Report - 32063.2475april2024.com/hyFCCY02PgnmZtczvQOYbhxKk9RQ5tiBZvheX8ucEJkUPJmUyZsDatUA7nFCOyBKo_bf6KM?

Report Overview

Submitted URL
32063.2475april2024.com/hyFCCY02PgnmZtczvQOYbhxKk9RQ5tiBZvheX8ucEJkUPJmUyZsDatUA7nFCOyBKo_bf6KM?_=579872689548894967
IP
88.208.22.3
ASN
#39572 DataWeb Global Group B.V.
Submitted
2024-04-19 14:00:53
Access
public
Website Title
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Final URL
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
32063.2475april2024.com	unknown	unknown	No data	No data	570 B	792 B	88.208.22.1
nossairt.net	unknown	2022-10-25	2022-10-26	2024-04-19	2.6 kB	23 kB	139.45.197.238
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-18	523 B	678 B	139.45.195.8
eu.can-get-so.me	unknown	2022-05-19	2022-05-24	2024-04-18	1.0 kB	18 kB	178.63.248.54
adserving.unibet.com	98000	1997-12-11	2015-05-26	2024-04-18	1.0 kB	1.3 kB	13.107.246.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	nossairt.net	Sinkholed
2024-04-19	medium	nossairt.net	Sinkholed
2024-04-19	medium	nossairt.net	Sinkholed
2024-04-19	medium	nossairt.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

32063.2475april2024.com/hyFCCY02PgnmZtczvQOYbhxKk9RQ5tiBZvheX8ucEJkUPJmUyZsDatUA7nFCOyBKo_bf6KM?_=579872689548894967

88.208.22.1

0 B

URL
32063.2475april2024.com/hyFCCY02PgnmZtczvQOYbhxKk9RQ5tiBZvheX8ucEJkUPJmUyZsDatUA7nFCOyBKo_bf6KM?_=579872689548894967
IP
88.208.22.1:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /hyFCCY02PgnmZtczvQOYbhxKk9RQ5tiBZvheX8ucEJkUPJmUyZsDatUA7nFCOyBKo_bf6KM?_=579872689548894967 HTTP/1.1
Host: 32063.2475april2024.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 19 Apr 2024 14:00:28 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
location: https://nossairt.net/4/7184682
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 19 Apr 2024 14:00:28 UTC
expires: Fri, 19 Apr 2024 14:00:28 UTC
X-Firefox-Spdy: h2

nossairt.net/sftouch?userId=008043397b0c4f8efc4b81fabbede9a9&z=7184682&p_rid=ba350720-81bd-4baa-a0ac-d20b06240380&p_src=sf&branchId=0&rb=c79bg8_32jV1Eiafn5UFR_ufuU-Oi09sC7bKAY2r85dRAEI1VYTfzb4XfBX4tp6f3BilGzIRB12I6mdScJwFMAnpfhmNjuiGO6_1w51CH7bWng8S1dUVUbjPMDg4kcWUOi6bzL7iY16PgxNXPSZiMjhYPqN0nwY2hyDmiV6rZNhBPaX4Td6jUStItQml5uQf5M4XHGor1pMaK_Gvm5EQ66CmZNj4ux9fx1sbTwD2h8M=

139.45.197.238

2 B

URL
nossairt.net/sftouch?userId=008043397b0c4f8efc4b81fabbede9a9&z=7184682&p_rid=ba350720-81bd-4baa-a0ac-d20b06240380&p_src=sf&branchId=0&rb=c79bg8_32jV1Eiafn5UFR_ufuU-Oi09sC7bKAY2r85dRAEI1VYTfzb4XfBX4tp6f3BilGzIRB12I6mdScJwFMAnpfhmNjuiGO6_1w51CH7bWng8S1dUVUbjPMDg4kcWUOi6bzL7iY16PgxNXPSZiMjhYPqN0nwY2hyDmiV6rZNhBPaX4Td6jUStItQml5uQf5M4XHGor1pMaK_Gvm5EQ66CmZNj4ux9fx1sbTwD2h8M=
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=008043397b0c4f8efc4b81fabbede9a9&z=7184682&p_rid=ba350720-81bd-4baa-a0ac-d20b06240380&p_src=sf&branchId=0&rb=c79bg8_32jV1Eiafn5UFR_ufuU-Oi09sC7bKAY2r85dRAEI1VYTfzb4XfBX4tp6f3BilGzIRB12I6mdScJwFMAnpfhmNjuiGO6_1w51CH7bWng8S1dUVUbjPMDg4kcWUOi6bzL7iY16PgxNXPSZiMjhYPqN0nwY2hyDmiV6rZNhBPaX4Td6jUStItQml5uQf5M4XHGor1pMaK_Gvm5EQ66CmZNj4ux9fx1sbTwD2h8M= HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nossairt.net
DNT: 1
Connection: keep-alive
Referer: https://nossairt.net/4/7184682
Cookie: OAID=008043397b0c4f8efc4b81fabbede9a9; oaidts=1713535228
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:00:28 GMT
content-type: text/plain
content-length: 2
x-trace-id: 805afc2a1649fc66f860160c4d9f66f3
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nossairt.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=008043397b0c4f8efc4b81fabbede9a9&z=7184682&p_rid=ba350720-81bd-4baa-a0ac-d20b06240380&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=008043397b0c4f8efc4b81fabbede9a9&z=7184682&p_rid=ba350720-81bd-4baa-a0ac-d20b06240380&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=008043397b0c4f8efc4b81fabbede9a9&z=7184682&p_rid=ba350720-81bd-4baa-a0ac-d20b06240380&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nossairt.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:00:29 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008043397b0c4f8efc4b81fabbede9a9; expires=Sat, 19 Apr 2025 14:00:29 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nossairt.net/favicon.ico

139.45.197.238

0 B

URL
nossairt.net/favicon.ico
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nossairt.net/4/7184682
Cookie: OAID=008043397b0c4f8efc4b81fabbede9a9; oaidts=1713535228
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 19 Apr 2024 14:00:29 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

nossairt.net/?z=7184682&syncedCookie=true&rhd=false

139.45.197.238

0 B

URL
nossairt.net/?z=7184682&syncedCookie=true&rhd=false
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=7184682&syncedCookie=true&rhd=false HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 520
Origin: https://nossairt.net
DNT: 1
Connection: keep-alive
Referer: https://nossairt.net/afu.php?zoneid=7184682&var=7184682&rid=mnhKzS_wDF_SW3g2Y1iWsw%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=008043397b0c4f8efc4b81fabbede9a9; oaidts=1713535228
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 19 Apr 2024 14:00:29 GMT
content-length: 0
location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=805187711056220222&subid1=7184682&cost=0.001050
x-trace-id: f558c1211311357c9056a7b234b61201
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nossairt.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008043397b0c4f8efc4b81fabbede9a9; expires=Sat, 19 Apr 2025 14:00:29 GMT; path=/; secure; SameSite=None
oaidts=1713535228; expires=Sat, 19 Apr 2025 14:00:29 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 26 Apr 2024 14:00:29 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=805187711056220222&subid1=7184682&cost=0.001050

178.63.248.54

302 Found

17 kB

URL User Request POST HTTP/2
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=805187711056220222&subid1=7184682&cost=0.001050
IP
178.63.248.54:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecteu.can-get-so.me
Fingerprint06:3A:29:D0:50:D1:F5:1E:18:2E:C7:A2:FC:B4:01:5D:7B:49:F5:0C
ValiditySun, 25 Feb 2024 03:31:23 GMT - Sat, 25 May 2024 03:31:22 GMT

File type
HTML document, ASCII text, with very long lines (37656)
Size
17 kB (17344 bytes)
Hash
03619d6cdf5260a6401b52272307435f
b122c325f4eae9dc90f1656054d4f7dc71dd2d45
8b9b9a82f130dc77da9af55fc68e9d756621e826f6b901333390e6e75c12e1bf

HTTP Headers

GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=805187711056220222&subid1=7184682&cost=0.001050 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Angie
date: Fri, 19 Apr 2024 14:00:29 GMT
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
link: <https://adserving.unibet.com>; rel="dns-prefetch preconnect"
set-cookie: rauid=obesAXbzSC65E7JY8Z035g; expires=Sat, 19 Apr 2025 14:00:29 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

eu.can-get-so.me/favicon.ico

178.63.248.54

0 B

URL
eu.can-get-so.me/favicon.ico
IP
178.63.248.54:0
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecteu.can-get-so.me
Fingerprint06:3A:29:D0:50:D1:F5:1E:18:2E:C7:A2:FC:B4:01:5D:7B:49:F5:0C
ValiditySun, 25 Feb 2024 03:31:23 GMT - Sat, 25 May 2024 03:31:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: rauid=obesAXbzSC65E7JY8Z035g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: Angie
date: Fri, 19 Apr 2024 14:00:29 GMT
X-Firefox-Spdy: h2

adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2

13.107.246.53

403 Forbidden

409 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type
ASCII text, with CRLF line terminators
Size
409 B (409 bytes)
Hash
aff1412dcd0939e2277e1b0055700680
7defc58de02bffa9aff78cf9d6085a3cb87f690e
bfea1b46023270d18a417ba5534490ecddce09e78e6db67df3b3bbaba9cc9c96

HTTP Headers

GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 19 Apr 2024 14:00:29 GMT
content-type: text/html
content-length: 409
x-azure-ref: 20240419T140029Z-17f9dd4c48bt4v25ygc2qn5xds00000003ng00000000a1nb
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2

adserving.unibet.com/favicon.ico

13.107.246.53

403 Forbidden

409 B

URL GET HTTP/2
adserving.unibet.com/favicon.ico
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type
ASCII text, with CRLF line terminators
Size
409 B (409 bytes)
Hash
62ba02cad2a06567dd0864236f52c4af
37671847e0567544809345027c7a78790401eec6
ae6a6cbdfef1fb7372304806ae556e1d2375316b47ccd300ab756f00d3cca1c3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 19 Apr 2024 14:00:30 GMT
content-type: text/html
content-length: 409
x-azure-ref: 20240419T140030Z-17f9dd4c48b2smg4vb48rxw4zn000000039g000000004u4a
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2

nossairt.net/4/7184682

139.45.197.238

19 kB

URL
nossairt.net/4/7184682
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type
gzip compressed data, max speed, from Unix
Size
19 kB (19348 bytes)
Hash
5550f542143f81b68a0de8cb2b8cc259
6ca8a7f2e343a892f93b81e07c97fe108d2d5f58
28d3f315463153c6c7cb5232e79eb0bba744aba83c095e78fcae2d80838129e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/7184682 HTTP/1.1
Host: nossairt.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:00:28 GMT
content-type: text/html; charset=utf8
x-trace-id: 94302b853a6dffb1e159d31957a07552
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008043397b0c4f8efc4b81fabbede9a9; expires=Sat, 19 Apr 2025 14:00:28 GMT; path=/; secure; SameSite=None
oaidts=1713535228; expires=Sat, 19 Apr 2025 14:00:28 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request POST HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash