Report - new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2

Report Overview

Submitted URL
new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
IP
136.243.110.236
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-08 16:07:20
Access
public
Website Title
OBSERVERA!
Final URL
new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2#
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2024-05-07	336 B	807 B	172.64.149.23
news-zacine.com	unknown	2023-10-03	2023-10-04	2024-05-01	491 B	9.2 kB	193.108.118.54
xxx-benefit.com	unknown	unknown	No data	No data	863 B	410 B	136.243.110.236
news-coreca.com	unknown	unknown	No data	No data	457 B	17 kB	193.108.118.16
new-benefit.com	unknown	unknown	No data	No data	5.3 kB	286 kB	136.243.110.236

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	xxx-benefit.com	Sinkholed
2024-05-08	medium	xxx-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed
2024-05-08	medium	new-benefit.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2	1.1 kB	2023-03-26	2024-05-08
Pretty URL new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 IP 136.243.110.236 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 04:30:56 Last Seen2024-05-08 18:07:26 Times Seen3 Hash 3d9504ed788a87a4540a53c08f29e122 6a259a43961d7c1ed4ae03da46c1859105c4e391 d6b4b7648d6d75d5f2a9b4f348f1c8344ca2b2a779600e6c76b1637d84fc88df Loading...

	new-benefit.com/scripts/redirect_click.js	3.3 kB	2024-05-08	2024-05-19
Pretty URL new-benefit.com/scripts/redirect_click.js IP 136.243.110.236 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:07:26 Last Seen2024-05-19 16:35:03 Times Seen6 Hash 6e49a78c811c765ab7d5914c557c9c09 e7ae71098de6ff5645b4c131bd81ecb0b06e8cfd 749ac207d8d715ecdbcb0baaff1d386e19852bfcf131a2d187fa7c0a284a4a44 Loading...

	news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4	8.9 kB	2024-05-01	2024-05-08
Pretty URL news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4 IP 193.108.118.54 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 09:45:13 Last Seen2024-05-08 20:49:21 Times Seen18 Hash f8a0f8d2c059e0f46e013480622e933d 523be7b151e654e4c27cf21e718cfe735a0bd8e9 1ab04ee1405c66352efc05723e33652f00dfbc8f2ebc4de021da9670caae2c35 Loading...

	news-coreca.com/process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4	17 kB	2024-05-08	2024-05-08
Pretty URL news-coreca.com/process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4 IP 193.108.118.16 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:07:26 Last Seen2024-05-08 18:07:26 Times Seen2 Hash 6961b96e4377ee925b99ead9f1862fdf fcc91f7df707a32347e2b0b5b334f7fee1da21ec 935bbc180c7eb88f10890ebbadf1fc5a4ac6a6bd521d03ee9db9fdc36d82084f Loading...

	new-benefit.com/dating/se/1n/index_files/jquery.min.js	93 kB	2023-03-26	2024-05-08
Pretty URL new-benefit.com/dating/se/1n/index_files/jquery.min.js IP 136.243.110.236 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:30:56 Last Seen2024-05-08 18:07:26 Times Seen9 Hash 247c469dcd4e66ad15f197dd57496fb7 32e1e91e32d128fbd6c043ca58381b2e92b3cea1 29f59f0923b001c25b63d46b7bc4432dfcb17c4d802d8918d4838af8e8a1e6a3 Loading...

	new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2	243 B	2024-05-08	2024-05-19
Pretty URL new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 IP 136.243.110.236 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 18:07:26 Last Seen2024-05-19 16:35:03 Times Seen3 Hash 34b0fe6bc31fbf7b06056d9bdf107463 cabfbe82de3324a3bbedd5900faeeffb322833dd 7f972eb4fe6e0e8e156f41369d2bb401e86bfdc64edd5931659dafe6f59339e9 Loading...

	new-benefit.com/scripts/propush_script_dating.js	3.3 kB	2024-05-08	2024-05-08
Pretty URL new-benefit.com/scripts/propush_script_dating.js IP 136.243.110.236 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:07:26 Last Seen2024-05-08 18:07:26 Times Seen2 Hash 3b95bdeb52e4feb3a720533bf67ffc35 0e1449ee0a9c3a74106ab8d33e55403868a86588 0bd6ffd9bb0e7578bdd99a2784c4f9670d02a521307f94feb5ae7a8c522f928c Loading...

	new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2	225 B	2024-05-08	2024-05-19
Pretty URL new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 IP 136.243.110.236 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 18:07:26 Last Seen2024-05-19 16:35:03 Times Seen3 Hash 213242338f0ba112f49b7aa0c6396373 8b07738c4bcf1baa4c5c175813d51709e0703863 8caf545077d993d252d90619c92a0c477a086f2d60bbe25810236e55bd4fc13f Loading...

HTTP Transactions (14)

URL IP Response Size

new-benefit.com/dating/se/1n/index_files/css.css

136.243.110.236

200 OK

3.1 kB

URL GET HTTP/2
new-benefit.com/dating/se/1n/index_files/css.css
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
ASCII text, with very long lines (3133), with no line terminators
Size
3.1 kB (3133 bytes)
Hash
6ddcd4980f9ade58dd45f21416b00787
9a297bcac63188417f2541f05a7a30bad468a14a
1f78fefa45bba02f6d4e40e48a972ef73b0da8ce7d9318a807d6fb1325a87f46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/index_files/css.css HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/css
content-length: 3133
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-c3d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

new-benefit.com/dating/se/1n/index_files/jquery.min.js

136.243.110.236

200 OK

93 kB

URL GET HTTP/2
new-benefit.com/dating/se/1n/index_files/jquery.min.js
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
JavaScript source, ASCII text, with very long lines (32065), with CRLF line terminators
Size
93 kB (93212 bytes)
Hash
247c469dcd4e66ad15f197dd57496fb7
32e1e91e32d128fbd6c043ca58381b2e92b3cea1
29f59f0923b001c25b63d46b7bc4432dfcb17c4d802d8918d4838af8e8a1e6a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/index_files/jquery.min.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 93212
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-16c1c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

new-benefit.com/scripts/propush_script_dating.js

136.243.110.236

200 OK

3.3 kB

URL GET HTTP/2
new-benefit.com/scripts/propush_script_dating.js
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.3 kB (3315 bytes)
Hash
3b95bdeb52e4feb3a720533bf67ffc35
0e1449ee0a9c3a74106ab8d33e55403868a86588
0bd6ffd9bb0e7578bdd99a2784c4f9670d02a521307f94feb5ae7a8c522f928c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/propush_script_dating.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 3315
last-modified: Wed, 08 May 2024 12:25:05 GMT
etag: "663b6f21-cf3"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

new-benefit.com/scripts/redirect_click.js

136.243.110.236

200 OK

3.3 kB

URL GET HTTP/2
new-benefit.com/scripts/redirect_click.js
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
3.3 kB (3318 bytes)
Hash
6e49a78c811c765ab7d5914c557c9c09
e7ae71098de6ff5645b4c131bd81ecb0b06e8cfd
749ac207d8d715ecdbcb0baaff1d386e19852bfcf131a2d187fa7c0a284a4a44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/redirect_click.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 3318
last-modified: Fri, 03 May 2024 15:17:44 GMT
etag: "66350018-cf6"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

new-benefit.com/dating/se/1n/index_files/25.jpg

136.243.110.236

200 OK

143 kB

URL GET HTTP/2
new-benefit.com/dating/se/1n/index_files/25.jpg
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=500, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=380], progressive, precision 8, 380x500, components 3
Size
143 kB (143135 bytes)
Hash
b63e460b4a878db5b2fa070cc0179503
0c2173fb8502a39bd4d380f2a7bcf07842fcd90b
8f5d4d5f7e73215d18fe7bdf86a46c96bc17b25836d6b4e2745d26b6672e44a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/index_files/25.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: image/jpeg
content-length: 143135
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-22f1f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

new-benefit.com/dating/se/1n/index_files/TK3hWkUHHAIjg75-ohoTus9C.woff2

136.243.110.236

404 Not Found

153 B

URL GET HTTP/2
new-benefit.com/dating/se/1n/index_files/TK3hWkUHHAIjg75-ohoTus9C.woff2
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
a1ed5ecb9c651451520019b3747a06ef
724e59314a0890297915c1010e38e3267cdd810e
1b47c0dc50d20d7239392e8e3917cf1340aa2acf53b7e6a84ee56714471e26f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/index_files/TK3hWkUHHAIjg75-ohoTus9C.woff2 HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/index_files/css.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/html
content-length: 153
X-Firefox-Spdy: h2

zerossl.ocsp.sectigo.com/

172.64.149.23

315 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
315 B (315 bytes)
Hash
d0c1fc10fcefddf559fc6efd164e42ad
f2d87d89bc32d4a6f5150825ec19b3ed52d970e8
14b8d0cff859554ec57bcc125535a2b872721062537c4584dd90a07fdcbe05c2

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 16:06:54 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 00:24:18 GMT
Expires: Tue, 14 May 2024 00:24:17 GMT
Etag: "f2d87d89bc32d4a6f5150825ec19b3ed52d970e8"
Cache-Control: max-age=461352,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 880ab31e9ee8b529-OSL

news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4

193.108.118.54

200 OK

8.9 kB

URL GET HTTP/2
news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4
IP
193.108.118.54:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerZeroSSL
Subjectnews-zacine.com
Fingerprint8E:B8:5C:19:B8:B7:C9:AE:88:87:23:0F:3B:F7:95:B5:93:55:46:EE
ValidityMon, 01 Apr 2024 00:00:00 GMT - Sun, 30 Jun 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8924), with no line terminators
Size
8.9 kB (8924 bytes)
Hash
f8a0f8d2c059e0f46e013480622e933d
523be7b151e654e4c27cf21e718cfe735a0bd8e9
1ab04ee1405c66352efc05723e33652f00dfbc8f2ebc4de021da9670caae2c35

HTTP Headers

GET /code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Dating&sub2=ClickAdilla&sub3=sub3&sub4=sub4 HTTP/1.1
Host: news-zacine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript
content-length: 8924
last-modified: Tue, 30 Apr 2024 11:03:41 GMT
etag: "6630d00d-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

new-benefit.com/dating/se/1n/index_files/favicon.png

136.243.110.236

200 OK

9.9 kB

URL GET HTTP/2
new-benefit.com/dating/se/1n/index_files/favicon.png
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
PNG image data, 200 x 202, 8-bit colormap, non-interlaced
Size
9.9 kB (9919 bytes)
Hash
2a08fb585eebdff9c32113ad4e6f26f6
efdfe4bec872c0eae76ac3d689b1ab774ac4b7ee
2a991c7b518029d630b3a5cb087adc1e98dc1971d3d414790be8d0c8be946b68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/index_files/favicon.png HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: image/png
content-length: 9919
last-modified: Wed, 10 Apr 2024 11:20:44 GMT
etag: "6616760c-26bf"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

xxx-benefit.com/click.php?event10=0

136.243.110.236

200 OK

0 B

URL GET HTTP/2
xxx-benefit.com/click.php?event10=0
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectxxx-benefit.com
Fingerprint32:9E:E1:C6:4D:C9:66:99:08:C9:AA:6D:7B:16:92:D2:A2:04:4B:6F
ValidityMon, 29 Apr 2024 10:58:54 GMT - Sun, 28 Jul 2024 10:58:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click.php?event10=0 HTTP/1.1
Host: xxx-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

news-coreca.com/process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4

193.108.118.16

200 OK

17 kB

URL GET HTTP/2
news-coreca.com/process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4
IP
193.108.118.16:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subject*.news-coreca.com
FingerprintAC:F0:20:73:34:E8:56:38:FA:69:24:D5:C4:9C:DB:F0:59:9B:F9:2A
ValidityWed, 01 May 2024 10:41:45 GMT - Tue, 30 Jul 2024 10:41:44 GMT

File type
JavaScript source, ASCII text, with very long lines (16808)
Size
17 kB (17064 bytes)
Hash
6961b96e4377ee925b99ead9f1862fdf
fcc91f7df707a32347e2b0b5b334f7fee1da21ec
935bbc180c7eb88f10890ebbadf1fc5a4ac6a6bd521d03ee9db9fdc36d82084f

HTTP Headers

GET /process.js?id=1222735510&p1=Dating&p2=ClickAdilla&p3=sub3&p4=sub4 HTTP/1.1
Host: news-coreca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:06:54 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2

xxx-benefit.com/click.php?event7=1

136.243.110.236

200 OK

0 B

URL GET HTTP/2
xxx-benefit.com/click.php?event7=1
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectxxx-benefit.com
Fingerprint32:9E:E1:C6:4D:C9:66:99:08:C9:AA:6D:7B:16:92:D2:A2:04:4B:6F
ValidityMon, 29 Apr 2024 10:58:54 GMT - Sun, 28 Jul 2024 10:58:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click.php?event7=1 HTTP/1.1
Host: xxx-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:07:04 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2

136.243.110.236

200 OK

28 kB

URL User Request GET HTTP/2
new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type

Size
28 kB (27484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2 HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:53 GMT
content-type: text/html
last-modified: Fri, 03 May 2024 12:06:53 GMT
etag: W/"6634d35d-6b5c"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

new-benefit.com/dating/se/1n/files/css2.css

136.243.110.236

404 Not Found

153 B

URL GET HTTP/2
new-benefit.com/dating/se/1n/files/css2.css
IP
136.243.110.236:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Certificate
IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT

File type
HTML document, ASCII text, with no line terminators
Size
153 B (153 bytes)
Hash
bcc88bb66ed955242c6d722a4b02e287
11644d240504277e77c707d64d4a032e23a073c3
138fd31626cff5b1edbb92e9eebef1d61461100e57701d17915226fa133294a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dating/se/1n/files/css2.css HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/dating/se/1n/?s1=59&trafficsource_name=ClickAdilla&t1=[CAMPAIGN_ID]&uclick=h9heh9twi4&uclickhash=h9heh9twi4-h9heh9twi4-q5sc8n-0-qqb4-1zq5bl-gh1m0-53a1f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.16.1
date: Wed, 08 May 2024 16:06:54 GMT
content-type: text/html
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML