Report - ww16.best-targeted-traffic.com/install.php?unq=5m102310501mebttgfp&version=1.7&pais=Unknown&sub1=20240502-2344-35db-92e6-6f0cc92e7ca5

Report Overview

Submitted URL
ww16.best-targeted-traffic.com/install.php?unq=5m102310501mebttgfp&version=1.7&pais=Unknown&sub1=20240502-2344-35db-92e6-6f0cc92e7ca5
IP
64.190.63.136
ASN
#47846 SEDO GmbH
Submitted
2024-05-03 22:50:50
Access
public
Website Title
r.secprf.com/v1/redirect?url=http%3A%2F%2Fwww.dyrekassen.no&api_key=6e214a2e5eaa4f87f699b7c54a542a6a&type=url&source=https%3A%2F%2Fwww.linkbux.com&site_id=2588750acba045468d0d6283a3c3afec&yk_tag=lb_4zxu1ia
Final URL
r.secprf.com/v1/redirect?url=http%3A%2F%2Fwww.dyrekassen.no&api_key=6e214a2e5eaa4f87f699b7c54a542a6a&type=url&source=https%3A%2F%2Fwww.linkbux.com&site_id=2588750acba045468d0d6283a3c3afec&yk_tag=lb_4zxu1ia
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
track.jajaloop.com	unknown	2024-03-28	2024-03-31	2024-04-25	586 B	1.1 kB	143.204.55.53
status.rapidssl.com	6946	2002-04-05	2018-06-15	2024-05-03	331 B	735 B	192.229.221.95
www.linkbux.com	157995	2017-05-31	2020-06-14	2024-04-30	633 B	1.0 kB	163.181.1.231
r.secprf.com	unknown	2021-10-28	2022-06-02	2024-04-30	694 B	442 B	54.154.136.171
ww16.best-targeted-traffic.com	unknown	2020-04-09	2022-03-19	2024-04-18	3.7 kB	2.5 kB	64.190.63.136
xml.sedodna.com	278378	2009-12-21	2020-10-22	2024-02-26	541 B	216 B	173.239.53.32
recode.pw	76121	2016-08-11	2017-05-30	2024-02-25	511 B	307 B	66.232.112.86
xml.yellow-resultsbidder.com	unknown	2023-07-05	2023-08-07	2024-03-24	504 B	292 B	198.134.116.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	best-targeted-traffic.com	Sinkholed
2024-05-03	medium	best-targeted-traffic.com	Sinkholed
2024-05-03	medium	best-targeted-traffic.com	Sinkholed
2024-05-03	medium	best-targeted-traffic.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

ww16.best-targeted-traffic.com/img.sedoparking.com/images/js_preloader.gif

64.190.63.136

0 B

URL
ww16.best-targeted-traffic.com/img.sedoparking.com/images/js_preloader.gif
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img.sedoparking.com/images/js_preloader.gif HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww16.best-targeted-traffic.com/install.php?unq=5m102310501mebttgfp&version=1.7&pais=Unknown&sub1=20240502-2344-35db-92e6-6f0cc92e7ca5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 441 No Reason Phrase
date: Fri, 03 May 2024 22:50:26 GMT
server: NginX
content-length: 0
X-Firefox-Spdy: h2

ww16.best-targeted-traffic.com/search/tsc.php?200=NDA4MDEzNDk4&21=OTEuOTAuNDIuMTU0&681=MTcxNDc3NjYyNjBlNTIwMDY4ODYwZmI1Y2M5ZjdlNDFmMWI0Nzg2M2E5&crc=d152c613311547ee3d7daaf8613aa181815ec8f7&cv=1

64.190.63.136

0 B

URL
ww16.best-targeted-traffic.com/search/tsc.php?200=NDA4MDEzNDk4&21=OTEuOTAuNDIuMTU0&681=MTcxNDc3NjYyNjBlNTIwMDY4ODYwZmI1Y2M5ZjdlNDFmMWI0Nzg2M2E5&crc=d152c613311547ee3d7daaf8613aa181815ec8f7&cv=1
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tsc.php?200=NDA4MDEzNDk4&21=OTEuOTAuNDIuMTU0&681=MTcxNDc3NjYyNjBlNTIwMDY4ODYwZmI1Y2M5ZjdlNDFmMWI0Nzg2M2E5&crc=d152c613311547ee3d7daaf8613aa181815ec8f7&cv=1 HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww16.best-targeted-traffic.com/install.php?unq=5m102310501mebttgfp&version=1.7&pais=Unknown&sub1=20240502-2344-35db-92e6-6f0cc92e7ca5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 03 May 2024 22:50:26 GMT
server: NginX
x-cache-miss-from: parking-7cbf88ff6b-l9rcf
x-powered-by: PHP/8.1.17
content-length: 0
X-Firefox-Spdy: h2

ww16.best-targeted-traffic.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx

64.190.63.136

302 Found

0 B

URL User Request GET HTTP/2
ww16.best-targeted-traffic.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww16.best-targeted-traffic.com
FingerprintCA:2F:D5:7E:14:60:28:CB:D2:9B:F8:10:84:0E:FA:23:F3:D2:72:A9
ValidityThu, 22 Feb 2024 00:00:00 GMT - Sat, 22 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww16.best-targeted-traffic.com/install.php?unq=5m102310501mebttgfp&version=1.7&pais=Unknown&sub1=20240502-2344-35db-92e6-6f0cc92e7ca5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Fri, 03 May 2024 22:50:26 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 03 May 2024 22:50:26 GMT
location: /search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx
pragma: no-cache
server: NginX
x-cache-miss-from: parking-7cbf88ff6b-4nqbj
x-powered-by: PHP/8.1.17
content-length: 0
X-Firefox-Spdy: h2

xml.sedodna.com/click?i=hZ1sAwn7XYk_0

173.239.53.32

302 Found

0 B

URL User Request GET HTTP/1.1
xml.sedodna.com/click?i=hZ1sAwn7XYk_0
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerGlobalSign nv-sa
Subject*.sedodna.com
Fingerprint78:18:D6:75:22:5D:AC:2E:48:3D:D4:A3:BD:61:5D:01:30:A2:B3:72
ValidityWed, 27 Mar 2024 09:07:28 GMT - Mon, 28 Apr 2025 09:07:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=hZ1sAwn7XYk_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww16.best-targeted-traffic.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 May 2024 22:50:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: http://recode.pw/ad?id=23970&impid=171477662584794&rkey=0&u=4158

recode.pw/ad?id=23970&impid=171477662584794&rkey=0&u=4158

66.232.112.86

302 Found

81 B

URL User Request GET HTTP/1.1
recode.pw/ad?id=23970&impid=171477662584794&rkey=0&u=4158
IP
66.232.112.86:443
ASN
#29802 HVC-AS

Certificate
IssuerGandi
Subjectrecode.pw
FingerprintC8:8F:EC:AA:B1:2F:FC:4D:94:CB:6C:4F:78:BA:BA:EC:FE:B2:FB:B4
ValiditySun, 26 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
81 B (81 bytes)
Hash
8c96adbf0175bc133c26dbbe7c1c352d
01079d189e9b509acbef89aabc00ff636cb4ce79
116edf804f0ca1f8f8f55902d51dcfae37f965283b5e490d8a1b9de93af4db22

HTTP Headers

GET /ad?id=23970&impid=171477662584794&rkey=0&u=4158 HTTP/1.1
Host: recode.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 May 2024 22:50:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 81
Connection: keep-alive
Location: https://xml.yellow-resultsbidder.com/click?i=CKj5qYNU5Ok_0

ww16.best-targeted-traffic.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx

64.190.63.136

302 Found

816 B

URL User Request GET HTTP/2
ww16.best-targeted-traffic.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww16.best-targeted-traffic.com
FingerprintCA:2F:D5:7E:14:60:28:CB:D2:9B:F8:10:84:0E:FA:23:F3:D2:72:A9
ValidityThu, 22 Feb 2024 00:00:00 GMT - Sat, 22 Feb 2025 23:59:59 GMT

File type
data
Size
816 B (816 bytes)
Hash
82b38d09a08916c2086d861dabc9692c
2f91d11c5377fc6ec7fa1576ee1c86fa83bdc415
482871718ea30897d49c4c74cfa5c09c8b91e2f1153a8d98029f5deb9616eb91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DhZ1sAwn7XYk_0&v=MzJmNzM1NzY0NDZiOTNmZmMxZGRhZWQ3ODE0Y2I0M2UJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OGRhNy4wNDA2NDc3Nwl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjM1NmEzMTY2OTMyNi4yNTY0MTc0NwkxNzE0Nzc2NjI2CWFkXzYzXzA%3D&l=OAliNzYxNzZkNTUxOGViYzVmNjQzZDQ2OTA5NzZjMWVlNAkwCTM1CTAJODBhMjkxMWZjY2M3ODA5Y2RhY2I2MjUzNjU1ZGY1MzcJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE0Nzc2NjI2CTAuMDAwMTU4CU4JMAkxCTgzMAkxMjA1CTI2NTEwNjYzCTkxLjkwLjQyLjE1NAkx HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww16.best-targeted-traffic.com/install.php?unq=5m102310501mebttgfp&version=1.7&pais=Unknown&sub1=20240502-2344-35db-92e6-6f0cc92e7ca5
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Fri, 03 May 2024 22:50:26 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 03 May 2024 22:50:26 GMT
location: https://xml.sedodna.com/click?i=hZ1sAwn7XYk_0
pragma: no-cache
server: NginX
x-cache-miss-from: parking-7cbf88ff6b-tlz7g
x-powered-by: PHP/8.1.17
X-Firefox-Spdy: h2

xml.yellow-resultsbidder.com/click?i=CKj5qYNU5Ok_0

198.134.116.29

302 Found

0 B

URL User Request GET HTTP/1.1
xml.yellow-resultsbidder.com/click?i=CKj5qYNU5Ok_0
IP
198.134.116.29:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerLet's Encrypt
Subjectyellow-resultsbidder.com
FingerprintBC:AE:5D:E8:4C:F1:C3:73:17:2A:0B:3D:1E:B1:E7:9E:D7:3E:A8:9E
ValidityMon, 29 Apr 2024 06:58:09 GMT - Sun, 28 Jul 2024 06:58:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=CKj5qYNU5Ok_0 HTTP/1.1
Host: xml.yellow-resultsbidder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 May 2024 22:50:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://track.jajaloop.com/717a0983-e961-4ed5-98dc-35fbb30c40f8?banner=6354964&pubfeed=619244&siteid=4158&cost=0.0006&conversion=AUgHV5Xf5Po

track.jajaloop.com/717a0983-e961-4ed5-98dc-35fbb30c40f8?banner=6354964&pubfeed=619244&siteid=4158&cost=0.0006&conversion=AUgHV5Xf5Po

143.204.55.53

302 Found

0 B

URL User Request GET HTTP/2
track.jajaloop.com/717a0983-e961-4ed5-98dc-35fbb30c40f8?banner=6354964&pubfeed=619244&siteid=4158&cost=0.0006&conversion=AUgHV5Xf5Po
IP
143.204.55.53:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecttrack.jajaloop.com
FingerprintB2:8B:F7:DA:FA:DB:BD:98:DB:88:6D:5F:F8:30:A6:60:19:63:73:FE
ValidityWed, 17 Apr 2024 00:00:00 GMT - Fri, 16 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /717a0983-e961-4ed5-98dc-35fbb30c40f8?banner=6354964&pubfeed=619244&siteid=4158&cost=0.0006&conversion=AUgHV5Xf5Po HTTP/1.1
Host: track.jajaloop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://www.linkbux.com/track/b5b20v1WkH7yi3TVxNZSP_bZiP8BiX_bmVlpBSmwsA0XJAnB4zpMQWeZu6ygAKfBA4KJDLBkXLkA_c_c?url=http%3A%2F%2Fwww.dyrekassen.no&uid=wdrhd8qrtrdj2m113bj05ia4&uid2=6354964
date: Fri, 03 May 2024 22:50:28 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 717a0983-e961-4ed5-98dc-35fbb30c40f8-v4=AxM-dt4s2mydbWhe8jBU1nG5sWFeLTmvBMKrwjMeZxg; Max-Age=86400; Expires=Sat, 04-May-2024 22:50:28 GMT; Domain=track.jajaloop.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22wdrhd8qrtrdj2m113bj05ia4%22%2C%22caid%22%3A%22717a0983-e961-4ed5-98dc-35fbb30c40f8%22%7D; Max-Age=31536000; Expires=Sat, 03-May-2025 22:50:28 GMT; Domain=track.jajaloop.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eNXDIN9e05JbXYeS-EmtSwm_HcLcmctYDLEyt18dGRiDWCdbZmPvow==
X-Firefox-Spdy: h2

status.rapidssl.com/

192.229.221.95

471 B

URL
status.rapidssl.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4e9fbd92063d9b53e684dbc908d2a828
6779e0c199b7af102f1cb65d853d6fcfdac2b807
0495c0931f5700d2a7554f62bcc1ebf856c3c40359a3401f91bd6e823d367957

HTTP Headers

POST / HTTP/1.1
Host: status.rapidssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5728
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Fri, 03 May 2024 22:50:28 GMT
Last-Modified: Fri, 03 May 2024 21:15:00 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

www.linkbux.com/track/b5b20v1WkH7yi3TVxNZSP_bZiP8BiX_bmVlpBSmwsA0XJAnB4zpMQWeZu6ygAKfBA4KJDLBkXLkA_c_c?url=http%3A%2F%2Fwww.dyrekassen.no&uid=wdrhd8qrtrdj2m113bj05ia4&uid2=6354964

163.181.1.231

200 OK

551 B

URL User Request GET HTTP/1.1
www.linkbux.com/track/b5b20v1WkH7yi3TVxNZSP_bZiP8BiX_bmVlpBSmwsA0XJAnB4zpMQWeZu6ygAKfBA4KJDLBkXLkA_c_c?url=http%3A%2F%2Fwww.dyrekassen.no&uid=wdrhd8qrtrdj2m113bj05ia4&uid2=6354964
IP
163.181.1.231:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Certificate
IssuerDigiCert Inc
Subject*.linkbux.com
Fingerprint85:43:2D:A8:86:CB:B4:03:47:26:A7:87:5A:80:9D:1E:E1:55:C2:92
ValidityWed, 26 Jul 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
551 B (551 bytes)
Hash
fc3ee34210274db22682fe00923ba917
d6d2c6640e12f1dd29697a61a2642bf006ee8670
e089dec7be6beb581345d3474985db6309f1e1529bddec2e402aa6c827b222ca

HTTP Headers

GET /track/b5b20v1WkH7yi3TVxNZSP_bZiP8BiX_bmVlpBSmwsA0XJAnB4zpMQWeZu6ygAKfBA4KJDLBkXLkA_c_c?url=http%3A%2F%2Fwww.dyrekassen.no&uid=wdrhd8qrtrdj2m113bj05ia4&uid2=6354964 HTTP/1.1
Host: www.linkbux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 03 May 2024 22:50:28 GMT
Vary: Accept-Encoding
Set-Cookie: discuz_2132_saltkey=ttTTMfrD; expires=Sun, 02-Jun-2024 22:50:28 GMT; Max-Age=2592000; path=/; httponly
discuz_2132_lang=en; path=/
discuz_2132_lang=en; path=/
Content-Encoding: gzip
Via: cache22.l2us2[104,0], cache3.ru6[277,0]
Timing-Allow-Origin: *
EagleId: a3b5019717147766282312877e

r.secprf.com/v1/redirect?url=http%3A%2F%2Fwww.dyrekassen.no&api_key=6e214a2e5eaa4f87f699b7c54a542a6a&type=url&source=https%3A%2F%2Fwww.linkbux.com&site_id=2588750acba045468d0d6283a3c3afec&yk_tag=lb_4zxu1ia

54.154.136.171

403 Forbidden

64 B

URL User Request GET HTTP/2
r.secprf.com/v1/redirect?url=http%3A%2F%2Fwww.dyrekassen.no&api_key=6e214a2e5eaa4f87f699b7c54a542a6a&type=url&source=https%3A%2F%2Fwww.linkbux.com&site_id=2588750acba045468d0d6283a3c3afec&yk_tag=lb_4zxu1ia
IP
54.154.136.171:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
FingerprintFB:04:66:40:AF:53:56:65:25:C8:A3:54:2D:ED:20:75:A5:4C:EB:58
ValidityThu, 02 May 2024 08:32:50 GMT - Wed, 31 Jul 2024 08:32:49 GMT

File type
JSON text data
Size
64 B (64 bytes)
Hash
c35197df833a741f768d0fc1d11a8abf
834833754771f9e3e38036225543acad8cf66c44
9555bc5e7cc410cc7a7e97114b20c1f1a95ad80ff0e2f8788967885fb46a6e1f

HTTP Headers

GET /v1/redirect?url=http%3A%2F%2Fwww.dyrekassen.no&api_key=6e214a2e5eaa4f87f699b7c54a542a6a&type=url&source=https%3A%2F%2Fwww.linkbux.com&site_id=2588750acba045468d0d6283a3c3afec&yk_tag=lb_4zxu1ia HTTP/1.1
Host: r.secprf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkbux.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 03 May 2024 22:50:29 GMT
content-type: application/json
content-length: 64
set-cookie: ykuid=e01672c3cf5340bb997e97cfa2ae1abd; Path=/; Secure; Domain=.secprf.com; Max-Age=31536000; SameSite=None
JSESSIONID=7324C2A63BDAC8F7FACF286965C1774D; Path=/; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN