Report - t.afdgo.pro/click?offer_id=25&pid=62301&sub1=mlClick-d3duvzhs&sub2=1007295

Report Overview

Submitted URL
t.afdgo.pro/click?offer_id=25&pid=62301&sub1=mlClick-d3duvzhs&sub2=1007295
IP
104.21.76.94
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 07:46:06
Access
public
Website Title
Adult Dating Site WARNING!
Final URL
sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-18	1.0 kB	1.1 kB	139.45.197.250
t.afdgo.pro	unknown	unknown	No data	No data	528 B	991 B	172.67.192.110
sma.binoego.pro	unknown	2024-02-29	2024-04-12	2024-04-18	6.6 kB	1.7 MB	104.21.20.131
beevakum.net	156073	2021-02-06	2021-02-10	2024-04-14	1.0 kB	37 kB	139.45.197.250
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-18	1.3 kB	1.9 kB	139.45.197.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	amunfezanttor.com	Sinkholed
2024-04-18	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=	0 B	2023-03-07	2024-05-01
Pretty URL sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6= IP 104.21.20.131 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-01 11:11:55 Times Seen37242896 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	beevakum.net/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js	36 kB	2024-04-17	2024-04-19
Pretty URL beevakum.net/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 01:10:02 Last Seen2024-04-19 09:40:11 Times Seen95 Hash b64d3763f9aa99e7edc76dc0dd29d030 9b5d6da9384fe75fcc5a4f79ad2cde0399bfd523 e64712048ba884038027c9037196f430b7ae020a3ec9679dfd577a6fb58f9de3 Loading...

	sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=	0 B	2023-03-07	2024-05-01
Pretty URL sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6= IP 104.21.20.131 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-01 11:11:55 Times Seen37242896 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (17)

URL IP Response Size

t.afdgo.pro/click?offer_id=25&pid=62301&sub1=mlClick-d3duvzhs&sub2=1007295

172.67.192.110

302 Found

0 B

URL User Request GET HTTP/2
t.afdgo.pro/click?offer_id=25&pid=62301&sub1=mlClick-d3duvzhs&sub2=1007295
IP
172.67.192.110:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectafdgo.pro
Fingerprint0F:12:3A:34:EB:A0:C0:67:7A:BC:16:92:FC:8F:66:F1:1D:D9:54:71
ValidityThu, 29 Feb 2024 12:57:57 GMT - Wed, 29 May 2024 12:57:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?offer_id=25&pid=62301&sub1=mlClick-d3duvzhs&sub2=1007295 HTTP/1.1
Host: t.afdgo.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 18 Apr 2024 07:45:39 GMT
content-length: 0
location: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6620cfa339813200010f0913; expires=Fri, 18 Apr 2025 07:45:39 GMT; secure; SameSite=None
afoffers={"25":1713426339}; expires=Fri, 18 Apr 2025 07:45:39 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trgVvZm0kHm01q28DC9HxaO%2Fhlk1BMWlfmLW5tT3T6EZLR1mBmP1DyEA8dJotVoAz%2FWUGx66V2VC3PO1RzpTU9ipkrF4ez%2BxIu4bEaVkCgz2RG5hNq8oGF5Ez7JqHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763095f2b16b4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sma.binoego.pro/landers/602664a33bf74/preview.jpg?1

104.21.20.131

200 OK

114 kB

URL GET HTTP/3
sma.binoego.pro/landers/602664a33bf74/preview.jpg?1
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3
Size
114 kB (113867 bytes)
Hash
4970c6423d2698415466ae709eb496b5
9a88d739929a0943159d4cf7ef2026d72290f38c
6bc732ae97f0d60fb50316e60c29a3cf22dc09d3fda343b3b8ac06e180969ce0

HTTP Headers

GET /landers/602664a33bf74/preview.jpg?1 HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: image/jpeg
content-length: 113867
last-modified: Tue, 20 Jul 2021 10:52:15 GMT
etag: "60f6aadf-1bccb"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cf5SbLk6VZK87PqrP6tmlpsjOaWvUdC6vK78M5cDd0idtdq0B6Rb%2FvHxifou5jt7EQWxGHiPR2xlslLPgXxJhxPdMvZ7ZmNZVWZri0GOiVJq1nPlfElQUEn8DCk07p%2Fx9so%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876309622dffb505-OSL
alt-svc: h3=":443"; ma=86400

sma.binoego.pro/landers/602664a33bf74/fonts/Montserrat-Regular.woff

104.21.20.131

200 OK

181 kB

URL GET HTTP/3
sma.binoego.pro/landers/602664a33bf74/fonts/Montserrat-Regular.woff
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
Web Open Font Format, CFF, length 181108, version 0.0
Size
181 kB (181108 bytes)
Hash
ba85f93f0fc15422585052b59ba9e88e
d6c2f22589efa70f1f92a2ccb53f61af4ec9bbb3
581f4e23900b88c2bfe488fa5bf091832fe21c62ef1fcabda19d8a9e6bfa61ae

HTTP Headers

GET /landers/602664a33bf74/fonts/Montserrat-Regular.woff HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: font/woff
content-length: 181108
last-modified: Tue, 20 Jul 2021 10:52:14 GMT
etag: "60f6aade-2c374"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRspfZinIFeiB8AvDNU3%2B1HxbjrqhR94%2BOVPxcknFaVIgPiAoKBg7l93t%2Fk4fPkv3lR9MHJ%2B8i7zVOwNNAi4HChXSWpGmNGRcpid2OBZX1OS33VZLio6apZwqtaJ36E53Y0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876309627e63b505-OSL
alt-svc: h3=":443"; ma=86400

sma.binoego.pro/landers/602664a33bf74/fonts/Montserrat-ExtraLight.woff

104.21.20.131

200 OK

179 kB

URL GET HTTP/3
sma.binoego.pro/landers/602664a33bf74/fonts/Montserrat-ExtraLight.woff
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
Web Open Font Format, CFF, length 178944, version 0.0
Size
179 kB (178944 bytes)
Hash
979856bb871269a5434bf8c784417d2a
7f3aa7ce9642e2998b3e576de4a10ebccabf28e0
b53100f5197f2df519b4dea2b69928887f319a598404d15cf078ff6e1dc47009

HTTP Headers

GET /landers/602664a33bf74/fonts/Montserrat-ExtraLight.woff HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: font/woff
content-length: 178944
last-modified: Tue, 20 Jul 2021 10:52:15 GMT
etag: "60f6aadf-2bb00"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZEj%2BJ1%2Fg9NOPpjGZrlllwrzoU%2BR9fYxVbmuTyAQvgrWCUkKkR1rRQ0Kjrxu1xUejP54So6Mm%2B1UraFH7W9TS7lU%2FlsPvkuceZhU%2BIgdt4IelI6Cx1wY%2B1pCec%2FYyhxlGCM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876309628e72b505-OSL
alt-svc: h3=":443"; ma=86400

sma.binoego.pro/landers/602664a33bf74/pattern.png

104.21.20.131

200 OK

2.8 kB

URL GET HTTP/3
sma.binoego.pro/landers/602664a33bf74/pattern.png
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Size
2.8 kB (2804 bytes)
Hash
072d522f73c9597e94e90301ad70e96f
fd0d2c1f2fd12d508a69d7e299a9b45de884ef32
367dacef3f3650058439ad17f01b2b82c9de869cd470ccc068c380d71cae7a06

HTTP Headers

GET /landers/602664a33bf74/pattern.png HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: image/png
content-length: 2804
last-modified: Tue, 20 Jul 2021 10:52:15 GMT
etag: "60f6aadf-af4"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ggz3NIsaA3gl4FLmwlAGSH5QRbo2VGkEcMKqAG%2FaoL3ud8FQIWVWbURpPnHvXvxLc69s1fqORo8AA8lx7UOOJvb64Cre3Iyz9Kz387pNO5xuqQeTPgITeC5DKG%2Fb40Oftg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876309627e60b505-OSL
alt-svc: h3=":443"; ma=86400

sma.binoego.pro/landers/602664a33bf74/fonts/Montserrat-Bold.woff

104.21.20.131

200 OK

178 kB

URL GET HTTP/3
sma.binoego.pro/landers/602664a33bf74/fonts/Montserrat-Bold.woff
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
Web Open Font Format, CFF, length 177924, version 0.0
Size
178 kB (177924 bytes)
Hash
f0bf0a78ff46986f9cd5c2dea4a11b99
676f120225fcc7c25296e1d1f4db6bef6b4b0281
fbab597ae18ef8748b75b1f705bef3df84fa7d8520fc51a92f4843b0a28fab25

HTTP Headers

GET /landers/602664a33bf74/fonts/Montserrat-Bold.woff HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: font/woff
content-length: 177924
last-modified: Tue, 20 Jul 2021 10:52:14 GMT
etag: "60f6aade-2b704"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6u34z4J7Tqo5A9XzLmobOuPPmcHl6XYO4NMgxxW2p4%2Bf4iIt5gjDBZ7hxw1lEeESW4fqMyswpOXPEfXGjRzHTdpBlCj2ksUCOlZnQwcHxL%2F6iI4adnNWDvvL52D1ubmIYTQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876309628e7db505-OSL
alt-svc: h3=":443"; ma=86400

sma.binoego.pro/landers/602664a33bf74/girls.mp4

104.21.20.131

206 Partial Content

988 kB

URL GET HTTP/3
sma.binoego.pro/landers/602664a33bf74/girls.mp4
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
988 kB (988082 bytes)
Hash
097ae487c27ae696ff7d64a9450fcb10
d80d5ad1b08c987a6abd03aec34f63093d8e00dd
57525c309dd4bb6ca6f40c6151798731804931a66f17580627103a7eff36ab45

HTTP Headers

GET /landers/602664a33bf74/girls.mp4 HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: video/mp4
content-length: 7013327
last-modified: Tue, 20 Jul 2021 10:52:14 GMT
etag: "60f6aade-6b03cf"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-range: bytes 0-7013326/7013327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhUl5vAizqiXFzclmAVTxg2Q3zqnRlq9YF%2B%2FlqbRfdmV%2BnvfuveO3R6Ekfqn6zfvmWRC5PerPUCJobzkdgxwuGRxHXgThHw2FpopkQMMU3S2D5Iasc3lXqAR7Vy7yqbm%2FkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876309628e80b505-OSL
alt-svc: h3=":443"; ma=86400

beevakum.net/zone?&pub=0&zone_id=6199255&is_mobile=false&domain=sma.binoego.pro&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=9ca4d758-648a-4a8b-b5ef-b11ed0947381&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
beevakum.net/zone?&pub=0&zone_id=6199255&is_mobile=false&domain=sma.binoego.pro&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=9ca4d758-648a-4a8b-b5ef-b11ed0947381&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectbeevakum.net
Fingerprint11:09:E5:37:89:FD:35:DC:C0:96:E5:E8:97:CB:6E:C1:50:68:C8:55
ValidityWed, 13 Mar 2024 12:20:07 GMT - Tue, 11 Jun 2024 12:20:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=6199255&is_mobile=false&domain=sma.binoego.pro&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=9ca4d758-648a-4a8b-b5ef-b11ed0947381&action=prerequest HTTP/1.1
Host: beevakum.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sma.binoego.pro
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-length: 0
x-trace-id: 134f37a48f70cb8f0ac134231ae020ce
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://sma.binoego.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 408
Origin: https://sma.binoego.pro
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3957025893879a8cf9e0acf30a914168
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://sma.binoego.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 410
Origin: https://sma.binoego.pro
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 39a0f521b93c546a48e926ada6add9ea
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://sma.binoego.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 411
Origin: https://sma.binoego.pro
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1cc704397494fb0bd3de38c5b3ba51ae
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://sma.binoego.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sma.binoego.pro/
Origin: https://sma.binoego.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://sma.binoego.pro
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
dae912344d35e92fc20c121c1cdb027b
f6b324791edf3a9b5c7d85fb833818bde4361c0f
264bc16c3242f47cc1b14e94d08d05110b5d8254ce6f5211fade0f60434d90f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sma.binoego.pro/
Content-Type: application/json
Content-Length: 1031
Origin: https://sma.binoego.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://sma.binoego.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

sma.binoego.pro/sw-check-permissions-b9b9f.js?zoneId=6199255

104.21.20.131

200 OK

9.6 kB

URL GET HTTP/3
sma.binoego.pro/sw-check-permissions-b9b9f.js?zoneId=6199255
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
Java source, ASCII text
Size
9.6 kB (9623 bytes)
Hash
1ade7255e242c6cec4c00bcc54729c05
1eb122f3603d6eb859b0a20dd1b973d60a6d88cd
b7fa7e2933c2ff8d339c52fa118907b9a9dc48103b13d3cb009cec987943ba61

HTTP Headers

GET /sw-check-permissions-b9b9f.js?zoneId=6199255 HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: application/javascript
last-modified: Mon, 07 Aug 2023 13:14:21 GMT
etag: W/"64d0ee2d-236"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 6178
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gce23AQ01PMUS8S6vEXCP5d2HE0KdR3heiWiBeHuKytQUiSvVfOb3V14uL7cel1mQTHKZUbvxyXzePGWJcI%2Bsjdvf8qTGHA4qkL8RgGCTBucVORkCkironzcap0q2oS9coQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763096b3956b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=

104.21.20.131

200 OK

5.0 kB

URL User Request GET HTTP/2
sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5102), with no line terminators
Size
5.0 kB (5016 bytes)
Hash
70dce7469360e61644537546eea4f34d
81d635cf99cf7e8930edf807ee42ba7d5d6b59cd
afb5593a0cd08446012d8925ba423ea1057aad2454535d8f7b0f87044737d3d6

HTTP Headers

GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6= HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: text/html; charset=UTF-8
set-cookie: uclick=b7xsa0k2vr; expires=Fri, 19-Apr-2024 07:45:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=b7xsa0k2vr-b7xsa0k2vr-1z-1zx9-bghq-1zocwj-1zocvr-d00433; expires=Fri, 19-Apr-2024 07:45:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=b7xsa0k2vr; expires=Fri, 19-Apr-2024 07:45:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a; expires=Fri, 19-Apr-2024 07:45:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eR%2BMaM8Ui%2FB9OJOEtJ92ZJNsDFZXfHSsXqvAkeVBc0MdVCEfq2zKW19deje6wdklbHXFPbUPDpo8QAnvy1U3K%2BAK64iZcgojNasnzwhVnGyzojFt1yRAggbO0S15IFiZNik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876309600954b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sma.binoego.pro/favicon.ico

104.21.20.131

200 OK

0 B

URL GET HTTP/3
sma.binoego.pro/favicon.ico
IP
104.21.20.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerGoogle Trust Services LLC
Subjectbinoego.pro
Fingerprint55:E9:C8:F9:11:3D:44:E5:D4:BA:2B:FD:52:1F:0A:D2:FB:01:FB:BF
ValidityThu, 29 Feb 2024 12:56:36 GMT - Wed, 29 May 2024 12:56:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sma.binoego.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=b7xsa0k2vr; uclickhash=b7xsa0k2vr-b7xsa0k2wj-q5g5-1z1m-bglp-ikh98n-1zvcfe-366a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:45:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 6464
last-modified: Thu, 18 Apr 2024 05:57:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2Bj7gdxrWEW611y%2F84EhPtMArgn9AeQuc6nJZMW4XqfjVn0p2niGN7EbUTerhdSVSpLD3V2N1Gdun1bHoVu364X36Ml1VPBmMVXHAU7mu5%2BFVx9elM6cMF9mRjgQIe%2BjvfU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87630963cfe1b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

beevakum.net/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js

139.45.197.250

200 OK

36 kB

URL GET HTTP/2
beevakum.net/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6620cfa339813200010f0913&affpid=62301&action_id=NOdesktop&referrer=&sub1=mlClick-d3duvzhs&sub2=1007295&sub3=&sub4=&sub5=&sub6=
Certificate
IssuerLet's Encrypt
Subjectbeevakum.net
Fingerprint11:09:E5:37:89:FD:35:DC:C0:96:E5:E8:97:CB:6E:C1:50:68:C8:55
ValidityWed, 13 Mar 2024 12:20:07 GMT - Tue, 11 Jun 2024 12:20:06 GMT

File type
JavaScript source, ASCII text, with very long lines (36528), with no line terminators
Size
36 kB (36528 bytes)
Hash
b64d3763f9aa99e7edc76dc0dd29d030
9b5d6da9384fe75fcc5a4f79ad2cde0399bfd523
e64712048ba884038027c9037196f430b7ae020a3ec9679dfd577a6fb58f9de3

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js HTTP/1.1
Host: beevakum.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sma.binoego.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 07:45:41 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:56:40 GMT
etag: W/"661e9fb8-8eb0"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type