b06b2154995c4c5c7c09b08 562a877675f8c3df7e1be8c3b2999127466ca8784a0a556810ec018ab6c86e34 Loading...

	sunflowercoastlineprobe.com/22/1b/2b/221b2bcc6c886d033875a6dca9060c2a.js	ScriptElement	44 kB	2024-08-20	2024-08-20
Pretty URL sunflowercoastlineprobe.com/22/1b/2b/221b2bcc6c886d033875a6dca9060c2a.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 184fc901758e921ef19314cd2513ba97 d043593d2b898b36e8bb3ade5184d01f5acb5dbc 59db671fc37b622480a87efd8dd522b06e1a76132b5a8c73a04af30c3aadd47c Loading...

	unknown	ScriptElement	145 B	2023-10-15	2025-01-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 01:17 Last Seen2025-01-05 22:42 Times Seen11 Hash e7051a1ae68b8533b7202b0695415f4d 355ecb006acc62c396d5f39deec7171fb119cad8 0583fdbe32f394d8ce49647434750ff90a8cbb9d9cf0e783b058bd9714a8220a Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	134 B	2023-03-08	2025-03-26
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 03:23 Last Seen2025-03-26 23:16 Times Seen34 Hash 41b4924fc00207d20960b7f7e1e594df 0e7da977628b4ebcef05c2ac7d9b8291f6fde488 eedc7d155b44752866f9325c46f557118bd4822153ba967690077ad78ee9dc39 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/	ScriptElement	294 B	2023-03-07	2025-07-15
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/ IP 172.67.74.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18 Last Seen2025-07-15 21:57 Times Seen1721 Hash 6f996f77dbfaf8f8f570a41fe4bc0e66 c6c21cdf9d26daac3c3fa466d46da03c70c2e8b6 e67bb8576493cbde78b6822ce205f837102cad9cf1a8302b9829f167f6158674 Loading...

	www.luckypatchers.com/lucky-patcher-all-versions/sandbox%20eval%20code		147 B	2023-04-11	2025-07-16
Pretty URL www.luckypatchers.com/lucky-patcher-all-versions/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-16 09:03 Times Seen409606 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

		Size	First Seen	Last Seen
	#1 Eval - 39b5b6c1333036a05d935d09e7055f8f	2.1 kB	2024-08-20 00:41	2024-08-20 00:41
Pretty Observations First Seen2024-08-20 00:41 Last Seen2024-08-20 00:41 Times Seen1 Hash 39b5b6c1333036a05d935d09e7055f8f 67ca62c400736553cc4314f8a3dc1a714a17f7c7 bbfcfb351426d0f24677f3dde55d055d7282196f6822051a43ce5acc3e06bfff Loading...

		Size	First Seen	Last Seen
	#1 Write - 6ede33880a676ea7d38df72b3f830a94	110 B	2024-02-14 19:10	2025-03-26 23:16
Pretty Observations First Seen2024-02-14 19:10 Last Seen2025-03-26 23:16 Times Seen10 Hash 6ede33880a676ea7d38df72b3f830a94 4ccffc69b1e327247522fe2eec8bd4f3deeb1278 88e70af7d31f7d889bb0d424605b810eec3fc82b6f1702f9a39a0f3e8b0c6731 Loading...

HTTP Transactions (39)

URL IP Response Size

GET www.luckypatchers.com/lucky-patcher-all-versions/

172.67.74.56

200 OK

120 kB

URL User Request GET HTTP/2
www.luckypatchers.com/lucky-patcher-all-versions/
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (19027)
Size
120 kB (120311 bytes)
Hash
3add407cf202c91b745c9eb1853b782e
747d9d1cf60d7a79165f6620e2f4459465ce00c3
24aea62fefca7a31e0575aaa7497c495b56e3efcdc6faee1d4b7d298f8518d3e

HTTP Headers

GET /lucky-patcher-all-versions/ HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:00 GMT
content-type: text/html; charset=UTF-8
x-mod-pagespeed: 1.13.35.2-0
vary: Accept-Encoding,User-Agent
referrer-policy: no-referrer-when-downgrade
cache-control: max-age=0, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f89MHoAvIGdHQEbFtHXGSZoIgu%2FgfpEO%2F%2FEi1pNu8QhbWgEJr1JVa4wuJQmF9Cok%2Be%2BQ5Ul9RDAnN%2BvOKsELQxEQILtUy3HE5ARUuuq6wjCI%2B%2F4c7VV4Dn6rA6AAaZJ%2BPIJnEW6%2BNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6c8ad62b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.luckypatchers.com/wp-content/themes/Zephyr/fonts/fa-solid-900.woff2?ver=8.23.4

172.67.74.56

200 OK

78 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/themes/Zephyr/fonts/fa-solid-900.woff2?ver=8.23.4
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196
Size
78 kB (78268 bytes)
Hash
d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

HTTP Headers

GET /wp-content/themes/Zephyr/fonts/fa-solid-900.woff2?ver=8.23.4 HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: application/font-woff2
content-length: 78268
last-modified: Wed, 24 Apr 2024 17:31:39 GMT
etag: "131bc-616db0b10b800"
cache-control: max-age=31536000, s-maxage=10
expires: Fri, 02 May 2025 15:21:20 GMT
vary: Accept-Encoding,User-Agent
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 177221
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FQNEY5W2zU6F2Gaqyxeb%2BQL7KU6ZyKtnCul0ubEPKceEyqkEk1sjFKcHNQoPlFsBTGeb3hvn0WgSKDL5p0NQuUJgdiJ2lU%2Bxm9kaS1ZJN8R%2F8UyzJa3DLAv6MREqDVTrxqYk68Xo%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6cd5ea75689-OSL
alt-svc: h3=":443"; ma=86400

GET www.luckypatchers.com/wp-content/themes/Zephyr/fonts/material-icons.woff2?ver=8.23.4

172.67.74.56

200 OK

128 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/themes/Zephyr/fonts/material-icons.woff2?ver=8.23.4
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /wp-content/themes/Zephyr/fonts/material-icons.woff2?ver=8.23.4 HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: application/font-woff2
content-length: 128352
last-modified: Wed, 24 Apr 2024 17:31:39 GMT
etag: "1f560-616db0b10bbe8"
cache-control: max-age=31536000, s-maxage=10
expires: Thu, 01 May 2025 15:53:26 GMT
vary: Accept-Encoding,User-Agent
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 261695
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFLJmUWLEEKCLkhkwPozZOrrzozOBt%2Bfwx9AxSc%2F3CDIdCCg8MrDaFEEYIscSfY%2FXgze7rTMinFEf1Gb0NnZvAOso%2Byp9obLYOu%2B589kSvjD9dt8UZDxvsRL1JDZBe%2BVtPK72TYvMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6cd5ea95689-OSL
alt-svc: h3=":443"; ma=86400

GET www.googletagmanager.com/gtag/js?id=UA-74724554-1

142.250.74.168

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-74724554-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (74668 bytes)
Hash
46082dd7fb3412816c2e8f2fcc69ab5a
76f77e939681923bde49ed17a739c3d2b77dd070
a427fac3e3a77449d22e0faddb50cc7f2e998270aa8991507d9d4da543ba25de

HTTP Headers

GET /gtag/js?id=UA-74724554-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:35:01 GMT
expires: Sat, 04 May 2024 16:35:01 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74668
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET tailorprecious.com/3eca821ef45fde49595e58b6255cacf3/invoke.js

172.240.108.84

200 OK

9.8 kB

URL GET HTTP/1.1
tailorprecious.com/3eca821ef45fde49595e58b6255cacf3/invoke.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjecttailorprecious.com
FingerprintBA:E0:A2:F2:07:63:16:74:65:05:DE:37:97:4F:8C:0C:FD:66:8C:14
ValidityMon, 01 Apr 2024 00:23:08 GMT - Sun, 30 Jun 2024 00:23:07 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26614), with no line terminators
Size
9.8 kB (9794 bytes)
Hash
09718604282b1fd3597f33fce3cc1783
ebc70fbc2620de1d2730e6076aed56ba612a9a30
e4f715421fc2b26ef3065177c9d7fcc142ae37c9b6144590e795df3adbb16646

HTTP Headers

GET /3eca821ef45fde49595e58b6255cacf3/invoke.js HTTP/1.1
Host: tailorprecious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b2d0f67971f0f39f7984377a77d48f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET tailorprecious.com/ae6b00eba237d65649579c179e26a29b/invoke.js

172.240.108.84

200 OK

12 kB

URL GET HTTP/1.1
tailorprecious.com/ae6b00eba237d65649579c179e26a29b/invoke.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjecttailorprecious.com
FingerprintBA:E0:A2:F2:07:63:16:74:65:05:DE:37:97:4F:8C:0C:FD:66:8C:14
ValidityMon, 01 Apr 2024 00:23:08 GMT - Sun, 30 Jun 2024 00:23:07 GMT

File type
JavaScript source, ASCII text, with very long lines (31354), with no line terminators
Size
12 kB (11868 bytes)
Hash
b38d2b1aca0cafe30afe387a7451718a
fd5f2dc78ef5f4946dee221bc564f5e59f9eb930
a4266b94f9e2dd870136dc17c9d629cc7da7ce0b6191d504b159d3e677d3e74f

HTTP Headers

GET /ae6b00eba237d65649579c179e26a29b/invoke.js HTTP/1.1
Host: tailorprecious.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b4297943d31619ba268270e82a80ce09
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET www.luckypatchers.com/wp-content/themes/Zephyr/fonts/fa-brands-400.woff2?ver=8.23.4

172.67.74.56

200 OK

77 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/themes/Zephyr/fonts/fa-brands-400.woff2?ver=8.23.4
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 76736, version 331.-31196
Size
77 kB (76736 bytes)
Hash
ed311c7a0ade9a75bb3ebf5a7670f31d
0613c7ebba55ee47ef302c0f7766324692f899a7
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef

HTTP Headers

GET /wp-content/themes/Zephyr/fonts/fa-brands-400.woff2?ver=8.23.4 HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: application/font-woff2
content-length: 76736
last-modified: Wed, 24 Apr 2024 17:31:39 GMT
etag: "12bc0-616db0b10b418"
cache-control: max-age=31536000, s-maxage=10
expires: Thu, 01 May 2025 15:53:26 GMT
vary: Accept-Encoding,User-Agent
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 261696
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2F9VbPB6eR%2Fn4w%2B0zjISOvFLsyYiKZTpgnNdzCnpk1c2oq6mHb3y2CVpugszBYdtJuFFwei5UtHDn3GVi1bC0T9MvLxSuB32wDLKATitFOxChTVWS%2BQq7fwqp%2Fz%2Fx3FpSkHeY%2B904A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6d26e275689-OSL
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 16:35:02 GMT
Last-Modified: Sat, 04 May 2024 15:11:13 GMT
Server: ECAcc (ska/F77E)
X-Cache: Miss from cloudfront
Via: 1.1 24250f9fc8a444002a645b3d312db1c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: d-dYmUN2itdbfsvYaOTRyuB31A4RzPx-ZniG8AWl2LzzhHW8UV8h0g==
Age: 5029

GET proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
49445db2e08d9ff2e17c704b554a9150
15a99da3d96228d88c73bf0227c4decbac2fda23
770fb0504f0de4424e686c269ef44cce6e0cbabb7c2fb60e4f33668acb5769f5

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.luckypatchers.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=7bc06b6c-cceb-4d09-8173-1a10111b4eda:2:1; expires=Tue, 02 May 2034 16:35:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
49445db2e08d9ff2e17c704b554a9150
15a99da3d96228d88c73bf0227c4decbac2fda23
770fb0504f0de4424e686c269ef44cce6e0cbabb7c2fb60e4f33668acb5769f5

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Cookie: uid_id2=7bc06b6c-cceb-4d09-8173-1a10111b4eda:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.luckypatchers.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET www.luckypatchers.com/lucky-patcher-all-versions/

172.67.74.56

200 OK

0 B

URL User Request GET HTTP/2
www.luckypatchers.com/lucky-patcher-all-versions/
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /lucky-patcher-all-versions/ HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: text/html; charset=UTF-8
x-mod-pagespeed: 1.13.35.2-0
vary: Accept-Encoding,User-Agent
referrer-policy: no-referrer-when-downgrade
cache-control: max-age=0, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJ2z6dqeR6uPRbma6Tcllw0uLenOEfaVuV9rYdDTo3QoUlupQ1jo0AhLsc3xhlnf58fi2wbjCYezez8VhEi%2BXlKvy7rLuA0h9HOKEdlfU%2Bs0S%2F5kD%2BEiFEan2MEyo2alMqbUfIDMpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6d25df95689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET www.luckypatchers.com/wp-content/uploads/2018/01/Lucky-Patcher-icon.png

172.67.74.56

200 OK

7.0 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/uploads/2018/01/Lucky-Patcher-icon.png
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
7.0 kB (7030 bytes)
Hash
fe4836807ecb6ef5e1bd188f45238e90
71cb69899a73829a74768a8254bc8f838f75f99f
5a251eebaef66b3451718700b5e3ee02388990a4f839e69da93f26e020d2d6b4

HTTP Headers

GET /wp-content/uploads/2018/01/Lucky-Patcher-icon.png HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Cookie: pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: image/png
content-length: 7030
cache-control: max-age=31536000, s-maxage=10
cf-bgj: imgq:85,h2pri
cf-polished: origSize=8612
etag: "21a4-595d1e4083580"
expires: Fri, 02 May 2025 12:13:03 GMT
last-modified: Sat, 26 Oct 2019 15:26:30 GMT
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 188121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IteMD92JIXpYjmIEorUfwB7Xx3bitWmiQL9lRpU7YXTkAIn2tekzRyP2QkJ5CpdDt%2F8ApMHKr413KEIHr74lVQXgf3eZWFC7gjB4lpOnVbIF4iNmIducX16COfjX131iAiixylYoag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6d34f765689-OSL
alt-svc: h3=":443"; ma=86400

GET vaikijie.net/tag.min.js

139.45.197.244

200 OK

28 kB

URL GET HTTP/2
vaikijie.net/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectvaikijie.net
Fingerprint16:35:56:02:7F:8B:C6:9F:4C:11:EE:FE:F5:DB:3C:FA:36:AB:F8:B7
ValidityTue, 30 Apr 2024 05:29:33 GMT - Mon, 29 Jul 2024 05:29:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28333 bytes)
Hash
6161cd5b16afc637789c8a29da15ed13
04f9e513c05079726b06b2154995c4c5c7c09b08
562a877675f8c3df7e1be8c3b2999127466ca8784a0a556810ec018ab6c86e34

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: vaikijie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 16:35:02 GMT
content-type: text/javascript; charset=utf-8
content-length: 28333
content-encoding: br
x-trace-id: 83d77d3386b8e36b1019b32a8b6bba40
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 03 May 2024 05:53:48 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET www.luckypatchers.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2

172.67.74.56

200 OK

95 kB

URL GET HTTP/3
www.luckypatchers.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
JavaScript source, ASCII text, with very long lines (18607), with no line terminators
Size
95 kB (95099 bytes)
Hash
0eec1c4ab7bf86f404adde4eb7fef079
8ffda7ff4628796dc1e4133b4ac22cc4c12a191f
24a2071a6ff33f8868cf8d73f227924716780ba699241ada0a66298ab7e6b824

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Cookie: pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: application/x-javascript
referrer-policy: no-referrer-when-downgrade
x-original-content-length: 18726
vary: Accept-Encoding
etag: W/"PSA-aj-DuwcSre_hv"
expires: Wed, 30 Apr 2025 19:21:18 GMT
cache-control: max-age=31535228
x-content-type-options: nosniff
cf-cache-status: HIT
age: 329220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c84tQlP%2FGpDXvC8ggRAabq802K1xfgzSjAOgl45Jtm%2F6XLEGcqNQn53FUXDEcb5wecYDw2VOewPdxc8Ir6mJHmvUqeu06%2FnryGpQcu0z7%2B4SHF9jbZxrDzszuCpC3MVg%2BX5GymdwUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 87e9e6d30ef25689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET sunflowercoastlineprobe.com/22/1b/2b/221b2bcc6c886d033875a6dca9060c2a.js

172.240.127.234

200 OK

16 kB

URL GET HTTP/1.1
sunflowercoastlineprobe.com/22/1b/2b/221b2bcc6c886d033875a6dca9060c2a.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectsunflowercoastlineprobe.com
Fingerprint3B:6A:63:2D:99:C7:E1:7E:7A:14:16:8D:76:48:71:7A:A1:46:52:76
ValidityMon, 29 Apr 2024 13:07:49 GMT - Sun, 28 Jul 2024 13:07:48 GMT

File type
JavaScript source, ASCII text, with very long lines (44073), with no line terminators
Size
16 kB (15824 bytes)
Hash
184fc901758e921ef19314cd2513ba97
d043593d2b898b36e8bb3ade5184d01f5acb5dbc
59db671fc37b622480a87efd8dd522b06e1a76132b5a8c73a04af30c3aadd47c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /22/1b/2b/221b2bcc6c886d033875a6dca9060c2a.js HTTP/1.1
Host: sunflowercoastlineprobe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 19:35:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23126272471f78df59b983d3f82a55c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET my.rtmark.net/gid.js?userId=00805250b44947edebc15e96463fa176

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=00805250b44947edebc15e96463fa176
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
bf8aff2a63168b6b699d3c6a16229d26
16f927678b0e5aa2e462d0578c4d129c409cb330
601859d814ed7310cdb80c54b85966d60783c7150d8c4c1cf95bfd04e2c20be2

HTTP Headers

GET /gid.js?userId=00805250b44947edebc15e96463fa176 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 16:35:02 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.luckypatchers.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00805250b44947edebc15e96463fa176; expires=Sun, 04 May 2025 16:35:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27964 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:02 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b5ff2a43523536092f918766f3aa84c1
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 16:35:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i0k7gSeL4agYVkcc4Z%2FV2ZxMqHsLCNa5MlRRZbH7fkWjwNip0ys48OKPonScZYCo%2BWRpCk6okQ8bkaFLVqQ6j%2FFtz%2B6GAI2cgVcrmyKS%2BjRMtn93VsIBrSTzUQKHZMFoDRVUtRsEbUwb8vbYszMo2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9e6d55d1b0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET sunflowercoastlineprobe.com/watch.1588175815118.js?key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&tz=0&dev=e&res=14.2071&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1

172.240.108.76

307 Temporary Redirect

0 B

URL GET HTTP/1.1
sunflowercoastlineprobe.com/watch.1588175815118.js?key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&tz=0&dev=e&res=14.2071&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectsunflowercoastlineprobe.com
Fingerprint3B:6A:63:2D:99:C7:E1:7E:7A:14:16:8D:76:48:71:7A:A1:46:52:76
ValidityMon, 29 Apr 2024 13:07:49 GMT - Sun, 28 Jul 2024 13:07:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1588175815118.js?key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&tz=0&dev=e&res=14.2071&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1 HTTP/1.1
Host: sunflowercoastlineprobe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.luckypatchers.com
Access-Control-Allow-Origin: https://www.luckypatchers.com
Access-Control-Allow-Credentials: true
Location: https://sunflowercoastlineprobe.com/watch.1588175815118.js?dev=e&key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&pst=1714840562&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&res=14.2071&rmtc=t&shu=1c36d1ff98d9133bbe16d9ebdd4e294872ac95ac9fd856e1435cf3c0d04fded3935ffc69d93c3b11c3a366cf6ebf8716798c210efb3cf3abf48c0678e13d66211369a538c3c49f5bd4e1084967e26e308f4de9c382fffcc8855aaed3f21cdeee731d06&tz=0&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1
Set-Cookie: u_pl=20528585; expires=Sun, 05 May 2024 16:35:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDUyODU4NSwiayI6ImFlNmIwMGViYTIzN2Q2NTY0OTU3OWMxNzllMjZhMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTM1MzU3LCJwaWQiOjExOTI2OTUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoia2k3YnNzczR4IiwiY3BrcyI6eyIyOSI6IjIyMWIyYmNjNmM4ODZkMDMzODc1YTZkY2E5MDYwYzJhIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5sdWNreXBhdGNoZXJzLmNvbS9sdWNreS1wYXRjaGVyLWFsbC12ZXJzaW9ucy8iLCJhciI6W119fQ.4l5p-f6jg-PD8FrtOJp2icAx9DKh-hlZ2_EBtiFNSQk; expires=Sat, 04 May 2024 16:36:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 07d2910ddca2eb3c3a5372f1b5136aea
Strict-Transport-Security: max-age=0; includeSubdomains

GET endlesslyalwaysbeset.com/ntv.json?key=3eca821ef45fde49595e58b6255cacf3&vstc=4

192.243.59.13

200 OK

18 kB

URL GET HTTP/1.1
endlesslyalwaysbeset.com/ntv.json?key=3eca821ef45fde49595e58b6255cacf3&vstc=4
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectendlesslyalwaysbeset.com
Fingerprint24:CC:3C:25:47:D7:61:35:9D:1F:FF:A6:3E:BF:D2:E0:16:60:72:DB
ValidityMon, 29 Apr 2024 08:49:02 GMT - Sun, 28 Jul 2024 08:49:01 GMT

File type
JSON text data
Size
18 kB (17831 bytes)
Hash
114e64154de8f004e6352c1e7a87276a
8680e604f374a1457e503449f1ba310c2f867410
22e0a07ac76e7f468ede4c57b216eb20a51609c10fc3222d341d6ae443fde506

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=3eca821ef45fde49595e58b6255cacf3&vstc=4 HTTP/1.1
Host: endlesslyalwaysbeset.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 16:35:02 GMT
Content-Type: application/json
Content-Length: 17831
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.luckypatchers.com
Access-Control-Allow-Origin: https://www.luckypatchers.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=20467878; expires=Sun, 05 May 2024 16:35:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 16:35:02 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 16:35:02 GMT; secure; SameSite=None
pdhtkv49=true; expires=Sun, 05 May 2024 16:35:02 GMT; secure; SameSite=None
uncs49=1; expires=Sun, 05 May 2024 16:35:02 GMT; secure; SameSite=None
nlec3eca821ef45fde49595e58b6255cacf3=[4991488,4991490,4991489]; expires=Sat, 04 May 2024 16:35:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3830bf64c87df4d3c66768da579e8b14
Strict-Transport-Security: max-age=0; includeSubdomains

GET sunflowercoastlineprobe.com/watch.1588175815118.js?dev=e&key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&pst=1714840562&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&res=14.2071&rmtc=t&shu=1c36d1ff98d9133bbe16d9ebdd4e294872ac95ac9fd856e1435cf3c0d04fded3935ffc69d93c3b11c3a366cf6ebf8716798c210efb3cf3abf48c0678e13d66211369a538c3c49f5bd4e1084967e26e308f4de9c382fffcc8855aaed3f21cdeee731d06&tz=0&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1

172.240.127.234

200 OK

2.1 kB

URL GET HTTP/1.1
sunflowercoastlineprobe.com/watch.1588175815118.js?dev=e&key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&pst=1714840562&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&res=14.2071&rmtc=t&shu=1c36d1ff98d9133bbe16d9ebdd4e294872ac95ac9fd856e1435cf3c0d04fded3935ffc69d93c3b11c3a366cf6ebf8716798c210efb3cf3abf48c0678e13d66211369a538c3c49f5bd4e1084967e26e308f4de9c382fffcc8855aaed3f21cdeee731d06&tz=0&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectsunflowercoastlineprobe.com
Fingerprint3B:6A:63:2D:99:C7:E1:7E:7A:14:16:8D:76:48:71:7A:A1:46:52:76
ValidityMon, 29 Apr 2024 13:07:49 GMT - Sun, 28 Jul 2024 13:07:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2673)
Size
2.1 kB (2126 bytes)
Hash
bb4482e25758ae5774f7820243e8a5d5
bc580ef45702a106e1b80e4b1072af76929cbb1d
f3ab397cedfbb452bb0db7372d3ad5311e952867ed817bbb048a7130159c2eed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1588175815118.js?dev=e&key=ae6b00eba237d65649579c179e26a29b&kw=%5B%22lucky%22%2C%22patcher%22%2C%22all%22%2C%22versions%22%2C%22free%22%2C%22download%22%2C%22-%22%2C%22lucky%22%2C%22patcher%22%5D&pst=1714840562&refer=https%3A%2F%2Fwww.luckypatchers.com%2Flucky-patcher-all-versions%2F&res=14.2071&rmtc=t&shu=1c36d1ff98d9133bbe16d9ebdd4e294872ac95ac9fd856e1435cf3c0d04fded3935ffc69d93c3b11c3a366cf6ebf8716798c210efb3cf3abf48c0678e13d66211369a538c3c49f5bd4e1084967e26e308f4de9c382fffcc8855aaed3f21cdeee731d06&tz=0&uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1 HTTP/1.1
Host: sunflowercoastlineprobe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Cookie: u_pl=20528585; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDUyODU4NSwiayI6ImFlNmIwMGViYTIzN2Q2NTY0OTU3OWMxNzllMjZhMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTM1MzU3LCJwaWQiOjExOTI2OTUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoia2k3YnNzczR4IiwiY3BrcyI6eyIyOSI6IjIyMWIyYmNjNmM4ODZkMDMzODc1YTZkY2E5MDYwYzJhIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5sdWNreXBhdGNoZXJzLmNvbS9sdWNreS1wYXRjaGVyLWFsbC12ZXJzaW9ucy8iLCJhciI6W119fQ.4l5p-f6jg-PD8FrtOJp2icAx9DKh-hlZ2_EBtiFNSQk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.luckypatchers.com
Access-Control-Allow-Origin: https://www.luckypatchers.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7bc06b6c-cceb-4d09-8173-1a10111b4eda:2:1; expires=Sat, 11 May 2024 16:35:03 GMT; secure; SameSite=None
iprc82fc07665c175aa0935f93787029c0f7=3569806; expires=Sat, 04 May 2024 20:35:03 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 16:35:03 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 16:35:03 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 16:35:03 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 16:35:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20aced23961394afda92483d632ab7b2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9OP0EwxJOXOWoIs909Mz0zBgnGuCE4ZtdE0ZtUV1XPllPd1VR1T8%2BOIIsBycHDCF701PvMfqCGYC7eDDIbEF0Qdm57yIJ%2FgxCv0uPi6Av1ftTzFDzv%2B9Znu%2FkZ8ZHT0xtv64lUiq61G2795Q8872q9L5N8XB93gw%2BD1tW6Gb3aCxruK%2FWbgg31mu96ruu5Xn1dGhHp8VoFQqYPel6j5zZafsNrtzA2%2F61t7sBSB3x0Ri5C8kXtiXMJks2RxN%2FfEHaY6fTKm3GuaKYNRvzwvWSY6CJBvEoj4yBKDs%2FZ0PZk%2FTF0sr%2BUCz36hxjKBXF%2BfowwOTwXiXC0t9QZKogEIX8OxWgOoeaQdA6m70HyEwIwjtsbSOKD29oUdPtvlFbogtSe%2FQFZLEjt6SUk8cPrSo7rd7XKM6kTi3FUQo7nkIM50vwI2eQCZHEEln0KyX8ja8%2F6SOK9Das0JC%2BXvUs5h4zmUGIKah3k1ZEO8shBnjqI%2BWmdeZ7XcTmjbrfHWJN3RBhw16OdyKOeG3SRs0reFFk6BVNTMLOD1OxgKL84aV%2BEyX%2BC3SphuQObLYjzzg5GvEQhCApLUFCCQhIUGUExKve5sr4tD7iyeeidR%2F88NsuZzga7dF9nA5EQUDOF4eVuekZeqEbkdDcPMBSn9aZgtOt7Imq1Iy5avXavLdrdMPDbbUZZ1ISVJaS9sOx6Ihfkyq%2BvIZULctH%2FEyE9glVHYPJF0NwDLUrQrRKT5JHK2XA7pRnbEsY2mI7BdYk0qyHbdnbVGXlpuan%2BZQLBjq9lk99vPrz0MZgpkZoSH8knBAN1f3ZHF2Tvji4sebSRZjKWE1pt8W5GM%2FG%2Fb98S24U2%2FNYNO%2F3mdVYBVfrgXWGzPk24TAaWfHddci7MujZMkB9v2fdFuJnbreu5SfK0v%2FnG%2Bq04NcJaqZM5qFyQ2vE2mFyQ559%2Bsvygl%2FPPIc0cJi8R58fk3CD1EVi6A5uu9FtNYNSKE6YOirycGT9cXSpJoMSqpmEJ%2B686XOUzQ6vXVJa79j4Gpgaa3UMSlxiZEiNVgqopbP7%2FWZaa42u%2FfFXZ1whVbRYqU9sLlVFfLsdcuQuVcxakP9iDlaf1TrPp0qDX9jodKjphy%2B9Ggccp9VuBHwS0icwuooD98BcAAAD%2F%2FwEAAP%2F%2FKyv8MoQEAAA%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9OP0EwxJOXOWoIs909Mz0zBgnGuCE4ZtdE0ZtUV1XPllPd1VR1T8%2BOIIsBycHDCF701PvMfqCGYC7eDDIbEF0Qdm57yIJ%2FgxCv0uPi6Av1ftTzFDzv%2B9Znu%2FkZ8ZHT0xtv64lUiq61G2795Q8872q9L5N8XB93gw%2BD1tW6Gb3aCxruK%2FWbgg31mu96ruu5Xn1dGhHp8VoFQqYPel6j5zZafsNrtzA2%2F61t7sBSB3x0Ri5C8kXtiXMJks2RxN%2FfEHaY6fTKm3GuaKYNRvzwvWSY6CJBvEoj4yBKDs%2FZ0PZk%2FTF0sr%2BUCz36hxjKBXF%2BfowwOTwXiXC0t9QZKogEIX8OxWgOoeaQdA6m70HyEwIwjtsbSOKD29oUdPtvlFbogtSe%2FQFZLEjt6SUk8cPrSo7rd7XKM6kTi3FUQo7nkIM50vwI2eQCZHEEln0KyX8ja8%2F6SOK9Das0JC%2BXvUs5h4zmUGIKah3k1ZEO8shBnjqI%2BWmdeZ7XcTmjbrfHWJN3RBhw16OdyKOeG3SRs0reFFk6BVNTMLOD1OxgKL84aV%2BEyX%2BC3SphuQObLYjzzg5GvEQhCApLUFCCQhIUGUExKve5sr4tD7iyeeidR%2F88NsuZzga7dF9nA5EQUDOF4eVuekZeqEbkdDcPMBSn9aZgtOt7Imq1Iy5avXavLdrdMPDbbUZZ1ISVJaS9sOx6Ihfkyq%2BvIZULctH%2FEyE9glVHYPJF0NwDLUrQrRKT5JHK2XA7pRnbEsY2mI7BdYk0qyHbdnbVGXlpuan%2BZQLBjq9lk99vPrz0MZgpkZoSH8knBAN1f3ZHF2Tvji4sebSRZjKWE1pt8W5GM%2FG%2Fb98S24U2%2FNYNO%2F3mdVYBVfrgXWGzPk24TAaWfHddci7MujZMkB9v2fdFuJnbreu5SfK0v%2FnG%2Bq04NcJaqZM5qFyQ2vE2mFyQ559%2Bsvygl%2FPPIc0cJi8R58fk3CD1EVi6A5uu9FtNYNSKE6YOirycGT9cXSpJoMSqpmEJ%2B686XOUzQ6vXVJa79j4Gpgaa3UMSlxiZEiNVgqopbP7%2FWZaa42u%2FfFXZ1whVbRYqU9sLlVFfLsdcuQuVcxakP9iDlaf1TrPp0qDX9jodKjphy%2B9Ggccp9VuBHwS0icwuooD98BcAAAD%2F%2FwEAAP%2F%2FKyv8MoQEAAA%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectendlesslyalwaysbeset.com
Fingerprint24:CC:3C:25:47:D7:61:35:9D:1F:FF:A6:3E:BF:D2:E0:16:60:72:DB
ValidityMon, 29 Apr 2024 08:49:02 GMT - Sun, 28 Jul 2024 08:49:01 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9OP0EwxJOXOWoIs909Mz0zBgnGuCE4ZtdE0ZtUV1XPllPd1VR1T8%2BOIIsBycHDCF701PvMfqCGYC7eDDIbEF0Qdm57yIJ%2FgxCv0uPi6Av1ftTzFDzv%2B9Znu%2FkZ8ZHT0xtv64lUiq61G2795Q8872q9L5N8XB93gw%2BD1tW6Gb3aCxruK%2FWbgg31mu96ruu5Xn1dGhHp8VoFQqYPel6j5zZafsNrtzA2%2F61t7sBSB3x0Ri5C8kXtiXMJks2RxN%2FfEHaY6fTKm3GuaKYNRvzwvWSY6CJBvEoj4yBKDs%2FZ0PZk%2FTF0sr%2BUCz36hxjKBXF%2BfowwOTwXiXC0t9QZKogEIX8OxWgOoeaQdA6m70HyEwIwjtsbSOKD29oUdPtvlFbogtSe%2FQFZLEjt6SUk8cPrSo7rd7XKM6kTi3FUQo7nkIM50vwI2eQCZHEEln0KyX8ja8%2F6SOK9Das0JC%2BXvUs5h4zmUGIKah3k1ZEO8shBnjqI%2BWmdeZ7XcTmjbrfHWJN3RBhw16OdyKOeG3SRs0reFFk6BVNTMLOD1OxgKL84aV%2BEyX%2BC3SphuQObLYjzzg5GvEQhCApLUFCCQhIUGUExKve5sr4tD7iyeeidR%2F88NsuZzga7dF9nA5EQUDOF4eVuekZeqEbkdDcPMBSn9aZgtOt7Imq1Iy5avXavLdrdMPDbbUZZ1ISVJaS9sOx6Ihfkyq%2BvIZULctH%2FEyE9glVHYPJF0NwDLUrQrRKT5JHK2XA7pRnbEsY2mI7BdYk0qyHbdnbVGXlpuan%2BZQLBjq9lk99vPrz0MZgpkZoSH8knBAN1f3ZHF2Tvji4sebSRZjKWE1pt8W5GM%2FG%2Fb98S24U2%2FNYNO%2F3mdVYBVfrgXWGzPk24TAaWfHddci7MujZMkB9v2fdFuJnbreu5SfK0v%2FnG%2Bq04NcJaqZM5qFyQ2vE2mFyQ559%2Bsvygl%2FPPIc0cJi8R58fk3CD1EVi6A5uu9FtNYNSKE6YOirycGT9cXSpJoMSqpmEJ%2B686XOUzQ6vXVJa79j4Gpgaa3UMSlxiZEiNVgqopbP7%2FWZaa42u%2FfFXZ1whVbRYqU9sLlVFfLsdcuQuVcxakP9iDlaf1TrPp0qDX9jodKjphy%2B9Ggccp9VuBHwS0icwuooD98BcAAAD%2F%2FwEAAP%2F%2FKyv8MoQEAAA%3D HTTP/1.1
Host: endlesslyalwaysbeset.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Cookie: u_pl=20467878; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec3eca821ef45fde49595e58b6255cacf3=[4991488,4991490,4991489]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 16:35:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: faa6d161e5e3f7f64d357ad6dcaccd81
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.cloudimagesb.com/cti/a3/5a/7f/a35a7f4ba8fbdbbd350aae9d384fc183/1708421576.jpg

45.133.44.10

200 OK

17 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/a3/5a/7f/a35a7f4ba8fbdbbd350aae9d384fc183/1708421576.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
17 kB (17019 bytes)
Hash
81f9c10ac0985ffbb5a1442f202d7de7
0a6ec80ed52a7d3ce9cdf5104c423cda5deea0d8
10262e18e86a732c856bd84285e1897adeca4af03fedc8799c25306e0a6289ff

HTTP Headers

GET /cti/a3/5a/7f/a35a7f4ba8fbdbbd350aae9d384fc183/1708421576.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/jpeg
content-length: 17019
server: nginx/1.21.6
last-modified: Tue, 20 Feb 2024 09:33:04 GMT
etag: "65d471d0-427b"
expires: Mon, 06 May 2024 16:35:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/si/df/e4/cd/dfe4cd324c2c05ad9bd4f1bcb4d0a97d/1707940211.png

45.133.44.10

200 OK

184 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/df/e4/cd/dfe4cd324c2c05ad9bd4f1bcb4d0a97d/1707940211.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced
Size
184 kB (183812 bytes)
Hash
adc709f858c8b4ff4ce26a2757b75131
c91b170aba4aafdca5690d29e17f61b6505e15c1
ad475e95022da6d65aec3479ad3b4ff6d36dc85bbc634d750cdd575ea1a985ce

HTTP Headers

GET /si/df/e4/cd/dfe4cd324c2c05ad9bd4f1bcb4d0a97d/1707940211.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/png
content-length: 183812
server: nginx/1.21.6
last-modified: Wed, 14 Feb 2024 19:50:20 GMT
etag: "65cd197c-2ce04"
expires: Mon, 06 May 2024 16:35:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.luckypatchers.com/wp-content/cache/minify/4f808.css

172.67.74.56

200 OK

205 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/cache/minify/4f808.css
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
205 kB (205123 bytes)
Hash
f7eb0c14c5f4a5cef83e4ff6c201254b
483c75b0a4c037e923224a45520be0c1c70107de
b54496b5ef4e8599e27a5e13fd1f1b99a312cadd486e0a7b18de39daacbc5f9d

HTTP Headers

GET /wp-content/cache/minify/4f808.css HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: text/css
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=477641
etag: W/"749c9-61739ccdffbeb"
expires: Wed, 30 Apr 2025 19:33:41 GMT
last-modified: Mon, 29 Apr 2024 10:34:38 GMT
referrer-policy: no-referrer-when-downgrade
vary: Accept-Encoding
cf-cache-status: HIT
age: 329221
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQPifsrWllkNtt0RKULn0luP5cvKT0%2F0nbkR29LouvZckoSpXrLHFhEz4azGGsKbB4kH%2BhSOpg9ZglhZrcy34qBfc5ap6YvbxW62qR%2B3A5RqYXppg61TyH90D1MM0RHXs1AYsjiITQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6cc1c985689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.cloudimagesb.com/si/86/3f/08/863f08d585223246ad7d12f9b6d24043/1710839668.png

45.133.44.10

200 OK

105 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/86/3f/08/863f08d585223246ad7d12f9b6d24043/1710839668.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced
Size
105 kB (104949 bytes)
Hash
440d0ebcc9ae01aba77f74d9015ff0b3
9065b873ac93b45da1765682071eaaf6efe12e5c
7834596c29b94d74435163b3875c5042082912c1aff529986b0235cd9b7b27cc

HTTP Headers

GET /si/86/3f/08/863f08d585223246ad7d12f9b6d24043/1710839668.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/png
content-length: 104949
server: nginx/1.21.6
last-modified: Tue, 19 Mar 2024 09:14:37 GMT
etag: "65f9577d-199f5"
expires: Mon, 06 May 2024 16:35:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.10

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Mon, 06 May 2024 16:35:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4sjxRevXsL38N2Tw3oQPeSoy5Lp7iSdxEXEcRwZjDvjrqI3qa6qzpSp7mqqutOZOQ0uyB4j6EFPPZ%2FMD9RF3Is3F8ksiC4Ik9scnIt%2FgrB6lM4ORh%2F0e%2B%2FzPq%2Fh896rTw7yC%2BIjp%2Bfrb%2Bs9qRRdbTfc%2BosfeN7Nel8m%2Bbg%2B7gYfBq2bdTN6uRc03Jfqbwo21Ku%2B67mu53r1DWlEpMerFQmZ3u95jZ7baPkNr93C2PwX29yBpQ746IKsQPJ57ZFzDZLNkMTfrQs7zHR64404VzTTBiN%2B8l4yTHSRIF6mkXEQJSeX3dD2bOMhdHK0kAs9%2BqcxlHPi%2FPQQYXJyKRLh6HChM1QQCUJ%2BFcVoBqFmkHQGpu9C8jMCMI5bW0ji41vaFHT3KUsrdk5qT%2F6ALOak9ts1JPG3a0qO63e0yjOpE4txVEKOZ5CDGdL8FNneFcjiFCz7GJL%2FSlaf9JHEh1tWaUheLmaXcgYZzaDEBNQ6yKtPOsgjB3nqIObndeZ5XsfljLrdHmNN3hFhwF2PdiKPem7QRc4qeRNk6QRMTcDMPlKzj6H89Ky9ApP%2FCLtTwnIHNpsT5519jHiJQhAUlqCgBIUkKDKCYlQecWV9Wx5zZfPQu4z%2BZWyWU50NDuiRzgYiIaBmAsPLg%2FSCPFOtyOluH2MozutNwWjX90TUakdctHrtXlu0u2Hgt9uMsqgJK0tIe2Ux9Z6ckxu%2FvIJUzsmK%2FydCegqrTsHks6C5B1qUoDsl9pIHKmfD3ZRmbEcY22A6Btcl0qyGbNc5UBfk%2BcWl%2BoNDCPaYXBqYKZGaEh%2FJRwQDdW96Wxfk8LYuLHmwlWYylnu0uuKdjGbif1%2B%2FJXYLbfjmup189RqriCq9%2F66wWZ8mXCYDS75Zk5wLs6ENE%2BSHTfu%2BCLdzu7OWmyRP%2B9uvb2zGqRHWSp3MQOXZ1l9gck6uvvD74nle%2F%2Fw5SDODyUvE%2BVKp1DOwdB82XdasJjBqicO0hiIvp8YPl0UlCZRYYhqWsP%2FC4TKfGlr9TWV5YO9hYGqg2V0kcYmRKTFSJaiawOb%2Fn2apefzqz19U9iVCVZuGytQOQ2XUZ3PSv04qd6VyztOdW3le7zSbLg16ba%2FToaITtvxuFHicUr8V%2BEFAm8jsPArY938DAAD%2F%2FwEAAP%2F%2FMPgdXYIEAAA%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4sjxRevXsL38N2Tw3oQPeSoy5Lp7iSdxEXEcRwZjDvjrqI3qa6qzpSp7mqqutOZOQ0uyB4j6EFPPZ%2FMD9RF3Is3F8ksiC4Ik9scnIt%2FgrB6lM4ORh%2F0e%2B%2FzPq%2Fh896rTw7yC%2BIjp%2Bfrb%2Bs9qRRdbTfc%2BosfeN7Nel8m%2Bbg%2B7gYfBq2bdTN6uRc03Jfqbwo21Ku%2B67mu53r1DWlEpMerFQmZ3u95jZ7baPkNr93C2PwX29yBpQ746IKsQPJ57ZFzDZLNkMTfrQs7zHR64404VzTTBiN%2B8l4yTHSRIF6mkXEQJSeX3dD2bOMhdHK0kAs9%2BqcxlHPi%2FPQQYXJyKRLh6HChM1QQCUJ%2BFcVoBqFmkHQGpu9C8jMCMI5bW0ji41vaFHT3KUsrdk5qT%2F6ALOak9ts1JPG3a0qO63e0yjOpE4txVEKOZ5CDGdL8FNneFcjiFCz7GJL%2FSlaf9JHEh1tWaUheLmaXcgYZzaDEBNQ6yKtPOsgjB3nqIObndeZ5XsfljLrdHmNN3hFhwF2PdiKPem7QRc4qeRNk6QRMTcDMPlKzj6H89Ky9ApP%2FCLtTwnIHNpsT5519jHiJQhAUlqCgBIUkKDKCYlQecWV9Wx5zZfPQu4z%2BZWyWU50NDuiRzgYiIaBmAsPLg%2FSCPFOtyOluH2MozutNwWjX90TUakdctHrtXlu0u2Hgt9uMsqgJK0tIe2Ux9Z6ckxu%2FvIJUzsmK%2FydCegqrTsHks6C5B1qUoDsl9pIHKmfD3ZRmbEcY22A6Btcl0qyGbNc5UBfk%2BcWl%2BoNDCPaYXBqYKZGaEh%2FJRwQDdW96Wxfk8LYuLHmwlWYylnu0uuKdjGbif1%2B%2FJXYLbfjmup189RqriCq9%2F66wWZ8mXCYDS75Zk5wLs6ENE%2BSHTfu%2BCLdzu7OWmyRP%2B9uvb2zGqRHWSp3MQOXZ1l9gck6uvvD74nle%2F%2Fw5SDODyUvE%2BVKp1DOwdB82XdasJjBqicO0hiIvp8YPl0UlCZRYYhqWsP%2FC4TKfGlr9TWV5YO9hYGqg2V0kcYmRKTFSJaiawOb%2Fn2apefzqz19U9iVCVZuGytQOQ2XUZ3PSv04qd6VyztOdW3le7zSbLg16ba%2FToaITtvxuFHicUr8V%2BEFAm8jsPArY938DAAD%2F%2FwEAAP%2F%2FMPgdXYIEAAA%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectendlesslyalwaysbeset.com
Fingerprint24:CC:3C:25:47:D7:61:35:9D:1F:FF:A6:3E:BF:D2:E0:16:60:72:DB
ValidityMon, 29 Apr 2024 08:49:02 GMT - Sun, 28 Jul 2024 08:49:01 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4sjxRevXsL38N2Tw3oQPeSoy5Lp7iSdxEXEcRwZjDvjrqI3qa6qzpSp7mqqutOZOQ0uyB4j6EFPPZ%2FMD9RF3Is3F8ksiC4Ik9scnIt%2FgrB6lM4ORh%2F0e%2B%2FzPq%2Fh896rTw7yC%2BIjp%2Bfrb%2Bs9qRRdbTfc%2BosfeN7Nel8m%2Bbg%2B7gYfBq2bdTN6uRc03Jfqbwo21Ku%2B67mu53r1DWlEpMerFQmZ3u95jZ7baPkNr93C2PwX29yBpQ746IKsQPJ57ZFzDZLNkMTfrQs7zHR64404VzTTBiN%2B8l4yTHSRIF6mkXEQJSeX3dD2bOMhdHK0kAs9%2BqcxlHPi%2FPQQYXJyKRLh6HChM1QQCUJ%2BFcVoBqFmkHQGpu9C8jMCMI5bW0ji41vaFHT3KUsrdk5qT%2F6ALOak9ts1JPG3a0qO63e0yjOpE4txVEKOZ5CDGdL8FNneFcjiFCz7GJL%2FSlaf9JHEh1tWaUheLmaXcgYZzaDEBNQ6yKtPOsgjB3nqIObndeZ5XsfljLrdHmNN3hFhwF2PdiKPem7QRc4qeRNk6QRMTcDMPlKzj6H89Ky9ApP%2FCLtTwnIHNpsT5519jHiJQhAUlqCgBIUkKDKCYlQecWV9Wx5zZfPQu4z%2BZWyWU50NDuiRzgYiIaBmAsPLg%2FSCPFOtyOluH2MozutNwWjX90TUakdctHrtXlu0u2Hgt9uMsqgJK0tIe2Ux9Z6ckxu%2FvIJUzsmK%2FydCegqrTsHks6C5B1qUoDsl9pIHKmfD3ZRmbEcY22A6Btcl0qyGbNc5UBfk%2BcWl%2BoNDCPaYXBqYKZGaEh%2FJRwQDdW96Wxfk8LYuLHmwlWYylnu0uuKdjGbif1%2B%2FJXYLbfjmup189RqriCq9%2F66wWZ8mXCYDS75Zk5wLs6ENE%2BSHTfu%2BCLdzu7OWmyRP%2B9uvb2zGqRHWSp3MQOXZ1l9gck6uvvD74nle%2F%2Fw5SDODyUvE%2BVKp1DOwdB82XdasJjBqicO0hiIvp8YPl0UlCZRYYhqWsP%2FC4TKfGlr9TWV5YO9hYGqg2V0kcYmRKTFSJaiawOb%2Fn2apefzqz19U9iVCVZuGytQOQ2XUZ3PSv04qd6VyztOdW3le7zSbLg16ba%2FToaITtvxuFHicUr8V%2BEFAm8jsPArY938DAAD%2F%2FwEAAP%2F%2FMPgdXYIEAAA%3D HTTP/1.1
Host: endlesslyalwaysbeset.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Cookie: u_pl=20467878; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec3eca821ef45fde49595e58b6255cacf3=[4991488,4991490,4991489]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9846d4478895bdd5449175ddd0b269dd
Strict-Transport-Security: max-age=0; includeSubdomains

GET endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTuakIBjiycscNYTZ7p6ZnhmDBGPcEByTNVH0JtVV1bPlVHc1Vd3TsyPIYkByEUbwoqfeb%2FYHagjm4s0gswHRBWHntocs%2BDcI8So9Lo4%2BqHrve98r%2BN579flOfkp85PTk%2Bjt6IpWia%2B2GW3%2FlQ8%2B7Uu%2FLJB%2FXx93go6B1pW5Gr%2FWChvtq%2FYZgQ73mu57req5XX5dGRHq8VpGQ6YOe1%2Bi5jZbf8NotjM3%2Fsc0dWOqAj07JBUi%2BqD1xLkKyOZL4h%2BvCDjOdXn4rzhXNtMGIH7yfDBNdJIhXYWQcRMnBWTW0PV5%2FDJ3sLeVCj%2F4tDOWCOL88RpgcnIlEONpd6gwVRIKQP49iNIdQc0g6B9P3IPkxARjHrdtI4v1b2hR06x%2BWVuyC1J79CVksSO3pRSTxw2tKjut3tcozqROLcVRCjueQgznS%2FBDZ5BxkcQiWfQbJfydrz%2FpI4t3bVmlIXi57l3IOGc2hxBTUOsirIx3kkYM8dRDzkzrzPK%2Fjckbdbo%2BxJu%2BIMOCuRzuRRz036CJnlbwpsnQKpqZgZhup2cZQfnncvgCT%2Fwy7WcJyBzZbEOfdbYx4iUIQFJagoASFJCgygmJU7nFlfVvuc2Xz0Dvz%2FplvljOdDXbons4GIiGgZgrDy530lLxYjcjpbuxjKE7qTcFo1%2FdE1GpHXLR67V5btLth4LfbjLKoCStLSHtu2fVELsjl315HKhfkgv8XQnoIqw7B5EuguQdalKCbJSbJI5Wz4VZKM7YpjG0wHYPrEmlWQ7bl7KhT8vJyU%2F1LDgQ7uppN%2Frjx8OInYKZEakp8LJ8QDNT92R1dkN07urDk0e00k7Gc0GqLdzOaifPfvS22Cm34zet2%2Bu0brCKq8MF7wmZ9mnCZDCz5%2FprkXJh1bZggP920H4hwI7eb13KT5Gl%2F4831m3FqhLVSJ3NQuSC1oy0wuSAvPP10%2BUEv5V9AmjlMXiLOj8iZQepDsHQbNl3lrCYwaoXD9DyKvJwZP1wllSRQYoVpWML%2BB4ereGZo9ZrKcsfex8DUQLN7SOISI1NipEpQNYXNn5tlqTm6%2BuvXlX2DUNVmoTK13VAZ9VU1ZlJd55YDX5D%2BYBdWntQ7zaZLg17b63So6IQtvxsFHqfUbwV%2BENAmMruIAvbj3wAAAP%2F%2FAQAA%2F%2F99onbYhAQAAA%3D%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTuakIBjiycscNYTZ7p6ZnhmDBGPcEByTNVH0JtVV1bPlVHc1Vd3TsyPIYkByEUbwoqfeb%2FYHagjm4s0gswHRBWHntocs%2BDcI8So9Lo4%2BqHrve98r%2BN579flOfkp85PTk%2Bjt6IpWia%2B2GW3%2FlQ8%2B7Uu%2FLJB%2FXx93go6B1pW5Gr%2FWChvtq%2FYZgQ73mu57req5XX5dGRHq8VpGQ6YOe1%2Bi5jZbf8NotjM3%2Fsc0dWOqAj07JBUi%2BqD1xLkKyOZL4h%2BvCDjOdXn4rzhXNtMGIH7yfDBNdJIhXYWQcRMnBWTW0PV5%2FDJ3sLeVCj%2F4tDOWCOL88RpgcnIlEONpd6gwVRIKQP49iNIdQc0g6B9P3IPkxARjHrdtI4v1b2hR06x%2BWVuyC1J79CVksSO3pRSTxw2tKjut3tcozqROLcVRCjueQgznS%2FBDZ5BxkcQiWfQbJfydrz%2FpI4t3bVmlIXi57l3IOGc2hxBTUOsirIx3kkYM8dRDzkzrzPK%2Fjckbdbo%2BxJu%2BIMOCuRzuRRz036CJnlbwpsnQKpqZgZhup2cZQfnncvgCT%2Fwy7WcJyBzZbEOfdbYx4iUIQFJagoASFJCgygmJU7nFlfVvuc2Xz0Dvz%2FplvljOdDXbons4GIiGgZgrDy530lLxYjcjpbuxjKE7qTcFo1%2FdE1GpHXLR67V5btLth4LfbjLKoCStLSHtu2fVELsjl315HKhfkgv8XQnoIqw7B5EuguQdalKCbJSbJI5Wz4VZKM7YpjG0wHYPrEmlWQ7bl7KhT8vJyU%2F1LDgQ7uppN%2Frjx8OInYKZEakp8LJ8QDNT92R1dkN07urDk0e00k7Gc0GqLdzOaifPfvS22Cm34zet2%2Bu0brCKq8MF7wmZ9mnCZDCz5%2FprkXJh1bZggP920H4hwI7eb13KT5Gl%2F4831m3FqhLVSJ3NQuSC1oy0wuSAvPP10%2BUEv5V9AmjlMXiLOj8iZQepDsHQbNl3lrCYwaoXD9DyKvJwZP1wllSRQYoVpWML%2BB4ereGZo9ZrKcsfex8DUQLN7SOISI1NipEpQNYXNn5tlqTm6%2BuvXlX2DUNVmoTK13VAZ9VU1ZlJd55YDX5D%2BYBdWntQ7zaZLg17b63So6IQtvxsFHqfUbwV%2BENAmMruIAvbj3wAAAP%2F%2FAQAA%2F%2F99onbYhAQAAA%3D%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectendlesslyalwaysbeset.com
Fingerprint24:CC:3C:25:47:D7:61:35:9D:1F:FF:A6:3E:BF:D2:E0:16:60:72:DB
ValidityMon, 29 Apr 2024 08:49:02 GMT - Sun, 28 Jul 2024 08:49:01 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTuakIBjiycscNYTZ7p6ZnhmDBGPcEByTNVH0JtVV1bPlVHc1Vd3TsyPIYkByEUbwoqfeb%2FYHagjm4s0gswHRBWHntocs%2BDcI8So9Lo4%2BqHrve98r%2BN579flOfkp85PTk%2Bjt6IpWia%2B2GW3%2FlQ8%2B7Uu%2FLJB%2FXx93go6B1pW5Gr%2FWChvtq%2FYZgQ73mu57req5XX5dGRHq8VpGQ6YOe1%2Bi5jZbf8NotjM3%2Fsc0dWOqAj07JBUi%2BqD1xLkKyOZL4h%2BvCDjOdXn4rzhXNtMGIH7yfDBNdJIhXYWQcRMnBWTW0PV5%2FDJ3sLeVCj%2F4tDOWCOL88RpgcnIlEONpd6gwVRIKQP49iNIdQc0g6B9P3IPkxARjHrdtI4v1b2hR06x%2BWVuyC1J79CVksSO3pRSTxw2tKjut3tcozqROLcVRCjueQgznS%2FBDZ5BxkcQiWfQbJfydrz%2FpI4t3bVmlIXi57l3IOGc2hxBTUOsirIx3kkYM8dRDzkzrzPK%2Fjckbdbo%2BxJu%2BIMOCuRzuRRz036CJnlbwpsnQKpqZgZhup2cZQfnncvgCT%2Fwy7WcJyBzZbEOfdbYx4iUIQFJagoASFJCgygmJU7nFlfVvuc2Xz0Dvz%2FplvljOdDXbons4GIiGgZgrDy530lLxYjcjpbuxjKE7qTcFo1%2FdE1GpHXLR67V5btLth4LfbjLKoCStLSHtu2fVELsjl315HKhfkgv8XQnoIqw7B5EuguQdalKCbJSbJI5Wz4VZKM7YpjG0wHYPrEmlWQ7bl7KhT8vJyU%2F1LDgQ7uppN%2Frjx8OInYKZEakp8LJ8QDNT92R1dkN07urDk0e00k7Gc0GqLdzOaifPfvS22Cm34zet2%2Bu0brCKq8MF7wmZ9mnCZDCz5%2FprkXJh1bZggP920H4hwI7eb13KT5Gl%2F4831m3FqhLVSJ3NQuSC1oy0wuSAvPP10%2BUEv5V9AmjlMXiLOj8iZQepDsHQbNl3lrCYwaoXD9DyKvJwZP1wllSRQYoVpWML%2BB4ereGZo9ZrKcsfex8DUQLN7SOISI1NipEpQNYXNn5tlqTm6%2BuvXlX2DUNVmoTK13VAZ9VU1ZlJd55YDX5D%2BYBdWntQ7zaZLg17b63So6IQtvxsFHqfUbwV%2BENAmMruIAvbj3wAAAP%2F%2FAQAA%2F%2F99onbYhAQAAA%3D%3D HTTP/1.1
Host: endlesslyalwaysbeset.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Cookie: u_pl=20467878; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec3eca821ef45fde49595e58b6255cacf3=[4991488,4991490,4991489]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c3cc52e519b050c81f60e8f383bd637
Strict-Transport-Security: max-age=0; includeSubdomains

GET endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuu3m9OnyAY4snLHDWE2e6emZ4ZgwRj3BAckzVR9CbVVdWz5VR3NVXd07MjyGJAcpIRvOip95n9gRqCuXgzyGxAdEHYue0hC%2F4NQrxKj4ujL3S%2F71vPU%2FC8z1uf7eZnxEdOT6%2B%2FrSdSKbrebrj1lz%2FwvCv1vkzycX3cDT4MWlfqZvRqL2i4r9RvCDbU677rua7nevUNaUSkx%2BsVCJk%2B6HmNntto%2BQ2v3cLY%2FLe3uQNLHfDRGbkAyRe1J85FSDZHEn9%2FXdhhptPLb8a5opk2GPHD95JhoosE8aqMjIMoOTxnQ9uTjcfQyf5SLvToH2IoF8T5%2BTHC5PBcJMLR3lJnqCAShPw5FKM5hJpD0jmYvgfJTwjAOG7dRhIf3NKmoNt%2Fo7RCF6T27A%2FIYkFqTy8iiR9eU3Jcv6tVnkmdWIyjEnI8hxzMkeZHyCZrkMURWPYpJP%2BNrD%2FrI4n3blulIXm5nF3KOWQ0hxJTUOsgrz7pII8c5KmDmJ%2FWmed5HZcz6nZ7jDV5R4QBdz3aiTzquUEXOavkTZGlUzA1BTM7SM0OhvKLk%2FYFmPwn2K0Sljuw2YI47%2BxgxEsUgqCwBAUlKCRBkREUo3KfK%2Bvb8oArm4feefbPc7Oc6WywS%2Fd1NhAJATVTGF7upmfkhcoip7t5gKE4rTcFo13fE1GrHXHR6rV7bdHuhoHfbjPKoiasLCHt2nLqiVyQy7%2B%2BhlQuyAX%2FT4T0CFYdgckXQXMPtChBt0pMkkcqZ8PtlGZsSxjbYDoG1yXSrIZs29lVZ%2BSl5ab6l9Yg2PHVbPL7jYcXPwYzJVJT4iP5hGCg7s%2Fu6ILs3dGFJY9up5mM5YRWW7yb0Uz879u3xHahDb953U6%2FeZ1VQFU%2BeFfYrE8TLpOBJd9dk5wLs6ENE%2BTHm%2FZ9EW7mdutabpI87W%2B%2BsXEzTo2wVupkDioXpHa8DSYX5Pmnnywf6KX8c0gzh8lLxPkxOQ9IfQSW7sCmK%2F1WExi14oTpGoq8nBk%2FXB0qSaDEqqdhCfuvPlzVM0Or21SWu%2FY%2BBqYGmt1DEpcYmRIjVYKqKWz%2B%2F1mWmuOrv3xVxdcIVW0WKlPbC5VRX1Y2k6XX1c9ZkP5gD1ae1jvNpkuDXtvrdKjohC2%2FGwUep9RvBX4Q0CYyu4gC9sNfAAAA%2F%2F8BAAD%2F%2F8LZAUuEBAAA

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
endlesslyalwaysbeset.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuu3m9OnyAY4snLHDWE2e6emZ4ZgwRj3BAckzVR9CbVVdWz5VR3NVXd07MjyGJAcpIRvOip95n9gRqCuXgzyGxAdEHYue0hC%2F4NQrxKj4ujL3S%2F71vPU%2FC8z1uf7eZnxEdOT6%2B%2FrSdSKbrebrj1lz%2FwvCv1vkzycX3cDT4MWlfqZvRqL2i4r9RvCDbU677rua7nevUNaUSkx%2BsVCJk%2B6HmNntto%2BQ2v3cLY%2FLe3uQNLHfDRGbkAyRe1J85FSDZHEn9%2FXdhhptPLb8a5opk2GPHD95JhoosE8aqMjIMoOTxnQ9uTjcfQyf5SLvToH2IoF8T5%2BTHC5PBcJMLR3lJnqCAShPw5FKM5hJpD0jmYvgfJTwjAOG7dRhIf3NKmoNt%2Fo7RCF6T27A%2FIYkFqTy8iiR9eU3Jcv6tVnkmdWIyjEnI8hxzMkeZHyCZrkMURWPYpJP%2BNrD%2FrI4n3blulIXm5nF3KOWQ0hxJTUOsgrz7pII8c5KmDmJ%2FWmed5HZcz6nZ7jDV5R4QBdz3aiTzquUEXOavkTZGlUzA1BTM7SM0OhvKLk%2FYFmPwn2K0Sljuw2YI47%2BxgxEsUgqCwBAUlKCRBkREUo3KfK%2Bvb8oArm4feefbPc7Oc6WywS%2Fd1NhAJATVTGF7upmfkhcoip7t5gKE4rTcFo13fE1GrHXHR6rV7bdHuhoHfbjPKoiasLCHt2nLqiVyQy7%2B%2BhlQuyAX%2FT4T0CFYdgckXQXMPtChBt0pMkkcqZ8PtlGZsSxjbYDoG1yXSrIZs29lVZ%2BSl5ab6l9Yg2PHVbPL7jYcXPwYzJVJT4iP5hGCg7s%2Fu6ILs3dGFJY9up5mM5YRWW7yb0Uz879u3xHahDb953U6%2FeZ1VQFU%2BeFfYrE8TLpOBJd9dk5wLs6ENE%2BTHm%2FZ9EW7mdutabpI87W%2B%2BsXEzTo2wVupkDioXpHa8DSYX5Pmnnywf6KX8c0gzh8lLxPkxOQ9IfQSW7sCmK%2F1WExi14oTpGoq8nBk%2FXB0qSaDEqqdhCfuvPlzVM0Or21SWu%2FY%2BBqYGmt1DEpcYmRIjVYKqKWz%2B%2F1mWmuOrv3xVxdcIVW0WKlPbC5VRX1Y2k6XX1c9ZkP5gD1ae1jvNpkuDXtvrdKjohC2%2FGwUep9RvBX4Q0CYyu4gC9sNfAAAA%2F%2F8BAAD%2F%2F8LZAUuEBAAA
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectendlesslyalwaysbeset.com
Fingerprint24:CC:3C:25:47:D7:61:35:9D:1F:FF:A6:3E:BF:D2:E0:16:60:72:DB
ValidityMon, 29 Apr 2024 08:49:02 GMT - Sun, 28 Jul 2024 08:49:01 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuu3m9OnyAY4snLHDWE2e6emZ4ZgwRj3BAckzVR9CbVVdWz5VR3NVXd07MjyGJAcpIRvOip95n9gRqCuXgzyGxAdEHYue0hC%2F4NQrxKj4ujL3S%2F71vPU%2FC8z1uf7eZnxEdOT6%2B%2FrSdSKbrebrj1lz%2FwvCv1vkzycX3cDT4MWlfqZvRqL2i4r9RvCDbU677rua7nevUNaUSkx%2BsVCJk%2B6HmNntto%2BQ2v3cLY%2FLe3uQNLHfDRGbkAyRe1J85FSDZHEn9%2FXdhhptPLb8a5opk2GPHD95JhoosE8aqMjIMoOTxnQ9uTjcfQyf5SLvToH2IoF8T5%2BTHC5PBcJMLR3lJnqCAShPw5FKM5hJpD0jmYvgfJTwjAOG7dRhIf3NKmoNt%2Fo7RCF6T27A%2FIYkFqTy8iiR9eU3Jcv6tVnkmdWIyjEnI8hxzMkeZHyCZrkMURWPYpJP%2BNrD%2FrI4n3blulIXm5nF3KOWQ0hxJTUOsgrz7pII8c5KmDmJ%2FWmed5HZcz6nZ7jDV5R4QBdz3aiTzquUEXOavkTZGlUzA1BTM7SM0OhvKLk%2FYFmPwn2K0Sljuw2YI47%2BxgxEsUgqCwBAUlKCRBkREUo3KfK%2Bvb8oArm4feefbPc7Oc6WywS%2Fd1NhAJATVTGF7upmfkhcoip7t5gKE4rTcFo13fE1GrHXHR6rV7bdHuhoHfbjPKoiasLCHt2nLqiVyQy7%2B%2BhlQuyAX%2FT4T0CFYdgckXQXMPtChBt0pMkkcqZ8PtlGZsSxjbYDoG1yXSrIZs29lVZ%2BSl5ab6l9Yg2PHVbPL7jYcXPwYzJVJT4iP5hGCg7s%2Fu6ILs3dGFJY9up5mM5YRWW7yb0Uz879u3xHahDb953U6%2FeZ1VQFU%2BeFfYrE8TLpOBJd9dk5wLs6ENE%2BTHm%2FZ9EW7mdutabpI87W%2B%2BsXEzTo2wVupkDioXpHa8DSYX5Pmnnywf6KX8c0gzh8lLxPkxOQ9IfQSW7sCmK%2F1WExi14oTpGoq8nBk%2FXB0qSaDEqqdhCfuvPlzVM0Or21SWu%2FY%2BBqYGmt1DEpcYmRIjVYKqKWz%2B%2F1mWmuOrv3xVxdcIVW0WKlPbC5VRX1Y2k6XX1c9ZkP5gD1ae1jvNpkuDXtvrdKjohC2%2FGwUep9RvBX4Q0CYyu4gC9sNfAAAA%2F%2F8BAAD%2F%2F8LZAUuEBAAA HTTP/1.1
Host: endlesslyalwaysbeset.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Cookie: u_pl=20467878; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec3eca821ef45fde49595e58b6255cacf3=[4991488,4991490,4991489]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:35:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 37d864ca85673e4d3d900610ad4af54c
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=221b2bcc6c886d033875a6dca9060c2a&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=221b2bcc6c886d033875a6dca9060c2a&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=7bc06b6c-cceb-4d09-8173-1a10111b4eda&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=221b2bcc6c886d033875a6dca9060c2a&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 16:35:03 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7855d4516f328d3cd242ab679ab6cfeb
Strict-Transport-Security: max-age=0; includeSubdomains

GET www.luckypatchers.com/wp-content/uploads/2018/01/Lucky-Patcher-icon.png

172.67.74.56

200 OK

7.0 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/uploads/2018/01/Lucky-Patcher-icon.png
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
7.0 kB (7030 bytes)
Hash
fe4836807ecb6ef5e1bd188f45238e90
71cb69899a73829a74768a8254bc8f838f75f99f
5a251eebaef66b3451718700b5e3ee02388990a4f839e69da93f26e020d2d6b4

HTTP Headers

GET /wp-content/uploads/2018/01/Lucky-Patcher-icon.png HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Cookie: pll_language=en; dom3ic8zudi28v8lr6fgphwffqoz0j6c=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1; _ga_FBV84JFNZ5=GS1.1.1714840502.1.0.1714840502.0.0.0; _ga=GA1.1.1178061727.1714840503; m5a4xojbcp2nx3gptmm633qal3gzmadn=endlesslyalwaysbeset.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/png
content-length: 7030
cache-control: max-age=31536000, s-maxage=10
cf-bgj: imgq:85,h2pri
cf-polished: origSize=8612
etag: "21a4-595d1e4083580"
expires: Fri, 02 May 2025 12:13:03 GMT
last-modified: Sat, 26 Oct 2019 15:26:30 GMT
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 188122
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMTg7nEeCS1sB%2BzkPFhhUG8F3gTDC4AxHXvj15TivGCOXqMdLwmmpbqPNWOK%2BVmAxV%2Fmytka2rebFq%2F3aP2%2FUDl8SYbo8JV9eXrLQyfuWiMMEMqMXpjtCs8kIfZIxkuEJypThYFCaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6dc0d465689-OSL
alt-svc: h3=":443"; ma=86400

GET www.luckypatchers.com/wp-content/uploads/2018/01/Lucky-Patcher-icon.png

172.67.74.56

200 OK

7.0 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/uploads/2018/01/Lucky-Patcher-icon.png
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
7.0 kB (7030 bytes)
Hash
fe4836807ecb6ef5e1bd188f45238e90
71cb69899a73829a74768a8254bc8f838f75f99f
5a251eebaef66b3451718700b5e3ee02388990a4f839e69da93f26e020d2d6b4

HTTP Headers

GET /wp-content/uploads/2018/01/Lucky-Patcher-icon.png HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Cookie: pll_language=en; dom3ic8zudi28v8lr6fgphwffqoz0j6c=7bc06b6c-cceb-4d09-8173-1a10111b4eda%3A2%3A1; _ga_FBV84JFNZ5=GS1.1.1714840502.1.0.1714840502.0.0.0; _ga=GA1.1.1178061727.1714840503; m5a4xojbcp2nx3gptmm633qal3gzmadn=endlesslyalwaysbeset.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/png
content-length: 7030
cache-control: max-age=31536000, s-maxage=10
cf-bgj: imgq:85,h2pri
cf-polished: origSize=8612
etag: "21a4-595d1e4083580"
expires: Fri, 02 May 2025 12:13:03 GMT
last-modified: Sat, 26 Oct 2019 15:26:30 GMT
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 188122
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T66Qv%2BI1LZfzoL23TmtYDVB4kjxDNzJeznKw8nFzmZ%2FQATlgE24xrIQVIATGzg3hDVf3AQS%2FU4o6VCq64n4EGC3Ld%2FqLZqCnPrFvxAjbhSAdAAJKkeMWqvFT9MYIKCOUD6%2BWZmaYJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e9e6dc0d435689-OSL
alt-svc: h3=":443"; ma=86400

GET www.luckypatchers.com/wp-content/cache/minify/618c8.js

172.67.74.56

200 OK

317 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/cache/minify/618c8.js
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
317 kB (317330 bytes)
Hash
149df67de920263ad6be63ff35a8f677
d65b7958b48aed5305b1601ed840a5bae4c75609
5d1e61dad3f04706d666b87e8319e4cf173bbaaa7f288b94dc319e1bf76cb1a7

HTTP Headers

GET /wp-content/cache/minify/618c8.js HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=317336
etag: W/"4d798-6176361e07a6d"
expires: Thu, 01 May 2025 13:22:53 GMT
last-modified: Wed, 01 May 2024 12:11:11 GMT
referrer-policy: no-referrer-when-downgrade
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 267737
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2B3uzbfsqAo53LK8rXO0RXfdj0KyqUTDsjHZKTwg7o1nL75i3UzUsXZIdmTG5E1JQMkvp5dodpY3KH%2FYGtwKhmZ8Grpgu2HDag37ZDNNZ6wVfnrV6%2FzR40NjfmFfXh19ycnG871Ojg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 87e9e6cc6d235689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.cloudimagesb.com/si/62/f3/af/62f3afd73bea7438e3cb091f669622ff/1710839646.png

45.133.44.10

200 OK

120 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/62/f3/af/62f3afd73bea7438e3cb091f669622ff/1710839646.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced
Size
120 kB (119965 bytes)
Hash
c5a83c3079df6439410f74f3e8de6930
66dab231922cc92db7c41f49d7bdb7da1dfde08a
ee0745b5678c7e4277047ba8f87d53ee77e60a4985dace65c73b970521dbf1f8

HTTP Headers

GET /si/62/f3/af/62f3afd73bea7438e3cb091f669622ff/1710839646.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:35:03 GMT
content-type: image/png
content-length: 119965
server: nginx/1.21.6
last-modified: Tue, 19 Mar 2024 09:14:15 GMT
etag: "65f95767-1d49d"
expires: Mon, 06 May 2024 16:35:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.luckypatchers.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js

172.67.74.56

200 OK

6.3 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
JavaScript source, ASCII text, with very long lines (6422), with no line terminators
Size
6.3 kB (6274 bytes)
Hash
b786f6ea74a911b1a83c82643c944002
e3b1975042f679614ca0f02a98880cc75bea50c3
3d4a62276371cfd643fb195c9b4c2948b650319a26ef436c947fbb2aac4cc861

HTTP Headers

GET /wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: application/x-javascript
referrer-policy: no-referrer-when-downgrade
x-original-content-length: 6275
vary: Accept-Encoding
etag: W/"PSA-aj-a09HTdfpzb"
expires: Wed, 30 Apr 2025 19:21:08 GMT
cache-control: max-age=31535246
x-content-type-options: nosniff
cf-cache-status: HIT
age: 329220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UKzauXmQ3U%2F0wUj0rKXMxB6WG6EtcaY4kaJlPn%2FMB0RLjGkt3SEFdCvoS4WfGVgmyJuUTZzxGHjT%2FdUIKn6QXfYXAWxubeWT1oquchKy%2BVPcwwt%2BrkxwYOfjNZvUkTEadoPBmzCoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 87e9e6cc1c955689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET www.luckypatchers.com/wp-content/cache/minify/1f540.js

172.67.74.56

200 OK

12 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/cache/minify/1f540.js
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
JavaScript source, ASCII text, with very long lines (11513), with no line terminators
Size
12 kB (11513 bytes)
Hash
efc27e253fae1b7b891fb5a40e687768
ad12044651ffac0badcd0e42f32edef91678b1ff
46e36dd6ca93014e4915c723632bf180d27cc96ccfb7c26e69213e1a82129a62

HTTP Headers

GET /wp-content/cache/minify/1f540.js HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
etag: W/"2cf9-617393ddf094d"
expires: Wed, 30 Apr 2025 19:28:15 GMT
last-modified: Mon, 29 Apr 2024 09:54:38 GMT
referrer-policy: no-referrer-when-downgrade
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 329220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2JEngD7vpgNEjNR1ym7pnlM%2BtyhDa5lsYrEKNvkUkBcSqxqTsHGDz9JHBrds2oZKtVgzTBF5nSyMhIAo4GNCWbOD6%2BGYjWX6naVGc3PJ7QdQUKjRG5dEF6peT8233iVNEOvD99Fn2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 87e9e6cc6d1c5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET www.luckypatchers.com/wp-content/cache/minify/1615d.js

172.67.74.56

200 OK

6.3 kB

URL GET HTTP/3
www.luckypatchers.com/wp-content/cache/minify/1615d.js
IP
172.67.74.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectluckypatchers.com
Fingerprint45:61:6F:14:33:2F:55:81:DB:4F:62:B4:45:5C:C5:9D:99:4C:95:99
ValidityFri, 03 May 2024 23:56:54 GMT - Thu, 01 Aug 2024 23:56:53 GMT

File type
JavaScript source, ASCII text, with very long lines (6422), with no line terminators
Size
6.3 kB (6274 bytes)
Hash
b786f6ea74a911b1a83c82643c944002
e3b1975042f679614ca0f02a98880cc75bea50c3
3d4a62276371cfd643fb195c9b4c2948b650319a26ef436c947fbb2aac4cc861

HTTP Headers

GET /wp-content/cache/minify/1615d.js HTTP/1.1
Host: www.luckypatchers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.luckypatchers.com/lucky-patcher-all-versions/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 16:35:01 GMT
content-type: application/x-javascript
cache-control: max-age=31535676
cf-bgj: minify
etag: W/"PSA-aj-a09HTdfpzb"
expires: Wed, 30 Apr 2025 19:28:17 GMT
referrer-policy: no-referrer-when-downgrade
vary: Accept-Encoding
x-content-type-options: nosniff
x-original-content-length: 6275
cf-cache-status: HIT
age: 329219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JeTqZHNenKcoh4pgWGYun4ypj1GQKhrDYNAl8br4grRCMjG0SPZiAnl9kKxSNq8fcFWkMGGSmE1xbAXYoWO0u55wJwk7X64q%2BsJ2zVDlnMLAgRodny0a6AZXHI30%2BtvdmwTGWBpHnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 87e9e6cc7d3b5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET www.googletagmanager.com/gtag/js?id=G-FBV84JFNZ5&l=dataLayer&cx=c

142.250.74.168

200 OK

257 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FBV84JFNZ5&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
257 kB (256689 bytes)
Hash
7e512714000706cb1b9aa1d5715766e5
ea180f0b5ba012d897e11ad2775231dece04eb23
91de1acb83083547b2f34d1f63e45f867768a0401b0d59f11e3d4796e0a33bcc

HTTP Headers

GET /gtag/js?id=G-FBV84JFNZ5&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:35:02 GMT
expires: Sat, 04 May 2024 16:35:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET vaikijie.net/5/6325697/?oo=1&aab=1

139.45.197.244

200 OK

2.9 kB

URL GET HTTP/2
vaikijie.net/5/6325697/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://www.luckypatchers.com/lucky-patcher-all-versions/
Certificate
IssuerLet's Encrypt
Subjectvaikijie.net
Fingerprint16:35:56:02:7F:8B:C6:9F:4C:11:EE:FE:F5:DB:3C:FA:36:AB:F8:B7
ValidityTue, 30 Apr 2024 05:29:33 GMT - Mon, 29 Jul 2024 05:29:32 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3098), with no line terminators
Size
2.9 kB (2854 bytes)
Hash
d4b4638658b42379f640965cc4f824f0
044536cda595d8bc2013a67d3e204be47da89e05
3aafc30f9f4a34e5f033a0e386f775172f4b0c14a4fe05f71819271b47e4fc26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6325697/?oo=1&aab=1 HTTP/1.1
Host: vaikijie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.luckypatchers.com
DNT: 1
Connection: keep-alive
Referer: https://www.luckypatchers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 16:35:02 GMT
content-type: application/json
x-trace-id: fc277e6f84ced3cccf521da947eaef26
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.luckypatchers.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805250b44947edebc15e96463fa176; expires=Sun, 04 May 2025 16:35:02 GMT; path=/; secure; SameSite=None
oaidts=1714840502; expires=Sun, 04 May 2025 16:35:02 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by