Report - 55a9e.videofirstrelease.xyz/lp/y-arrow?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}

Report Overview

Submitted URL
55a9e.videofirstrelease.xyz/lp/y-arrow?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}
IP
213.227.149.216
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2024-05-08 19:01:25
Access
public
Website Title
RECOMMENDED FOR YOU:
Final URL
int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
trk.theonesstoodtheirground.com	unknown	2023-07-06	2023-07-07	2024-05-02	569 B	788 B	206.189.58.138
int.celebspicynews.com	unknown	2024-02-26	2024-02-29	2024-04-18	2.2 kB	42 kB	95.168.170.165
wbidder311072023.com	unknown	2023-07-11	2023-07-12	2024-05-06	2.4 kB	39 kB	95.211.194.53
55a9e.videofirstrelease.xyz	unknown	unknown	No data	No data	2.6 kB	12 kB	37.48.80.112

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	theonesstoodtheirground.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021	0 B	2023-03-07	2024-05-20
Pretty URL int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021 IP 95.168.170.165 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 03:43:44 Times Seen37854820 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021	25 B	2024-05-01	2024-05-19
Pretty URL int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021 IP 95.168.170.165 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 14:33:27 Last Seen2024-05-19 21:04:08 Times Seen13 Hash 13968de73d1113361f76280df736d7f8 b7d7755225ee687e76663c4dd2704ffb1e442e41 159a0eea9fd660ba7bdd0c73c6fe5da58660a00ba72d2e9db498ae2401b16bdd Loading...

	int.celebspicynews.com/plugin/js/bidder.js?boost=202401312	18 kB	2023-09-15	2024-05-19
Pretty URL int.celebspicynews.com/plugin/js/bidder.js?boost=202401312 IP 95.168.170.165 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-15 15:02:48 Last Seen2024-05-19 21:04:08 Times Seen825 Hash a253e796bf514864ace2bd124873ec4e 3078459738f1e6f3da0882b27d944c7f831269ab b7cf11dee40c04fc7b925441afbf0f43f133e9da2315122b7e47412f7744a103 Loading...

	int.celebspicynews.com/plugin/js/bidder-interval.js?boost=202402082	14 kB	2024-02-09	2024-05-19
Pretty URL int.celebspicynews.com/plugin/js/bidder-interval.js?boost=202402082 IP 95.168.170.165 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-09 08:40:22 Last Seen2024-05-19 21:04:08 Times Seen146 Hash d243ed12f8ef70133e547768baa9ee2f d5e7ce9a1746ae9c127ba55e45874d0b610ad88f fe5dd3b5b775720dbd458888540b689bb77f0b7ceb7074d4aa3de1522267c7ea Loading...

	int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021	15 B	2024-04-27	2024-05-19
Pretty URL int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021 IP 95.168.170.165 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 21:22:05 Last Seen2024-05-19 21:04:08 Times Seen5 Hash 71a3c6c4f07a8fbcdd292f6c478c65bb 4c584b416c20a7618e4d0f9cdefedece1b0bdb85 cc4784ee6c2f6d6c1b8430ef960e7a2aba24cfd9a0d7a087815e49ef5d69e39a Loading...

	int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021	0 B	2023-03-07	2024-05-20
Pretty URL int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021 IP 95.168.170.165 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 03:43:44 Times Seen37854820 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (13)

URL IP Response Size

55a9e.videofirstrelease.xyz/lp/y-arrow?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}

37.48.80.112

162 B

URL
55a9e.videofirstrelease.xyz/lp/y-arrow?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}
IP
37.48.80.112:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /lp/y-arrow?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent} HTTP/1.1
Host: 55a9e.videofirstrelease.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 08 May 2024 19:00:59 GMT
content-type: text/html
content-length: 162
location: https://55a9e.videofirstrelease.xyz/lp/y-arrow/?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

trk.theonesstoodtheirground.com/15Gxg8?subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&affid=202021

206.189.58.138

302 Found

143 B

URL User Request GET HTTP/1.1
trk.theonesstoodtheirground.com/15Gxg8?subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&affid=202021
IP
206.189.58.138:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjecttrk.theonesstoodtheirground.com
Fingerprint94:AC:75:BC:C0:5E:39:C2:70:DD:38:76:AE:CB:C5:73:C8:F2:B1:A5
ValidityMon, 04 Mar 2024 07:28:04 GMT - Sun, 02 Jun 2024 07:28:03 GMT

File type
HTML document, ASCII text
Size
143 B (143 bytes)
Hash
cb3eacc46c9144221243b726002f65f8
bce31b2111aa314b9b779c29c2ee9feb4e7cdeff
3076cb1b60fc27454496bc6fa7991a19a7846772d333f92866d046f6a9aa485f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /15Gxg8?subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&affid=202021 HTTP/1.1
Host: trk.theonesstoodtheirground.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.25.2
Date: Wed, 08 May 2024 19:01:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 143
Connection: keep-alive
Location: https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Set-Cookie: 15Gxg8o=1; Path=/; Domain=trk.theonesstoodtheirground.com; Max-Age=1715281261; Secure; SameSite=None
pc-cid=5c270581591ed9944680021d8eb72008-4888-0508; Path=/; Domain=trk.theonesstoodtheirground.com; Max-Age=1715281261; Secure; SameSite=None
pc-campaign=15Gxg8; Path=/; Domain=trk.theonesstoodtheirground.com; Max-Age=1715281261; Secure; SameSite=None

55a9e.videofirstrelease.xyz/plugin/js/bidder-interval.js

37.48.80.112

5.9 kB

URL
55a9e.videofirstrelease.xyz/plugin/js/bidder-interval.js
IP
37.48.80.112:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
gzip compressed data, max compression, from Unix
Size
5.9 kB (5898 bytes)
Hash
56754dcd44cb19dc6feef58c3257398d
35708a15b344ef5500fe2ea3cf2b0f2ae7ad84b8
219c2b84fedf29c0d76949b7a3974f8dae2713dffa44dbdf05b49ce5e67b474e

HTTP Headers

GET /plugin/js/bidder-interval.js HTTP/1.1
Host: 55a9e.videofirstrelease.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55a9e.videofirstrelease.xyz/lp/y-arrow/?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:01:00 GMT
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:49:27 GMT
vary: Accept-Encoding
etag: W/"65c4e9f7-3531"
expires: Fri, 07 Jun 2024 19:01:00 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

int.celebspicynews.com/favicon.ico

95.168.170.165

200 OK

5.4 kB

URL GET HTTP/2
int.celebspicynews.com/favicon.ico
IP
95.168.170.165:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerLet's Encrypt
Subject*.celebspicynews.com
FingerprintBD:F2:59:C6:8F:E6:E2:E2:01:19:8E:B2:8F:5F:6E:39:16:FC:1D:09
ValiditySat, 27 Apr 2024 08:10:17 GMT - Fri, 26 Jul 2024 08:10:16 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
88edc459abdc8dc4706d0a7c8409b070
9c243408bab07516f123a55909c36fb1a4d2fe86
98e645b894353850a9cac9f488cbda0c867a51f7d3cb1f9b8261bc2c9a888d49

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: int.celebspicynews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Cookie: pc=data_1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:01:01 GMT
content-type: image/x-icon
content-length: 5430
last-modified: Wed, 17 Oct 2018 08:05:59 GMT
etag: "5bc6ed67-1536"
expires: Fri, 07 Jun 2024 19:01:01 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

int.celebspicynews.com/plugin/js/bidder.js?boost=202401312

95.168.170.165

200 OK

16 kB

URL GET HTTP/2
int.celebspicynews.com/plugin/js/bidder.js?boost=202401312
IP
95.168.170.165:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerLet's Encrypt
Subject*.celebspicynews.com
FingerprintBD:F2:59:C6:8F:E6:E2:E2:01:19:8E:B2:8F:5F:6E:39:16:FC:1D:09
ValiditySat, 27 Apr 2024 08:10:17 GMT - Fri, 26 Jul 2024 08:10:16 GMT

File type
gzip compressed data, max compression, from Unix
Size
16 kB (16262 bytes)
Hash
6b010ff07fd6195f6a2d6c3a8887d6be
76336689e46e3d042f91ec646541f02a3bf56ed1
8390d3ef89b7e97c66dcfc0a3edc5882f258d3ad87e1905c619c86e7ea0bf0c3

HTTP Headers

GET /plugin/js/bidder.js?boost=202401312 HTTP/1.1
Host: int.celebspicynews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Cookie: pc=data_1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:01:01 GMT
content-type: application/javascript
last-modified: Wed, 31 Jan 2024 16:31:42 GMT
vary: Accept-Encoding
etag: W/"65ba75ee-45a3"
expires: Fri, 07 Jun 2024 19:01:01 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null

95.211.194.53

200 OK

8.5 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null
IP
95.211.194.53:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix
Size
8.5 kB (8539 bytes)
Hash
3467fe09b4c151b0027f61b569ef050c
85b34c25c3239533abeb14ae92adeb06cd688e1a
b77491beef36b182d99542d7c5576ee814c86c5ab320ad40d526ea3f48b87cc1

HTTP Headers

GET /offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.celebspicynews.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 08 May 2024 19:01:04 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null

95.211.194.53

200 OK

9.1 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null
IP
95.211.194.53:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.1 kB (9139 bytes)
Hash
2ee8ccd6454e17c32ee74a9f4e259948
bcbc7de526e8f1eac64f81835d1673045d983e1c
860131afda5f94642b470ab16e32051f341ef9d1ac722ecc21cab8b7f4a1464b

HTTP Headers

GET /offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.celebspicynews.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 08 May 2024 19:01:10 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=3&adult=undefined&cbjs=1

95.211.194.53

200 OK

11 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=3&adult=undefined&cbjs=1
IP
95.211.194.53:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix
Size
11 kB (10603 bytes)
Hash
7db70dd00ccafbf099bb191046dd8876
0a8039d5f1a8653a6ca19737df61195889df7748
34f71133fb1a6947d7494cea23c23d19142032f55c130542aac655c2cbdc1f27

HTTP Headers

GET /offer/client?affid=onw_202021&subid=undefined&days=8&count=3&adult=undefined&cbjs=1 HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.celebspicynews.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 08 May 2024 19:01:11 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null

95.211.194.53

200 OK

7.8 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null
IP
95.211.194.53:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.8 kB (7819 bytes)
Hash
6236d4cac36cdbbdcd4b275de752756a
c2d923deed3e712e92f4520de0424331b4391018
9bd676c4a4839be55f7eb0f70012b3d3a7163da4bfc8dfe780e97f61d4f78ac5

HTTP Headers

GET /offer/client?affid=onw_202021&subid=undefined&days=8&count=4&adult=null HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.celebspicynews.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 08 May 2024 19:01:04 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

55a9e.videofirstrelease.xyz/affidLink/redirect.php?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}

37.48.80.112

302 Found

5.1 kB

URL User Request GET HTTP/2
55a9e.videofirstrelease.xyz/affidLink/redirect.php?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent}
IP
37.48.80.112:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subject*.videofirstrelease.xyz
Fingerprint1C:1E:53:11:05:BB:35:20:6A:45:65:D4:55:46:A2:65:38:14:A4:B6
ValidityTue, 16 Apr 2024 09:56:33 GMT - Mon, 15 Jul 2024 09:56:32 GMT

File type

Size
5.1 kB (5149 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /affidLink/redirect.php?affid=202021&as=pc&brand=Apple&bv=Chrome+124&cid=&clickid=483352016c739b1131cd17c6cce7ef70-4888-0508&country=NO&cp=25&device=&gf=25&ip=45.14.192.33&ln=nb&model=iPod+touch+6&subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag=202021&tag1=musicplayer&tag2=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&tag3=202021&tag4=dating&useragent={var:useragent} HTTP/1.1
Host: 55a9e.videofirstrelease.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 19:01:00 GMT
content-type: text/html; charset=UTF-8
location: https://trk.theonesstoodtheirground.com/15Gxg8?subid=8cd38105-3303-491e-b11c-182590d779df_3744087-2494421130-0&affid=202021
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021

95.168.170.165

200 OK

5.1 kB

URL User Request GET HTTP/2
int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
IP
95.168.170.165:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subject*.celebspicynews.com
FingerprintBD:F2:59:C6:8F:E6:E2:E2:01:19:8E:B2:8F:5F:6E:39:16:FC:1D:09
ValiditySat, 27 Apr 2024 08:10:17 GMT - Fri, 26 Jul 2024 08:10:16 GMT

File type
JavaScript source, ASCII text, with very long lines (5425), with no line terminators
Size
5.1 kB (5149 bytes)
Hash
197441685c332110ce40ec751853db82
9e2a11be824f70dd6bce9e8180f8d8aff30d006e
d8e1e526a89474df1dac66fd901b4a43d8ca29ae06494cc9d7a2d0575732d4ce

HTTP Headers

GET /common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021 HTTP/1.1
Host: int.celebspicynews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:01:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pc=data_1; expires=Fri, 17-Mar-2034 19:01:01 GMT; Max-Age=311040000; path=/
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

int.celebspicynews.com/plugin/js/bidder-interval.js?boost=202402082

95.168.170.165

200 OK

14 kB

URL GET HTTP/2
int.celebspicynews.com/plugin/js/bidder-interval.js?boost=202402082
IP
95.168.170.165:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerLet's Encrypt
Subject*.celebspicynews.com
FingerprintBD:F2:59:C6:8F:E6:E2:E2:01:19:8E:B2:8F:5F:6E:39:16:FC:1D:09
ValiditySat, 27 Apr 2024 08:10:17 GMT - Fri, 26 Jul 2024 08:10:16 GMT

File type
JavaScript source, ASCII text, with very long lines (13567)
Size
14 kB (13617 bytes)
Hash
d243ed12f8ef70133e547768baa9ee2f
d5e7ce9a1746ae9c127ba55e45874d0b610ad88f
fe5dd3b5b775720dbd458888540b689bb77f0b7ceb7074d4aa3de1522267c7ea

HTTP Headers

GET /plugin/js/bidder-interval.js?boost=202402082 HTTP/1.1
Host: int.celebspicynews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Cookie: pc=data_1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 19:01:01 GMT
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:49:27 GMT
vary: Accept-Encoding
etag: W/"65c4e9f7-3531"
expires: Fri, 07 Jun 2024 19:01:01 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&cbjs=1

95.211.194.53

200 OK

1.5 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_202021&subid=undefined&days=8&cbjs=1
IP
95.211.194.53:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.celebspicynews.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=202021
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (1568), with no line terminators
Size
1.5 kB (1521 bytes)
Hash
a473d77842078761487014bd89ef1c10
92320a6b154751bceef736cb5b67fd03eaf94a19
0d29aef61a2e0b7d094b7a761b6a25b3ccf9d0b27035fc6846841c086dac2a1b

HTTP Headers

GET /offer/client?affid=onw_202021&subid=undefined&days=8&cbjs=1 HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.celebspicynews.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 08 May 2024 19:01:02 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate