Report - rectificationtuck.top/9ac3X2l8ZwVCAVRmZX9QBC5dXXZaHDRVVXlgenMIK144NwYlDjIPAi9dNEJLACV7?1715332214494

Report Overview

Submitted URL
rectificationtuck.top/9ac3X2l8ZwVCAVRmZX9QBC5dXXZaHDRVVXlgenMIK144NwYlDjIPAi9dNEJLACV7?1715332214494
IP
172.67.141.211
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 17:34:57
Access
public
Website Title
Action Blocked!
Final URL
accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tuk.kutberg.com	unknown	unknown	No data	No data	1.2 kB	3.2 kB	99.198.106.194
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	469 B	2.0 kB	142.250.74.74
get.geojs.io	17418	2017-02-18	2017-03-30	2024-05-09	403 B	17 kB	104.26.1.100
www.trimbuilder.foundation	unknown	2024-04-08	2024-04-08	2024-04-22	2.4 kB	5.4 kB	51.68.82.147
harrenmedia.g2afse.com	334770	2019-02-26	2019-11-13	2023-09-27	605 B	426 B	34.91.142.64
zags.stravaganz.com	unknown	2020-08-21	2021-01-09	2023-11-03	530 B	2.0 kB	104.21.34.54
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-09	409 B	31 kB	151.101.130.137
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.0 kB	33 kB	142.250.74.67
admoustache.aftrad-visit.com	unknown	2023-02-15	2024-01-24	2024-03-15	719 B	948 B	104.26.7.190
accuvisitor.com	unknown	2024-02-02	2024-02-02	2024-03-28	3.9 kB	75 kB	51.91.68.47
wurfl.io	17880	2014-03-25	2014-04-09	2024-05-09	391 B	2.2 kB	13.51.164.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 17:34:36	medium	Client IP	104.26.1.100	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI
2024-05-10 17:34:36	medium	Client IP	104.26.1.100	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	accuvisitor.com	Sinkholed
2024-05-10	medium	accuvisitor.com	Sinkholed
2024-05-10	medium	accuvisitor.com	Sinkholed
2024-05-10	medium	accuvisitor.com	Sinkholed
2024-05-10	medium	accuvisitor.com	Sinkholed
2024-05-10	medium	accuvisitor.com	Sinkholed
2024-05-10	medium	accuvisitor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	accuvisitor.com/3p/script.js	2.0 kB	2024-02-25	2024-05-20
Pretty URL accuvisitor.com/3p/script.js IP 51.91.68.47 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-25 03:29:57 Last Seen2024-05-20 13:22:03 Times Seen176 Hash 8e8ad12b42350341e870a648dbfa1363 6a5ce0d03d3d8b244a4671a824131b19cbade987 252b35641180eb6f5ef167a3abf6dcef81b012f3d902cc0f46bb009fcd6451b5 Loading...

	wurfl.io/wurfl.js	4.0 kB	2024-03-24	2024-05-20
Pretty URL wurfl.io/wurfl.js IP 13.51.164.40 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-24 12:36:23 Last Seen2024-05-20 13:22:03 Times Seen156 Hash 4e56ee18d87f62dc6297b5d332d1b081 63b4003113f47f2602ac99e828ebf7d615dac68f 2bf5cac174101bde02ebd7664e6dac3f41c3206a3aee299ca2153f4e96d5fd9e Loading...

	unknown	6 B	2023-03-07	2024-05-20
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-03-07 13:46:59 Last Seen2024-05-20 21:18:29 Times Seen599 Hash e67906ab4373125a18eb2b5a75f59bd2 58ed4e16ee46029764b9e9faef0e08a6c2c3be5e c38ba39cea630681f6bdc6acc7eade251530622bc6f10dda7f1fd77af189a1df Loading...

	accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32	172 B	2024-05-10	2024-05-10
Pretty URL accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 19:35:03 Last Seen2024-05-10 19:35:03 Times Seen1 Hash ef81bae4dad06dc58a06ad76205dfc25 3dbd52cd4092b6d95100fb2c5fe03cb18a017b1c 97d3211427ab62f44cd6b8ea0b8618a28c504c10d940ef7c37f07bece98b16e7 Loading...

	get.geojs.io/v1/ip/country.js	82 B	2024-04-01	2024-05-20
Pretty URL get.geojs.io/v1/ip/country.js IP 104.26.1.100 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-01 17:56:42 Last Seen2024-05-20 13:22:03 Times Seen86 Hash bc6ee8470cd86e343324428608688d37 f1674eb6cd18dceb2bc3151e021d6cc97e7b1d9d 70f6e168492577b5f0ca28a9e982219df1aba2b134a49ab227033d6ff9f0beff Loading...

	code.jquery.com/jquery-3.7.1.min.js	88 kB	2023-08-31	2024-05-20
Pretty URL code.jquery.com/jquery-3.7.1.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03:19 Last Seen2024-05-20 23:47:48 Times Seen9971 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

HTTP Transactions (22)

URL IP Response Size

www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426

51.68.82.147

4.4 kB

URL
www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with very long lines (3488)
Size
4.4 kB (4367 bytes)
Hash
fe6cc556cc61962b9a182b7c1f9035fb
21ba3f8b1ce33be9237871c9db814437e918a394
315219628d22492e1b6ff110110e78f586226b9049ce5b30514a003dfa7b67a9

HTTP Headers

GET /?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426 HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.kelpboat.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:34:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version

www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=99c8c3a2b61116197c6807a83ee25692&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com

51.68.82.147

0 B

URL
www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=99c8c3a2b61116197c6807a83ee25692&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=99c8c3a2b61116197c6807a83ee25692&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 10 May 2024 17:34:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=3&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com

www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=3&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com

51.68.82.147

0 B

URL
www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=3&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7367425722337460268&website=25426-06aaba3z&placement=25426&eyeg=3&eyer=0.616334901585207&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=go.kelpboat.com HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 10 May 2024 17:34:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000e24c1f55c490fa15e39f95301fa4f7390510-202405-flb*5768231-bead7*M7367425722337460268*sl_5768231-bead7*070d5bdb42a5346542a2a1777a9b244e2c76e05d*25426-06aaba3z*25426

www.trimbuilder.foundation/favicon.ico

51.68.82.147

0 B

URL
www.trimbuilder.foundation/favicon.ico
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Date: Fri, 10 May 2024 17:34:34 GMT
Connection: keep-alive

admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000e24c1f55c490fa15e39f95301fa4f7390510-202405-flb*5768231-bead7*M7367425722337460268*sl_5768231-bead7*070d5bdb42a5346542a2a1777a9b244e2c76e05d*25426-06aaba3z*25426

104.26.7.190

194 B

URL
admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000e24c1f55c490fa15e39f95301fa4f7390510-202405-flb*5768231-bead7*M7367425722337460268*sl_5768231-bead7*070d5bdb42a5346542a2a1777a9b244e2c76e05d*25426-06aaba3z*25426
IP
104.26.7.190:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
194 B (194 bytes)
Hash
0eb9e5e03b0a0d76b49f23df41443025
da592c6a49691690a12839d5b776020c1aebf696
2c225be8f1d7f58caad1e463572a46ab41bb1848db7293ee3bfcf76150567b08

HTTP Headers

GET /track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=33000e24c1f55c490fa15e39f95301fa4f7390510-202405-flb*5768231-bead7*M7367425722337460268*sl_5768231-bead7*070d5bdb42a5346542a2a1777a9b244e2c76e05d*25426-06aaba3z*25426 HTTP/1.1
Host: admoustache.aftrad-visit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 17:34:34 GMT
content-type: text/html; charset=utf-8
content-length: 194
location: https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201CR5CgwtRidskMsb46a5JbdBxDwsq4dn3SEAQuwEkvfDZ7EKWMSDUL3fs7owo3cSr59v&sub2=1B7fmUHKE
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=STWmif9JZnZorekHrF0mVjzVCmtl6myTPjVwARodrkaQmyngEjbFn%2FvAD%2FzAjXP92XEq3aKU9D71VUVdvKH44tn9P57k4vxmvZBQHiNbyNcxzIPMgwZAS8zteOhtA4yvO0EZP8Ff%2B6ggNUIag00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bae4659a156a2-OSL
X-Firefox-Spdy: h2

harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201CR5CgwtRidskMsb46a5JbdBxDwsq4dn3SEAQuwEkvfDZ7EKWMSDUL3fs7owo3cSr59v&sub2=1B7fmUHKE

34.91.142.64

0 B

URL
harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201CR5CgwtRidskMsb46a5JbdBxDwsq4dn3SEAQuwEkvfDZ7EKWMSDUL3fs7owo3cSr59v&sub2=1B7fmUHKE
IP
34.91.142.64:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201CR5CgwtRidskMsb46a5JbdBxDwsq4dn3SEAQuwEkvfDZ7EKWMSDUL3fs7owo3cSr59v&sub2=1B7fmUHKE HTTP/1.1
Host: harrenmedia.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 17:34:34 GMT
content-length: 0
location: https://zags.stravaganz.com/rc/d736b127be?affclick=663e5aaa68042000011531a2&pubid=88
x-adjust-use-original-forwarded-for: 1
referer: 
referrer-policy: no-referrer
set-cookie: afclick=663e5aaa68042000011531a2; expires=Sat, 10 May 2025 17:34:34 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

zags.stravaganz.com/rc/d736b127be?affclick=663e5aaa68042000011531a2&pubid=88

104.21.34.54

1.4 kB

URL
zags.stravaganz.com/rc/d736b127be?affclick=663e5aaa68042000011531a2&pubid=88
IP
104.21.34.54:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1125)
Size
1.4 kB (1380 bytes)
Hash
d4d0858aa17d770162c1df59a93f7c8c
0e2112cb341e289e83046f0b9558ab019bedd7f0
62d29787024e72a649e43131a111e6e31b5af0493452d815a0f3bd4b5e37dc14

HTTP Headers

GET /rc/d736b127be?affclick=663e5aaa68042000011531a2&pubid=88 HTTP/1.1
Host: zags.stravaganz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:34:34 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WrXcF2aKadJywNT49NqerxuGBXA1L3C%2BIeA1Fyz2cPx6A28lANs7hhOxjp0lJ69Q2ewJLdWL5Hk%2BOqc%2BuzqKEvp%2FhIJvItZ0IKuNw1tTf5%2Fhe1RRnJ719tNrQUq9ZTJ0msXQcTEi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bae480f5c0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tuk.kutberg.com/proc.php?22d496ce438c1694ac88f8150b692352d17f9685

99.198.106.194

860 B

URL
tuk.kutberg.com/proc.php?22d496ce438c1694ac88f8150b692352d17f9685
IP
99.198.106.194:0
ASN
#32475 SINGLEHOP-LLC

File type
HTML document, ASCII text, with very long lines (1946), with no line terminators
Size
860 B (860 bytes)
Hash
d5bfc38133b2a438b17c9e0fdf558aa4
c6f85f9603a866f0695b9517cf7ccaa639a9e142
c4bebd738689d7c3e4886029c91d2aa4c4893dbfa5a70e5787e632609a7e473a

HTTP Headers

GET /proc.php?22d496ce438c1694ac88f8150b692352d17f9685 HTTP/1.1
Host: tuk.kutberg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tuk.kutberg.com/?utm_medium=d3ca3460d7f36250b207d930496f80c0c7058403&utm_campaign=mainstream_redirect&1=88f07f46&cid=pubf0b9597eb0514bd1834b376e65fc4ed2&2=88
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:34:35 GMT
content-type: text/html; charset=UTF-8
location: http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7367425730927394830&partner_id=20961&pid=20961-45b4929d-c0fb8912&campaign_id=9626e6&browser=Firefox&device=Mozilla+Firefox&app_name=unknown&geo=NO&carrier=NO+WiFi&pcid=9626e6_20961-45b4929d-c0fb8912&pg=20961-NO
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=604800; persist=1
content-encoding: gzip
X-Firefox-Spdy: h2

tuk.kutberg.com/favicon.ico

99.198.106.194

1.2 kB

URL
tuk.kutberg.com/favicon.ico
IP
99.198.106.194:0
ASN
#32475 SINGLEHOP-LLC

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tuk.kutberg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tuk.kutberg.com/proc.php?22d496ce438c1694ac88f8150b692352d17f9685
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Fri, 10 May 2024 17:34:35 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 11 Aug 2023 10:37:02 GMT
etag: "64d60f4e-47e"
expires: Sat, 11 May 2024 17:34:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=604800; persist=1
accept-ranges: bytes

accuvisitor.com/3p/script.js

51.91.68.47

2.0 kB

URL
accuvisitor.com/3p/script.js
IP
51.91.68.47:0
ASN
#16276 OVH SAS

File type
assembler source, ASCII text
Size
2.0 kB (2029 bytes)
Hash
8e8ad12b42350341e870a648dbfa1363
6a5ce0d03d3d8b244a4671a824131b19cbade987
252b35641180eb6f5ef167a3abf6dcef81b012f3d902cc0f46bb009fcd6451b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3p/script.js HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 2029
last-modified: Tue, 06 Feb 2024 10:52:54 GMT
etag: "65c20f86-7ed"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

accuvisitor.com/3p/style.css

51.91.68.47

200 OK

3.8 kB

URL GET HTTP/3
accuvisitor.com/3p/style.css
IP
51.91.68.47:443
ASN
#16276 OVH SAS

Requested by
https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Certificate
IssuerLet's Encrypt
Subjectaccuvisitor.com
Fingerprint61:56:5E:0C:3B:C2:AF:84:9F:43:1F:8E:61:24:4C:59:4B:06:44:49
ValidityTue, 02 Apr 2024 06:05:48 GMT - Mon, 01 Jul 2024 06:05:47 GMT

File type
ASCII text
Size
3.8 kB (3774 bytes)
Hash
4fab41811a8c6b717a86f86ab4de0105
06a085af05ca6879b83eac1498eead0ceddaadac
8cc56e01ec04772b51e8d8a3f8e0cb740a44a501c992a37b10515001cef94d4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3p/style.css HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:35 GMT
content-type: text/css
content-length: 3774
last-modified: Fri, 02 Feb 2024 21:21:55 GMT
etag: "65bd5cf3-ebe"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

accuvisitor.com/3p/images/logo.png

51.91.68.47

3.2 kB

URL
accuvisitor.com/3p/images/logo.png
IP
51.91.68.47:0
ASN
#16276 OVH SAS

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
3.2 kB (3210 bytes)
Hash
15a34b8fc618b2d90712f47874c211cc
d1d998d74f30c2b5344de2f9f3f3ef4ac2fe03bb
3be024377b052ad72a32aa5de6eabbddf6fd4168d4579cc865c872d8e57fca36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3p/images/logo.png HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:35 GMT
content-type: image/png
content-length: 3210
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
etag: "65bfe3b2-c8a"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

accuvisitor.com/3p/images/check.png

51.91.68.47

2.6 kB

URL
accuvisitor.com/3p/images/check.png
IP
51.91.68.47:0
ASN
#16276 OVH SAS

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
2.6 kB (2649 bytes)
Hash
c0879fd8363b5549b2ed0cec9b042b3b
abeba0b0e5727a368e6bc963aecad9da8ec6f341
7879caae870090c87c28a02d608dd25d1988b6887c30f5ea99a3777964d905f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3p/images/check.png HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:35 GMT
content-type: image/png
content-length: 2649
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
etag: "65bfe3b2-a59"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

accuvisitor.com/3p/images/arrow.png

51.91.68.47

2.9 kB

URL
accuvisitor.com/3p/images/arrow.png
IP
51.91.68.47:0
ASN
#16276 OVH SAS

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
2.9 kB (2938 bytes)
Hash
d190208ba37115f53c9a9057a130fcf3
5019f7d77731be18d40c89b746a247af4eb91853
25da48f054c6205c8c98783dcf2ca52813c0448180f5313fd17c95604d2ab901

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3p/images/arrow.png HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:35 GMT
content-type: image/png
content-length: 2938
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
etag: "65bfe3b2-b7a"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

wurfl.io/wurfl.js

13.51.164.40

1.5 kB

URL
wurfl.io/wurfl.js
IP
13.51.164.40:0
ASN
#16509 AMAZON-02

File type
JavaScript source, ASCII text, with very long lines (3512)
Size
1.5 kB (1488 bytes)
Hash
4e56ee18d87f62dc6297b5d332d1b081
63b4003113f47f2602ac99e828ebf7d615dac68f
2bf5cac174101bde02ebd7664e6dac3f41c3206a3aee299ca2153f4e96d5fd9e

HTTP Headers

GET /wurfl.js HTTP/1.1
Host: wurfl.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
Cache-Control: no-cache
Content-Encoding: br
Content-Type: application/javascript
Cross-Origin-Embedder-Policy: cross-origin
Cross-Origin-Opener-Policy: cross-origin
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 10 May 2024 17:34:36 GMT
Vary: accept-encoding, user-agent, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-mobile, sec-ch-ua-model, sec-ch-ua-platform, sec-ch-ua-platform-version
Content-Length: 1488
Connection: keep-alive

code.jquery.com/jquery-3.7.1.min.js

151.101.130.137

30 kB

URL
code.jquery.com/jquery-3.7.1.min.js
IP
151.101.130.137:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30336 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /jquery-3.7.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-155ed"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 10 May 2024 17:34:36 GMT
age: 1220271
x-served-by: cache-lga21978-LGA, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 5, 51945
x-timer: S1715362476.100601,VS0,VE0
vary: Accept-Encoding
content-length: 30336
X-Firefox-Spdy: h2

accuvisitor.com/3p/images/bg.png

51.91.68.47

56 kB

URL
accuvisitor.com/3p/images/bg.png
IP
51.91.68.47:0
ASN
#16276 OVH SAS

File type
PNG image data, 3500 x 3500, 4-bit colormap, non-interlaced
Size
56 kB (55530 bytes)
Hash
1d3c98099c0b3e2cda9c3ca2cd6a1a89
2bf1561dcfef7eba77215690758f45a8148718df
45dc96c114f10246160edc4407b8a4b517b1b27a43e56aedea256906c1c567c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3p/images/bg.png HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:36 GMT
content-type: image/png
content-length: 55530
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
etag: "65bfe3b2-d8ea"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

142.250.74.74

1.4 kB

URL
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
1.4 kB (1352 bytes)
Hash
65f6d2e5440d289c545210a4ce4b504e
b6e0076c072c9ecb4c3145edef59096c037f05ac
248c9892f40b9df100672e22edc947b3a7baf70b0843bdd84e10f6c7cbbce902

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 17:34:36 GMT
date: Fri, 10 May 2024 17:34:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

get.geojs.io/v1/ip/country.js

104.26.1.100

200 OK

16 kB

URL GET HTTP/2
get.geojs.io/v1/ip/country.js
IP
104.26.1.100:443
ASN
#13335 CLOUDFLARENET

Requested by
https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Certificate
IssuerLet's Encrypt
Subjectgeojs.io
FingerprintC3:06:D9:51:7B:AF:AE:6F:83:04:6F:80:F3:39:B6:68:8F:E6:E5:1F
ValidityThu, 09 May 2024 03:56:39 GMT - Wed, 07 Aug 2024 03:56:38 GMT

File type
ASCII text
Size
16 kB (15814 bytes)
Hash
bc6ee8470cd86e343324428608688d37
f1674eb6cd18dceb2bc3151e021d6cc97e7b1d9d
70f6e168492577b5f0ca28a9e982219df1aba2b134a49ab227033d6ff9f0beff

HTTP Headers

GET /v1/ip/country.js HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:34:36 GMT
content-type: application/javascript; charset=utf-8
x-request-id: 0b0995909647a4d5a47650ee17042953-AMS
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
x-geojs-location: AMS
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liIelO1fs6U10py%2F%2FnRZyAX%2FeJZHCWywfvYyDTGP6%2BawSEXLIPdaoZlEp%2F%2B0luGaD9j3gHLt9iewNb5xE55tK0yTVpzgxSIxEIG7SYCgEL9xsGCKhg%2BVOWCZssrf3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881bae535ba15697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.67

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://accuvisitor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:03:54 GMT
expires: Fri, 09 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
age: 142242
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.67

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://accuvisitor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:55:00 GMT
expires: Fri, 09 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
age: 142776
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accuvisitor.com/favicon.ico

51.91.68.47

404 Not Found

153 B

URL GET HTTP/3
accuvisitor.com/favicon.ico
IP
51.91.68.47:443
ASN
#16276 OVH SAS

Requested by
https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Certificate
IssuerLet's Encrypt
Subjectaccuvisitor.com
Fingerprint61:56:5E:0C:3B:C2:AF:84:9F:43:1F:8E:61:24:4C:59:4B:06:44:49
ValidityTue, 02 Apr 2024 06:05:48 GMT - Mon, 01 Jul 2024 06:05:47 GMT

File type
HTML document, ASCII text, with no line terminators
Size
153 B (153 bytes)
Hash
6b0b81c864261cf3a7340fccfaf803ff
f20f1f9b60e76821f868af83941dce31641ea54c
f0f033de8e5147740811165be4c48fb96fb4bd1c249840ccc22735875fe0f753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: accuvisitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accuvisitor.com/3p/?country=Norway&device_name=Desktop&domain=mediaservingoc.com&uclick=bzcia93y&uclickhash=bzcia93y-bzcia93y-ir0-0-523y-ik3y-ikbl-294e32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
server: nginx/1.25.3
date: Fri, 10 May 2024 17:34:36 GMT
content-type: text/html; charset=utf-8
accept-ch: DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, Save-Data, Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-Prefers-Reduced-Data
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
content-encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers