Report - 137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub

Report Overview

Submitted URL
137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
IP
137.184.145.124
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-05-10 07:51:25
Access
public
Website Title
social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075
Final URL
www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sg.d.shield.monitoringservice.co	389277	2014-05-07	2019-05-20	2020-03-26	2.1 kB	311 B	139.162.21.64
sg.ws.shield.monitoringservice.co	unknown	2014-05-07	2019-08-23	2020-07-24	1.1 kB	360 B	139.162.21.64
www.social-sms.com	unknown	2016-07-20	2017-02-04	2024-03-31	993 B	706 B	134.119.216.147
137.184.145.124:9003	unknown	unknown	No data	No data	5.4 kB	551 kB	137.184.145.124

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 07:51:04	medium	134.119.216.147	Client IP	ET INFO TLS Handshake Failure
2024-05-10 07:51:04	medium	134.119.216.147	Client IP	ET INFO TLS Handshake Failure
2024-05-10 07:51:04	medium	134.119.216.147	Client IP	ET INFO TLS Handshake Failure
2024-05-10 07:51:04	medium	134.119.216.147	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	137.184.145.124	Sinkholed
2024-05-10	medium	137.184.145.124	Sinkholed
2024-05-10	medium	137.184.145.124	Sinkholed
2024-05-10	medium	137.184.145.124	Sinkholed
2024-05-10	medium	137.184.145.124	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972

137.184.145.124

26 kB

URL
137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
IP
137.184.145.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with very long lines (62324)
Size
26 kB (25898 bytes)
Hash
e9442fc6ceff87dfc708db82ce595a4d
b078fb8eee37c08b794954b2444a9a928bbfee22
b938d2e53cd447208dc8aa0624ab224096133788f1e6e138add217783f12e7a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972 HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Fri, 10 May 2024 07:51:01 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; expires=Fri, 10 May 2024 09:51:01 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D; path=/; httponly; samesite=lax
Content-Encoding: gzip

137.184.145.124:9003/images/arshiya-logo.jpg

137.184.145.124

6.9 kB

URL
137.184.145.124:9003/images/arshiya-logo.jpg
IP
137.184.145.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 97 x 31, 8-bit/color RGBA, non-interlaced
Size
6.9 kB (6886 bytes)
Hash
5034635d004dad1d89d25a960b12f961
453856545ac4407de3dd45e8afd46b151cb49f63
37363f4f1b9eea9c01a32ce569d275816d42b5c341bc12f76c71e880f15596e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/arshiya-logo.jpg HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:01 GMT
Content-Type: image/jpeg
Content-Length: 6886
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-1ae6"
Accept-Ranges: bytes

137.184.145.124:9003/images/banner-games.gif

137.184.145.124

382 kB

URL
137.184.145.124:9003/images/banner-games.gif
IP
137.184.145.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type
GIF image data, version 89a, 640 x 360
Size
382 kB (382278 bytes)
Hash
f8668b8d9fce55b1d989d0cbcf5643dc
e6b3cbd16d7c6d278793e341991e53e71fa0148e
842ba957f3813a4de323cf10157e46065247838562bef20219139f4863913ab6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/banner-games.gif HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:02 GMT
Content-Type: image/gif
Content-Length: 382278
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-5d546"
Accept-Ranges: bytes

sg.d.shield.monitoringservice.co/

139.162.21.64

0 B

URL
sg.d.shield.monitoringservice.co/
IP
139.162.21.64:0
ASN
#63949 Akamai Connected Cloud

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: sg.d.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 852
Origin: http://137.184.145.124:9003
DNT: 1
Connection: keep-alive
Referer: http://137.184.145.124:9003/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
access-control-allow-origin: *
server: MCP-Shield
date: Fri, 10 May 2024 07:51:02 GMT
content-length: 0
x-server: Data-1

sg.ws.shield.monitoringservice.co/

139.162.21.64

0 B

URL
sg.ws.shield.monitoringservice.co/
IP
139.162.21.64:0
ASN
#63949 Akamai Connected Cloud

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: sg.ws.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://137.184.145.124:9003
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rV+kKi1Bnr/JyVGsbA19JQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
upgrade: websocket
connection: Upgrade
sec-websocket-accept: YII9BExX0xYJ4bXPMMVOWdM0M+M=
origin: http://137.184.145.124:9003
x-server: WS-1

137.184.145.124:9003/integrations/UaeEt/bg_image.png

137.184.145.124

131 kB

URL
137.184.145.124:9003/integrations/UaeEt/bg_image.png
IP
137.184.145.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 1366 x 768, 8-bit/color RGBA, non-interlaced
Size
131 kB (130658 bytes)
Hash
c841a003257a96a99b32777bc3ef1c45
eefb2a6d9c616a9a883808d0d0cf5223c8ae0aaf
b0a1cd77fbd0f5a8282d0689d25d2916be6e32d0a0087825795c7510331ac57a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /integrations/UaeEt/bg_image.png HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D; _s_ZisSess=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:03 GMT
Content-Type: image/png
Content-Length: 130658
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-1fe62"
Accept-Ranges: bytes

sg.d.shield.monitoringservice.co/?d=JTdCJTIyayUyMjolMjJlYjM3OTRhM2VmYmMwNjQ0M2NiYzVkMDU5YjU3ZDA3NSUyMiwlMjJzJTIyOiUyMl9Nalc4WXNCLVc1ZmN1dWYySnYxJTIyLCUyMmZyb20lMjI6JTIyaHR0cDovLzEzNy4xODQuMTQ1LjEyNDo5MDAzL2lxL2lxX3phaW4tR2FtZUNhZmU/Zmxvdz1oZSZuZXR3b3JrX2tleT1kdzk0U1VvSUM1JmNsaWNrX2lkPUQtMjA5MDcyNzQtMTcxNTMyNzQyMC0zNEcxNzBHMjI4RzIyOS1EVUJKUTkxMjAmcHViX2lkPTQ1NTk3MiUyMiwlMjJ0eXBlJTIyOiUyMlNSU0NJJTIyLCUyMmRhdGElMjI6JTIyJTdCJTVDJTIycyU1QyUyMjp0cnVlLCU1QyUyMnQlNUMlMjI6MzE4NiwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMnclNUMlMjI6MTI4MCwlNUMlMjJoJTVDJTIyOjUwMCwlNUMlMjJkRSU1QyUyMjolN0IlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0JTdELCU1QyUyMnIlNUMlMjI6JTdCJTVDJTIyeCU1QyUyMjowLCU1QyUyMnklNUMlMjI6NSwlNUMlMjJ3aWR0aCU1QyUyMjoxMjgwLCU1QyUyMmhlaWdodCU1QyUyMjo0OTkuNzgzMzI1MTk1MzEyNSwlNUMlMjJ0b3AlNUMlMjI6NSwlNUMlMjJyaWdodCU1QyUyMjoxMjgwLCU1QyUyMmJvdHRvbSU1QyUyMjo1MDQuNzgzMzI1MTk1MzEyNSwlNUMlMjJsZWZ0JTVDJTIyOjAlN0QsJTVDJTIycyU1QyUyMjolN0IlNUMlMjJhSCU1QyUyMjoxMDI0LCU1QyUyMmFXJTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0LCU1QyUyMnclNUMlMjI6MTI4MCU3RCwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMmglNUMlMjI6MTAyNCwlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyb0glNUMlMjI6MTAyNCwlNUMlMjJvVyU1QyUyMjoxMjgwLCU1QyUyMnglNUMlMjI6MCwlNUMlMjJ5JTVDJTIyOjAlN0QlN0QlN0QlMjIlN0Q=

139.162.21.64

0 B

URL
sg.d.shield.monitoringservice.co/?d=JTdCJTIyayUyMjolMjJlYjM3OTRhM2VmYmMwNjQ0M2NiYzVkMDU5YjU3ZDA3NSUyMiwlMjJzJTIyOiUyMl9Nalc4WXNCLVc1ZmN1dWYySnYxJTIyLCUyMmZyb20lMjI6JTIyaHR0cDovLzEzNy4xODQuMTQ1LjEyNDo5MDAzL2lxL2lxX3phaW4tR2FtZUNhZmU/Zmxvdz1oZSZuZXR3b3JrX2tleT1kdzk0U1VvSUM1JmNsaWNrX2lkPUQtMjA5MDcyNzQtMTcxNTMyNzQyMC0zNEcxNzBHMjI4RzIyOS1EVUJKUTkxMjAmcHViX2lkPTQ1NTk3MiUyMiwlMjJ0eXBlJTIyOiUyMlNSU0NJJTIyLCUyMmRhdGElMjI6JTIyJTdCJTVDJTIycyU1QyUyMjp0cnVlLCU1QyUyMnQlNUMlMjI6MzE4NiwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMnclNUMlMjI6MTI4MCwlNUMlMjJoJTVDJTIyOjUwMCwlNUMlMjJkRSU1QyUyMjolN0IlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0JTdELCU1QyUyMnIlNUMlMjI6JTdCJTVDJTIyeCU1QyUyMjowLCU1QyUyMnklNUMlMjI6NSwlNUMlMjJ3aWR0aCU1QyUyMjoxMjgwLCU1QyUyMmhlaWdodCU1QyUyMjo0OTkuNzgzMzI1MTk1MzEyNSwlNUMlMjJ0b3AlNUMlMjI6NSwlNUMlMjJyaWdodCU1QyUyMjoxMjgwLCU1QyUyMmJvdHRvbSU1QyUyMjo1MDQuNzgzMzI1MTk1MzEyNSwlNUMlMjJsZWZ0JTVDJTIyOjAlN0QsJTVDJTIycyU1QyUyMjolN0IlNUMlMjJhSCU1QyUyMjoxMDI0LCU1QyUyMmFXJTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0LCU1QyUyMnclNUMlMjI6MTI4MCU3RCwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMmglNUMlMjI6MTAyNCwlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyb0glNUMlMjI6MTAyNCwlNUMlMjJvVyU1QyUyMjoxMjgwLCU1QyUyMnglNUMlMjI6MCwlNUMlMjJ5JTVDJTIyOjAlN0QlN0QlN0QlMjIlN0Q=
IP
139.162.21.64:0
ASN
#63949 Akamai Connected Cloud

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?d=JTdCJTIyayUyMjolMjJlYjM3OTRhM2VmYmMwNjQ0M2NiYzVkMDU5YjU3ZDA3NSUyMiwlMjJzJTIyOiUyMl9Nalc4WXNCLVc1ZmN1dWYySnYxJTIyLCUyMmZyb20lMjI6JTIyaHR0cDovLzEzNy4xODQuMTQ1LjEyNDo5MDAzL2lxL2lxX3phaW4tR2FtZUNhZmU/Zmxvdz1oZSZuZXR3b3JrX2tleT1kdzk0U1VvSUM1JmNsaWNrX2lkPUQtMjA5MDcyNzQtMTcxNTMyNzQyMC0zNEcxNzBHMjI4RzIyOS1EVUJKUTkxMjAmcHViX2lkPTQ1NTk3MiUyMiwlMjJ0eXBlJTIyOiUyMlNSU0NJJTIyLCUyMmRhdGElMjI6JTIyJTdCJTVDJTIycyU1QyUyMjp0cnVlLCU1QyUyMnQlNUMlMjI6MzE4NiwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMnclNUMlMjI6MTI4MCwlNUMlMjJoJTVDJTIyOjUwMCwlNUMlMjJkRSU1QyUyMjolN0IlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0JTdELCU1QyUyMnIlNUMlMjI6JTdCJTVDJTIyeCU1QyUyMjowLCU1QyUyMnklNUMlMjI6NSwlNUMlMjJ3aWR0aCU1QyUyMjoxMjgwLCU1QyUyMmhlaWdodCU1QyUyMjo0OTkuNzgzMzI1MTk1MzEyNSwlNUMlMjJ0b3AlNUMlMjI6NSwlNUMlMjJyaWdodCU1QyUyMjoxMjgwLCU1QyUyMmJvdHRvbSU1QyUyMjo1MDQuNzgzMzI1MTk1MzEyNSwlNUMlMjJsZWZ0JTVDJTIyOjAlN0QsJTVDJTIycyU1QyUyMjolN0IlNUMlMjJhSCU1QyUyMjoxMDI0LCU1QyUyMmFXJTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0LCU1QyUyMnclNUMlMjI6MTI4MCU3RCwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMmglNUMlMjI6MTAyNCwlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyb0glNUMlMjI6MTAyNCwlNUMlMjJvVyU1QyUyMjoxMjgwLCU1QyUyMnglNUMlMjI6MCwlNUMlMjJ5JTVDJTIyOjAlN0QlN0QlN0QlMjIlN0Q= HTTP/1.1
Host: sg.d.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://137.184.145.124:9003/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
access-control-allow-origin: *
server: MCP-Shield
content-type: image/png
date: Fri, 10 May 2024 07:51:03 GMT
content-length: 0
x-server: Data-2

137.184.145.124:9003/favicon.ico

137.184.145.124

3.4 kB

URL
137.184.145.124:9003/favicon.ico
IP
137.184.145.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
3.4 kB (3374 bytes)
Hash
daae80c062061910706bfcf9aad9f30d
523e5b3a24d3d598248d60d96a0c7c9d6f7fd27b
528e9fced60c307291de3b99b8a517c30d26f48e7d35ceb172bbb065c68cae21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D; _s_ZisSess=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:03 GMT
Content-Type: image/x-icon
Content-Length: 3374
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-d2e"
Accept-Ranges: bytes

sg.ws.shield.monitoringservice.co/

139.162.21.64

0 B

URL
sg.ws.shield.monitoringservice.co/
IP
139.162.21.64:0
ASN
#63949 Akamai Connected Cloud

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: sg.ws.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://137.184.145.124:9003
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XOXQIVrMRQRl1oaRwWPmqA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
upgrade: websocket
connection: Upgrade
sec-websocket-accept: 6B0HrBK3/Iu3kRoiQTxAaMLIdcI=
origin: http://137.184.145.124:9003
x-server: WS-2

www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075

134.119.216.147

200 OK

10 B

URL User Request GET HTTP/1.1
www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075
IP
134.119.216.147:80
ASN
#29066 velia.net Internetdienste GmbH

File type
ASCII text, with no line terminators
Size
10 B (10 bytes)
Hash
bf513c8f8b87b28ec0006bdb0a69e8ee
c8588f8dfe9584d1facea53d776b3eb4a7aac23b
609842dad82efc9315722cf37e5d6c4bc16d98a116476d682d3b4714ddcce588

HTTP Headers

GET /iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075 HTTP/1.1
Host: www.social-sms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:51:04 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 10
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

www.social-sms.com/favicon.ico

134.119.216.147

404 Not Found

280 B

URL GET HTTP/1.1
www.social-sms.com/favicon.ico
IP
134.119.216.147:80
ASN
#29066 velia.net Internetdienste GmbH

Requested by
http://www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075

File type
HTML document, ASCII text
Size
280 B (280 bytes)
Hash
a3f7b7cd16a5ff7586e9083fb8879c2c
fffc262e1f497c163fd19c643a377aee5f3bcb77
d76efd2d3ddafeb5da6509b16c3d7c498196a779070b5262dd5a3b6e12c412d9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.social-sms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:51:06 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 280
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers