Overview

URL www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf
IP172.64.129.3
ASN
Location United States
Report completed2018-08-15 18:14:50 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-15 2 www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf Phishing
2018-08-15 2 youtube-download.xyz/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 172.64.129.3

Date UQ / IDS / BL URL IP
2018-09-07 12:05:44 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b809 (...) 172.64.129.3
2018-09-07 01:51:29 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b819 (...) 172.64.129.3
2018-09-06 19:04:48 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b819 (...) 172.64.129.3
2018-09-06 18:25:55 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b81f (...) 172.64.129.3
2018-09-06 18:23:35 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b81f (...) 172.64.129.3
2018-09-06 18:18:27 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b81f (...) 172.64.129.3
2018-09-06 18:11:21 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b81f (...) 172.64.129.3
2018-09-03 19:51:51 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b842 (...) 172.64.129.3
2018-09-03 11:17:17 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b850 (...) 172.64.129.3
2018-09-02 23:44:50 +0200
0 - 0 - 1 www.poptraff.com/rc/23b297bb2f?affclick=5b864 (...) 172.64.129.3

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2018-11-19 04:46:54 +0100
0 - 0 - 0 5.8.54.27 5.8.54.27
2018-11-19 04:33:08 +0100
0 - 1 - 0 hdxxx.top/de/search/sex-beeg-hot/ 172.64.132.11
2018-11-19 04:28:28 +0100
0 - 0 - 1 xoleoqjntpkbnv.bid/ 198.54.117.200
2018-11-19 04:24:51 +0100
0 - 0 - 0 filipinalovesfood.com/2018/11/09/kelebihan-me (...) 198.54.114.243
2018-11-19 04:24:00 +0100
0 - 0 - 0 www.tigo.com.sv 52.201.55.154
2018-11-19 04:17:45 +0100
0 - 1 - 0 https://lmodels.sextgem.com/ 54.36.158.41
2018-11-19 04:15:26 +0100
0 - 0 - 3 www.aacruxartworks.com/wp-content/themes/bell (...) 108.167.172.144
2018-11-19 04:10:45 +0100
0 - 0 - 0 ki-az-arnyekbol-filmek-2018-online.peatix.com/ 52.199.71.240
2018-11-19 04:07:52 +0100
2 - 0 - 2 armtrans.com.au/wp.includes/DHL%20AUTO/dhl.ph (...) 52.65.23.250
2018-11-19 04:04:28 +0100
0 - 0 - 2 ijcargo.com/ 173.212.222.11

No other reports on domain: poptraff.com



JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (11)


Request Response
                                        
                                            GET /rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf HTTP/1.1 
Host: www.poptraff.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.64.128.3
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Wed, 15 Aug 2018 16:14:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d94510f8ad5ecca97a681f03c838546a41534349654; expires=Thu, 15-Aug-19 16:14:14 GMT; path=/; domain=.poptraff.com; HttpOnly
Content-Language: en
Vary: Accept-Encoding,Accept-Language,Cookie
Server: cloudflare
CF-RAY: 44acf3f9d2a47678-ARN
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   576
Md5:    690c4ec140920a49732c58d8c5bb373d
Sha1:   50e39e2af38babbfb83ede528df9fd97cf6f0ceb
Sha256: 8966b5f744d236d80bbf11065cc70f0a634c79127fac8c6cb11c77b7f125781f

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /redirect.css HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf

                                         
                                         172.64.198.7
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 15 Aug 2018 16:14:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db30f48b01e681a6c5729ccd7df71fd631534349654; expires=Thu, 15-Aug-19 16:14:14 GMT; path=/; domain=.addlnk.com; HttpOnly
Cf-Bgj: minify
Cf-Polished: origSize=1680
Etag: W/"3ae56d32551602b41f9046c14d1cfde2"
Last-Modified: Tue, 12 Jun 2018 15:14:20 GMT
x-amz-id-2: git5566GdMTbPZYElBdacEZsspatos1ul9Yj86XeN4xcbZZ9mP1iiOKnEpUF6ixTlXjAY1VyhRY=
x-amz-request-id: 96F91D1F2BFDDD9A
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 44acf3fbb6008619-ARN
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   431
Md5:    481307bedc7e0ef107d7f690ffbc58b6
Sha1:   ac99905739672c059aa90167092fb13c146597e2
Sha256: 4123a855dc9854d53bf779d6af81340e6f5fd192bc67bc87919c02d265aaf86b
                                        
                                            GET /snowflake.png HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.64.198.7
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 15 Aug 2018 16:14:14 GMT
Content-Length: 8481
Connection: keep-alive
Set-Cookie: __cfduid=d04e7350acf461a60dec1e103575455041534349654; expires=Thu, 15-Aug-19 16:14:14 GMT; path=/; domain=.addlnk.com; HttpOnly
x-amz-id-2: cCzPAh+IubOTwgUzUW8gB7+kyNPwEdVlvhbTh1Bo9i+OSgKiyaqhiURM2DxFmP5c2JAgpMAR7eg=
x-amz-request-id: 2104119A7605B71A
Last-Modified: Wed, 10 Jan 2018 00:21:51 GMT
Etag: "711b701227cbfc5efe529f9ddccb218e"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 44acf3fc160d8619-ARN


--- Additional Info ---
Magic:  PNG image, 256 x 256, 8-bit/color RGBA, non-interlaced
Size:   8481
Md5:    711b701227cbfc5efe529f9ddccb218e
Sha1:   bca2f0139c25f7ba9573d520855663922b5a063b
Sha256: 5b6116b89006b35a1d1f82eaf75c3d9d14b83002e835166351770d02e64f690e
                                        
                                            GET /app.js HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf

                                         
                                         172.64.198.7
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 15 Aug 2018 16:14:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=daf69ea6d97f0edf75deefb85c04ed6c41534349654; expires=Thu, 15-Aug-19 16:14:14 GMT; path=/; domain=.addlnk.com; HttpOnly
Cf-Bgj: minify
Cf-Polished: origSize=516
Etag: W/"4b536df3016f4c5296b2426f05812989"
Last-Modified: Wed, 04 Jul 2018 00:27:37 GMT
x-amz-id-2: XYaKQTdxDW2d15qk5hjVOJqd/YV8uIrg2lW7pQFyr4NezOO3VRN6wTU1y7YXF3hM5j5YIC5hCWE=
x-amz-request-id: 7746396E96252AD2
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 44acf3fc2361860d-ARN
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   280
Md5:    9450e8a1b384c8759bd1e55273ad77f3
Sha1:   1d146a02a4f16c9b42cb921e814552ad25e73bf1
Sha256: ddf6f30ce4b6441bce20afefb45e0ba45125724dd82a52bc0310150ff565b0a5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 10 Aug 2018 14:07:59 GMT
Etag: 470200469BAB80931CD1A14F0674A0E0EE73EC13
X-OCSP-Responder-ID: rmdccaocsp29
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=164634
Expires: Fri, 17 Aug 2018 13:58:08 GMT
Date: Wed, 15 Aug 2018 16:14:14 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    c132bd4a4981b5db0887623e4a77fb3d
Sha1:   470200469bab80931cd1a14f0674a0e0ee73ec13
Sha256: f91114affe5ee6663fe25043b14a51207105e1708260e0150a9dbfe149ad3054
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 09 Aug 2018 10:51:21 GMT
Etag: 28971123BCF643EA9A58E36ECEC787D80B84AB32
X-OCSP-Responder-ID: rmdccaocsp29
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=66456
Expires: Thu, 16 Aug 2018 10:41:50 GMT
Date: Wed, 15 Aug 2018 16:14:14 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    d54f0d62e279c1b27e00fd5cce39e2ef
Sha1:   28971123bcf643ea9a58e36ecec787d80b84ab32
Sha256: 61e53ae77000c1d35e99a68d9033f6c7c6f5233e5f5a79b5a865209248392e59
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 09 Aug 2018 10:51:21 GMT
Etag: 10474AAFC209129B796273A3C28D83077EF7B9E2
X-OCSP-Responder-ID: rmdccaocsp21
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=66432
Expires: Thu, 16 Aug 2018 10:41:26 GMT
Date: Wed, 15 Aug 2018 16:14:14 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    239f956800471481ba1882c0fd0f8c42
Sha1:   10474aafc209129b796273a3c28d83077ef7b9e2
Sha256: 367af60e16a595fe9b2d075a2cabea2593dc4f2131103d91b3254401e98c8f19
                                        
                                            GET /pops/dlink.php?pid=6621&format=POPUP&cid=pub8bfe7b4ef55648afa2241761268ffc6f&subid=961a9a85 HTTP/1.1 
Host: sax.peakonspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf

                                         
                                         52.1.91.17
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-cache, must-revalidate
Date: Wed, 15 Aug 2018 16:14:15 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://clk.verblife-2.co/click?i=5Rt0BWDUbPA_0
Server: nginx
Set-Cookie: uuid=15343496557450287181884051; expires=Fri, 14-Sep-2018 16:14:15 GMT; Max-Age=2592000
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 10 Aug 2018 12:40:24 GMT
Etag: AD928C2768646B2F84389E4EA034EDBE15F3978F
X-OCSP-Responder-ID: rmdccaocsp29
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=159342
Expires: Fri, 17 Aug 2018 12:29:57 GMT
Date: Wed, 15 Aug 2018 16:14:15 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    067283cb68972e4e2b3ff7e597498e9f
Sha1:   ad928c2768646b2f84389e4ea034edbe15f3978f
Sha256: c8168556138e7b3a23bc20c9465c0d8b33db990b20e7f2ba1c7b90a8e4a128d9
                                        
                                            GET /click?i=5Rt0BWDUbPA_0 HTTP/1.1 
Host: clk.verblife-2.co
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf

                                         
                                         174.137.155.139
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Wed, 15 Aug 2018 16:14:15 GMT
Content-Length: 0
Connection: close
Location: https://youtube-download.xyz/


--- Additional Info ---
                                        
                                            GET / HTTP/1.1 
Host: youtube-download.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poptraff.com/rc/23b297bb2f?affclick=5b725dfc38458a07c05a00bf

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware