| new-benefit.com/dating/se/1n/index_files/css.css | 136.243.110.236 | 200 OK | 3.1 kB |
URL GET HTTP/2new-benefit.com/dating/se/1n/index_files/css.css IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeASCII text, with very long lines (3133), with no line terminators Hash6ddcd4980f9ade58dd45f21416b00787 9a297bcac63188417f2541f05a7a30bad468a14a 1f78fefa45bba02f6d4e40e48a972ef73b0da8ce7d9318a807d6fb1325a87f46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/index_files/css.css HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/css
content-length: 3133
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-c3d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| new-benefit.com/dating/se/1n/index_files/jquery.min.js | 136.243.110.236 | 200 OK | 93 kB |
URL GET HTTP/2new-benefit.com/dating/se/1n/index_files/jquery.min.js IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeJavaScript source, ASCII text, with very long lines (32065), with CRLF line terminators Hash247c469dcd4e66ad15f197dd57496fb7 32e1e91e32d128fbd6c043ca58381b2e92b3cea1 29f59f0923b001c25b63d46b7bc4432dfcb17c4d802d8918d4838af8e8a1e6a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/index_files/jquery.min.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 93212
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-16c1c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| new-benefit.com/scripts/propush_script_dating.js | 136.243.110.236 | 200 OK | 3.3 kB |
URL GET HTTP/2new-benefit.com/scripts/propush_script_dating.js IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hash3b95bdeb52e4feb3a720533bf67ffc35 0e1449ee0a9c3a74106ab8d33e55403868a86588 0bd6ffd9bb0e7578bdd99a2784c4f9670d02a521307f94feb5ae7a8c522f928c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /scripts/propush_script_dating.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 3315
last-modified: Wed, 08 May 2024 12:25:05 GMT
etag: "663b6f21-cf3"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| new-benefit.com/scripts/redirect_click.js | 136.243.110.236 | 200 OK | 3.3 kB |
URL GET HTTP/2new-benefit.com/scripts/redirect_click.js IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash6e49a78c811c765ab7d5914c557c9c09 e7ae71098de6ff5645b4c131bd81ecb0b06e8cfd 749ac207d8d715ecdbcb0baaff1d386e19852bfcf131a2d187fa7c0a284a4a44
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /scripts/redirect_click.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 3318
last-modified: Fri, 03 May 2024 15:17:44 GMT
etag: "66350018-cf6"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| new-benefit.com/dating/se/1n/index_files/25.jpg | 136.243.110.236 | 200 OK | 143 kB |
URL GET HTTP/2new-benefit.com/dating/se/1n/index_files/25.jpg IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=500, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=380], progressive, precision 8, 380x500, components 3 Size143 kB (143135 bytes) Hashb63e460b4a878db5b2fa070cc0179503 0c2173fb8502a39bd4d380f2a7bcf07842fcd90b 8f5d4d5f7e73215d18fe7bdf86a46c96bc17b25836d6b4e2745d26b6672e44a0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/index_files/25.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: image/jpeg
content-length: 143135
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-22f1f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| new-benefit.com/dating/se/1n/index_files/TK3hWkUHHAIjg75-ohoTus9C.woff2 | 136.243.110.236 | 404 Not Found | 153 B |
URL GET HTTP/2new-benefit.com/dating/se/1n/index_files/TK3hWkUHHAIjg75-ohoTus9C.woff2 IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hasha1ed5ecb9c651451520019b3747a06ef 724e59314a0890297915c1010e38e3267cdd810e 1b47c0dc50d20d7239392e8e3917cf1340aa2acf53b7e6a84ee56714471e26f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/index_files/TK3hWkUHHAIjg75-ohoTus9C.woff2 HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/index_files/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/html
content-length: 153
X-Firefox-Spdy: h2
|
|
| zerossl.ocsp.sectigo.com/ | 172.64.149.23 | | 315 B |
URL zerossl.ocsp.sectigo.com/ IP172.64.149.23:0
Hashd0c1fc10fcefddf559fc6efd164e42ad f2d87d89bc32d4a6f5150825ec19b3ed52d970e8 14b8d0cff859554ec57bcc125535a2b872721062537c4584dd90a07fdcbe05c2
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 16:06:54 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 00:24:18 GMT
Expires: Tue, 14 May 2024 00:24:17 GMT
Etag: "f2d87d89bc32d4a6f5150825ec19b3ed52d970e8"
Cache-Control: max-age=461352,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 880ab31e9ee8b529-OSL
|
|
| news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4 | 193.108.118.54 | 200 OK | 8.9 kB |
URL GET HTTP/2news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4 IP193.108.118.54:443 ASN#63023 AS-GLOBALTELEHOST
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerZeroSSL Subjectnews-zacine.com Fingerprint8E:B8:5C:19:B8:B7:C9:AE:88:87:23:0F:3B:F7:95:B5:93:55:46:EE ValidityMon, 01 Apr 2024 00:00:00 GMT - Sun, 30 Jun 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8924), with no line terminators Hashf8a0f8d2c059e0f46e013480622e933d 523be7b151e654e4c27cf21e718cfe735a0bd8e9 1ab04ee1405c66352efc05723e33652f00dfbc8f2ebc4de021da9670caae2c35
GET /code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4 HTTP/1.1
Host: news-zacine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 8924
last-modified: Tue, 30 Apr 2024 11:03:41 GMT
etag: "6630d00d-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| new-benefit.com/dating/se/1n/index_files/favicon.png | 136.243.110.236 | 200 OK | 9.9 kB |
URL GET HTTP/2new-benefit.com/dating/se/1n/index_files/favicon.png IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typePNG image data, 200 x 202, 8-bit colormap, non-interlaced Hash2a08fb585eebdff9c32113ad4e6f26f6 efdfe4bec872c0eae76ac3d689b1ab774ac4b7ee 2a991c7b518029d630b3a5cb087adc1e98dc1971d3d414790be8d0c8be946b68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/index_files/favicon.png HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: image/png
content-length: 9919
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-26bf"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| xxx-benefit.com/click.php?event10=0 | 136.243.110.236 | 200 OK | 0 B |
URL GET HTTP/2xxx-benefit.com/click.php?event10=0 IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectxxx-benefit.com Fingerprint32:9E:E1:C6:4D:C9:66:99:08:C9:AA:6D:7B:16:92:D2:A2:04:4B:6F ValidityMon, 29 Apr 2024 10:58:54 GMT - Sun, 28 Jul 2024 10:58:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /click.php?event10=0 HTTP/1.1
Host: xxx-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-coreca.com/process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4 | 193.108.118.16 | 200 OK | 17 kB |
URL GET HTTP/2news-coreca.com/process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4 IP193.108.118.16:443 ASN#63023 AS-GLOBALTELEHOST
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subject*.news-coreca.com FingerprintAC:F0:20:73:34:E8:56:38:FA:69:24:D5:C4:9C:DB:F0:59:9B:F9:2A ValidityWed, 01 May 2024 10:41:45 GMT - Tue, 30 Jul 2024 10:41:44 GMT
File typeJavaScript source, ASCII text, with very long lines (16808) Hash6961b96e4377ee925b99ead9f1862fdf fcc91f7df707a32347e2b0b5b334f7fee1da21ec 935bbc180c7eb88f10890ebbadf1fc5a4ac6a6bd521d03ee9db9fdc36d82084f
GET /process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4 HTTP/1.1
Host: news-coreca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| xxx-benefit.com/click.php?event7=1 | 136.243.110.236 | 200 OK | 0 B |
URL GET HTTP/2xxx-benefit.com/click.php?event7=1 IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectxxx-benefit.com Fingerprint32:9E:E1:C6:4D:C9:66:99:08:C9:AA:6D:7B:16:92:D2:A2:04:4B:6F ValidityMon, 29 Apr 2024 10:58:54 GMT - Sun, 28 Jul 2024 10:58:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /click.php?event7=1 HTTP/1.1
Host: xxx-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:07:04 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 | 136.243.110.236 | 200 OK | 28 kB |
URL User Request GET HTTP/2new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:53 GMT
content-type: text/html
last-modified: Fri, 03 May 2024 12:06:53 GMT
etag: W/"6634d35d-6b5c"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| new-benefit.com/dating/se/1n/files/css2.css | 136.243.110.236 | 404 Not Found | 153 B |
URL GET HTTP/2new-benefit.com/dating/se/1n/files/css2.css IP136.243.110.236:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 CertificateIssuerLet's Encrypt Subjectnew-benefit.com Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5 ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File typeHTML document, ASCII text, with no line terminators Hashbcc88bb66ed955242c6d722a4b02e287 11644d240504277e77c707d64d4a032e23a073c3 138fd31626cff5b1edbb92e9eebef1d61461100e57701d17915226fa133294a8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating/se/1n/files/css2.css HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/html
content-encoding: gzip
X-Firefox-Spdy: h2
|
|