Report - 12663c35b931.tc-network.net/?p=10263&media_type=mainstream&pi=Exit+traffic+global&click

Report Overview

Submitted URL
12663c35b931.tc-network.net/?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m
IP
94.237.90.104
ASN
#202053 UpCloud Ltd
Submitted
2024-04-18 06:55:00
Access
public
Website Title
Congratulations!
Final URL
www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	460 B	13 kB	142.250.74.74
www.freakywinner.vip	unknown	unknown	No data	No data	31 kB	555 kB	94.237.92.126
12663c35b931.tc-network.net	unknown	2023-01-03	2023-03-06	2024-04-18	569 B	226 kB	94.237.90.104
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	543 B	36 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed
2024-04-18	medium	freakywinner.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	unknown	384 B	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash b6d081e51accbfc2bc43792afdcc4301 dda9f294ab4eadd2208c38894dd2764143d86ad3 74080793c089b6a6ede13434dc2c4ca49c0e7f9892abd3d095e7e2f8f1d6a14c Loading...

	unknown	392 B	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash 1e847a6dff6e431888b47e864d568b9a 459b5ee432c2004a4f89551b24a3c3835d7e3d86 f2d7303b51454d0cb99e8d6ab401380ef8f62934ce5975f76f5e7f219a5f3bdf Loading...

	unknown	330 B	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash 63d0c8df46b8b83267adf5bf8a19c5e9 76f717cf56d5dc7cc61d96b78678e11a618195e5 4714aef98e78bb4a52bed10b0513595647e5f24bbbd970db3ec25160062a2ce8 Loading...

	www.freakywinner.vip/js/app.js?id=d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-05-01
Pretty URL www.freakywinner.vip/js/app.js?id=d41d8cd98f00b204e9800998ecf8427e IP 94.237.92.126 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-01 00:34:13 Times Seen37233159 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	5.8 kB	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash ceefb11a0eefc993060e4610041d095b e682900f4ca3ce6b4dc86256bdeb153412feee40 4a7bcfa2caaa8fb6718515a82e3a2cc21e5ac81115032f2d2c0ac4ff0d5fcf2a Loading...

	www.freakywinner.vip/js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9	288 kB	2024-04-18	2024-04-18
Pretty URL www.freakywinner.vip/js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9 IP 94.237.92.126 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash 6b30f52278a8d7e1c4ac90a40c19c0e9 65b3884f87065f04a39005cd2ccf6b0e98edae2d b62a1b5fe334c335743d48c43bdb268e1c08c853f910112a58bfabcb77ef90f2 Loading...

	unknown	249 B	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash 1ddff3052ee6a7b36320c9ef4d67e696 1930596331eaf00116ab14522cad563761070da3 ef721eef90c300caf1297eef42e888d826ad9a7b66f0df17097942c728bd8a45 Loading...

	unknown	245 B	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:06 Times Seen1 Hash ef181796ae3ebbd9fed591ff91639ff7 9f775d737321ab441672f8487a4a68d20cbb0420 f1e6d69f4a1e8edf9e22021e69ecc5906e8d14a3f1074deb3c42416bb7db350e Loading...

	unknown	439 B	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:06 Last Seen2024-04-18 08:55:07 Times Seen1 Hash 4daac43e68cfbccdc54f2e48273144ea 19107338fd531645583403fc7e5c7e88ad06cafc bacff401214aabb3f0319783bd4e82069c71299f849e354202ff5d48806b5ef7 Loading...

	unknown	1.2 kB	2024-04-18	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-18 08:55:07 Last Seen2024-04-18 08:55:07 Times Seen1 Hash 01a686e202bcfa9a68c6be26582d5460 90f570138f8c4881de01e9c0f48fcd27bbbef114 bdd9e7c5b9d79dd6463642b615986ca3af6e5986f2d6eb7e8844220d2662a660 Loading...

	www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream	558 B	2024-04-18	2024-04-18
Pretty URL www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream IP 94.237.92.126 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 08:55:07 Last Seen2024-04-18 08:55:07 Times Seen1 Hash 204ff549b58132f3fb242cc027acabd3 f3c2a0fecadb7bbfafdf3eb218f4f12c542ffed0 3061021cf60ae9cd3758a6e6599936b7aa7c29570fe61e2833de56a79aa3c303 Loading...

	www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream	953 B	2024-04-18	2024-04-18
Pretty URL www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream IP 94.237.92.126 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 08:55:07 Last Seen2024-04-18 08:55:07 Times Seen1 Hash b61f80fb875e0a7a7d7f5f343d661435 9b24304ddd7b914fb842f5b0a591490c86cead6c 2c6b03c3376c377739d7833df2cf8e95df04b1e2ccd3112bf8e08706a271ac2e Loading...

HTTP Transactions (13)

URL IP Response Size

www.freakywinner.vip/img/offers/iq_test2/puzzle.png

94.237.92.126

200 OK

4.7 kB

URL GET HTTP/2
www.freakywinner.vip/img/offers/iq_test2/puzzle.png
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
PNG image data, 512 x 512, 4-bit colormap, non-interlaced
Size
4.7 kB (4712 bytes)
Hash
8234356ad8b24022358e1690ef7bd01e
82403de4de07f132e7590e2eecdb41ae0694fc7e
d646bd618a65a9e488e2d30ae799d10447bb3ba7a3c4a969ff09de06d2c280ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/offers/iq_test2/puzzle.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 4712
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-1268"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freakywinner.vip/img/offers/iq_test2/brains.png

94.237.92.126

200 OK

4.4 kB

URL GET HTTP/2
www.freakywinner.vip/img/offers/iq_test2/brains.png
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
4.4 kB (4422 bytes)
Hash
9ed2df13d56e3b3a0243ac9208b9597a
10f2623bfeda1d0bd76dc3dc3c7bd7a343f2497f
f643af623e28368725ef7d618d980e052ce9201e4399fd72f9353ba32ab4286f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/offers/iq_test2/brains.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 4422
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-1146"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freakywinner.vip/img/offers/iq_test2/cash.png

94.237.92.126

200 OK

2.7 kB

URL GET HTTP/2
www.freakywinner.vip/img/offers/iq_test2/cash.png
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
PNG image data, 256 x 256, 4-bit colormap, non-interlaced
Size
2.7 kB (2747 bytes)
Hash
c5187508b5c8b7c009e603e6e143a18d
c4449836fd2ece36010910790976ee5eb4d4a895
594067042cdbd19b4be737bbf547f2bab5aabf92e60592c7a17271ff0517672f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/offers/iq_test2/cash.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 2747
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-abb"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

12663c35b931.tc-network.net/?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m

94.237.90.104

302 Found

225 kB

URL User Request GET HTTP/2
12663c35b931.tc-network.net/?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m
IP
94.237.90.104:443
ASN
#202053 UpCloud Ltd

Certificate
IssuerLet's Encrypt
Subjecttc-network.net
FingerprintC1:DE:47:24:2B:F7:55:8E:13:E6:69:A6:FD:5E:91:28:0E:ED:ED:9A
ValidityFri, 05 Apr 2024 21:27:22 GMT - Thu, 04 Jul 2024 21:27:21 GMT

File type
RIFF (little-endian) data, Web/P image
Size
225 kB (225414 bytes)
Hash
be5d14f6a3a65214743c37f28f27a591
99a155dbb761ddbe1b52010fb899a3f766cc6bd4
dd31fbf72786f5e458f69bde6d6c1a02697ab7e682e90b8d620faa44fbdcb517

HTTP Headers

GET /?p=10263&media_type=mainstream&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m HTTP/1.1
Host: 12663c35b931.tc-network.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 18 Apr 2024 06:54:34 GMT
content-type: text/html; charset=UTF-8
set-cookie: rts-trck=1; expires=Thu, 18 Apr 2024 07:04:34 GMT; Max-Age=600; path=/; domain=12663c35b931.tc-network.net
t-uuid=62ncvsb155uodi4vp77k0gg4c; expires=Tue, 18 Apr 2034 06:54:34 GMT; Max-Age=315532800; path=/; domain=.tc-network.net
rts-trck=1; expires=Thu, 18 Apr 2024 07:04:34 GMT; Max-Age=600; path=/; domain=12663c35b931.tc-network.net
ab=A; expires=Fri, 19 Apr 2024 06:54:34 GMT; Max-Age=86400; path=/; domain=.tc-network.net
traffic-visited-domain=freakywinner.vip; expires=Sat, 18 May 2024 06:54:34 GMT; Max-Age=2592000; path=/; domain=.tc-network.net
traffic-back-ivr=ok; expires=Thu, 18 Apr 2024 06:55:04 GMT; Max-Age=30; path=/; domain=.tc-network.net
location: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
X-Firefox-Spdy: h2

www.freakywinner.vip/img/offers/iq_test2/growth.png

94.237.92.126

200 OK

1.8 kB

URL GET HTTP/2
www.freakywinner.vip/img/offers/iq_test2/growth.png
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
1.8 kB (1834 bytes)
Hash
d210741d80afbd292471f363bbe1555a
fd201c4441c8c1897b4cbf281aed7c64409bc35c
cc0bd9f92cd2353fead82a4b502c72cb1ef370ceba8921355e4c219f56fd3b37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/offers/iq_test2/growth.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 1834
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-72a"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freakywinner.vip/img/offers/iq_test2/verified.png

94.237.92.126

200 OK

3.7 kB

URL GET HTTP/2
www.freakywinner.vip/img/offers/iq_test2/verified.png
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
3.7 kB (3657 bytes)
Hash
ddb11e9a091574cefd175de7af1566fb
4372e02b5d7e081cc3381af3736018f0697f3886
39f9a4fdb28c198c413c7b09016508f23fc82d9790f48c586daed29065db9bb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/offers/iq_test2/verified.png HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/png
content-length: 3657
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-e49"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freakywinner.vip/js/app.js?id=d41d8cd98f00b204e9800998ecf8427e

94.237.92.126

200 OK

0 B

URL GET HTTP/2
www.freakywinner.vip/js/app.js?id=d41d8cd98f00b204e9800998ecf8427e
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.js?id=d41d8cd98f00b204e9800998ecf8427e HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-0"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/archivo/v19/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/archivo/v19/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35272, version 1.0
Size
35 kB (35272 bytes)
Hash
aa1941d5b024b0caf9827a10a1223d21
73677337831880c6657227d751661332775bfdee
7c59b09511f172d20fbf5feaf7aff9e844460cdb286d8930a1f546b39ed1a5e1

HTTP Headers

GET /s/archivo/v19/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.freakywinner.vip
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35272
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 09:52:52 GMT
expires: Wed, 16 Apr 2025 09:52:52 GMT
cache-control: public, max-age=31536000
age: 162103
last-modified: Wed, 13 Sep 2023 22:41:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Archivo:wght@100..900&display=swap

142.250.74.74

200 OK

13 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Archivo:wght@100..900&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
13 kB (12638 bytes)
Hash
b43bd56f583ad603a5670c4ad25cfcbb
40e13dfe2f2381166596972b7e6469008c6ed275
68f26c66e9169803d71999b9bed3d5801e5e647e4658d35dfbfaf4c464efd6f8

HTTP Headers

GET /css2?family=Archivo:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 06:54:35 GMT
date: Thu, 18 Apr 2024 06:54:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.freakywinner.vip/img/offers/iq_test2/laptop.webp

94.237.92.126

200 OK

225 kB

URL GET HTTP/2
www.freakywinner.vip/img/offers/iq_test2/laptop.webp
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
RIFF (little-endian) data, Web/P image
Size
225 kB (225414 bytes)
Hash
be5d14f6a3a65214743c37f28f27a591
99a155dbb761ddbe1b52010fb899a3f766cc6bd4
dd31fbf72786f5e458f69bde6d6c1a02697ab7e682e90b8d620faa44fbdcb517

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/offers/iq_test2/laptop.webp HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: image/webp
content-length: 225414
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
etag: "660d4eb7-37086"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.freakywinner.vip/css/offers/iq_test2/app.css?id=d3f0203d5f5be414d14e5f6219a7867b

94.237.92.126

200 OK

3.6 kB

URL GET HTTP/2
www.freakywinner.vip/css/offers/iq_test2/app.css?id=d3f0203d5f5be414d14e5f6219a7867b
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
ASCII text, with very long lines (3553), with no line terminators
Size
3.6 kB (3551 bytes)
Hash
4475caa4250bce022ececb4f3c39e660
93e83f767797ee138f95e7b145162669831d97b1
a45394706d5689ca9174c6567aef33900b93bc705ae814607276b176cacc2828

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/offers/iq_test2/app.css?id=d3f0203d5f5be414d14e5f6219a7867b HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
vary: Accept-Encoding
etag: W/"660d4eb7-ddf"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

www.freakywinner.vip/js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9

94.237.92.126

200 OK

288 kB

URL GET HTTP/2
www.freakywinner.vip/js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type

Size
288 kB (288396 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/offers/iq_test2/app.js?id=6b30f52278a8d7e1c4ac90a40c19c0e9 HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
Cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:54:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 12:42:31 GMT
vary: Accept-Encoding
etag: W/"660d4eb7-4668c"
expires: Fri, 18 Apr 2025 06:54:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream

94.237.92.126

200 OK

15 kB

URL User Request GET HTTP/2
www.freakywinner.vip/iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream
IP
94.237.92.126:443
ASN
#202053 UpCloud Ltd

Certificate
IssuerLet's Encrypt
Subject*.freakywinner.vip
Fingerprint40:CD:D7:AB:C1:2D:DA:F0:A9:3C:61:F9:FE:50:FA:93:C7:EE:62:AE
ValidityThu, 28 Mar 2024 08:08:13 GMT - Wed, 26 Jun 2024 08:08:12 GMT

File type
HTML document, ASCII text, with very long lines (2473)
Size
15 kB (14624 bytes)
Hash
076c238ecb6a618184f6a1767bdc581c
413a5957ba16f6a6f78f5f9ed043ab0e10d60d5d
90193996fc8850dc161ddabb051d9ca54b5c6ac11cbad56504b422de9504d1cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iq_test2?flow=sms&tid=62ncvsb105rzy6ferfw08os8k,17815911,5,10263&ctrack=1713423274.3727751694&p=10263&pi=Exit+traffic+global&click_id=w14r2jp0j9p8nul03pc8uv2m&media_type=mainstream HTTP/1.1
Host: www.freakywinner.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Thu, 18 Apr 2024 06:54:35 GMT
log-id: 28dab380-c99d-4e8e-ae3a-5832546d72c7
set-cookie: XSRF-TOKEN=eyJpdiI6ImE3MEM2T1FsdXFHcEd3WFdZTTNOL2c9PSIsInZhbHVlIjoiTitad1pwVEdNc0o0S0F3NlQxeldrT2p3V25HNzdwYjd0WjI3NmdobEtCOTBlS2xjT0ptblo1RmJjbHU4ZlFXakxlNVc3aHp5ZlR0d3lZRUxDSVVPOFUyTmZ5bnBSYjl3TlVJZ1hoSVpYbmprSFJVY3puYlkwSUowaFBRbWJFNVUiLCJtYWMiOiJiMjBkYjY4N2Q3MWU2ZTA4ZmQ5MmI1YjIwYWZhZTlhMTZiMmZkZjgwYzA2Y2JhNmI0YmMwNDZkMGVhMmIzMWE4IiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 08:54:35 GMT; Max-Age=7200; path=/
ivr_offers_session=eyJpdiI6Ik1rZXJyOTVtWm1UdVI1Z0lSS1NPNFE9PSIsInZhbHVlIjoiQU9XTDQwVkN1ZkVZeThXTUZKZjNXOU1sLzFhNDJLZVdZWkZ4a1JIWU5sYWxtK3NQN3dRUkxUM25DQnlocWNCUnFzdExLTisvZDZXdlJTOHliSkVjVXRaVUxaNFY2U1VqNGw5aDNteHRVRmNhNjB5YmJkWDB4U29GdWRQc1Roc04iLCJtYWMiOiJlMjY1Mjc0M2MwZWI3OTE1ZTVkN2Y1MjkxNDUyZGYyNWQ0ODYyMTMyYzg4YWFmNGQ0Y2FlMzk5NTRhZDU1YTEzIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 08:54:35 GMT; Max-Age=7200; path=/; httponly
SESS_TRAF=eyJpdiI6Ilo2WVZ0VTJqeEIwZlZQTlBuREVxbXc9PSIsInZhbHVlIjoiVVo4bllkd2VoQzZ5STEvcXZ6ZUQ1dmpQclNVWTM4WC93eVpTaTUrNERPaWlHbHM3YkNmK1hVa1c1V3MzbjVGT1ZZclFabGVWeUJDZXhIRlYzZ0RpNk5CdjFqLzYwd3NDVVlTZFVVRVlGQmFNVmNEQmJ4V0REaWlRM0tTMjA1VUxCVXg0TW9nSU04WGQ5RnhSejlEQzk1ZnVyTnF6Ym03MnB6cDl1eGtMaGVKMVI2VXdGZ1VSaXEwcldYbGpLNWhMVUtGdmoycVk2aHZtS3h6c0xTYXVZV0FKUmVLZTVCV1IrQ2U4UjFvMStzOE5QT1JGNlorZXhTK2IyblhabS9tNHp3QWJTMUtrVHJWUEFSUlR1YkMvSWh2b0Z2RUcvN3RwYTVNanZ0K0VUREN5MFlVdEhCbVErOWVzRGthVithWVdrQU5ISjQyYTFyK3VqNFFwZ2QxUFN3PT0iLCJtYWMiOiJiZmNkOGYzZTA0ZWQ5OWY3YTBjNDcyNDI3ZTcwZThhNTYxYWU5MTE5NzY4NThhMTIyZjI4OTgzMDBlYTQzYTk0IiwidGFnIjoiIn0%3D; path=/; httponly
visit=eyJpdiI6InRndkVkcTdTK29ybGZ0KzhHcUVNbHc9PSIsInZhbHVlIjoiaE1qZ0ZhNGREbUVIR0d0VlRiNjAwV2JIL2kyQytQdm4rNkl3dnpORWhqUm5FSFNNTEVGb3ZCcXAxK3RQWUx2OSIsIm1hYyI6IjRlOGM0OTE1MDNlNDhmOTg1YWZmMTk4YjIzZWEwZTM4MmFkNmU3Y2ZiMTgxM2UyZGMwNzQ1ZTQ0YTFlNmYwYWIiLCJ0YWciOiIifQ%3D%3D; expires=Fri, 19 Apr 2024 06:54:35 GMT; Max-Age=86400; path=/; httponly
jPrsFzobkHLZdLLs3GtUoHlyNXda32a9iI9xgJfM=eyJpdiI6Imk0RTU0L2J2aUptT1ppeTJxMzlZamc9PSIsInZhbHVlIjoiM0lvaUVpRVF2eW1MMytaOTBuVjJHc2doSzRlaGZEdGlSVW5Bb0pSUytsUjVLTW5BbDkzN1ZFeGV3aFFNa2wzaitoWmZVb2ZhZDdCejNlVTU0b2tiU21nSVk1cmwwMkNiL0VxT3FBaUdjNlB6eU55cU1ueGlRTTBkcWdjZVZ0a3N1L3hmdVVjRzdBdCs1TW41Q0c4UUY2OHdEaVhIZmlxOTg5bWNMMk4zelozdnl1QmtBKzNIc0U1N3BsK1EzYUxHOU5zcUVZNGgvTWZ0UmthcUt3bUZ0czZwQzg1MkNzUGhRejdYR1RBcmRsaHdHWkY5N256cDRjN3hEalBmUnVxYldqZmx5SDVhWlFEeWk2cU1xOUlyZGMycTIzZ2o0UUZZdWNSeXhPQWNXNlFXc29jUVU1NVgzZ3lFcFI5QVh3QXpkRVFvdjZEUDg5YUViUkpGYkN6ZHphUUF2ZWQ5YktJSjNTTHp0eWxoZjJiRE0vakZuMnJaR3ZJNUxHM0ZBL2lsSWRCZmEyYTVqdER4OEhmQWl3aStCT2JvenZ6OFBLbEhtaE4weCtIeXYrSUhmZHA0TU1mR2lvZ1Zld3RZZ2tqWlAxT2UrcTlPQ3RHTWQ5UjR0blExbXBmbVU5UDFtakFDVUcyeC9XUlhRcVFZSjRaY201VnNwVTRVMkZ2NlZ2SmFPcUcyeUp2V01pQ0ZHR3pXeHhvN2JhOWFhd21sVUI0M0llbDkvUW91aWNuU0p5KzNVaTd5N1BoS0FucEc1MjQ3d0IyYmVpejRTdVB0d1VpYWRKQ01qRUNyQjI1djBKRFhFZWNkTjRaZ0FWbFZnendCU1JNd0loYXJTb2taSjhoWSIsIm1hYyI6ImMzZDY0MjJhNDMyYjQ2YmRiYjFlNjZjOTVkNjBmOWQzMTY0M2M1OWQxNmIyMTNhMTc0OWU1Y2VkMWVmZTA1MzgiLCJ0YWciOiIifQ%3D%3D; expires=Thu, 18 Apr 2024 08:54:35 GMT; Max-Age=7200; path=/; httponly
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL