Report - a4wqmz.click/yc8006Q2

Report Overview

Submitted URL
a4wqmz.click/yc8006Q2
IP
192.250.227.23
ASN
#36454 WHG Hosting Services Ltd
Submitted
2024-03-28 20:04:29
Access
public
Website Title
DOWNLOAD READY
Final URL
suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.cimentbuilder.one	unknown	2024-01-15	2024-01-15	2024-03-27	2.4 kB	5.4 kB	51.68.82.147
admoustache.aftrad-visit.com	unknown	2023-02-15	2024-01-24	2024-03-23	717 B	982 B	104.26.7.190
suftinyou.com	unknown	2024-02-09	2024-02-09	2024-03-23	1.6 kB	17 kB	185.32.28.133
a4wqmz.click	unknown	unknown	No data	No data	475 B	498 B	192.250.227.23
cchcontent.com	unknown	2023-09-05	2023-09-05	2024-02-26	535 B	267 B	64.227.23.114
gainprizesnow.life	unknown	2023-11-17	2023-12-01	2024-03-04	1.1 kB	63 kB	185.155.184.32
506kglr.pamwrymm.live	unknown	unknown	No data	No data	1.3 kB	2.3 kB	185.155.184.55

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	gainprizesnow.life	Sinkholed
2024-03-28	medium	gainprizesnow.life	Sinkholed
2024-03-28	medium	pamwrymm.live	Sinkholed
2024-03-28	medium	pamwrymm.live	Sinkholed
2024-03-28	medium	suftinyou.com	Sinkholed
2024-03-28	medium	suftinyou.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	suftinyou.com/assets/js/backlink_back_button.js	632 B	2023-03-08	2024-04-28
Pretty URL suftinyou.com/assets/js/backlink_back_button.js IP 185.32.28.133 ASN #15699 OGIC Informatica S.L. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:13 Last Seen2024-04-28 06:59:32 Times Seen3794 Hash 7c847657cd58fd5f3b656c5dd486808a 54781827b08eb75f27786b20bfded403c3117a69 b1b1b5affe702bae9e97deabbdb3f19bcf8f12a1ddd410ff189c61c3bc159c06 Loading...

	suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS	216 B	2024-03-28	2024-03-28
Pretty URL suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS IP 185.32.28.133 ASN #15699 OGIC Informatica S.L. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-28 21:04:36 Last Seen2024-03-28 21:04:36 Times Seen1 Hash 549fd6a7c30f803b8366d1c67c11320e b79789e953ecfe4feeeb04eb725c87df5cc11b27 9de27b1ac898885e2f041d6124fcdbcab57c4faadfee3a6eacc8f8146e14837e Loading...

HTTP Transactions (13)

URL IP Response Size

a4wqmz.click/yc8006Q2

192.250.227.23

51 B

URL
a4wqmz.click/yc8006Q2
IP
192.250.227.23:0
ASN
#36454 WHG Hosting Services Ltd

File type
HTML document, ASCII text, with no line terminators
Size
51 B (51 bytes)
Hash
b32a6df14d2ef05e2c0ed7ac391305ad
3dd88164832c25b48ccf6f173a8518787e460208
671a29e25d1b52d8b19cb169bba6f224144b362ae2b598ae54dcaa6e3f973c15

HTTP Headers

GET /yc8006Q2 HTTP/1.1
Host: a4wqmz.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 51
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Thu, 28 Mar 2024 20:04:04 GMT
server: LiteSpeed
x-content-type-options: DENY
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

cchcontent.com/?k=32ec675d4c38635d046111b401dcdf5d&type=mainstream&subtype=global

64.227.23.114

0 B

URL
cchcontent.com/?k=32ec675d4c38635d046111b401dcdf5d&type=mainstream&subtype=global
IP
64.227.23.114:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?k=32ec675d4c38635d046111b401dcdf5d&type=mainstream&subtype=global HTTP/1.1
Host: cchcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.16.1 (Ubuntu)
Date: Thu, 28 Mar 2024 20:04:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: https://gainprizesnow.life/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38

gainprizesnow.life/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38

185.155.184.32

63 kB

URL
gainprizesnow.life/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38
IP
185.155.184.32:0
ASN
#5398 AS5398 SA

File type
HTML document, ASCII text, with very long lines (47858), with CRLF line terminators
Size
63 kB (62692 bytes)
Hash
0226bc1c8d4f085f12a1ac338841e318
9dded7a9b80cb343295b7b3eedec3ef55a518eaa
fb985177ebed393e8d01dffa504182b3ec4e285dcbdd2b6ecda45a34bdacb3b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38 HTTP/1.1
Host: gainprizesnow.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 20:04:06 GMT
Content-Type: text/html
Content-Length: 62692
Connection: keep-alive
set-cookie: sid=t6~i4fossldu1d202zq0gnibx2q; path=/
sid=t6~i4fossldu1d202zq0gnibx2q; path=/
p1=https://pamwrymm.live/enfaqkfa/; path=/
s1=7c768yavi566xn1y; path=/
cache-control: private, no-transform

gainprizesnow.life/favicon.ico

185.155.184.32

0 B

URL
gainprizesnow.life/favicon.ico
IP
185.155.184.32:0
ASN
#5398 AS5398 SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gainprizesnow.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gainprizesnow.life/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38
Cookie: sid=t6~i4fossldu1d202zq0gnibx2q; p1=https://pamwrymm.live/enfaqkfa/; s1=7c768yavi566xn1y
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Thu, 28 Mar 2024 20:04:07 GMT
Connection: keep-alive
Cache-Control: no-transform

506kglr.pamwrymm.live/enfaqkfa/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38&f=1&sid=t6~i4fossldu1d202zq0gnibx2q&fp=W7Ab1%2F2i1ujWPqMJ1CoKDw%3D%3D

185.155.184.55

1.5 kB

URL
506kglr.pamwrymm.live/enfaqkfa/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38&f=1&sid=t6~i4fossldu1d202zq0gnibx2q&fp=W7Ab1%2F2i1ujWPqMJ1CoKDw%3D%3D
IP
185.155.184.55:0
ASN
#5398 AS5398 SA

File type
HTML document, Unicode text, UTF-8 text, with very long lines (562), with CRLF line terminators
Size
1.5 kB (1475 bytes)
Hash
f11e6af60b7a749b730a09903ad4b5fe
88a3ac0d42a5ae272066173bc3a2be350a3c95b4
960267242d358f7f33d19b6bcb87c6716dcd23974076a4261f526d5048b405ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /enfaqkfa/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38&f=1&sid=t6~i4fossldu1d202zq0gnibx2q&fp=W7Ab1%2F2i1ujWPqMJ1CoKDw%3D%3D HTTP/1.1
Host: 506kglr.pamwrymm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gainprizesnow.life/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 28 Mar 2024 20:04:07 GMT
Content-Type: text/html
Content-Length: 1475
Connection: keep-alive
cache-control: private

506kglr.pamwrymm.live/web/?sid=t6~i4fossldu1d202zq0gnibx2q

185.155.184.55

273 B

URL
506kglr.pamwrymm.live/web/?sid=t6~i4fossldu1d202zq0gnibx2q
IP
185.155.184.55:0
ASN
#5398 AS5398 SA

File type
HTML document, ASCII text, with CRLF line terminators
Size
273 B (273 bytes)
Hash
cd8f7102b461bee4793ab43f0c2a7794
0f2c88abd84af565228347a2fa97121d50011d95
c61b2aa418847c8408e01763f455f198ac4de42377b878fc31429e9af31a1e2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web/?sid=t6~i4fossldu1d202zq0gnibx2q HTTP/1.1
Host: 506kglr.pamwrymm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506kglr.pamwrymm.live/enfaqkfa/?u=rlgk605&o=9p8p5bv&cid=67c759d5a322ee96b795b96f50060b38&f=1&sid=t6~i4fossldu1d202zq0gnibx2q&fp=W7Ab1%2F2i1ujWPqMJ1CoKDw%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: openresty
Date: Thu, 28 Mar 2024 20:04:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 273
Connection: keep-alive
location: https://take.bestdealfor10.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=40fd8671-4932-4cc3-9391-46e755b47e74&np=1
referrer-policy: no-referrer

www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314

51.68.82.147

4.4 kB

URL
www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with very long lines (3488)
Size
4.4 kB (4353 bytes)
Hash
892aaca503396857b20782526c7c8cd5
fa48b862f0e918b5fc40c31ce35a8675ef38222f
4e38711ca5b96635a641f992a85548fab7186e809df1413b9b27f0c04ba9a202

HTTP Headers

GET /?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314 HTTP/1.1
Host: www.cimentbuilder.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://take.bestdealfor10.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 20:04:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version

www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=172bfee4df6744c8eb6edf86bbb39bae&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com

51.68.82.147

302 Found

0 B

URL User Request GET HTTP/1.1
www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=172bfee4df6744c8eb6edf86bbb39bae&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com
IP
51.68.82.147:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwww.cimentbuilder.one
Fingerprint7D:25:43:48:89:1A:D8:26:8D:E7:E9:D7:08:11:E1:AC:71:F3:D0:8A
ValidityFri, 15 Mar 2024 11:11:11 GMT - Thu, 13 Jun 2024 11:11:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=172bfee4df6744c8eb6edf86bbb39bae&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com HTTP/1.1
Host: www.cimentbuilder.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 28 Mar 2024 20:04:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=3&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com

www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=3&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com

51.68.82.147

302 Found

0 B

URL User Request GET HTTP/1.1
www.cimentbuilder.one/?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=3&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com
IP
51.68.82.147:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwww.cimentbuilder.one
Fingerprint7D:25:43:48:89:1A:D8:26:8D:E7:E9:D7:08:11:E1:AC:71:F3:D0:8A
ValidityFri, 15 Mar 2024 11:11:11 GMT - Thu, 13 Jun 2024 11:11:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5738009-ccc5a&data1=Track1&data2=Track2&tag=M7351507607170842684&website=1314-5ecd6faz&placement=1314&eyeg=3&eyer=0.9723774255655455&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=take.bestdealfor10.com HTTP/1.1
Host: www.cimentbuilder.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 28 Mar 2024 20:04:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000069f69330d7c7b52c9734384e5ac24fa0328-202403-flb*5738009-ccc5a*M7351507607170842684*sl_5738009-ccc5a*e629bf3a109d199d6c7f5333e0f030b903d5282f*1314-5ecd6faz*1314

www.cimentbuilder.one/favicon.ico

51.68.82.147

0 B

URL
www.cimentbuilder.one/favicon.ico
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.cimentbuilder.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Date: Thu, 28 Mar 2024 20:04:08 GMT
Connection: keep-alive

admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000069f69330d7c7b52c9734384e5ac24fa0328-202403-flb*5738009-ccc5a*M7351507607170842684*sl_5738009-ccc5a*e629bf3a109d199d6c7f5333e0f030b903d5282f*1314-5ecd6faz*1314

104.26.7.190

302 Found

214 B

URL User Request GET HTTP/2
admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000069f69330d7c7b52c9734384e5ac24fa0328-202403-flb*5738009-ccc5a*M7351507607170842684*sl_5738009-ccc5a*e629bf3a109d199d6c7f5333e0f030b903d5282f*1314-5ecd6faz*1314
IP
104.26.7.190:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectaftrad-visit.com
Fingerprint11:AD:9E:62:74:42:B2:6C:A1:25:B9:68:C3:9C:DA:E6:F5:D4:AA:C9
ValidityMon, 05 Feb 2024 22:00:01 GMT - Sun, 05 May 2024 22:00:00 GMT

File type
HTML document, ASCII text
Size
214 B (214 bytes)
Hash
2f1445f2a823b36b8bf390a36bc65760
981f6b69b3dfab25fb820014e46ad024e0d13910
eea9477b3156f2784e1f5e65f9d0fe9e6a97dd472521c49b5b319f4b7fbcfc6f

HTTP Headers

GET /track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000069f69330d7c7b52c9734384e5ac24fa0328-202403-flb*5738009-ccc5a*M7351507607170842684*sl_5738009-ccc5a*e629bf3a109d199d6c7f5333e0f030b903d5282f*1314-5ecd6faz*1314 HTTP/1.1
Host: admoustache.aftrad-visit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 28 Mar 2024 20:04:08 GMT
content-type: text/html; charset=utf-8
content-length: 214
location: https://suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2BWD1WMcUtRImZLDJRhMVmLYFwEYNTbAY5IZjmkbqI0rh%2Fzzjrik85%2FBzwd2Me3tfasV90S8a5u%2FGyrjDKtInesBpGNYXI2O8PwvP76iKBaLAII5PunSB2or7kVu6xQrErScU7IZ6SYdEpILNes%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86ba3a438f0b0b55-OSL
X-Firefox-Spdy: h2

suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS

185.32.28.133

200 OK

15 kB

URL User Request GET HTTP/1.1
suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS
IP
185.32.28.133:443
ASN
#15699 OGIC Informatica S.L.

Certificate
IssuerLet's Encrypt
Subjectsuftinyou.com
Fingerprint2C:18:63:18:4E:6D:CA:FF:28:B4:75:D1:D7:F4:BE:02:4B:81:FA:51
ValidityFri, 09 Feb 2024 06:10:29 GMT - Thu, 09 May 2024 06:10:28 GMT

File type
HTML document, ASCII text, with very long lines (5740)
Size
15 kB (15349 bytes)
Hash
edbb048bd493f7c671def2a01bda8c9a
bf0af7abf4056411c2fa7e937a80f6c06a8b4a66
804028d52c253032de95e3523f1dc600b5159c02c7b91789b99de6b0dfcb6e47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS HTTP/1.1
Host: suftinyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 20:04:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: redirect_user_data=%7B%22country%22%3A%22NO%22%2C%22city%22%3Anull%2C%22isp%22%3A%22blix+solutions%22%2C%22netspeed%22%3A%22%22%7D; expires=Thu, 28-Mar-2024 20:14:04 GMT; Max-Age=600
_tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002186539531745%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22NO%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22blix+solutions%22%3Bs%3A5%3A%22_time%22%3Bi%3A1711656244%3B%7D; expires=Thu, 28-Mar-2024 20:06:04 GMT; Max-Age=120
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff

suftinyou.com/assets/js/backlink_back_button.js

185.32.28.133

200 OK

632 B

URL GET HTTP/1.1
suftinyou.com/assets/js/backlink_back_button.js
IP
185.32.28.133:443
ASN
#15699 OGIC Informatica S.L.

Requested by
https://suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS
Certificate
IssuerLet's Encrypt
Subjectsuftinyou.com
Fingerprint2C:18:63:18:4E:6D:CA:FF:28:B4:75:D1:D7:F4:BE:02:4B:81:FA:51
ValidityFri, 09 Feb 2024 06:10:29 GMT - Thu, 09 May 2024 06:10:28 GMT

File type
ASCII text
Size
632 B (632 bytes)
Hash
7c847657cd58fd5f3b656c5dd486808a
54781827b08eb75f27786b20bfded403c3117a69
b1b1b5affe702bae9e97deabbdb3f19bcf8f12a1ddd410ff189c61c3bc159c06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/backlink_back_button.js HTTP/1.1
Host: suftinyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suftinyou.com/?cat=2&groupds=102&clientId=168&productId=1676&publisher_id=1B7fmUHKE&tracking=201PUMY4df7a3dVyQ4vHqjeiNfiHMKpgLMnTkESkcWFiVtiMh8vwJG6aKrcav8fXbCLUqS
Cookie: redirect_user_data=%7B%22country%22%3A%22NO%22%2C%22city%22%3Anull%2C%22isp%22%3A%22blix+solutions%22%2C%22netspeed%22%3A%22%22%7D; _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002186539531745%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22NO%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22blix+solutions%22%3Bs%3A5%3A%22_time%22%3Bi%3A1711656244%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 20:04:04 GMT
Content-Type: application/javascript
Content-Length: 632
Last-Modified: Mon, 28 Nov 2022 14:36:48 GMT
Connection: keep-alive
ETag: "6384c780-278"
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL