evgbin.com/cr38l3k.php?key=b74eb5f96c77a48a01aa&clickId=GI5UOPeSA2iE7ipwlZCDAegB_tBJ8QFmZmZmZmYGQPkBVOOlm8QgAECAAruhwKPejt3SAQ&Cost=0&zoneId=1206398&ageGroup=UNKNOWN&campaignId=702212&feed=0&browserVersion=0&os=linux&osVersion=&carrier=Google+user-triggered+fetchers&creativeId=2148373&browser=Other
157.90.94.62307 Temporary Redirect 0 B URL User Request GET HTTP/2 evgbin.com/cr38l3k.php?key=b74eb5f96c77a48a01aa&clickId=GI5UOPeSA2iE7ipwlZCDAegB_tBJ8QFmZmZmZmYGQPkBVOOlm8QgAECAAruhwKPejt3SAQ&Cost=0&zoneId=1206398&ageGroup=UNKNOWN&campaignId=702212&feed=0&browserVersion=0&os=linux&osVersion=&carrier=Google+user-triggered+fetchers&creativeId=2148373&browser=Other
IP 157.90.94.62:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectevgbin.com
Fingerprint90:93:79:5B:FE:E9:21:F5:D4:30:93:10:5D:19:CD:F8:13:1A:96:96
ValidityTue, 07 May 2024 12:59:35 GMT - Mon, 05 Aug 2024 12:59:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cr38l3k.php?key=b74eb5f96c77a48a01aa&clickId=GI5UOPeSA2iE7ipwlZCDAegB_tBJ8QFmZmZmZmYGQPkBVOOlm8QgAECAAruhwKPejt3SAQ&Cost=0&zoneId=1206398&ageGroup=UNKNOWN&campaignId=702212&feed=0&browserVersion=0&os=linux&osVersion=&carrier=Google+user-triggered+fetchers&creativeId=2148373&browser=Other HTTP/1.1
Host: evgbin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
date: Fri, 10 May 2024 08:32:36 GMT
location: https://www.rolltrk4.com/K3XPM3Q/397C238/?source_id=1206398&sub1=coutn934mbic7393qn90
server: Caddy
set-cookie: uclick=kbiPxVhcb941gLanaGCY4Kmk1Llz9hgtlS927R36BJaew4v/RDrN3K9N0YUVYktvcVMx8HyL; Max-Age=31536000; SameSite=Lax
bcid=coutn934mbic7393qn90; Max-Age=31536000; SameSite=Lax
cid=coutn934mbic7393qn90; Max-Age=31536000; SameSite=Lax
x-request-id: c187d2bf-d223-4adb-a448-a798d3071984
content-length: 0
X-Firefox-Spdy: h2
IP 192.124.249.24:0
Hash 9fac3c5f4eda88bc36da810f4c9b7cc8
e0f8efb83020ee3254e68b7f983e180ca9520785
872b04a07b41fa9c99cb93984b9598e22ac6ad9e327dc620a281f8b93bb24bcd
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 10 May 2024 08:32:36 GMT
Content-Type: application/ocsp-response
Content-Length: 2148
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 09 May 2024 16:13:38 GMT
Expires: Fri, 10 May 2024 16:13:38 GMT
ETag: "e0f8efb83020ee3254e68b7f983e180ca9520785"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.rolltrk4.com/K3XPM3Q/397C238/?source_id=1206398&sub1=coutn934mbic7393qn90
34.149.124.125204 No Content 0 B URL User Request GET HTTP/2 www.rolltrk4.com/K3XPM3Q/397C238/?source_id=1206398&sub1=coutn934mbic7393qn90
IP 34.149.124.125:443
ASN #396982 GOOGLE-CLOUD-PLATFORM
Certificate IssuerStarfield Technologies, Inc.
Subjectki42jfne.com
Fingerprint60:28:7C:A4:A3:73:24:EA:02:E2:77:B7:48:53:4A:55:81:05:6A:34
ValidityTue, 09 Apr 2024 15:29:32 GMT - Sat, 08 Mar 2025 22:43:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /K3XPM3Q/397C238/?source_id=1206398&sub1=coutn934mbic7393qn90 HTTP/1.1
Host: www.rolltrk4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 08:32:37 GMT
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
vary: Origin
x-eflow-request-id: 0665abe1-5294-4e02-a35d-7258ddb9c9ca
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
IP 192.124.249.23:0
Hash 9fac3c5f4eda88bc36da810f4c9b7cc8
e0f8efb83020ee3254e68b7f983e180ca9520785
872b04a07b41fa9c99cb93984b9598e22ac6ad9e327dc620a281f8b93bb24bcd
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 10 May 2024 08:32:39 GMT
Content-Type: application/ocsp-response
Content-Length: 2148
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 09 May 2024 16:13:38 GMT
Expires: Fri, 10 May 2024 16:13:38 GMT
ETag: "e0f8efb83020ee3254e68b7f983e180ca9520785"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
IP 157.90.94.62:0
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectevgbin.com
Fingerprint90:93:79:5B:FE:E9:21:F5:D4:30:93:10:5D:19:CD:F8:13:1A:96:96
ValidityTue, 07 May 2024 12:59:35 GMT - Mon, 05 Aug 2024 12:59:34 GMT
Hash 48a73a4bd3176fbc096625bb7d4afa3f
c6068658652b4ce7eb408f699085d0738e1b244b
8699bf1eda7e016dec3efeff8db5e3400183e9ebf6ce42355b97b843def2b035
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: evgbin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 24
Content-Type: application/json; charset=UTF-8
Date: Fri, 10 May 2024 08:32:39 GMT
Server: Caddy
X-Request-Id: 13dd8f57-9e9b-4005-a160-0f37a29de317